Fingerprint Verification and User Identity Seminar

[born_for seminars]

ABSTRACT
Biometrics is the science of measuring and statistically analyzing biological data. By using biometric technology, the body itself becomes a password. Computerized scanners confirm the identity of a person by collecting information on a distinctive biometric attribute, converting it into extremely complex algorithms, then by comparing the data with a digital file in order to determine if there is a match. As biometric systems are deployed as part of identification programs, implementation issues relating to user privacy are paramount. The tie between the actual identity of an individual and the daily use of the biometric is delicate and provokes much debate, particularly relating to privacy and societal issues. This paper seeks to clarify some of these issues by providing a framework, and by distinguishing between the technology and societal issues.
INTRODUCTION
An individual’s identity is represented by a series of identifiers; for example, societal identifiers such as passport number, and social security number, and commercial identifiers such as credit card numbers, network accounts, and telephone numbers. Typically, these identifiers are “spawned” from so called breeder data or documents, such as a birth certificate or passport, that are used to establish the uniqueness of an individual. The role of a biometric system is to recognize (or not) an individual through specific physiological or behavioral traits. The use of the word recognizes is generally defined as “identify as already known”. In other words, a biometric system does not establish the identity of an individual in any way; it merely recognizes that they are who they say they are (in a verification system), or that they were not previously known to the system (in a “negative identification” system, for example, to avoid double registration in a program).
Biometric systems can be implemented in three modes:
1) A biometric can be used in a “negative identification” mode to establish that an individual is unique according to the range of previously acquired biometrics captured in this manner. This can be used as a component of the “background search” to establish the unique identity of the individual.
2) A biometric can be used in a “positive identification” mode to establish that a user is a member of an approved list of users.
3) A biometric can be used in a “verification” mode that the individual is the valid holder (either physically or logically) of the identifier by which they are known to the application or system.
The fact that identification can be used to achieve two modes of operation, positive and negative, means that the holder of a biometric template that is used for one purpose can use it for the other. Biometrics is typically analyzed in a particular way (typically known as the algorithm). For example, a fingerprint can be analyzed on a feature (minutiae) basis or on a pattern basis. This “function creep” is the biggest fear of privacy advocates. For example, the use of a finger minutiae record to establish that a user is eligible for enrollment in a passport system, could potentially be used to link to another database for other purposes. Templates that are created purely for the purposes of verification, such as the Bioscrypt template, are not designed for use with biometric identification. This explicitly limits the potential misuse of such templates and helps to maintain user privacy, as described below. Verification may be a simple one-to-one matching, or it may support a few users, or few fingers, enrolled in a system.