Emerging Biometric Technologies

Biometric technologies measure and analyze human biological and behavioral characteristics. When used for identification and authentication, they compare a live biometric reading with the stored biometric templates of enrolled users to come up with a match. Some of the more common biometric technologies in use today are fingerprint recognition, facial recognition, hand geometry, iris recognition and speaker recognition. A number of other biometrics are just beginning to find their niche in identity assurance applications, and still others remain in the developmental stage. This article will examine a few technologies from both categories.

Dynamic Signature Analysis
Signature recognition authentication, or dynamic signature analysis, authenticates identity by measuring and analyzing handwritten signatures. It does not rely on the physical appearance of the signature, but instead on the manner in which the signature is written. During enrollment, users sign their name multiple times on a pressure-sensitive writing tablet or PDA. This technology measures changes in pressure, position, and velocity of the pen during signing, as well as the overall size of the signature and the quantity and various directions of the strokes in the signature.

While it may be easy to duplicate the visual appearance of a signature, it is very difficult to duplicate the behavioral characteristics of the signer.

Robustness. Dynamic signature analysis devices have proved to be reasonably accurate and lend themselves to applications in which the signature is an accepted identifier. Some systems have difficulties with left-handed people and individuals whose signature changes substantially each time they write it.

Applications. Despite its user friendliness, long history, and lack of invasiveness, signature verification has not become a market leader. The biggest market application for this technology will most likely be in document verification and authorization.

Keystroke Dynamics
Keystroke dynamics monitors keyboard inputs at thousands of times per second to identify a user by his or her habitual typing rhythm patterns. It examines dynamics such as speed, pressure, the time it takes a user to type particular words, “dwell time”—the amount of time a person holds down a particular key—and “flight time,” the amount of time the user pauses between keys.

Keystroke verification techniques can be classified as either static or continuous. Static verification approaches analyze keystroke verification characteristics only at specific times—usually only when the user types the username and password—while continuous verification monitors the user’s typing behavior throughout the interaction.

Keystroke dynamics is probably one of the easiest biometric technologies to implement and administer, because it is completely software-based; there is no need to install any new hardware. All that is needed is the existing computer and keyboard.

Limitations. Keystroke dynamics-based systems do not replace the username and password. Therefore, they do not eliminate the need to remember multiple passwords, decrease the administrative costs of resetting passwords, nor enhance convenience for the users. Rather, they enhance the security of existing username/password-based systems.

Keystroke dynamics-based systems are only used in one-to-one verification applications and cannot be used in one-to-many applications due to the limitations in the matching accuracy. Additionally, at the time of this writing, keystroke dynamics has not been fully tested in wide-scale deployments.

Applications. One potentially useful application is computer access, where this biometric could be used to continuously verify the computer user’s identity. An ideal scenario: monitoring the keyboard interaction of users while they’re accessing highly restricted documents or executing tasks in environments where they must be alert at all times (for example, air traffic control).

Skin Spectroscopy
Skin spectroscopy recognizes skin by its optical properties. The system uses a sensor to illuminate a small patch of skin with multiple wavelengths of visible and near-infrared light. The light is reflected back after being scattered in the skin and is then measured for each of the wavelengths. The system analyzes the reflectance variability of the various light frequencies as they pass through the skin.
Because the optical signal is affected by chemical and other changes to the skin, skin spectroscopy also provides a sensitive and relatively easy way to confirm that a sample is living tissue.

Limitations. This type of system is best used for applications with moderate environmental conditions since having to require users to remove gloves could slow down the access control process to unacceptable levels.

This technology is ideally suited to layering in dual biometric systems, helping to build ultra high-performance systems that measure two or more independent biometric identifiers. Because skin spectroscopy-based systems require contact with skin, fingerprint sensors and hand/finger geometry systems are particularly compatible with it.
Some vendors’ sensors can operate on nearly any portion of the skin, making them ideal for integration into consumer products in ways that easily and conveniently ensure security. Initial designs show system sensors to be small, fast, and durable. Their low cost and low power consumption, and the algorithm’s processing efficiency and low memory requirements, make this technology promising for use in portable devices if it is perfected. Smart phones, PDAs, and other mobile products could provide general-purpose authentication capability for applications ranging from m-commerce to physical security.

