Traditionally, the methods used to authenticate were primarily inputting a password or PIN, later, devices allowed authentication by inputting a pattern. Today, most if not all modern devices offer users the ability to authenticate using some kind of biometric method.
Biometric systems have also been common at most airports, by utilizing advanced technologies like fingerprint scanning, facial recognition, and iris detection, these systems provide a seamless and secure means of verifying passengers’ identities.
Biometric technology uses physical or behavioral qualities for identification and authentication and offers great convenience. From using our fingerprints to unlock our smartphones to advanced facial recognition securing sensitive facilities, biometric technology has certainly come a long way.
As this technology continues to be more ubiquitous, we must ask ourselves an important question; can we balance the convenience and benefits of using biometric technology with the protection of our personal data?
In this article, I’ll attempt to answer this question. I’ll explain how biometric systems work, explore the most popular biometric technologies in use today, and the errors that biometric systems make. Finally, we’ll answer the question; can we balance security and privacy using biometric technology? So let’s get to it.
Let’s first talk a bit about authentication. There are three ways a user can authenticate themselves.
The first is by using something they know such as a password or PIN. The second is using something they have such as a token, or key. And the third is using or displaying a particular physical or behavioral characteristic such as a fingerprint or facial pattern. The third way is known as a biometric.
A biometric is defined as the automatic recognition of an individual based on either a physiological feature of the body such as fingerprints, hand geometry, or iris pattern, etc. It can also be based on the behavioral characteristics of the individual such as voice prints, and written signatures.
These physical or behavioral traits are recognized by a security system to either grant or deny access to a service or device. Of course, for a biometric to be useful, users must possess the particular biometric, for example, if a system uses speech recognition, it serves no purpose to use such a system for a group of individuals where a large percentage is incapable of vocalizing sound.
Any particular biometric is not completely universal, this is why many systems provide (or should provide) an alternative form of authentication for the group of individuals who are not able to authenticate themselves using that particular biometric.
How does a Biometric System work?
Biometric systems achieve automatic personal identification by comparing the biometric data presented by a user, known as the biometric sample, against one or many biometric references stored in the system. Most biometric systems, regardless of the physiological or behavioral trait used, work in the same way and use the following phases or modules:
1. Data Collection
In this phase, the system captures or reads the raw biometric data from the user. This means capturing biometric data from a biometric device like a video camera or fingerprint sensor. In this phase, devices need to be properly maintained and calibrated to ensure that none of the devices deviate from expected performance measures. This means all the devices should be capturing data in the same way.
The devices should also be able to distinguish a legitimate biometric signature and not a facsimile, for example, it should be able to distinguish the difference between a live image rather than a photograph.
2. Feature Extraction
After the raw data has been received, its distinguishing features are then extracted, for example, the unique pattern formed by the ridges of the finger. A quality check is done to determine if the raw data is satisfactory, if it’s not, the user may need to supply the biometric data again.
3. Matching
In this phase, the biometric data that was extracted is then compared to the stored biometric data of the user. It is important to understand that two different measurements of the same biometric feature from the same person are very likely to be different, even if it’s a small difference.
The matching module determines the degree of similarity between the live biometric sample and the stored reference sample. Each comparison produces a match score. This is a numerical value indicating how close the sample and the template match.
4. Decision
After the match score has been determined, the decision phase then decides whether the system should accept the user or not. The decision is based on a confidence value known as the tolerance threshold, which indicates how tolerant, or similar, the biometric sample and the stored reference template have to be. If the match score is above the threshold, the user is accepted, if it is below the threshold, the user is rejected.
5. Storage
The storage module keeps the reference templates for enrolled users, either a single template or several. The stored templates should be physically protected within the biometric device, or it can be stored elsewhere securely, perhaps in a secured server. It is generally accepted to bind the user to his or her reference template, such as name, user ID, etc.
The leading Biometric Technologies and their uses
Let’s now take a look at some of the leading biometric technologies, how they work, and where they are used.
Fingerprint Recognition
This is the first and most popular biometric, law enforcement has been using fingerprints for over a century. The biometric data is extracted by measuring the location of the various patterns in the friction ridges and valleys on a finger. Every finger has at least one major feature, either the arc, loop, or whorl.
Smart devices, border control, and law enforcement employ fingerprint recognition for identity verification and access control. Device unlocking, data security, building access, attendance monitoring, financial transactions, healthcare patient identification, and forensic investigations are all popular uses of fingerprint biometrics.
Facial Biometrics
Facial recognition is a popular biometric technique, and many smart devices employ facial recognition technology. Biometric systems that use facial images can be divided into two main categories; face scan and facial thermogram.
Face Scan – Most of us are familiar with this type of facial recognition, and there’s a good chance your smartphone may use it. Face scan systems collect images in the visible spectrum using ordinary cameras and establish the user’s identity by analyzing visual facial features.
