Biometric recognition refers to the use of distinctive physiological (e.g., fingerprints, face, retina, iris) and behavioral (e.g., gait, signature) characteristics, called biometric identifiers (or simply biometrics) for automatically recognizing individuals. Perhaps all biometric identifiers are a combination of physiological and behavioral characteristics and they should not be exclusively classified into either physiological or behavioral characteristics. For example, fingerprints may be physiological in nature but the usage of the input device (e.g., how a user presents a finger to the fingerprint scanner) depends on the person?s behavior. Thus, the input to the recognition engine is a combination of physiological and behavioral characteristics. Similarly, speech is partly determined by the biological structure that produces speech in an individual and partly by the way a person speaks. Often, a similarity can be noticed among parent, children, and siblings in their voice, gait, and even signature. The same argument applies to the face: faces of identical twins may be extremely similar at birth but during development, the faces change based on the person?s behavior (e.g., lifestyle differences leading to a difference in bodyweight, etc.).
A biometric system is essentially a pattern recognition system that recognizes a person by determining the authenticity of a specific physiological and/or behavioral characteristic possessed by that person. An important issue in designing a practical biometric system is to determine how an individual is recognized. Depending on the application context, a biometric system may be called either a verification system or an identification system:
? A verification system authenticates a person?s identity by comparing the captured biometric characteristic with her own biometric template(s) pre-stored in the system. It conducts one-to-one comparison to determine whether the identity claimed by the individual is true. A verification system either rejects or accepts the submitted claim of identity (Am I whom I claim I am?);
? An identification system recognizes an individual by searching the entire template database for a match. It conducts one-to-many comparisons to establish the identity of the individual. In an identification system, the system establishes a subject?s identity (or fails if the subject is not enrolled in the system database) without the subject having to claim an identity (Who am I?).
The term authentication is also frequently used in the biometric field, sometimes as a synonym for verification; actually, in the information technology language, authenticating a user means to let the system know the user identity regardless of the mode (verification or identification).
Throughout this book we use the generic term recognition where we are not interested in distinguishing between verification and identification.
The block diagrams of a verification system and an identification system are depicted in Figure 1.1; user enrollment, which is common to both tasks is also graphically illustrated. The enrollment module is responsible for registering individuals in the biometric system database (system DB). During the enrollment phase, the biometric characteristic of an individual is first scanned by a biometric reader to produce a raw digital representation of the characteristic. A quality check is generally performed to ensure that the acquired sample can be reliably processed by successive stages. In order to facilitate matching, the raw digital representation is usually further processed by a feature extractor to generate a compact but expressive representation, called a template. Depending on the application, the template may be stored in the central database of the biometric system or be recorded on a magnetic card or smartcard issued to the individual. The verification task is responsible for verifying individuals at the point of access. During the operation phase, the user?s name or PIN (Personal Identification Number) is entered through a keyboard (or a keypad); the biometric reader captures the characteristic of the individual to be recognized and converts it to a digital format, which is further processed by the feature extractor to produce a compact digital representation. The resulting representation is fed to the feature matcher, which compares it against the template of a single user (retrieved from the system DB based on the user?s PIN). In the identification task, no PIN is provided and the system compares the representation of the input biometric against the tem- plates of all the users in the system database; the output is either the identity of an enrolled user or an alert message such as ?user not identified.? Because identification in large databases is computationally expensive, classification and indexing techniques are often deployed to limit the number of templates that have to be matched against the input. Biometric-based authentication applications include workstation, network, and domain access, single sign-on, application logon, data protection, remote access to resources, transaction security and Web security. Trust in these electronic transactions is essential to the healthy growth of the global economy. Utilized alone or integrated with other technologies such as smart cards, encryption keys and digital signatures, biometrics are set to pervade nearly all aspects of the economy and our daily lives. Utilizing biometrics for personal authentication is becoming convenient and considerably more accurate than current methods (such as the utilization of passwords or PINs). This is because biometrics links the event to a particular individual (a password or token may be used by someone other than the authorized user), is convenient (nothing to carry or remember), accurate (it provides for positive authentication), can provide an audit trail and is becoming socially acceptable and inexpensive