Vein Pattern
Vein biometric systems (also called vascular pattern recognition systems) record subcutaneous infrared absorption patterns to produce distinctive identification templates. Veins and other subcutaneous features present large, robust, stable, and largely hidden patterns that can be conveniently imaged within the wrist, palm, and dorsal surfaces of the hand.
The user places his hand under an imager, which takes an image of the back of the hand. The main dorsal blood vessels have higher temperatures than the surrounding tissue, so they appear brighter in the image. The system carefully selects the region of interest of the hand and extracts the vein patterns. After it reduces the noise reduction, it separates the vein patterns from the background. Since blood vessels grow as people grow, only the shape and distribution of the veins is considered.

Limitations. Obviously, extremely dirty hands cannot easily be identified using a vein pattern recognition system. Also, current systems use cameras that are not portable—or certainly less portable than other technologies.

Applications. The technology can be applied to small personal biometric systems and to generic biometric applications, including intelligent door handles and locks.
Some businesses are using vein recognition technology for such applications as time and attendance (to prevent buddy punching), allowance and payment control, login and information protection, safe deposit box access, e-commerce, and membership management.

Body Salinity
This developmental system works by exploiting the natural level of salt in the human body. The system uses an electric field and salt’s natural conductivity to measure a tiny electrical current that is passed through the body. (The electrical current is approximately one-billionth of an amp, which is less than the natural currents already present in the body.) Speeds equivalent to a 2,400-baud modem have been claimed, yielding a data transfer rate of up to 400,000 bits per second.
Applications. Applications for this kind of biometric technology could include authentication of data transfer devices carried on the body, such as watches, mobile phones, and pagers. Also, applications could include “waking up” household appliances or devices as one enters a room.

Facial Thermography
Facial thermography refers to the pattern of heat in the face caused by the flow of blood under the skin. IR cameras capture this heat to produce a thermal pattern. Because the vein patterns in a person’s face are distinctive to each person, the IR thermal pattern they produce is also distinctive.

Limitations. While the underlying vein and tissue structure is stable, the dynamic nature of blood flow causes fluctuations and the appearance/disappearance of secondary patterns. Environmental conditions (such as ambient temperature) and the introduction of alcohol or drugs, for example, can alter the thermal signature of the face.

Applications. This technology is better suited to determine “liveness” of the subject (no thermal image indicates no life) than identification. Facial thermography, used in conjunction with other biometric technologies, could indicate a rested or fatigued person or determine physical condition, although this has never been demonstrated in any commercially available technology.
One major technical advantage of this technology is that it does not use infrared illuminators but rather relies on the infrared emissions generated by the face itself. This capability is extremely useful in surveillance applications, especially when it is necessary to detect people in dark places or at night.

A Double-Edged Sword
The search for the perfect assurance of our identity or uniqueness may not yet be over. But the technology of biometrics has clearly established that such an objective is not only achievable, but in early practical form, ready and waiting for effective use.
The issue of how this technology impacts the treasured right of privacy and civil liberties is a valid concern. Any advance in automated human identification can be a double-edged sword; abused by those who dismiss the importance of the individual for the “greater good,” yet also holding the potential as a tool for enhanced individuality and protection of identity when used properly. Achieving the proper balance is critical.

Russ Ryan is a vice president of the National Biometric Security Project (NBSP). The company’s mission is to help government and private-sector organizations protect the civil infrastructure from terrorist attacks via the timely deployment of biometric technologies for authentication and identification. NBSP provides the government and private sectors with authoritative training, product and technology testing and research and acquisition support to aid in the evaluation, acquisition and deployment of biometric technology. Mr. Ryan is responsible for NBSP’s private-sector outreach along with the management of the company’s strategic and marketing communications programs.