Introduction

The objective of biometric recognition is always to establish the identity of a person (identification) or to confirm or disprove the claimed identity (verification). For example, authorised people are separated from unauthorised ones. Authenticity and thus conformity of an asserted identity with the actual identity is, along with confidentiality, integrity and availability, one of the prominent security objectives in the information technology context. From the three possibilities of authenticating the identity of people on the basis of knowing information, being the holder of an object or simply existing, biometric systems that with recognition technology are the most suitable for ensuring authenticity. While in the case of knowing an artificially generated code such as a PIN or a password, and in the case of being in possession of an item such as a card, is only indirectly and temporarily assigned to a specific person by being allocated intentionally, characteristics from simply existing such as physical features or behaviour are directly and – inasmuch as they are relevant for biometrics – usually permanently part of a person. In general, a person cannot be separated (intentionally or involuntarily) from these features or traits.

In terms of the etymology, biometrics is the technique of recognising a person based on personal characteristics: Greek; bios=life, metron=measure or metrein=measure. Biometric recognition is based on measurable, individual body characteristics. In addition, biometrics is related to numerical i.e. mathematical description and measurement in biology, primarily in the area of statistics (referred to as "biometry"). This distinction between biometrics and biometry is that the latter covers a much wider field and also includes statistical applications of biology and medicine. The objective of biometric recognition by a biometric system is to make a person distinguishable from others by means of automated measurement through a specific characteristic. To achieve this, it must (in contrast from forensics) automatically recognise a living individual in real time.

A distinction is drawn between biometric procedures and systems. A biometric procedure is a mechanism based on biometric recognition for authenticating a person on the basis of their personal, biological characteristics by using appropriate recognition devices. A biometric system is a combined hardware and software framework for biometric identification or biometric verification of identity that operates using biometric procedures.

As various body or behavioural characteristics can be attributed to a specific person, biometric procedures are possible. This involves users being recognised on the basis of their individuality. Physical characteristics are usually inseparable from a person's body, meaning they do not have to be artificially assigned to the authorised person before they can be used as an authentication method. These characteristics are different in that they are not loosely related to the person, they are directly linked to the person and actually derived from them. Physical characteristics usually cannot be lost or forgotten in the same way as items or information that are only artificially assigned to a person. People do not have to remember physical characteristics as they are inseparable from us. In general, the characteristic cannot be kept secret. In contrast, many of the physical characteristics used for biometric recognition, such as the face and fingers, are exposed. However, biometric characteristics cannot ultimately be transferred or passed on. If a physical feature is correctly assigned to a person, this feature can be used to ensure that the person present is in fact the assumed or claimed identity. As a result, there are major advantages compared to authentication methods based on the principle of knowing information or possessing an item.

Historical development of biometrics

Over the course of previous centuries, peoples' identities have been authenticated using various methods. Archaeological findings indicate that fingerprints were used as a form of identification thousands of years ago by the Assyrians, who marked clay artefacts with the potter's fingerprint. In the Tang Dynasty (618-906 A.D.), the fingerprints were first used as a legal signature for contracts. In the era of the Pharaohs, a person's size was used as proof of authorisation.

Measuring people for identification purposes has been common practice for a long time, especially in criminal prosecution. In 1858, the first recommendations were put forward for the use of fingerprints in criminology. In the same year, fingerprinting was first used in an area in British India by Sir William Herschel to authenticate contracts with merchants. In 1879, Alphonse Bertillon developed a measuring system that already tried to achieve the fundamental objective of identification using physiological characteristics. Based on this system, the method was introduced in police forces all over the world at the beginning of the 20th century. In 1892, Sir Francis Galton, statistician and cousin of Sir Charles Darwin, was the first to discover that the fingerprint is unique to each individual and generally does not change over the course of life. In 1897, New Scotland Yard identified criminals for the first time using fingerprints. In Germany a fingerprint system was used from 1901 onwards and officially introduced in 1903. Based on this, dactyloscopy has been in use in Europe since around the turn of the 20th century.

