Biometric identification
Biometric identification is often called pure or real authentication, since it is not a virtual, but actually related to a person biometric sign (identifier) that is used.
A specific feature of biometric identification will be the large size of the biometric database: each of the biometric samples must be matched with all available records in the database (1: N or one-to-many matching). For use in real life, such a system requires a high speed of matching biometric features.
Example:
The number of employees of even a large enterprise is from several hundred to several thousand people. Take 10,000 employees as an example. This means that the size of the database (we assume that one fingerprint is used for one person) will be 10,000 fingerprints. When you put your finger on the fingerprint reader, the system will make a mapping of 1:10 0000. Which is very little for modern systems. That is why all access control or time attendance systems operate in biometric identification mode.
On the other side of the pole - verification systems, they usually make only one comparison in 1: 1 mode. That is, the presented biometric feature is compared with one biometric feature from the database. That is, the system answers the question of whether you are who you claim to be.
Biometric Authentication
We will use this term quite often, despite its importance, confusion often arises, because in different types of systems the definitions of this term differ, for example, in banking and legal systems.
We, accordingly, will give definitions of these terms for biometric systems.
Authentication (from English - authentication) is a procedure for checking the identity of the access subject of the identifier presented by him. A simple example of authentication is confirming the identity of a user by comparing the login he entered with a password in a database of previously identified users. In this example, authentication is the process of comparing passwords, and the subsequent either granting access or refusing, and the identifier will be just the login.
Authentication methods can be grouped into three main categories based on what are called authentication factors: what the person knows, what the user owns, or something that is a sign of the person.
In biometrics, two authentication methods are distinguished:
Each authentication factor encompasses a range of elements used to authenticate or verify a person's identity prior to granting access, approving a transaction request, signing a document, authorizing others, etc.
Knowledge based authentication, such as using a password or pattern. The use of a password is technically easy to implement, both in software and in any specialized devices. But just as easily, a password can be compromised, for example, by a spyware or a computer virus, which in many cases can be downloaded to the user's devices from the Internet. And when it comes to devices (for example, a PIN code reader), the password can be trivially spied on. All this does not prevent Old Believers from using PIN code readers quite often in access control systems.
PIN code readers - price from $ 30.
In addition, people usually choose simple and common passwords and, as it turned out, equally common pattern keys, thereby making strong authentication using the knowledge factor impossible.
One of the most egregious cases of setting a simple password is setting the launch confirmation code: "00000000" on all nuclear missiles in the United States. Yes, yes, these are the famous codes that any self-respecting terrorist is chasing after in Hollywood blockbusters.
This information became known from the memoirs of Officer Bruce Blair, who served on the launch of the LGM-30 Minuteman ICBM
Back in 1962, President Kennedy had the bright idea that it was not states that could start a nuclear war, but terrorists, foreign sabotage or other special services, or that it was much more likely that a serviceman who had just gone cuckoo against the background of aggravation of anti-communist sentiments in the United States. In short, anyone who has physical access to a nuclear arsenal.
To protect against unauthorized launch, the National Security Action Memorandum 160 was issued, according to which every nuclear missile in the United States had to be equipped with a special Permissive Action Link (PAL) control device that blocked the launch system until the correct code was entered.
The defense system ensured that an unauthorized person with access to the US nuclear arsenal could not activate it. The Permissive Action Link (PAL) system was considered completely reliable. The eight-digit code implied one hundred million combinations. It sounds, but the local warriors decided not to bother and always set the code "00000000".
There are more sophisticated ways to confidently compromise almost any password, for example, using thermal imaging equipment. When working with the keyboard, your fingers leave thermal traces, and it is these that the thermal imager allows you to fix. The method was investigated by scientists from the University of Stuttgart and the Ludwig Maximilian University of Munich.
Create carousel Add description for ACM CHI 2017. Impact of heat attacks on mobile user authentication
Social engineering techniques have also been shown to be highly effective in compromising passwords. The guys from Positive Technologies have collected statistics on the effectiveness of attacks using social engineering methods. During the experiment, they imitated the activity of hackers and sent messages to employees of the customer companies, containing: attachments, links to web resources and forms for entering passwords. A total of 3332 letters were sent, in 17% of users' passwords were compromised. An important figure of 17%, if your company becomes the target of a planned hacker attack, this is how many percent of computers will be compromised. Ownership based authenticationis usually more secure, but depends on a physical key / card / phone, etc., which can be copied, stolen, lost or simply forgotten at home, the latter, according to the law of meanness, happens at the right time.
Do not forget about the fairly common practice when employees celebrate the arrival / departure of each other. In the states, companies are losing $ 373 million on this, according to 2017 data.
There is also a cost of ownership associated with making any custom physical device to authenticate the owner. For enterprises with thousands of employees, this can be millions $ per year.
The boom of biometrics in the modern world
While someone with perseverance worthy of a better application is sawing videos about the devilish nature of biometric identification, biometrics has already quietly covered almost all spheres of human activity.
And it looks like the only chance to face the apocalypse is to choose an incompetent vendor or contractor for the implementation of biometrics.
The first massive arrival of biometrics was launched on September 10, 2013 by Apple, presenting to the public the fingerprint reader built into the iPhone 5s - Touch ID. The sales volume for 2017 amounted to 1.5 billion pieces, 11% of smartphones on the Yandex market have a built-in fingerprint.
The second milestone is biometric passports. In Russia, in 2009, they began to issue a new generation of passports containing an electronic data carrier - a contactless chip). The data on the chip of the Russian passport is protected using the BAC (Basic access control) access control technology and contains - a photo of the passport holder, fingerprints, information about the holder's date and place of birth, the date of issue of the passport and the authority that issued the document.
Add a description.
Create carousel
Obviously, such popularity can only be dictated by advantages over any other methods of identification and authentication.
The benefits of biometrics have already led to widespread adoption of fingerprint sensors in mobile devices such as smartphones and tablets. But there are many more types of biometric technologies than just a fingerprint, they will become widespread in the near future.
Basic types of biometrics
In general, biometric identification systems are divided according to the principle of operation into two main types: static and dynamic.
Static (physiological characteristics)
• Fingerprints or papillary lines (Fingerprint)
• Iris (iris)
• Retina (retina)
• Vein pattern
• Face
• Hand geometry
• Cardiac rhythm
• DNA
• Multimodal identification
Dynamic (behavioral characteristics)
In the English-language literature, the term "behaviometrics" is often used to refer to this class of biometrics.
• Handwriting and signature dynamics
• Heart rate
• Voice and speech rhythm
• Gesture recognition
• Speed and features of working on a computer keyboard (or typing a code on a code pad)
• Gait
Qualitative characteristics of biometric systems
Statistical Methods.
These estimates are among the most important, as a rule, they are indicated by the manufacturer among the key characteristics of biometric equipment.
FAR - False Acceptance Rate - the probability of false identification of a user who is not in the database.
FRR - False Rejection Rate - the probability of
refusal to identify a user in the database.
Fingerprint identification / fingerprinting
Despite the long history of the use of fingerprinting in forensic science, the detailed principles of the formation of the papillary pattern have become known not so long ago. Simply put, the formation of the papillary pattern is influenced by DNA and the conditions for the formation of the fetus. That is why even identical twins have different fingerprints, although they are similar. Fingerprint formation occurs during the first three months of pregnancy.
Structurally, two types of scanners are distinguished - broaching and full-contact sensors.
In longitudinal scanners, only a small narrow area of the print is scanned at once.
When you slide (swipe) your finger across the scanner, several frames are created, which allows you to collect a complete image of the fingerprint. Most often, such scanners can be found built into laptops or connected to a computer via USB.
The smaller size of the broaching scanner sensor reduces its cost, but on the other hand, capturing the fingerprint becomes more difficult, due to many variables, such as the speed of swiping the scanner, the angle of the finger, all this will lead to a higher number of false denials of access (FRR ).
A full-contact scanner is often also called a contact scanner; it captures the entire scanned surface applied to the scanner at once. Accordingly, as a rule, they are made either in the form of a circle, an oval or a rectangle.