Facial Thermogram – The other facial recognition technology is the facial thermogram. This technology captures patterns derived from blood vessels under the skin. Unlike facial scans that can be affected by certain changes such as changes in physical appearance, lighting, or background, facial thermograms are unaffected by lighting and external changes such as hair, eyeglasses, makeup, and even plastic surgery. It can even be captured in the dark.
Facial recognition is commonly utilized for identity verification and security. It improves the efficiency at airports, retail experiences, law enforcement suspect identification and monitoring, and corporate and airport security access control. It also assures correct patient identification, improving medical record management and treatment.
Iris Recognition
The iris is the colored part of the eye that surrounds the pupil and is made up of complex anatomical features such as the corona, crypts, rings, furrows, freckles, and striations. These features create a complex pattern that is highly distinctive. This high level of uniqueness allows the iris to provide very high levels of accuracy.
Iris recognition provides precise and secure biometric authentication for numerous applications. It’s used to help secure border control and immigration by precisely validating travelers’ identities, and enabling rapid and trustworthy screening. Iris recognition systems also provide strong access control protection for corporate, government, and high-security locations.
Retina Scan
A retina scan is a biometric technology that involves capturing an image of the retina, which is the light-sensitive tissue located at the back of the eye. The retina contains a highly distinctive pattern of blood vessels and other features that are distinct to each individual, much like fingerprints. Similar to iris scans, retina scan technology has the potential for very accurate identification.
The distinctive blood vessel patterns provide very secure biometric authentication with retina recognition technology. It is used in government, corporate, and high-security access control. Retina recognition is also used to identify patients, maintain medical information, and provide individualized care. Financial organizations use it for safe transaction authorization and fraud prevention. Retinal recognition is a viable identification verification method for crucial sectors.
Voice Recognition
This biometric explores an individual’s acoustic patterns to verify their identity. Physiological and behavioral aspects determine the way our voice sounds. To a large extent, our anatomy, the size and shape of our throat and mouth, govern how our voice sounds. A key threat against voice recognition is that a legitimate user’s voice can be recorded and used by an attacker to gain unauthorized access.
Voice recognition technology uses unique voice features for biometric verification in several businesses. It secures telecom accounts and services with voice-controlled authentication. It improves customer service by personalizing conversations and answers using speech analysis.
Voice recognition also helps police identify suspects and conduct forensic investigations. Healthcare documentation accuracy and efficiency are improved by speech recognition for patient identification and dictation. Voice recognition is a quick and safe way to verify identification in numerous situations.
Signature Biometrics
As a biometric, handwritten signatures have been used for centuries. It is based on the physical or behavioral aspects of the signing process. It relies on features such as the total time of the signing process and the pressure of the pen to the pad, not just whether two signatures look the same.
To collect the biometric data, this system uses a specially built tablet and pen to analyze the user’s signature in terms of its speed, form, and pressure, among other characteristics.
This biometric is frequently utilized in banking for forensic investigations, secure transactions, and document authentication. This biometric approach improves security and thwarts fraud in several industries.
Errors Biometric Systems make
Even though biometric systems offer convenient ways to authenticate, errors can and do occur. The nature of biometric data is such that two measurements of the same biometric feature from the same person are very likely to be different. I’ve outlined some of the reasons why this may happen below.
Changes in the user's Biometric Feature
Changes to our physiological features are inevitably going to happen, and this can affect the biometric data collected. Fingerprints may vary due to a skin condition, aging, or an injury. A person’s voice may vary also due to a physical condition like a sore throat or when someone experiences a change in emotion.
Changes in the way the Biometric Data is Presented
The way the biometric data is extracted can also affect accuracy. For example, if someone has to authenticate themselves using a fingerprint and they place their finger on the sensor in a different position, the system may not be able to extract their data properly. Similarly, if someone speaks at a different volume, or speaks too close or too far from a microphone, this can cause problems with the data extraction.
Changes in the Environment
Certain environmental factors can affect the biometric system as well. For example, variations in humidity can affect fingerprint recognition systems. Background lighting can affect a face-scan system, and ambient noise can affect voice-scan systems.
Biometric systems can only evaluate based on the match score. As I’ve described above, biometric systems may reject a valid user for a range of reasons. On the flip side, with similarities such as a similar voice, a person resembling another, similar fingerprint, or even similar iris patterns, a biometric system may grant access to an imposter whose biometric feature is similar to the valid user.
Conclusion
The continued development and widespread use of biometric technology make it all the more important to find a middle ground between invasion of privacy and security. Despite biometrics’ precision and simplicity in identity verification, concerns over data privacy and possible abuse will continue to be a subject of discussion.
Harnessing the potential of biometrics responsibly, which means protecting the identities it aims to verify, requires creating clear regulations, following strict data protection standards, and encouraging open conversation. This will ensure a safer and more secure future without compromising personal privacy.
Skip to content 
