Biometrics Masterclass [Part3]: What customers want

Over the past couple of months we have looked at the evolving market that is biometrics and discussed some of the leading technologies in the marketplace. We have explained what biometric technologies are, and provided an overview of the types of applications that may use biometrics and also highlighted some case studies showing biometrics at work.

In this issue we will take this a step further and look in detail at the implementation of a biometric solution, and consider some of the salient points when applying a biometric solution based upon a customer's user requirements.

As previously highlighted, biometrics are now being adopted in a number of market sectors and are providing installers and users alike with new solutions in the security arena. These solutions provide the capability, not only to offer increased security levels and control, but also the ability to fully integrate with existing security measures. However, biometric solutions must be designed and implemented in the correct manner and system integrators need to fully consider the system's operational and technical requirements.

The Biometric Solution:
Operational Requirements
The operational requirements provide the ground work on which baseline system architectures can be developed, and also define the specific needs of the operating system based upon the customers needs.

Well defined operational requirements will increase the efficiency of implementation, control and future expansion of a system. These considerations must be made to develop a broad understanding of the system requirements.

Existing operational requirements
Desired operational requirements
The above may sound fairly simplistic. However it is important to understand the role of operational requirements and how they can assist in the implementation of a successful biometric application.

From previous articles we have highlighted that different biometric solutions can provide advantages when used in specific environments, and also that usability and scalability are key features to consider when applying a specific technology to the benefit of the customer.

Therefore, defining the operational requirements will provide a benchmark not only for the system design, but also highlight the biometric that best suits the application.

In order to highlight the specific need for Operational Requirements I think we can apply similar guidelines that most security professionals are familiar with: that is the guidelines issued by the PBDB (Police Scientific Development Branch) in relation to Operational Requirements for CCTV systems. Although these requirements are not exhaustive, for the implementation of a biometric solution they can provide a good benchmark for evaluation. The following list outlines the advantages of the Operational Requirement checklist issued by the PSDB:

• Applicable to any size or type of system at any time of its life from initial concept to review
  
• Provides a framework for discussion and collation of the views of all stakeholders
  
• Identifies the role that the system will play in an overall security strategy
  
• Identifies relevant and realistic performance goals
  
• Defines key factors to be included in a test specification and acts as a reference point for the analysis of test results
  
• Exposes conflicts of opinion especially in multi-agency schemes
  
• Allows priorities to be set for implementation and operation
  
• Shows future needs for system expansion at the outset
  
• Basis for planning, phased implementation and investment appraisal
  
• Separates operational and technical decision making
  
• Reassures through commissioning tests and routine audits that performance is linked to current or anticipated needs
  
• Provides audit trails for decision making.

Key Biometric Measurements
As it is not possible to consider all the Operational Requirements in detail within this article, we can review some of the key considerations that must be made when providing a biometric solution.

The need to establish personal identity occurs, for most of us, many times a day as we seek access to physical spaces, computers, bank accounts, etc. As we have previously discussed, identity is established by something we have (a car key, driving licence, credit card), something we know (computer password, PIN number) or some unique and measurable biological feature (our face, recognised by a security guard or colleague).

The most secure means of identity is a biological (or behavioural) feature that can be objectively and automatically measured and is resistant to impersonation, theft or other fraud.

Biometrics include fingerprints, facial features, hand geometry, voice features, and iris features, among others. Most biometrics are used for verification – using a biometric measurement to authenticate a claimed identity. Some biometrics, including fingerprints and iris features, are also capable of identification. This means that we determine the true identity of an unknown person by comparing his or her sample measurement to a collection of templates in a biometric database, without requesting a claim of identity. It is these key features that we can apply to the Operational Requirement of the system and therefore establish some key decisions on the type of biometric that will be used and how the system's configuration will meet specific needs.

Biometric Performance
Performance of biometric systems are character-ised in terms of error rates and speed. There are two common types of errors as outlined below. However, the consideration of error rates is important when defining the specific use of a particular biometric solution. It is also important to consider the functionality of the system, and clearly define the realistic operational performance and acceptable limitations of the customer. FRR and FAR rates can provide outline guidance to the performance of a biometric device. However, it is also important to consider tolerance levels and the customer's perceived performance acceptance level.

FRR Rate (False Reject Rate)
When a biometric measurement from a live subject is compared to that subject's enrolled template and the system fails to match the two, a "false reject" event occurs. The probability of this happening is the False Reject Rate or FRR.

FAR Rate (False Accept Rate)
There is also a possibility that the measurement from a live subject will be so similar to a template from another person that a match will be (erroneously) declared. This second type of error is called a "false accept" event and the associated probability is called the false accept rate or FAR. The FAR achieved by a particular biometric directly reflects the fundamental power of the technology. To achieve a low FAR the biological entity measured must be absolutely unique to the individual, and the algorithm used to measure the entity must capture this uniqueness very effectively.

The specific performance of the biometric device can have a bearing on the operation of a system. When implementing a biometric solution it is important to consider many elements related to the organisation and clearly identify the throughput of users and the speed and accuracy required. One further key consideration is the system's scalability and any performance related restrictions if the system's scope is increased.

For example, we can consider the following basic requirements that were issued for the implementation of a large scale biometric system to implement an integrated approach for providing 'Proof Positive' identification:

System Overview
Develop an integrated application Biometrics that can sustain the pressures of a nationwide project such as:

• Immigration / border control
  
• Prisons
  
• Passport/ID
  
• Blacklist control

The Performance Requirements

• Accuracy – One : Many
  
• Speed – Must be real-time. (> 10 seconds)
  
• Multi-user & Scalability
  
• Must allow remote clients to search the same database
  
• Accommodate databases larger than the storage capacity of one single CPU memory (tens of millions of records)
  
• Synchronisation of detached databases
  
• Ease of use

A detailed solution was provided for this application. However, it can be seen from the above example that not all biometric devices can be applied to every application and it is the role of the system integrator to develop detailed user and operational requirements to identify best-fit technology.

Biometrics is a growing field in the provision of security facilities and offers both simple solutions and large scale and cross border facilities. To this effect, the potential of this market sector is vast and (to quote Bill Gates) "Biometric technologies will be the most important IT innovations of the next several years".