The advantage of a contact scanner is that it immediately captures the entire scanned area, which significantly speeds up scanning and reduces errors. Currently, contact scanners are the most common fingerprint readers.
broaching and contact scanners can use any technology described below.
Capacitive scanners
Capacitance is the ability of a conductor to store an electrical charge. A capacitive fingerprint sensor generates a fingerprint image using an array containing many thousands of small capacitor plates. The matrix plates constitute the “pixels” of the image: each of them acts as one capacitor plate with parallel plates, while the dermal layer of the finger, which is electrically conductive, acts as another plate and non-conductive. The epidermal layer is like a dielectric between them.
When a finger is placed on the sensor, weak electrical charges are generated that form a pattern between the ridges or valleys of the finger and the sensor plates. Using these charges, the sensor measures the capacitance of the capacitance on the measured surface. The measured values are digitized by the sensor logic and then sent to a neighboring microprocessor for analysis.
Capacitive scanning technology allows you to obtain an image of a print due to the difference in electrical potentials in individual areas of the skin. These devices are somewhat cheaper, but more vulnerable than optical ones: a simple breakdown (caused, for example, by a discharge of static electricity) is enough for the elements of the scanning matrix to fail and the recognition quality deteriorates.
Passive capacitive scanners
It is passive capacitive fingerprint sensors that are sensitive to static discharges, as well as dry or damaged finger skin. But they do quite well with different lighting conditions.
The main limitation of passive capacitive sensors is the minimum thickness of the protective coating, as they are based on the analysis of static charges between the finger and the sensor.
Capacitive sensors cannot be fooled simply by printing an image of a papilloma drawing on paper. The more significant advantage of capacitive scanners is that they are more compact and therefore easy to integrate into portable devices. It is due to this feature of theirs that they are currently the most widespread in smartphones.
Despite the difficulties, hacking a capacitive scanner is quite possible, it is enough to print a high-resolution fingerprint on conductive paper, you also need a special printer and conductive ink. Here is a detailed instruction on how to unlock such a scanner built into a smartphone from our friends from the University of Michigan. Although, of course, it should be noted that getting a fingerprint is more difficult than printing it. There are two types of capacitive sensors: passive (each sensor cell has only one of the capacitor plates) and active (the sensor cell contains both capacitor plates).
Active capacitive scanners
The active method has the following advantages: it allows you to use additional functions for processing the image of the fingerprint, higher resistance to external influences, and has a higher signal-to-noise ratio.
Active capacitive scanners are less demanding on skin cleanliness, epidermal damage and contamination of the sensor surface. Despite this, active scanners deliver superior image quality, even allowing for 3D rendering of the fingerprint, which provides superior security and counterfeit resistance.
All this makes active capacitive scanners the most commonly used type of capacitive technology today.
Another major advantage of active capacitive sensors is that the enhanced signal transmission between the fingerprint surface and the sensor allows the sensor to be placed behind a thick layer of protective coating or even behind glass with minimal performance degradation.
In addition, active sensors allow recording electrical impulses arising from the contraction of the heart, which greatly reduces the risk of using a dummy. Active capacitive sensors are one of the most common fingerprint reader technologies at the moment.
Optical scanners
The perfect, reliable and convenient solution is optical scanning. It is optical scanners that form a high-quality, full-scale and integral image of the fingerprint; in addition, these tools are comfortable to use: the only thing that is required of the user is to touch the surface of the scanner.
Optical fingerprint scanners currently use CCD or CMOS sensors, the same as IP cameras. Historically, CCDs have been much better than CMOS, but as CMOS technology has undergone significant changes over the past ten years, the capabilities of CMOS technology have caught up with CCD. And the most used detector is still CMOS.
Now there are optical scanners capable of processing data about a fingerprint not one, but several fingers. Modern optical scanners are resistant to deception attempts.
Create carousel.
"Horror stories" about gelatinous fingers, which flew around the Internet two years ago, are not relevant today: advanced optical scanners effectively recognize dummies based
on the analysis of a biometric identifier as a living biological object. Highlighted, in particular, indicators characterizing the temperature of the finger, its moisture content, the color of the print, etc.
The world's only fingerprint reader MorphoWave Tower allows you to read your fingerprint without touching the surface of the sensor, on the fly.
The advantages of optical sensors include a low price. This primarily concerns optical sensors using CMOS.
The disadvantages are:
• Size. Optical sensors using conventional designs, including a lens and prism system, are bulky and not suitable for use in mobile devices.
• Sensitivity to contamination of the prism surface. Optical sensors are sensitive to a wide variety of contaminants commonly found in the environment, including oil, dirt, condensation, ice, and even fingerprints left by previous users. Also, different light conditions can affect the accuracy of the scan.
• Wear of the prism coating. The coating of the prism and can wear out with age, decreasing scan accuracy.
• Possibility of counterfeiting. Classic optical fingerprint scanners can be tricked relatively easily by using a dummy finger. More advanced optical scanners are less susceptible to spoofing.
As with all technologies, optical scanning technology is evolving, there are effective anti-counterfeiting methods, and methods for dealing with finger contamination problems are being introduced. However, the proposed solutions are often more expensive.
Ultrasound scanners
Ultrasonic fingerprint sensors are used to create a visual image of a fingerprint, the same principles as medical ultrasound. Sound waves are generated using piezoelectric transducers, and the reflected energy is captured using piezoelectric materials.
Unlike optical scanners that photograph the surface of a finger, ultrasonic sensors use high-frequency sound waves.
This allows ultrasonic sensors to obtain high-quality images when reading wet and damaged fingers, and this scanning method also allows, in addition to the fingerprint, to receive some additional characteristics (for example, the pulse inside the finger). Which makes it difficult to use dummies.
However, dry fingers can often be a problem, think of the gel that doctors put on the abdomen before doing an ultrasound scan.
Ultrasonic fingerprint scanners have the advantage of providing more biometric information than most others. The problems with ultrasound technology have been, and to a large extent still are, that it is slow, expensive, energy intensive, and time consuming to process scan results.
All this leads to the fact that this type of sensors has not received any widespread adoption.
Thermoscanners
Thermal scanners use sensors consisting of pyroelectric elements of the same type as in thermal imagers, they record the temperature difference and convert it into voltage.
When a finger is applied to a passive-type thermal sensor, a temperature map of the surface of the finger is constructed based on the temperature of the crests of the papillary pattern touching the pyroelectronic elements and the temperature of the air in the cavities, which is converted into a digital image.
There are some serious problems with thermal scanners:
• The temperature change is dynamic, therefore the fingerprint image is short-lived and is erased after about one tenth of a second when the sensor surface reaches the same temperature as the finger
• They are sensitive to wear on the sensor surface, and to contamination
• When the ambient temperature is close to the surface temperature of the finger, the sensor requires heating so that the temperature difference is at least one degree Celsius.
Some of the above problems can be solved with an active thermal scanner. However, active thermal scanners also have their disadvantages:
• Requirement for high power
• Not able to capture fine details such as sweat pores
• Not possible to create 3D images
Pressure Sensitive Scanners
These devices use sensors consisting of a matrix of piezoelectric elements. When the finger is applied to the scanning surface, the ridges of the papillary pattern exert pressure on a certain subset of the surface elements, respectively, the depressions do not produce any pressure. A matrix of stresses obtained from piezoelectric elements is converted into an image of the surface of the finger. Pressure sensitive scanners are hardly used in real commercial products.
Multi spectral scanners
Fingerprint readers based on multispectral technology are able to receive information not only on the surface, but also on the subsurface layer of the skin. MSI (Multispectral Imaging) sensors provide a range of finger images under various lighting conditions, including different wavelengths, light source position, polarization conditions. Different wavelengths of visible light interact with the skin in different ways, allowing for dramatic increases in data volume. As a result, the images obtained contain information not only about the superficial, but also about the internal (subsurface) features of the skin.
The crests of the papillary lines of the imprint that we see on the surface of the skin have a hidden base, in the form of vessels and other subcutaneous structures. In fact, the visible papillary lines at our fingertips are simply the "echo" of the fundamental "inner fingerprint".
