Computer Science
An in-depth yet simple explanation about Biometrics

Traditional conceptions of trust and faith in the identity of those with whom we engage are occasionally far less trustworthy than we have been able to take for granted in the past. We live in a world that is becoming increasingly interconnected, and contact between individuals is increasingly mediated through some new electronic medium. As our lifestyle and societal growth evolve, we agree that the need for better and more flexible ways to sustain protection, Security, and confidence in daily transactions will eventually increase. If we become more reliant on automatic communications, the complexities of dealing with an ever-increasing number of different systems rise. Should we, for example, attempt to recall a new password for each system we use, or should we share passwords across all systems to minimize the likelihood of a memory loss and the resulting inconvenience? These issues, as well as many other facets of everyday life, have one thing in common: they all pose concerns about human identities in some way how can we prove that we are who we say we are? how can we be sure that another person is who they say they are?
Biometrics
Biometrics can be described as the scientific discipline concerned with calculating and applying a person’s characteristics or features that can be used to uniquely identify that person. Biometrics assumes that many of the physical or behavioral attributes of humans can be uniquely associated with an individual. It is possible to automate the process of person recognition by recording these characteristics using correctly crafted sensors, representing them in a digital format, and comparing this captured data against data obtained from the same person at a previous time case. Hence, biometrics identification or verification can be thought of as a pattern recognition problem, in which the computer recognizes the important features (patterns) of an individual’s biometrics characteristics and accurately matches them. In theory, any human characteristics or features can be used as a biometrics data source if it satisfies the requirements mentioned below:
Universality: The selected characteristic should be possessed by all. This is because a biometrics device would be inclusive, allowing as many users as possible to use it.
Uniqueness: In terms of the selected characteristic, no human beings can be similar. Because we should quantify characteristics that differentiate one person from another if we want to identify them.
Permanence: The chosen characteristic must be time-invariant. It is critical that any characteristic we select is calculated consistently, otherwise, a person can appear to be a different person at different times.
Measurability: The selected characteristic should be quantitatively scientifically measurable. It should be well specified to eliminate all ambiguity on what is being measured.
Biometrics technology is divided into two broad categories, which are as follows: Physical-based biometrics and Behavioral-based biometrics.
Physiological biometrics is the measurement of a person’s intrinsic physiological characteristics. The fingerprint is an obvious example of a physiological biometrics modality. This is actually part of a person’s basic physiological component, and although it can be changed to an extent for example, by trauma or injury it is not typically something that the person can control directly.
In behavioral biometrics, the measures are derived from a random or deliberately learned behavior performed by a person. The most apparent example here is where we use the handwritten signature as a source of biometrics data. Unlike Physical-Based Biometrics, which is naturally and always present, the signature only exists when a person writes it. Thus, Behavioral biometrics can be defined as: "Acquiring biometrics samples which require subjects to be active. They must perform a specific activity in the presence of a sensor. A behavioral characteristic is learned and acquired over time rather than based upon biology"
Commonly Used Biometrics Characteristics
No single biometrics is expected to effectively satisfy all of the criteria previously mentioned. In other words, no biometrics is perfect, but a variety of them are appropriate. The applicability of a particular biometrics is determined by the purpose and conditions of the application, as well as the properties of the biometrics characteristic. Below is a brief overview of some of the most widely used biometrics characteristics.
Fingerprints have been used for personal identification by humans for several decades. The formation of a fingerprint is determined within the first seven months of fetal development when ridges and valleys on the surface of a fingertip are formed.
Palmprints of the human hands contain a pattern of ridges and valleys just like fingerprints. The area of the palm is much larger than the area of a finger which means it has a lot more pattern than a finger. Thus, palmprints are assumed to be even more distinctive than fingerprints.
Iris is the annular region of the eye bounded by the pupil and the sclera on either side. The visual texture of the iris is formed during fetal development and stabilizes during the first two years of life. The iris color varies from person to person, but there is some consistency in the colors, which include green, blue, brown, and, in rare cases, even a hazel color. The iris’ primary purpose is to regulate the diameter and scale of the pupil. The pupil is the part of the eye that enables light to penetrate the eye and then travels to the retina towards the rear. The amount of light that can reach the pupil is, of course, a direct result of its ability to expand and contract, which is regulated by the iris muscles. When near-infrared light (NIR) is flashed onto the iris, many unique features can be observed.
