Measuring Life the
The former complex technology is fast becoming the most used for identity management; the main reason for this new trend is its promised accuracy By Sonam Gulati, eGov Bureau
se of biometrics is fast catching up in every sector all over the world. The former complex technology has now become the most simplified form of identity management. One of the main reasons for this is accuracy. For example, fingerprints are one of the most reliable modes for identification; the crossover accuracy of digital biometrics fingerprint technology has been calculated to be 1:500 for a single finger. Use of multiple fingers increases the accuracy exponentially. It is highly unlikely (estimated at 1 in 64 billion) that any two fingerprints would be identical and therefore impossible to tell apart. This is the factor where the technology of biometrics works. Fingerprints are one of the few parts of the human body which are unique in a way that they can never be duplicated or be same as anyone elseâ€™s and thus are used by biometrics. The other parts that can be used by biometrics are Iris/retina recognition (con-
sidered the most accurate), Facial recognition and Palm prints, DNA, Hand Geometry, Vascular Pattern. Biometrics as a technology, in simple words, measures a particular set of vital statistics of human body to determine/establish identity. However, the scope of using biometrics for identity management is limitless. In particular for India, the worldâ€™s second largest populous country, identity management is a challenging task. May 2011 / www.egovonline.net / egov
Type of Biometric
How Does it Work
analyses fingertip patterns
Easy and Economic
Time taking, can wither due to rigorous work
analyses features of colored ring of the eye
Most accurate, single sample taken can last a lifetime
Expensive, susceptible to poor image quality thus making sample redundant
measuring facial characteristics
Can capture the sample from a distance doesn’t require direct subject interface
Long hair, smile, low resolution images, poor lighting can affect the matching
analyses blood vessels in the eye
Speedy and accurate
Subject needs to be close to camera, expensive
analyses genetic makeup
Most accurate, chance of two people sharing one sample is one in a billion
Cannot be done in real time and a physical sample must be taken
Biometrics has lately gained momentum in India and is being largely used in almost all SMEs to enterprise offices, mainly for attendance in place of access card or time-sheets. But that’s not all, the most ambitious project of the country-Aadhar- which aims to give a unique identification number (UID) to all the citizens is using biometrics technology for identification. A unique number is being given to every individual in lieu of their iris, fingerprint and facial recognition encryptions. Any application that requires establishing the identity of individual has potential for implementing biometric technology. These days, even some laptops are embedded with fingerprint scanner that is used during the login process. Biometric algorithms are used to convert these biometric samples into biometric template, match against all the templates previously enrolled (de-duplication process) and
egov / www.egovonline.net / May 2011
store the new template if it is not duplication. It will complete the enrolment process and store the template along with background information (e.g. name, address) that will be used in the authentication process. Once enrolled, the system collects another sample of the individual, uses the same Biometric algorithms to convert this into biometric template and compares with the stored template (1:1 matching process). If it matches with the template against claimed identity of the person enrolled earlier, authentication process confirms identity, else rejects it. In this matching of identity, there are two kinds of errors that can occur, False Acceptance and False rejection. False acceptance is accepting the identity against a person who he/she is not and false rejection is rejecting the identity of a person who he/she is. “Biometrics is considered to be the most reliable technol-
ogy available for confirming the identity of a person. The biometric algorithms have evolved in the last years to such levels that the false rejection or acceptance errors have been reduced to a minimum level,” said Rajdeep Sahrawat, Senior General Manager, Tata Consultancy Services (TCS) on talking about the biometrics technology. “These particular errors can also be conquered by using a fusion of multiple algorithms, like using both iris and fingerprint for identification,” he added.
Technology per se Not all body parts can be used by biometrics for the purpose of identification. Biometrics as a technology can only identify algorithms that have certain key features like, universality; uniqueness; permanence of a feature measures how well a biometric resists aging and other variance over time; collectability - the ease with which acquisition of the template; performance, accuracy, speed, and robustness of technology used; acceptability, in terms of degree of approval of a technology; circumvention, ease of use of a substitute or susceptibility to duplication. Apart from the features above the identification part of the technology, which enrolls, matches and identifies the algorithm fed into it depends on certain key aspects which are as follows: Authentication speed- Time taken to identify or match the template fed is very critical as often while identity authentication is on, if it takes too long then the whole purpose of using a high-end technology is defeated. There is also a chance of it affecting the server if at the same time many templates are being fed across the sectors then it has a strong chance of affecting the server if the speed is not upto mark. Template size- the size of the algorithm being fed, whether it is a fingerprint or a niris or face recognition, should be in sync with the server because if too many big templates are fed the server might crash out. FAR & FRR- As mentioned above FAR refers to False Acceptance Ratio and FRR refers to False Rejection Ratio, for a successful biometric identification module both of these ratios have to be a bare minimum otherwise does not function as accurately as it should.