Unlike the surface features of the fingerprint, which can be altered by moisture, dirt or partially rubbed off, the "internal fingerprint" is more stable and unchanged. The combination of these two characteristics provides the new method with high reliability and resistance to counterfeiting.
Multispectral scanners have the best FRR <0.01% and FAR <0.00001% among all fingerprint sensors.
Can a fingerprint be faked?
Probably the most common question I get asked.
A simple answer to the question: Some are very simple, it is enough just to print images on paper, some are very difficult, some are impossible for example ultrasonic. Impossible, in the sense of course that we are not aware of successful attempts.
The most effective method for counterfeiting a fingerprint is to create a dummy. To create a dummy fingerprint, clay, paper, film can be used, but the best material of course will be silicone, it can be both transparent and skin-colored. Successful counterfeiting using a dummy is possible only for the simplest scanners, most modern scanners cope with this problem.
Are there people without fingerprints?
There are rare genetic mutations in the presence of which a person may not have fingerprints at all. People with Negeli syndrome or pigmented reticular dermatopathy may not have fingerprints. Both diseases are forms of ectodermal dysplasia, the absence of fingerprints is just one of the most innocuous symptoms.
A more interesting case is adermatoglyphia, the only manifestation of this genetic mutation is the absence of a papillary pattern on the fingers and toes, on the palms and soles of the feet. This mutation has no concomitant manifestations expressed in the disruption of his normal life or a decrease in life expectancy. This means that adermatoglyphia is not a disease. A 2011 study found that adermatoglyphia is caused by abnormal expression of the SMARCAD1 protein. That, taking into account the speed of development and the availability of genome editing technologies, can be used as a method of getting rid of fingerprints.
It is highly likely that altering fingerprints using genome editing technologies will become available to attackers in the future. Editing the human genome can be used to make changes to those parts of DNA that are responsible for the formation of fingerprints. Back in 2017, a successful operation was performed in the United States to edit the genome right in the human body, in the same year the American Food and Drug Administration (FDA) approved a gene therapy for the treatment of acute lymphoblastic leukemia.
Can fingerprints be changed?
Medicines can lead to the disappearance of the papilloma pattern. Fingerprints may disappear as a result of side effects from certain medications, such as capecitabine (marketed under the Xeloda brand name), an anti-cancer drug that has been documented to make fingerprints disappear.
Fingerprints can be changed as a result of plastic surgery - transplantation of one's own skin, for example, from the foot. It should be noted that as a result of the performed plastic surgery, elements of the old papillary pattern may remain, for example, along the edges of the finger, with the help of which identification can still be carried out.
In addition, from such a fingerprint, it can be seen that it has been changed as a result of plastic surgery. Using plastic surgery to change a fingerprint is a crime, including for the person performing the surgery.
Also, they often try to damage the papillary drawing with the help of chemicals such as acid or alkali. John Dillinger was one of the most famous criminals who tried to get rid of fingerprints with lye. Despite all the efforts, it was from his fingerprints that he was identified after his death.
There are other substances that can cause damage to the skin, but all of them are united by the fact that subsequently the skin and papillary pattern are restored quite well. And such methods, as a rule, do not bring anything to their owners, except for suffering.
Physical damage to fingerprints is another painful way to get rid of fingerprints that usually goes nowhere. The first documented case of cutting off fingerprints was undertaken by Theodore Klutas, after whose murder the police discovered that each of his fingerprints had been cut with a knife, which, however, did not prevent his identification, since there was enough papillary pattern along the edges of the finger for successful identification.
Age-related changes occur throughout the entire area of human skin, including on the fingertips. With age, the elasticity of the skin decreases, the height of the crests of the papillary pattern decreases, and other changes, more than 30
in total. Despite this, the degree of age-related changes is too insignificant to complicate identification, as evidenced by a number of scientific studies from different years. One of the most significant is the study by University of Michigan professor Anil Jain. He compared the fingerprints of 15597 people obtained with an interval of 5 to 12 years, and as a result, no serious obstacles to identification were identified.
Age-related changes are also not a problem for most modern automated means of collecting and processing fingerprints.
In some cases, a change in the papillary pattern may be associated with the specifics of the work.
Can a dead person's finger be used for identification?
This question is not as simple as it might seem at first glance. Let's start with the technical part, it all depends on the type of biometric sensor, and the specific device that you are trying to unlock, many modern devices analyze the biological state of the finger, as with the help of dynamic data - assessing the natural position of the finger when it touches the sensor surface, analyzing the characteristic features of the finger such as pore distribution, furrow sharpness and others.
This is how additional sensors are used, for example an infrared sensor, which allow us to assess the naturalness of the finger. It should be borne in mind that naturalness will be affected by the time that has passed since the finger was separated from the body or the time of death of a person. But in modern biometric devices, the likelihood of successful use of a dead finger is small, but still exists.
A large number of biometric sensors can be successfully unlocked with a dead finger, for example, this is the case with most smartphones. In addition to the theory of using the practice of unlocking smartphones with the finger of an already dead person, sources close to police investigations in New York and Ohio say.
The question of the possibility of using a dead fingerprint can be one of the most important, despite the fact that it is often not given any importance. If biometric device manufacturers fail to eliminate this possibility, it could pose a serious risk of injury to owners of potentially stealing assets that are blocked from use or access by biometric security.
For example, in 2005, Malaysian carjackers cut off the finger of a Mercedes-Benz owner in an attempt to steal his car.
Fingerprint myths
One of the most famous myths and horror stories is the belief that by scanning a fingerprint, you can get information about the age, gender, race and diseases of the recipient.
Especially for believers in such statements, information is disseminated about the research of these issues by a special scientific discipline - dermatoglyphics. However, the leading scientific institutes of the world recognize dermatoglyphics as a classic example of pseudoscience that does not have scientific substantiation.
Identification by vein pattern
The venous pattern is unique for each person, including twins. Since the veins are located under the skin, they are almost impossible to forge , which allows for highly reliable authentication with a False Acceptance Rate - the probability of false identification of a user who is not in the database is up to 0.00008%.
Identification by drawing (Vein Recognition - in English) of the veins of a finger or palm is based on obtaining a template when photographing the outside or inside of the hand or finger with an infrared camera . An infrared camera is used to scan a finger or hand. The vein pattern becomes visible because the hemoglobin (blood dye) absorbs IR radiation and the veins become visible in the chamber. The software creates a digital convolution based on the received data.
Recognition of veins or vessels is usually performed on the palm or finger of the user.
The high level of safety and non-contact recognition make the vein recognition well suited for many applications requiring very high safety.
Can a dead person's finger be used for identification?
This question is not as simple as it might seem at first glance. Let's start with the technical part, it all depends on the type of biometric sensor, and the specific device that you are trying to unlock, many modern devices analyze the biological state of the finger, as with the help of dynamic data - assessing the natural position of the finger when it touches the sensor surface, analyzing the characteristic features of the finger such as pore distribution, furrow sharpness and others.
This is how additional sensors are used, for example an infrared sensor, which allow us to assess the naturalness of the finger. It should be borne in mind that naturalness will be affected by the time that has passed since the finger was separated from the body or the time of death of a person. But in modern biometric devices, the likelihood of successful use of a dead finger is small, but still exists.
A large number of biometric sensors can be successfully unlocked with a dead finger, for example, this is the case with most smartphones. In addition to the theory of using the practice of unlocking smartphones with the finger of an already dead person, sources close to police investigations in New York and Ohio say.
The question of the possibility of using a dead fingerprint can be one of the most important, despite the fact that it is often not given any importance. If biometric device manufacturers fail to eliminate this possibility, it could pose a serious injury risk to owners of potentially theft-attractive assets that are blocked from use or access by biometric security.
For example, in 2005, Malaysian carjackers cut off the finger of a Mercedes-Benz owner in an attempt to steal his car.
Fingerprint myths
One of the most famous myths and horror stories is the belief that by scanning a fingerprint, you can get information about the age, gender, race and diseases of the recipient.