The retinal vasculature has a complex structure that is meant to be unique to each person and each eye. It is believed to be the most stable biometrics since the biological fundamentals of the retina hardly change in the lifetime of the person. To visualize a predetermined part of the retinal vasculature, a person must look into an eyepiece and focus on a certain spot in the visual field. The image acquisition process necessitates the subject’s cooperation, eyepiece touch, and a deliberate effort on the part of the user. Many of these considerations work toward the retinal biometric’s public acceptance. The vasculature of the retina will expose any medical information such as hypertension, which is another factor deterring the public acceptance of retinal scan-based biometrics. Moreover, the public perceives retinal scanning to be a health threat, some people believe that a retinal scan damages the eye.
Face detection is a non-intrusive technique, and facial expressions are the most common biometrics features used by humans to identify one another. We can simply identify someone by looking into their face. There are some technical shortcomings in facial recognition. For example, if a facial recognition device captures an image of a person that is grossly overweight and then captures another image of the same person that has lost a significant amount of weight, the system would be unable to identify the person anymore.
Hand geometry recognition systems use a variety of dimensions taken from the human hand, such as its form, palm circumference, and finger lengths and widths. Hand geometry is not considered to be particularly distinctive, and hand geometry-based recognition systems cannot be scaled up for systems involving human identification from a vast population.
Gait refers to the manner in which a person walks, and is one of the few biometrics characteristics that can be used to recognize people from a long distance. This characteristic is very appropriate in surveillance scenarios where the identity of a person can be covertly established. The drawback of gait is that it is influenced by a variety of influences, including boots, dress, leg affliction, and walking surface.
Ear as a biometrics contains a large amount of specific and unique features. It’s been stated that the structure of the pinna’s cartilaginous tissue is distinct. Ear identification methods are dependent on matching the distance between salient points on the pinna and a landmark spot on the ear, or on the ear’s presence. Ear recognition may aid in the identification of a person based on a profile picture.
Voice is a combination of physical and behavioral biometrics characteristics. The form and scale of the appendages used in sound synthesis (e.g., vocal tract, jaw, nasal cavities, and lips) determine the physical characteristics of a person’s speech. These physical features of human speech are invariant for a person, but the mental elements of speech vary with age, medical condition, emotional state, and other factors. The fact that speech features are very vulnerable to factors like background noise and microphone functionality is a downside to voice-based recognition. However, it is still useful in telephone-based systems but the voice signal quality is usually degraded by the communication channel.
Keystroke. It is assumed that everyone types in a unique way on a keyboard. This biometrics is unlikely to be unique to each person, but it can provide enough discriminatory information to allow for identity verification. Keystroke dynamics is a behavioral biometrics. Significant intra-class differences in a person’s typing habits can be expected as a result of changes in an emotional state, user location relative to the keyboard, style of keyboard used, and so on. While a person is typing in details, their keystrokes could be tracked invisibly. The drawback of Keystroke is that typing patterns can be erratic and inconsistent as something like cramped muscles and sweaty hands can change a person’s typing pattern significantly
Signature. The way a person signs his / her name is considered to be a distinguishing feature of that person. While signatures necessitate interaction with the writing instrument and effort on the part of the author, they have been adopted as a means of identification in official, civil, and commercial transactions. Signature is a behavioral biometrics that varies over time and is affected by the signatories’ physical and emotional states. Some people’s signatures differ greatly from one another; even successive impressions of their signatures are noticeably different. Moreover, professional forgers may be able to imitate signatures that trick signature authentication systems.
DNA refers to deoxyribonucleic acid that contains the genetic information necessary for the development and functioning of living organisms. Except for identical twins, which have the same DNA pattern, DNA is the one-dimensional special code for one’s uniqueness. However, it is currently used mostly in forensic systems for criminal and victim discovery. The most sophisticated DNA matching technology needs time-consuming chemical methods that require an expert’s expertise and is not yet ready for online non-invasive identification.
Vein infrared thermograms. The pattern of heat emitted by the human body is unique to each person and can be captured by an infrared camera in a non-intrusive manner, similar to a normal photograph. While a thermogram-based device does not require touch and is non-invasive, image acquisition can be difficult in unregulated conditions with heat-emitting surfaces near the human body.
Odor. It is well known that each object emits an odor that is unique to its chemical composition, and this odor may be used to differentiate between objects. An assortment of chemical sensors is blown over a whiff of air surrounding an object, each sensitive to a certain group of (aromatic) compounds. A part of the odor produced by the body of a person (or any animal) is unique to that organism. It’s unclear if the variance of body odor may be detected despite the use of deodorants and the varying chemical composition in the surrounding.