Can we afford it? “Five years back the usage of biometrics was not at a very impressive scale. Over time it
“Biometrics Simplifies Identity Verification” How practical is it to use biometric technologies in rural areas where fingerprint might get distorted due to manual labour? Usage of multi-modal biometrics (fingerprints and iris) enables UIDAI to successfully use biometrics even in the rural conditions. Since our biometric standard covers all the ten finger prints, it will be possible to find at least one finger which is authentication – worthy. The residents can be informed of their ‘golden’ finger.
R S Sharma, Director General & Mission Director, Unique Identification Authority of India (UIDAI)
Security of information stored in the central repository is a big challenge. How is it being dealt?
What are the advantages of using Biometrics over other technologies for identity management?
Aadhaar system at Central ID Data Reposi-
Three primary characteristics of ‘Aadhaar’ Number: Global (can be used across various applications), unique (one resident gets one identity), and permanent (remains same throughout the lifetime of the resident and is never assigned to anyone else) - allow Aadhaar system to offer a strong, portable national identity to every resident. Biometrics is the only mechanism to establish these characteristics. UIDAI has hence decided to use multi-modal (fingerprints and iris) biometrics for its purpose. Biometrics simplifies identity verification.
specific access control mechanisms. The data
has increased due to increase in awareness as well as reduction in cost. Today biometrics is a very affordable means for identity management, especially the fingerprint recognition mode,” said Ranjit Nambiar, Director of Sales - South Asia, HID Global. Talking about his associations with the government projects, he informed that HID Global has been associated in the T3 project of Airport Authority of India and he commented, “If you take Metro or Airport projects, cost is never a factor as security concerns are much more serious and thus affordability is never an issue.” The affordability of technology as such depends on project to project where a simple access control system in an SME might just take an economic fingerprint authentication device and a highlevel organisation such as Indian Space Research Organsation (ISRO) or any other threat-prone
tory (CIDR) is guarded both physically and electronically with several security zones and is secured with the best encryption and is also designed to be tamper-proof, and is stored in a highly secure vault. UIDAI has procured several technologies such as firewalls, network and host intrusion prevention systems, tamper-proof hardware security appliances (for securing encryption keys) to ensure that information stored at CIDR is fully protected. UIDAI has a comprehensive security policy to ensure the safety and integrity of its data.
organisation would opt for a multi-spectral technology which uses multiple identification algorithms. All in all the cost definitely has come down with many a small offices also opting for biometric to the earlier modes of identification. The UID project is a government investment where the data is being collected from all over the country to provide each citizen with one unique number which could be used in place of all other identification proofs. For UID there is no use as such of the data they are collecting and storing, thus their RoI would come from the various applications where this data may be used for matching the templates. For example, if a person wants a phone connection or a LPG connection, he/she will just have to provide the UID number and the verification would be done on its basis, the authorities may charge a fee on that matching of the algorithm.
Challenges The possibilities are endless, a biometric algorithm can be stored in a chip in a ‘Smart Card’ and be used by the person for various purposes, or it could be used for financial inclusion by giving such smart cards to BPL families for proper identification for micro-finance, also the biometric data could be used for basic identity management in various developmental programmes of the government where duplicate or multiple identities are the biggest problems. The possibility of misuse of information stored and illegitimate invasion of privacy of the individuals are the two biggest counter criticisms. “As far as privacy breach is concerned, first of all, Aadhaar project keeps the privacy concerns of a resident at the centre of the various technology applications developed and adopted. Secondly, The UIDAI will not reveal personal information in the Aadhaar database – the only response will be a ‘yes’ or ‘no’ to requests to verify an identity, thus privacy will never be compromised,” Said R S Sharma, Director General & Mission Director, UIDAI. With increasing use of the technology there are other operative challenges mushrooming too. Like maintaining the kind of support systems, using the right method to record biometrics and not over doing it. “The biggest challenge is Interoperability. There is a need for creation and follow-up of International Biometric standards to stop proprietary algorithm used in biometric technology. This will eventually reduce cost and build a sustainable model for the future,” commented Sanjeev Mathur, CEO, Smart Identity Devices Pvt. Ltd. Talking about cases where the finger might get cut or a person might get blind on other such circumstances where the template might not match despite being of that person only, Ranjit Nambiar of HID commented, “It is end of the day technology and it will always need manual techniques as a benchmark. It is not a standalone identity management solution. We would always need traditional forms of identification in place.” Biometrics or any technology cannot be a panacea or a nostrum for all our ailments but yet we can take from it what is relevant. Biometric identity management sure has some scope in a country like ours with a diverse population, as it is for all of us to witness a history which is in the process of beingwritten. May 2011 / www.egovonline.net / egov