Especially for believers in such statements, information is disseminated about the research of these issues by a special scientific discipline - dermatoglyphics. However, the world's leading scientific institutions recognize dermatoglyphics as a classic example of pseudoscience.
Identification by vein pattern
The venous pattern is unique for each person, including twins. Since the veins are located under the skin, they are almost impossible to forge, which allows for highly reliable authentication with a False Acceptance Rate - the probability of false identification of a user who is not in the database is up to 0.00008%.
Identification by drawing (Vein Recognition - in English) of the veins of a finger or palm is based on obtaining a template when photographing the outside or inside of the hand or finger with an infrared camera
An infrared camera is used to scan a finger or hand. The vein pattern becomes visible because the hemoglobin (blood dye) absorbs infrared radiation and the veins become visible in the chamber. The software creates a digital convolution based on the received data.
Venous pattern scanners. Price from $ 250.
Recognition of veins or vessels is usually performed on the palm or finger of the user.
What limits the scope is the size and cost of the scanners. Scanners are simply too bulky to be built into most mobile devices, but great for use in access control systems. And even the opinion is expressed that over time, it is the scanners of the venous pattern that will replace the fingerprint readers.
Also, identification involving 1: N pattern matching can be time consuming, especially if the database contains a large number of biometric patterns. This is due to the high demands on the processing of templates, as the patterns of the veins are very complex.
One of the decisive advantages of identification by venous pattern is the difficulty of unauthorized retrieval of the template.
The recognition reliability is comparable to that of the iris, although the equipment is much cheaper. Now it is actively being researched and implemented in ACS.
Face identification
Face recognition (in English) uses various facial features that can be used together to build a unique digital template.
Examples of facial features that can be used for identification are the shape of the nose or the distance between the eyes. A total of over 80 different traits are used.
Face recognition uses various algorithms and technologies for analysis.
Retinal identification
The first biometric eye scanning systems (Retinal scan - in English) were precisely retinal scanners, appeared back in 1985. The retina remains unchanged from birth to death, only certain chronic diseases can change it.
A retinal scan is instead performed with infrared light, which detects a pattern of capillaries and uses it for identification.
Although retinal scanning provides a high degree of security, the technology has many disadvantages that have led to limited commercial use:
• Low speed of the identification process
• High cost
Retinal scans have been used for identification (1: N) in high security environments such as the FBI, NASA and the CIA.
Iris identification
The Iris Recognition process begins with a detailed image of the human eye. They try to make the image for further analysis in high quality, but this is not necessary. The iris is such a unique parameter that even a blurry image will give a reliable result. For this purpose, a monochrome CCD camera with a dim backlight that is sensitive to infrared radiation is used. Usually, a series of several photographs is taken due to the fact that the pupil is sensitive to light and constantly changes its size.
The backlight is unobtrusive, and a series of pictures is taken in just a few seconds. Then one or more are selected from the obtained photographs and segmentation is started.
Researchers have documented a deterioration in identification after taking alcohol or LSD.
Heart rate authentication
Heart rate identification is one of the most important biometric technologies today. Palpitations are as unique to humans as fingerprints, retinas, or venous patterns. Among the advantages of biometric heart rate identification: high accuracy, high complexity of counterfeiting and obtaining a standard, analysis of the physical condition of the recipient.
Until recently, heart rate authentication was only on the list of promising solutions for biometric identification; today we already have solutions ready for commercial use. The human heart rate is characterized by many measurable parameters - frequency, rhythm, filling, tension, vibration amplitude, pulse rate.
Numi offers a unique watch bracelet for highly secure authentication.
The device can communicate with any device supporting NFC and Bluetooth data transmission technologies.
The principle of operation is simple - the bracelet is equipped with two electrodes, one of which is located on the back of the bracelet, and the other on the outside. When the user of the electrode closes the circuit, the device begins to measure the heart rate. The bracelet has wide integration possibilities and can be used in information systems, access control systems and industrial control systems.
Among the advantages of heart rate authentication:
• Inability to use in the absence of the recipient.
That is, if you lose or forget the bracelet, no one will be able to use it except you.
• Inability to use after death.
Despite all the advantages of heart rate bracelets, they still have one drawback. If you turn to research, in some cases, the accuracy of the bracelets for measuring heart rate may be insufficient.
For identification purposes, the control of the physical state of the recipient is secondary, but there are many applications in addition to identification, the control of the biological state is in demand.
DNA identification
DNA Biometrics (in English) is an increasingly common technology for biometric identification and is increasingly used in forensic science and healthcare.
Unlike the above-described identification technologies, DNA identification can not only reduce costs, or make our life easier and safer.
Benefits of DNA identification:
• DNA is the only biometric technology that allows you to identify relatives using an unidentified DNA sample.
• Like fingerprints, DNA is one of the few biometric characteristics that criminals leave behind at a crime scene.
• DNA testing is a relatively mature and dynamic technology that is widely used and familiar to the public.
• Rapid DNA identification devices, making sequencing possible in just 90 minutes.
• It is easy to store a large number of DNA analysis results in databases, this allows data to be accumulated and quickly searched by automated means.
The widespread introduction of DNA identification technology can really save the lives of people, for example, people who have been unjustly convicted.
In fact, nowhere in the world is there a reliable assessment of this problem; American experts give a conservative estimate that from 2.3 to 5% of all prisoners are innocent. There are more than 2 million prisoners in the United States, which means that we can talk about more than 100 thousand innocent convicts in the United States alone. Nobody even tries to count how many unjustly convicted in Russia no one even tries, we can only mention that Russia is the leader in Europe in terms of both the number of prisoners in general and the number of women prisoners. And then, as one TV presenter says: - Only you can draw conclusions.
At the moment, again in the United States, purely technical DNA analysis is possible in 5-10% of criminal cases. The fact is that until recently, the process of sequencing a complete genome was long and expensive. In addition, classical DNA fingerprinting could not reveal the differences between the twins. Modern technology makes it possible to identify those minor differences that exist even in twins. All this can significantly increase the percentage of criminal cases in which the use of DNA analysis is possible.
The American non-profit organization "Innocence Project" specializes in providing proof of innocence using DNA identification. So far, the Innocence Project has secured the release of 362 unjustly convicted prisoners, 20 of whom were sentenced to death.
One of the widely known stories is the story of Steve Titus, thanks to Elizabeth Loftus we know Steve's heartbreaking story and we know about the reasons that lead to unfounded accusations. And the point here is not only the infallibility of the judicial system, to which there are also many questions.
The point is in the peculiarities of the work of our brain, which are called confabulation or false memories. People (as a rule, this is the victim herself) on whose testimony the accusation was based do not deceive, they sincerely consider what they say to be true.
As you might guess, China has the largest DNA database - 54 million profiles for 2016. More than one billion yuan has already been spent on the creation of the database.
DNA analysis technologies are significantly expanding the police's ability to find criminals. For example, they managed to catch a serial killer of women, the identity of the killer was established after his uncle's DNA was analyzed as part of the medical examinations carried out in China.
Another example of identifying a criminal after analyzing the DNA of his relatives. The murderer of two businessmen in Qianwei County was identified after DNA samples were collected from all male students in the county.
Israeli geneticists conducted an interesting experiment that showed that the identity of an arbitrary US citizen can be established from one DNA sample in 60% of cases, using only private genomic databases. Their findings were presented in the journal Science.
Today, companies such as 23andMe, Family Tree, Ancestry and their other competitors are developing especially rapidly, calculating family ties between their customers and determining their predisposition to various diseases based on their DNA samples.
The services of such startups are now used by millions of people in the United States and other developed countries of the world, thanks to which they have accumulated some of the largest genetic databases in the world. Their data is now being used by scientists to search for genes associated with rare hereditary diseases, as well as for many other purposes.
Biometric identification is often called pure or real authentication, since it is not a virtual, but actually related to a person biometric sign (identifier) that is used.
A specific feature of biometric identification will be the large size of the biometric database: each of the biometric samples must be matched with all available records in the database (1: N or one-to-many matching). For use in real life, such a system requires a high speed of matching biometric features.
