International Conference on Biometric Authentication
Wave Issue 0429 07/30/04
July 15-17, 2004
Biometrics is about bringing personal identity to a digital infrastructure. It became clear at ICBA that many biometric applications are emerging. At the same time, in spite of 40 years of research, the practical use of the technology is still in narrow applications. Biometrics has many dimensions: technology, privacy, security, scalability and ubiquity, which are barriers for use. This is the discussion here at ICBA.
It is not mere coincidence that the first ICBA is being held in Asia. Hong Kong, with a population of 6M is leading in research and applications of biometrics. This is the biometric parallel of broadband in Korea. The conference is being held at the Hong Kong Polytechnic University. Its Biometric Research Center is headed by Professor David Zhang. An example of their research is in palm prints, palm biometrics done in real time. Further, the laboratory will have a book published in 2005 on biometric fusion. The work on real time palm biometrics has received numerous technical awards. There is also a close linkage between the universities here and the practical applications of biometrics by the Hong Kong government.
The welcoming address was given by Marion Lai, Acting Permanent Secretary, Commerce Industry and Technology, Hong Kong Government. She described the Smart ID project to provide a secure smart card with embedded biometrics to each of the Hong Kong citizens and residents over the next 4 years. It is expected that 6.3M cards will be issued. But the card is more than a government ID card. It is a means to support e-commerce and many other functions that rely on personal identity and authentication. This is a use of biometrics which will place Hong Kong in a leading position as a digital infrastructure city.
ICBA 2004 has 160 participants from 24 countries. This reflects not only the diversity of efforts in biometrics but the role that Hong Kong plays in the technology.
Anil Jain, Professor, Michigan State University, opened the first session. He made a statement that many in the U.S. government see biometrics, even fingerprints, as a solved problem. Wrong. It is his view that this is far from the case and that there should be continuing research to develop the technology and its use it in practical applications. The WAVE spoke with Professor Jain about his view that “Biometrics: A Grand Challenge” should be frame of reference for regarding the research needs to extend biometrics usage. He is delivering a paper on this topic at the International Conference on Pattern Recognition in August 2004. Key points that Professor Jain made include:
Professor Jain classifies biometrics as a Grand Challenge. Under the HPCC program of the government such a challenge is:
Professor Jim Wayman, San Jose State University gave an overview of the applications and performance of biometric systems. One system he highlighted was US–VISIT. This provides one of the best examples of the scale of a biometrics program which has high value:
D. Malo, University of Balogne, presented the results of FVC~2004, the 3rd Fingerprint Verification Competition. This competition was on algorithms, not complete systems. There were 43 participants, 6 from academia, 8 independent developers, 29 companies and 19 who were anonymous. The results were evaluated using 7 indicators which were grouped in the following: accuracy, efficiency and memory use. What was most striking was that an individual scored the best against all the corporations. Much more remains to be done in fingerprint biometrics. The competition was but an example of the point made earlier – biometrics is not a solved problem.
There are many forms of biometrics. Here at the conference the following were cited: DNA, fingerprint, signature, face, iris, palm, voice, teeth, feet, typing styles, gaits and odors. In terms of applications, these technologies only fall within two bins in terms of scale: big or small. Big means large scale, 1M or greater, enrolled participants and usually 1 to many for identification. Thus, an individual can be determined from the biometric out of the total population of enrolled. Small applies to data sets which are usually 250 or less. The various competitions seen here at ICBA in fingerprints, face and signature have been done with these small training and test sets. A number of applications and commercial deployments have been described. One conclusion stands out. The only biometric technology which supports the big criteria is the fingerprint. Second, and a very distant second, is facial recognition, yet, in spite of trials, it has no large scale deployment. There is only one biometric that is widely accepted for mass deployment – fingerprints.
As we discussed earlier in this report there is a missing component in a digital infrastructure – personal identity. This also has a scale dimension from small to big. For computer security, such as log on, the biometric problem is trivial. This is a small scale verification problem. However, the verification of an individual who logs onto a computer will not suffice for the big scale requirements in a digital infrastructure. For example, one of the issues is the independent verification that the individual with the biometric is the same person that is present in the digital infrastructure. There are many other factors such as the quality of the biometric, the creation of a trusted source of the biometric identity that assures that the person enrolled is the same as that represented, speed of response and cost. It is here where the big implementations of biometric applications set the standard for performance and usability. One might ask – what has US-VISIT to do with biometrics for networked computer implementation and operations? US-VISIT operates on a large scale. Hong Kong Immigration establishes a trusted identity on a large scale.