However, automation fingerprint identification did not take place until years later. In the sixties, work also commenced on automated fingerprint recognition in the non-forensic sector for high-security systems. Designs for hand geometry recognition systems followed in the seventies. In the mid-eighties, procedures for retinal and iris recognition were developed. By the time the end of the eighties came, the first iris recognition method was patented by John Daugman. Biometric systems based on neural networks have been in use since around 1995. From 1994 to 1996, the US Department of Defense put out to tender and coordinated the first programme for facial recognition procedures. This resulted in the first wave of commercialisation of biometric systems, which then led to the development of market competition for relevant products.

Biometric characteristics and procedures – basic procedure

Biometric characteristics are always based on three parts. Firstly, they are formed through genotypes, i.e. they are genetically determined and therefore partly hereditary. Secondly, they emerge in an embryonic phase on the basis of random processes, i.e. randotypically, and remain present throughout life. Lastly, they are behaviour-controlled and conditioned as a result and can to some extent be acquired and changed.

A distinction is drawn between biometric procedures that work with physiological characteristics and those that use behavioural characteristics. The characteristics are either unchangeable, or changeable and thus depends on the process. However, the distinction between static and dynamic procedures based on this cannot always be observed. This is because a procedure that is static in principle and works with characteristics that do not change can also involve variable parts through the specific application and thus become dynamic. This applies when a speaker recognition or signature verification system that is static in itself also uses a password that can change.

Procedures that use physiological characteristics are generally based on the use of passive characteristics such as the face, iris, fingers or hand. However, procedures that use behavioural characteristics are fundamentally based on an active action such as a signature, speaking or keystrokes. They are thus based on examining the person-specific characteristic parts of human actions. Behavioural procedures are always subject to natural variations. However, they also always involve a physical component, which usually dominates the feature selection of biometric systems, and thus always represent a manifestation of a static feature. For example, while they way a person write their signature is always different, it is fundamentally determined by the motor system of the person signing, which does not change, just like a person's voice is largely determined by the structure of the mouth and throat.

Biometric recognition process

The basic principle of biometric recognition is the same for all systems. While biometric systems frequently have highly customised technological designs, all of them involve the components of personalising or registering the user in the system (enrolment), capturing the biometrically relevant characteristics of a person and the creating data sets (templates) as well as the comparing the latest data with the previously stored data (matching). Capturing biometric characteristics occurs both during the initial capture for creating the reference data set and during the subsequent capture for recognition by sensors such as camera, microphone, keyboard, pressure pads, odour sensors or fingerprint sensors.

For capturing a person in a biometric system, an image of the original feature is first created and recorded, which is the raw data in the process. The next step uses an algorithm – usually manufacturer-specific – to convert the original image is into a data set referred to as a template. This contains the extracted data set from the recorded data. In contrast, for clear image comparison no template is generated, but the original image is saved as a reference image and compared with a new original image.

Lastly, the matching step performs a comparison between the stored template and the data set generated when the feature is shown again to the biometric system. If there is a match, the device indicates that the user has been recognised. By nature, capturing, evaluating and comparing biometric characteristics is subject to measurement errors, as the characteristics used can change over time. This can be caused by natural changes, such as age-related changes, but also by external influences such as injuries or illnesses. In addition, there are external changes in appearance such as changes to hair (hairstyle, beard), wearing glasses, contact lenses or changes in cosmetics. Furthermore, users never present the feature in the exact same way to the system. For example, the position of the finger on a fingerprint sensor or the angle of the face changes slightly on each use. This means that two digital images of a biometric feature are never identical.

As a result, it is not possible to achieve an exact data match. The actual decision on match or non-match is in fact based on previously set parameters that establish a tolerance range in which biometric data are recognised as "the same" by the system. In other words, the biometric characteristics are not tested for an identical match, but only for "sufficient similarity". As a result, biometric systems can only specify with system-typical probability whether the person is the real authorised person.