Example:
The number of employees of even a large enterprise is from several hundred to several thousand people. Take 10,000 employees as an example. This means that the size of the database (we assume that one fingerprint is used for one person) will be 10,000 fingerprints. When you put your finger on the fingerprint reader, the system will make a mapping of 1:10 0000. Which is very little for modern systems. That is why all access control or time attendance systems operate in biometric identification mode.
On the other side of the pole - verification systems, they usually make only one comparison in 1: 1 mode. That is, the presented biometric feature is compared with one biometric feature from the database. That is, the system answers the question of whether you are who you claim to be.
Biometric Authentication
We will use this term quite often, despite its importance, confusion often arises, because in different types of systems the definitions of this term differ, for example, in banking and legal systems.
We, accordingly, will give definitions of these terms for biometric systems.
Authentication (from English - authentication) is a procedure for checking the identity of the access subject of the identifier presented by him. A simple example of authentication is confirming the identity of a user by comparing the login he entered with a password in a database of previously identified users. In this example, authentication is the process of comparing passwords, and the subsequent either granting access or refusing, and the identifier will be just the login.
Authentication methods can be grouped into three main categories based on what are called authentication factors: what the person knows, what the user owns, or something that is a sign of the person.
In biometrics, two authentication methods are distinguished:
- Verification based on a biometric parameter and a unique identifier that identifies a specific person (for example, an identification number), that is, this method is based on a combination of authentication techniques.
- Identification, unlike verification, is based only on biometric measurements. In this case, the measured parameters are compared with all records from the database of registered users, and not with one of them, selected on the basis of some identifier.
Each authentication factor encompasses a range of elements used to authenticate or verify a person's identity prior to granting access, approving a transaction request, signing a document, authorizing others, etc.
- Knowledge factors are what the user knows and hopefully remembers, such as a password, PIN, security question answer, etc.
- Factors feature - is that part of us, for example, fingerprint, signature, voice, and so on..
- Ownership factors are what the user has, such as a contactless ID card, cell phone, physical key, etc.
Knowledge based authentication, such as using a password or pattern. The use of a password is technically easy to implement, both in software and in any specialized devices. But just as easily, a password can be compromised, for example, by a spyware or a computer virus, which in many cases can be downloaded to the user's devices from the Internet. And when it comes to devices (for example, a PIN code reader), the password can be trivially spied on. All this does not prevent Old Believers from using PIN code readers quite often in access control systems.
PIN code readers - price from $ 30.
In addition, people usually choose simple and common passwords and, as it turned out, equally common pattern keys, thereby making strong authentication using the knowledge factor impossible.
One of the most egregious cases of setting a simple password is setting the launch confirmation code: "00000000" on all nuclear missiles in the United States. Yes, yes, these are the famous codes that any self-respecting terrorist is chasing after in Hollywood blockbusters.
This information became known from the memoirs of Officer Bruce Blair, who served on the launch of the LGM-30 Minuteman ICBM
Back in 1962, President Kennedy had the bright idea that it was not states that could start a nuclear war, but terrorists, foreign sabotage or other special services, or that it was much more likely that a serviceman who had just gone cuckoo against the background of aggravation of anti-communist sentiments in the United States. In short, anyone who has physical access to a nuclear arsenal.
To protect against unauthorized launch, the National Security Action Memorandum 160 was issued, according to which every nuclear missile in the United States had to be equipped with a special Permissive Action Link (PAL) control device that blocked the launch system until the correct code was entered.
The defense system ensured that an unauthorized person with access to the US nuclear arsenal could not activate it. The Permissive Action Link (PAL) system was considered completely reliable. The eight-digit code implied one hundred million combinations. It sounds, but the local warriors decided not to bother and always set the code "00000000".
There are more sophisticated ways to confidently compromise almost any password, for example, using thermal imaging equipment. When working with the keyboard, your fingers leave thermal traces, and it is these that the thermal imager allows you to fix. The method was investigated by scientists from the University of Stuttgart and the Ludwig Maximilian University of Munich.
Create carousel Add description for ACM CHI 2017. Impact of heat attacks on mobile user authentication
Social engineering techniques have also been shown to be highly effective in compromising passwords. The guys from Positive Technologies have collected statistics on the effectiveness of attacks using social engineering methods. During the experiment, they imitated the activity of hackers and sent messages to employees of the customer companies, containing: attachments, links to web resources and forms for entering passwords. A total of 3332 letters were sent, in 17% of users' passwords were compromised. An important figure of 17%, if your company becomes the target of a planned hacker attack, this is how many percent of computers will be compromised. Ownership based authenticationis usually more secure, but depends on a physical key / card / phone, etc., which can be copied, stolen, lost or simply forgotten at home, the latter, according to the law of meanness, happens at the right time.
Do not forget about the fairly common practice when employees celebrate the arrival / departure of each other. In the states, companies are losing $ 373 million on this, according to 2017 data.
There is also a cost of ownership associated with making any custom physical device to authenticate the owner. For enterprises with thousands of employees, this can be millions $ per year.
The boom of biometrics in the modern world
While someone with perseverance worthy of a better application is sawing videos about the devilish nature of biometric identification, biometrics has already quietly covered almost all spheres of human activity.
And it looks like the only chance to face the apocalypse is to choose an incompetent vendor or contractor for the implementation of biometrics.
The first massive arrival of biometrics was launched on September 10, 2013 by Apple, presenting to the public the fingerprint reader built into the iPhone 5s - Touch ID. The sales volume for 2017 amounted to 1.5 billion pieces, 11% of smartphones on the Yandex market have a built-in fingerprint.
The second milestone is biometric passports. In Russia, in 2009, they began to issue a new generation of passports containing an electronic data carrier - a contactless chip). The data on the chip of the Russian passport is protected using the BAC (Basic access control) access control technology and contains - a photo of the passport holder, fingerprints, information about the holder's date and place of birth, the date of issue of the passport and the authority that issued the document.
Add a description.
Create carousel
Obviously, such popularity can only be dictated by advantages over any other methods of identification and authentication.
The benefits of biometrics have already led to widespread adoption of fingerprint sensors in mobile devices such as smartphones and tablets. But there are many more types of biometric technologies than just a fingerprint, they will become widespread in the near future.
Basic types of biometrics
In general, biometric identification systems are divided according to the principle of operation into two main types: static and dynamic.
Static (physiological characteristics)
• Fingerprints or papillary lines (Fingerprint)
• Iris (iris)
• Retina (retina)
• Vein pattern
• Face
• Hand geometry
• Cardiac rhythm
• DNA
• Multimodal identification
Dynamic (behavioral characteristics)
In the English-language literature, the term "behaviometrics" is often used to refer to this class of biometrics.
• Handwriting and signature dynamics
• Heart rate
• Voice and speech rhythm
• Gesture recognition
• Speed and features of working on a computer keyboard (or typing a code on a code pad)
• Gait
Qualitative characteristics of biometric systems
Statistical Methods.
These estimates are among the most important, as a rule, they are indicated by the manufacturer among the key characteristics of biometric equipment.
FAR - False Acceptance Rate - the probability of false identification of a user who is not in the database.
FRR - False Rejection Rate - the probability of
refusal to identify a user in the database.
Fingerprint identification / fingerprinting
Despite the long history of the use of fingerprinting in forensic science, the detailed principles of the formation of the papillary pattern have become known not so long ago. Simply put, the formation of the papillary pattern is influenced by DNA and the conditions for the formation of the fetus. That is why even identical twins have different fingerprints, although they are similar. Fingerprint formation occurs during the first three months of pregnancy.
Structurally, two types of scanners are distinguished - broaching and full-contact sensors.
In longitudinal scanners, only a small narrow area of the print is scanned at once.
When you slide (swipe) your finger across the scanner, several frames are created, which allows you to collect a complete image of the fingerprint. Most often, such scanners can be found built into laptops or connected to a computer via USB.
The smaller size of the broaching scanner sensor reduces its cost, but on the other hand, capturing the fingerprint becomes more difficult, due to many variables, such as the speed of swiping the scanner, the angle of the finger, all this will lead to a higher number of false denials of access (FRR ).
