Biometric Systems are automated methods of verifying or recognizing the identity of a living person on the basis of some physiological characteristics, like a fingerprint or face pattern, or some aspects of behavior, like handwriting or keystroke patterns. Some of the most used biometric characteristics are shown in the picture below. A biometric system based on physiological characteristics is more reliable than one which adopts behavioral features, even if the latter may be easier to integrate within certain specific applications.
Using biometric characteristics is the only way to guarantee the presence of the owner when a transaction is made. In particular fingerprint-based systems have been proven to be effective in protecting information and resources in a large area of applications. At present, the amount of applications employing biometric systems to secure transactions is quite limited. On one side, some barriers are determined by the lack of familiarity (and in some cases, of acceptability) of the people, but, probably, the most important reasons of the underdevelopment of biometrics in the past were the cost of the required hardware/software and the insufficient performance. Nowadays technology leads to design low-cost systems whose performance makes them well-suited for a broad range of applications.
Generally, in the field of biometric systems, two different problems can be considered:
Identity verification (or simply
verification) requires the person to declare his/her identity, for
instance by means of a PIN (personal identification number); the system
directly matches (1:1) the person's current biometric characteristic
with a previously acquired one which is retrieved through the PIN.
Identification requires the system to scan a set of candidates, and decide whether one of them matches the person to be identified. Obviously, this is a more difficult task since it requires a (1:N) match which can be computationally very expensive on large database.
Before a biometric system can be used for verification/identification, all the users must be enrolled. Enrollment involves the individual giving a sample of his/her biometric characteristic which is used by the system to generate a compact model (or template) summarizing the discriminant features. Depending on the specific application, models can be stored into a centralized database, can be distributed over a network or can be stored in badges released to the users. Each time an individual requires a verification/identification, he/she provides a new sample of his/her fingerprint and the system matches this current instance with the stored model(s).
Due to different positioning on the acquiring sensor, to environmental changes, to deformations and noise, it is impossible that two samples of the same biometric characteristic, acquired in different sessions, exactly coincide; for this reason the matching is performed by an algorithm which computes a similarity score and compares it with an acceptance threshold: in case the similarity is greater than the threshold the system claims that the two samples coincide. Differently from a password matching, sometimes the output of a biometric system may be incorrect: the main system errors are usually measured in terms of:
FRR (False Rejection
Rate) the frequency of rejections relative to people who should be
correctly verified. When an authorized user is rejected he/she must
represent his/her biometric characteristic to the system. Note that a
false rejection does not mean necessarily an error of the system; for
example, in the case of a fingerprint-based system, an incorrect
positioning of the finger on the sensor or dirtiness can produce false
FAR (False Acceptance Rate) the frequency of fraudulent accesses due to impostors claiming a false identity.
Generally, FAR and FRR depend on the acceptance threshold t, which is used to set the desired security level, and are strictly related to each other. More specifically, FRR(t) is an increasing function and FAR(t) is a decreasing function, so if the threshold setting is increased to make the access harder for impostors, some authorized people may find it harder to gain access.
False acceptance rate (FAR) and false rejection rate (FRR) as functions of the threshold t
Other performance indexes are commonly used to evaluate biometric systems:
EER (Equal Error Rate): denotes the system error when FRR=FAR
ZeroFAR: denotes FRR when FAR=0
ZeroFRR: denotes FAR when FRR=0