How Biometrics Works
In practice, there are 2 most common usages of biometrics, verification and identification. Overall, both biometrics verification and identification consist of 2 phases. Enrollment and recognition.
Enrollment is a phase where you register or enroll your biometrics in a specific system. Each person’s biometrics data is collected and stored in a database alongside the person’s identity. Typically, biometrics data were analyzed to derive salient and distinguishing characteristics. The derived characteristics (extracted feature in machine learning term)are often retained, while the raw biometrics data is discarded. Nowadays it is very common to use convolution neural networks to handle feature extraction problems.
Recognition (identification and verification) is a phase where the biometrics data is re-acquired from the person and compared to the stored data to determine the user’s identity. Thus, a biometrics system is basically a pattern recognition system.

Said you have 50 employees in your company and you want to make an attendance system based on biometrics. The identification means the system is expected to identify whose the given biometrics belongs to. It uses Threshold to decide whether to identify the given biometrics or just reject it. The identification is correct if the given biometrics identity matches the identified biometrics.

Verification (also known as authentication) on the other hand is only for a single person. For example, you use a fingerprint to lock your mobile phone so that no one can use your phone other than you. The verification is simply to verify whether the given biometrics matches yours or not. It uses Threshold to decide authentication, if the similarity is greater than the threshold, the authentication is accepted otherwise rejected. Verification is correct if the given biometrics that belongs to the system (genuine) accepted while impostors are rejected.
Metrics for Biometrics
So how do we know whether a biometrics recognition system is good or not? The basic measures of accuracy of a biometric system are False Non-Match Rate (FNMR) and False Match Rate (FMR).
FNMR refers to the probability that two biometrics samples from the same user will be falsely recognized as a non-match. For example, an FNMR of 10% indicates that 10 in 100 verification attempts by genuine users will be rejected.
FMR on the other hand refers to the probability that two biometrics samples from a different user will be falsely recognized as a match. For example, an FMR of 10% indicates that 10 in 100 verification attempts by impostor users will be accepted.
In context of verification, FNMR and FMR are also known as False Rejection Rate (FRR) and False Acceptance Rate (FAR) respectively. FRR is a measurement of how often the system rejects genuine users while FAR is a measurement of how often the system accepts impostor users. FRR is given by FRR = total false rejection / total true attempts. FAR is given by FAR = total false acceptance / total false attempts. Since the verification is based on the threshold as we previously mentioned, it is impossible to minimize both FRR and FAR. Increasing threshold will result in decreased FAR but increased FRR and vice versa. As an alternative one can use the true acceptance rate (TAR) given by TAR = 1 – FRR.
In context of identification, a biometrics identification system, with N user identities enrolled, outputs a set of identities corresponding to the top t matches (1 ≤ t < N). The identification rank is defined as the rank of a user’s correct identity in the top t matches returned by the identification system. Errors in identification systems can be divided into two categories false-positive identification rate and false-negative identification rate.
False-positive identification rate (FPIR) is a measurement of how often the system returned an identity for a user that is not enrolled in the system.
False-negative identification rate (FNIR) is a measurement of how often the system returned an identity for a user that is enrolled in the system but his identity is not among those in the identification rank.
A quantity related to the FNIR is the true positive identification rate (TPIR), which is a measurement of how often the system returned an identity for a user that is enrolled in the system and his identity is among those in the identification rank. Thus, FNIR = 1 – TPIR. If the identification system only returns the topmost identity (t = 1), in TPIR it is called the rank-one-accuracy and this metrics is one of the most commonly used metrics to compare different biometrics identification systems.
Advantages of Biometrics
- Hard to fake
- Easy to use
- Nontransferable
- Unlikely to change
- Doesn’t require memorizing
Disadvantages of Biometrics
- Expensive
- The database storing biometrics data still can be hacked
- Wrong identification or verification still can be happen
- Can’t identify injured biometrics
Conclusion
Biometrics can be described as the scientific discipline concerned with calculating and applying a person’s characteristics or features that can be used to uniquely identify that person. Biometrics assumes that many of the physical or behavioral attributes of humans can be uniquely associated with an individual. Thus, It is possible to automate the process of person recognition by recording these characteristics using correctly crafted sensors, representing them in a digital format, and comparing this captured data against data obtained from the same person at a previous time case. By doing so, we don’t need to memorize a lot of passwords anymore.
References
Biometrics: A Very Short Introduction (Very Short Introductions)
Introduction to Biometrics | Anil K. Jain | Springer
The Science of Biometrics: Security Technology for Identity Verification