A full-contact scanner is often also called a contact scanner; it captures the entire scanned surface applied to the scanner at once. Accordingly, as a rule, they are made either in the form of a circle, an oval or a rectangle.
The advantage of a contact scanner is that it immediately captures the entire scanned area, which significantly speeds up scanning and reduces errors. Currently, contact scanners are the most common fingerprint readers.
broaching and contact scanners can use any technology described below.
Capacitive scanners
Capacitance is the ability of a conductor to store an electrical charge. A capacitive fingerprint sensor generates a fingerprint image using an array containing many thousands of small capacitor plates. The matrix plates constitute the “pixels” of the image: each of them acts as one capacitor plate with parallel plates, while the dermal layer of the finger, which is electrically conductive, acts as another plate and non-conductive. The epidermal layer is like a dielectric between them.
When a finger is placed on the sensor, weak electrical charges are generated that form a pattern between the ridges or valleys of the finger and the sensor plates. Using these charges, the sensor measures the capacitance of the capacitance on the measured surface. The measured values are digitized by the sensor logic and then sent to a neighboring microprocessor for analysis.
Capacitive scanning technology allows you to obtain an image of a print due to the difference in electrical potentials in individual areas of the skin. These devices are somewhat cheaper, but more vulnerable than optical ones: a simple breakdown (caused, for example, by a discharge of static electricity) is enough for the elements of the scanning matrix to fail and the recognition quality deteriorates.
Passive capacitive scanners
It is passive capacitive fingerprint sensors that are sensitive to static discharges, as well as dry or damaged finger skin. But they do quite well with different lighting conditions.
The main limitation of passive capacitive sensors is the minimum thickness of the protective coating, as they are based on the analysis of static charges between the finger and the sensor.
Capacitive sensors cannot be fooled simply by printing an image of a papilloma drawing on paper. The more significant advantage of capacitive scanners is that they are more compact and therefore easy to integrate into portable devices. It is due to this feature of theirs that they are currently the most widespread in smartphones.
Despite the difficulties, hacking a capacitive scanner is quite possible, it is enough to print a high-resolution fingerprint on conductive paper, you also need a special printer and conductive ink. Here is a detailed instruction on how to unlock such a scanner built into a smartphone from our friends from the University of Michigan. Although, of course, it should be noted that getting a fingerprint is more difficult than printing it. There are two types of capacitive sensors: passive (each sensor cell has only one of the capacitor plates) and active (the sensor cell contains both capacitor plates).
Active capacitive scanners
The active method has the following advantages: it allows you to use additional functions for processing the image of the fingerprint, higher resistance to external influences, and has a higher signal-to-noise ratio.
Active capacitive scanners are less demanding on skin cleanliness, epidermal damage and contamination of the sensor surface. Despite this, active scanners deliver superior image quality, even allowing for 3D rendering of the fingerprint, which provides superior security and counterfeit resistance.
All this makes active capacitive scanners the most commonly used type of capacitive technology today.
Another major advantage of active capacitive sensors is that the enhanced signal transmission between the fingerprint surface and the sensor allows the sensor to be placed behind a thick layer of protective coating or even behind glass with minimal performance degradation.
In addition, active sensors allow recording electrical impulses arising from the contraction of the heart, which greatly reduces the risk of using a dummy. Active capacitive sensors are one of the most common fingerprint reader technologies at the moment.
Optical scanners
The perfect, reliable and convenient solution is optical scanning. It is optical scanners that form a high-quality, full-scale and integral image of the fingerprint; in addition, these tools are comfortable to use: the only thing that is required of the user is to touch the surface of the scanner.
Optical fingerprint scanners currently use CCD or CMOS sensors, the same as IP cameras. Historically, CCDs have been much better than CMOS, but as CMOS technology has undergone significant changes over the past ten years, the capabilities of CMOS technology have caught up with CCD. And the most used detector is still CMOS.
Now there are optical scanners capable of processing data about a fingerprint not one, but several fingers. Modern optical scanners are resistant to deception attempts.
Create carousel.
"Horror stories" about gelatinous fingers, which flew around the Internet two years ago, are not relevant today: advanced optical scanners effectively recognize dummies based
on the analysis of a biometric identifier as a living biological object. Highlighted, in particular, indicators characterizing the temperature of the finger, its moisture content, the color of the print, etc.
The world's only fingerprint reader MorphoWave Tower allows you to read your fingerprint without touching the surface of the sensor, on the fly.
The advantages of optical sensors include a low price. This primarily concerns optical sensors using CMOS.
The disadvantages are:
• Size. Optical sensors using conventional designs, including a lens and prism system, are bulky and not suitable for use in mobile devices.
• Sensitivity to contamination of the prism surface. Optical sensors are sensitive to a wide variety of contaminants commonly found in the environment, including oil, dirt, condensation, ice, and even fingerprints left by previous users. Also, different light conditions can affect the accuracy of the scan.
• Wear of the prism coating. The coating of the prism and can wear out with age, decreasing scan accuracy.
• Possibility of counterfeiting. Classic optical fingerprint scanners can be tricked relatively easily by using a dummy finger. More advanced optical scanners are less susceptible to spoofing.
As with all technologies, optical scanning technology is evolving, there are effective anti-counterfeiting methods, and methods for dealing with finger contamination problems are being introduced. However, the proposed solutions are often more expensive.
Ultrasound scanners
Ultrasonic fingerprint sensors are used to create a visual image of a fingerprint, the same principles as medical ultrasound. Sound waves are generated using piezoelectric transducers, and the reflected energy is captured using piezoelectric materials.
Unlike optical scanners that photograph the surface of a finger, ultrasonic sensors use high-frequency sound waves.
This allows ultrasonic sensors to obtain high-quality images when reading wet and damaged fingers, and this scanning method also allows, in addition to the fingerprint, to receive some additional characteristics (for example, the pulse inside the finger). Which makes it difficult to use dummies.
However, dry fingers can often be a problem, think of the gel that doctors put on the abdomen before doing an ultrasound scan.
Ultrasonic fingerprint scanners have the advantage of providing more biometric information than most others. The problems with ultrasound technology have been, and to a large extent still are, that it is slow, expensive, energy intensive, and time consuming to process scan results.
All this leads to the fact that this type of sensors has not received any widespread adoption.
Thermoscanners
Thermal scanners use sensors consisting of pyroelectric elements of the same type as in thermal imagers, they record the temperature difference and convert it into voltage.
When a finger is applied to a passive-type thermal sensor, a temperature map of the surface of the finger is constructed based on the temperature of the crests of the papillary pattern touching the pyroelectronic elements and the temperature of the air in the cavities, which is converted into a digital image.
There are some serious problems with thermal scanners:
• The temperature change is dynamic, therefore the fingerprint image is short-lived and is erased after about one tenth of a second when the sensor surface reaches the same temperature as the finger
• They are sensitive to wear on the sensor surface, and to contamination
• When the ambient temperature is close to the surface temperature of the finger, the sensor requires heating so that the temperature difference is at least one degree Celsius.
Some of the above problems can be solved with an active thermal scanner. However, active thermal scanners also have their disadvantages:
• Requirement for high power
• Not able to capture fine details such as sweat pores
• Not possible to create 3D images
Pressure Sensitive Scanners
These devices use sensors consisting of a matrix of piezoelectric elements. When the finger is applied to the scanning surface, the ridges of the papillary pattern exert pressure on a certain subset of the surface elements, respectively, the depressions do not produce any pressure. A matrix of stresses obtained from piezoelectric elements is converted into an image of the surface of the finger. Pressure sensitive scanners are hardly used in real commercial products.
Multi spectral scanners
Fingerprint readers based on multispectral technology are able to receive information not only on the surface, but also on the subsurface layer of the skin. MSI (Multispectral Imaging) sensors provide a range of finger images under various lighting conditions, including different wavelengths, light source position, polarization conditions. Different wavelengths of visible light interact with the skin in different ways, allowing for dramatic increases in data volume. As a result, the images obtained contain information not only about the superficial, but also about the internal (subsurface) features of the skin.
