What is biometrics?
The strict definition of biometrics is: the science involved with the statistical analysis of biological characteristics. The computer industry has adopted this term; however it changed its meaning. Biometrics in the computer industry means: the verification and/or identification of a person’s identity using unique biological characteristics and with the use of information technology.
Individual persons can be identified by their biological characteristics like fingerprints, voice, face, eyes, hands, etc. Humans do this every day by using their senses and memory. Identification by an automatic system, requires the persons’ biometric to be ‘read’ by the system and stored digitally during enrollment or, for instance, during criminal investigations. If the identity of an enrolled person subsequently needs to be verified, the biometric characteristic must be ‘read’ again, which can be compared with the previously stored digital information. If they match, the person is identified.
Biometrics and biometric authentication are often used to denote the same thing.
Why do we use biometrics?
Using biometrics, individuals can be identified with very high assurance, because it is very difficult to change or falsify biometric characteristics. Additionally, individuals’ identities can be verified with very high assurance, because biometric characteristics are not transferable, cannot be forgotten or lost and therefore potentially are very secure. Biometric authentication techniques are superior to human recognition schemas in terms of not getting tired, bored, distracted or prejudiced. The only thing biometric authentication systems lack is a ‘sixth sense’. That’s why biometric authentication sometimes must be used next to the old-fashioned human gatekeeper or customs officer.
Where are biometrics used?
Biometrics can be used for applications that require identification of individuals, strong authentication of identity and non-repudiation.
Historically, biometrics has been used mostly in the computer and physical security industry, where strong authentication methods to control access to physical locations or computer systems were needed. The simplest form of authentication is to enter a password or PIN (knowledge). A more secure authentication method is the use of smart cards or tokens. Combined with passwords or PIN, somebody must know something (PIN) and must posses a certain object (token), which is much stronger than just knowing a secret. Additionally there is a third form of authentication which involves biometrics characteristics, i.e. being somebody.
Recently, a growing need for stronger identification mechanisms for citizens, travellers, asylum seekers, etc, has increased the use of biometrics technology and is expected to drive the biometrics market in the foreseeable future. A prominent example of this is the use of biometrics on passports, ID cards, drivers’ licenses, etc. to provide a stronger authentication mechanism than the current pass photo.
Additionally, biometrics can be used for non-repudiation. Non-repudiation is needed for financial and pharmaceutical transactions, strong audit regimes and unambiguous identification of persons that claim a different identity (asylum seekers for instance). After being identified and authenticated using biometrics, a person cannot deny having engaged in a transaction. It is expected that the current legislation (FDA) for the pharmaceutical industry will be a second major driver of the biometrics market.
General documentation on Biometrics