The crests of the papillary lines of the imprint that we see on the surface of the skin have a hidden base, in the form of vessels and other subcutaneous structures. In fact, the visible papillary lines at our fingertips are simply the "echo" of the fundamental "inner fingerprint".
Unlike the surface features of the fingerprint, which can be altered by moisture, dirt or partially rubbed off, the "internal fingerprint" is more stable and unchanged. The combination of these two characteristics provides the new method with high reliability and resistance to counterfeiting.
Multispectral scanners have the best FRR <0.01% and FAR <0.00001% among all fingerprint sensors.
Can a fingerprint be faked?
Probably the most common question I get asked.
A simple answer to the question: Some are very simple, it is enough just to print images on paper, some are very difficult, some are impossible for example ultrasonic. Impossible, in the sense of course that we are not aware of successful attempts.
The most effective method for counterfeiting a fingerprint is to create a dummy. To create a dummy fingerprint, clay, paper, film can be used, but the best material of course will be silicone, it can be both transparent and skin-colored. Successful counterfeiting using a dummy is possible only for the simplest scanners, most modern scanners cope with this problem.
Are there people without fingerprints?
There are rare genetic mutations in the presence of which a person may not have fingerprints at all. People with Negeli syndrome or pigmented reticular dermatopathy may not have fingerprints. Both diseases are forms of ectodermal dysplasia, the absence of fingerprints is just one of the most innocuous symptoms.
A more interesting case is adermatoglyphia, the only manifestation of this genetic mutation is the absence of a papillary pattern on the fingers and toes, on the palms and soles of the feet. This mutation has no concomitant manifestations expressed in the disruption of his normal life or a decrease in life expectancy. This means that adermatoglyphia is not a disease. A 2011 study found that adermatoglyphia is caused by abnormal expression of the SMARCAD1 protein. That, taking into account the speed of development and the availability of genome editing technologies, can be used as a method of getting rid of fingerprints.
It is highly likely that altering fingerprints using genome editing technologies will become available to attackers in the future. Editing the human genome can be used to make changes to those parts of DNA that are responsible for the formation of fingerprints. Back in 2017, a successful operation was performed in the United States to edit the genome right in the human body, in the same year the American Food and Drug Administration (FDA) approved a gene therapy for the treatment of acute lymphoblastic leukemia.
Can fingerprints be changed?
Medicines can lead to the disappearance of the papilloma pattern. Fingerprints may disappear as a result of side effects from certain medications, such as capecitabine (marketed under the Xeloda brand name), an anti-cancer drug that has been documented to make fingerprints disappear.
Fingerprints can be changed as a result of plastic surgery - transplantation of one's own skin, for example, from the foot. It should be noted that as a result of the performed plastic surgery, elements of the old papillary pattern may remain, for example, along the edges of the finger, with the help of which identification can still be carried out.
In addition, from such a fingerprint, it can be seen that it has been changed as a result of plastic surgery. Using plastic surgery to change a fingerprint is a crime, including for the person performing the surgery.
Also, they often try to damage the papillary drawing with the help of chemicals such as acid or alkali. John Dillinger was one of the most famous criminals who tried to get rid of fingerprints with lye. Despite all the efforts, it was from his fingerprints that he was identified after his death.
There are other substances that can cause damage to the skin, but all of them are united by the fact that subsequently the skin and papillary pattern are restored quite well. And such methods, as a rule, do not bring anything to their owners, except for suffering.
Physical damage to fingerprints is another painful way to get rid of fingerprints that usually goes nowhere. The first documented case of cutting off fingerprints was undertaken by Theodore Klutas, after whose murder the police discovered that each of his fingerprints had been cut with a knife, which, however, did not prevent his identification, since there was enough papillary pattern along the edges of the finger for successful identification.
Age-related changes occur throughout the entire area of human skin, including on the fingertips. With age, the elasticity of the skin decreases, the height of the crests of the papillary pattern decreases, and other changes, more than 30
in total. Despite this, the degree of age-related changes is too insignificant to complicate identification, as evidenced by a number of scientific studies from different years. One of the most significant is the study by University of Michigan professor Anil Jain. He compared the fingerprints of 15597 people obtained with an interval of 5 to 12 years, and as a result, no serious obstacles to identification were identified.
Age-related changes are also not a problem for most modern automated means of collecting and processing fingerprints.
In some cases, a change in the papillary pattern may be associated with the specifics of the work.
Can a dead person's finger be used for identification?
This question is not as simple as it might seem at first glance. Let's start with the technical part, it all depends on the type of biometric sensor, and the specific device that you are trying to unlock, many modern devices analyze the biological state of the finger, as with the help of dynamic data - assessing the natural position of the finger when it touches the sensor surface, analyzing the characteristic features of the finger such as pore distribution, furrow sharpness and others.
This is how additional sensors are used, for example an infrared sensor, which allow us to assess the naturalness of the finger. It should be borne in mind that naturalness will be affected by the time that has passed since the finger was separated from the body or the time of death of a person. But in modern biometric devices, the likelihood of successful use of a dead finger is small, but still exists.
A large number of biometric sensors can be successfully unlocked with a dead finger, for example, this is the case with most smartphones. In addition to the theory of using the practice of unlocking smartphones with the finger of an already dead person, sources close to police investigations in New York and Ohio say.
The question of the possibility of using a dead fingerprint can be one of the most important, despite the fact that it is often not given any importance. If biometric device manufacturers fail to eliminate this possibility, it could pose a serious risk of injury to owners of potentially stealing assets that are blocked from use or access by biometric security.
For example, in 2005, Malaysian carjackers cut off the finger of a Mercedes-Benz owner in an attempt to steal his car.
Fingerprint myths
One of the most famous myths and horror stories is the belief that by scanning a fingerprint, you can get information about the age, gender, race and diseases of the recipient.
Especially for believers in such statements, information is disseminated about the research of these issues by a special scientific discipline - dermatoglyphics. However, the leading scientific institutes of the world recognize dermatoglyphics as a classic example of pseudoscience that does not have scientific substantiation.
Identification by vein pattern
The venous pattern is unique for each person, including twins. Since the veins are located under the skin, they are almost impossible to forge , which allows for highly reliable authentication with a False Acceptance Rate - the probability of false identification of a user who is not in the database is up to 0.00008%.
Identification by drawing (Vein Recognition - in English) of the veins of a finger or palm is based on obtaining a template when photographing the outside or inside of the hand or finger with an infrared camera . An infrared camera is used to scan a finger or hand. The vein pattern becomes visible because the hemoglobin (blood dye) absorbs IR radiation and the veins become visible in the chamber. The software creates a digital convolution based on the received data.
Recognition of veins or vessels is usually performed on the palm or finger of the user.
The high level of safety and non-contact recognition make the vein recognition well suited for many applications requiring very high safety.
Can a dead person's finger be used for identification?
This question is not as simple as it might seem at first glance. Let's start with the technical part, it all depends on the type of biometric sensor, and the specific device that you are trying to unlock, many modern devices analyze the biological state of the finger, as with the help of dynamic data - assessing the natural position of the finger when it touches the sensor surface, analyzing the characteristic features of the finger such as pore distribution, furrow sharpness and others.
This is how additional sensors are used, for example an infrared sensor, which allow us to assess the naturalness of the finger. It should be borne in mind that naturalness will be affected by the time that has passed since the finger was separated from the body or the time of death of a person. But in modern biometric devices, the likelihood of successful use of a dead finger is small, but still exists.
A large number of biometric sensors can be successfully unlocked with a dead finger, for example, this is the case with most smartphones. In addition to the theory of using the practice of unlocking smartphones with the finger of an already dead person, sources close to police investigations in New York and Ohio say.
The question of the possibility of using a dead fingerprint can be one of the most important, despite the fact that it is often not given any importance. If biometric device manufacturers fail to eliminate this possibility, it could pose a serious injury risk to owners of potentially theft-attractive assets that are blocked from use or access by biometric security.
For example, in 2005, Malaysian carjackers cut off the finger of a Mercedes-Benz owner in an attempt to steal his car.
Fingerprint myths
One of the most famous myths and horror stories is the belief that by scanning a fingerprint, you can get information about the age, gender, race and diseases of the recipient.
Especially for believers in such statements, information is disseminated about the research of these issues by a special scientific discipline - dermatoglyphics. However, the world's leading scientific institutions recognize dermatoglyphics as a classic example of pseudoscience.
Identification by vein pattern
The venous pattern is unique for each person, including twins. Since the veins are located under the skin, they are almost impossible to forge, which allows for highly reliable authentication with a False Acceptance Rate - the probability of false identification of a user who is not in the database is up to 0.00008%.
Identification by drawing (Vein Recognition - in English) of the veins of a finger or palm is based on obtaining a template when photographing the outside or inside of the hand or finger with an infrared camera
An infrared camera is used to scan a finger or hand. The vein pattern becomes visible because the hemoglobin (blood dye) absorbs infrared radiation and the veins become visible in the chamber. The software creates a digital convolution based on the received data.
Venous pattern scanners. Price from $ 250.
Recognition of veins or vessels is usually performed on the palm or finger of the user.
What limits the scope is the size and cost of the scanners. Scanners are simply too bulky to be built into most mobile devices, but great for use in access control systems. And even the opinion is expressed that over time, it is the scanners of the venous pattern that will replace the fingerprint readers.
Also, identification involving 1: N pattern matching can be time consuming, especially if the database contains a large number of biometric patterns. This is due to the high demands on the processing of templates, as the patterns of the veins are very complex.
One of the decisive advantages of identification by venous pattern is the difficulty of unauthorized retrieval of the template.
The recognition reliability is comparable to that of the iris, although the equipment is much cheaper. Now it is actively being researched and implemented in ACS.
Face identification
Face recognition (in English) uses various facial features that can be used together to build a unique digital template.
Examples of facial features that can be used for identification are the shape of the nose or the distance between the eyes. A total of over 80 different traits are used.
Face recognition uses various algorithms and technologies for analysis.
Retinal identification
The first biometric eye scanning systems (Retinal scan - in English) were precisely retinal scanners, appeared back in 1985. The retina remains unchanged from birth to death, only certain chronic diseases can change it.
A retinal scan is instead performed with infrared light, which detects a pattern of capillaries and uses it for identification.
Although retinal scanning provides a high degree of security, the technology has many disadvantages that have led to limited commercial use:
• Low speed of the identification process
• High cost
Retinal scans have been used for identification (1: N) in high security environments such as the FBI, NASA and the CIA.
Iris identification
The Iris Recognition process begins with a detailed image of the human eye. They try to make the image for further analysis in high quality, but this is not necessary. The iris is such a unique parameter that even a blurry image will give a reliable result. For this purpose, a monochrome CCD camera with a dim backlight that is sensitive to infrared radiation is used. Usually, a series of several photographs is taken due to the fact that the pupil is sensitive to light and constantly changes its size.
The backlight is unobtrusive, and a series of pictures is taken in just a few seconds. Then one or more are selected from the obtained photographs and segmentation is started.
Researchers have documented a deterioration in identification after taking alcohol or LSD.
Heart rate authentication
Heart rate identification is one of the most important biometric technologies today. Palpitations are as unique to humans as fingerprints, retinas, or venous patterns. Among the advantages of biometric heart rate identification: high accuracy, high complexity of counterfeiting and obtaining a standard, analysis of the physical condition of the recipient.
Until recently, heart rate authentication was only on the list of promising solutions for biometric identification; today we already have solutions ready for commercial use. The human heart rate is characterized by many measurable parameters - frequency, rhythm, filling, tension, vibration amplitude, pulse rate.
Numi offers a unique watch bracelet for highly secure authentication.
The device can communicate with any device supporting NFC and Bluetooth data transmission technologies.
The principle of operation is simple - the bracelet is equipped with two electrodes, one of which is located on the back of the bracelet, and the other on the outside. When the user of the electrode closes the circuit, the device begins to measure the heart rate. The bracelet has wide integration possibilities and can be used in information systems, access control systems and industrial control systems.
Among the advantages of heart rate authentication:
• Inability to use in the absence of the recipient.
That is, if you lose or forget the bracelet, no one will be able to use it except you.
• Inability to use after death.
Despite all the advantages of heart rate bracelets, they still have one drawback. If you turn to research, in some cases, the accuracy of the bracelets for measuring heart rate may be insufficient.
For identification purposes, the control of the physical state of the recipient is secondary, but there are many applications in addition to identification, the control of the biological state is in demand.
DNA identification
DNA Biometrics (in English) is an increasingly common technology for biometric identification and is increasingly used in forensic science and healthcare.
Unlike the above-described identification technologies, DNA identification can not only reduce costs, or make our life easier and safer.
Benefits of DNA identification:
• DNA is the only biometric technology that allows you to identify relatives using an unidentified DNA sample.
• Like fingerprints, DNA is one of the few biometric characteristics that criminals leave behind at a crime scene.
• DNA testing is a relatively mature and dynamic technology that is widely used and familiar to the public.
• Rapid DNA identification devices, making sequencing possible in just 90 minutes.
• It is easy to store a large number of DNA analysis results in databases, this allows data to be accumulated and quickly searched by automated means.
The widespread introduction of DNA identification technology can really save the lives of people, for example, people who have been unjustly convicted.
In fact, nowhere in the world is there a reliable assessment of this problem; American experts give a conservative estimate that from 2.3 to 5% of all prisoners are innocent. There are more than 2 million prisoners in the United States, which means that we can talk about more than 100 thousand innocent convicts in the United States alone. Nobody even tries to count how many unjustly convicted in Russia no one even tries, we can only mention that Russia is the leader in Europe in terms of both the number of prisoners in general and the number of women prisoners. And then, as one TV presenter says: - Only you can draw conclusions.
At the moment, again in the United States, purely technical DNA analysis is possible in 5-10% of criminal cases. The fact is that until recently, the process of sequencing a complete genome was long and expensive. In addition, classical DNA fingerprinting could not reveal the differences between the twins. Modern technology makes it possible to identify those minor differences that exist even in twins. All this can significantly increase the percentage of criminal cases in which the use of DNA analysis is possible.
The American non-profit organization "Innocence Project" specializes in providing proof of innocence using DNA identification. So far, the Innocence Project has secured the release of 362 unjustly convicted prisoners, 20 of whom were sentenced to death.
One of the widely known stories is the story of Steve Titus, thanks to Elizabeth Loftus we know Steve's heartbreaking story and we know about the reasons that lead to unfounded accusations. And the point here is not only the infallibility of the judicial system, to which there are also many questions.
The point is in the peculiarities of the work of our brain, which are called confabulation or false memories. People (as a rule, this is the victim herself) on whose testimony the accusation was based do not deceive, they sincerely consider what they say to be true.
As you might guess, China has the largest DNA database - 54 million profiles for 2016. More than one billion yuan has already been spent on the creation of the database.
DNA analysis technologies are significantly expanding the police's ability to find criminals. For example, they managed to catch a serial killer of women, the identity of the killer was established after his uncle's DNA was analyzed as part of the medical examinations carried out in China.
Another example of identifying a criminal after analyzing the DNA of his relatives. The murderer of two businessmen in Qianwei County was identified after DNA samples were collected from all male students in the county.
Israeli geneticists conducted an interesting experiment that showed that the identity of an arbitrary US citizen can be established from one DNA sample in 60% of cases, using only private genomic databases. Their findings were presented in the journal Science.
Today, companies such as 23andMe, Family Tree, Ancestry and their other competitors are developing especially rapidly, calculating family ties between their customers and determining their predisposition to various diseases based on their DNA samples.
The services of such startups are now used by millions of people in the United States and other developed countries of the world, thanks to which they have accumulated some of the largest genetic databases in the world. Their data is now being used by scientists to search for genes associated with rare hereditary diseases, as well as for many other purposes.