Based on the papers at ICBA and the WAVE’s conversations with individuals at the event, we list in a table below some of the attributes of biometrics. One can turn this column of attributes into a matrix of biometric technologies by adding columns to the right which represent each type of biometric. Examples, include DNA, fingerprint, Iris, facial and more. The development of the matrix allows one then to evaluate a biometric against applications and to do a comparative assessment of biometric technologies.
We will examine this table to better understand how this relates to a digital infrastructure.
Enrollment is the collection of the biometric and the verification that the individual being represented is actually that individual. The enrollment process does much to determine its practicality. For example, DNA is a unique identifier but the invasiveness of collecting body samples and the time to process are major impediments, in spite of its accuracy. But, facial biometrics are easily collected, even unknowingly.
We separate Authentication/Verification from Identification. The latter is the ability to take a biometric and identify the individual. While Authentication is the determination that the individual is or is not the one being represented. This has significant implications in the implementation of a system to accomplish each. The certainty of the identification is more complex. Identification based on a fingerprint is the determination of the individual from just this biometric. For many applications the time and cost of these functions will determine if they are acceptable. Some fingerprint identification operations are being accomplished in seconds against a database of 1M or more.
One must also consider the underlying technology to grasp the implications of this table. For example, as we discussed above, fingerprints are the only biometric that has scaled upward to large. This is invasive in that in the enrollment process the individual has to consent to its collection. Yet, history and experience have determined that quality fingerprints are a reliable biometric. Facial photographs are much less invasive but they suffer from low reliability. That is, the high degree of variation in both the enrollment and identification process results in significant questions if it is capable of large scale application. The quality of a facial image as a biometric varies by lighting, resolution, optical distortions, age and facial characteristics which can be changed by the individual, such as glasses and shaving by males. The iris is seen as just a reliable a biometric as fingerprint but it is much more invasive.
If we assume a biometric has acceptable quality and the public will use it, such as fingerprints or iris, the next set of considerations, as shown in lower portion of the table, will determine if the a biometric is practical. This includes the complexity of the implementation and its cost. Another factor is the ease, and cost, within which the system can be designed, implemented and operated. For example, the Hong Kong Smart ID card is a replacement for an existing ID card but not tied to criminality. While US–VISIT has a responsibility to do identity against travelers but to also check against undesirable persons, i.e., terrorists.
Our discussion to this point is focused on a single biometric. Yet, as we will see below, multimode biometrics or fusion biometrics are seen to have considerable value. Combining one or more biometrics could lead to more effective use of biometrics. The problem is that little research has been conducted in this area to validate such a conclusion.
Raymond Wong of the Immigration Department of the Hong Kong government showed how biometrics can have practical application on a large scale. At the center is the Smart ID card, which has embedded in it two fingerprints, the thumbs, and a photo. The only biometric supported, however, are the fingerprints, while the photo is only for visual verification. The smart card is capable of being extended to support other functions that they call e-cert. Such extensions are at the option of the card holder. This being a trusted document, the design and implementation is more robust than money printing. One element which is different is the cryptographic key management to ensure a card which is impossible to copy. What is impressive about the Smart ID card is that it is one component of an overall system that has at its center biometrics for authentication of the individual.
Some of Raymond’s points include:
Much of the discussion of ICBA has been from an Asian perspective. Yet, surprisingly there are quite a few from the U.S. here – possibly as many as 20. Edwin Rood, of the Biometric Knowledge Center, West Virginia University, gave an interesting talk about directions for biometrics research in the U.S. His points included the following:
Josef Kittle, University of Surrey, UK, gave a keynote presentation on “Fusion of Intramodal and Multimodal Biometric Experts.” It was one of the most interesting of the conference. One example in facial recognition was based on color channels. Three different methods related to the color channels netted TER, total error rates, of 5.8, 5.8 and 4.8. But when combined using a fusion process, the TER dropped to 1.9. This is an intramodal fusion because the same biometric modality was used, i.e., facial. Another example used face, voice and lips for the biometrics. In this case the HTER (1/2 TER) varied from .74 to 13.3. When it was fused and all modalities were used, the HTER dropped to .15. The last example was the fusion of face and voice with the HTER of 1.8 and 1.23. But the fused HTER was only .28.
Logic draws us to the expectation that the use of more than one and even multiple biometric measures would result in lower error rates. Professor Kittle showed that. The real challenge comes in operational environments. In these environments:
Operational expectations are that the use of biometrics will force the evaluation in the direction of the biometric with the highest confidence. Note that this is the case with Hong Kong Immigration which has both finger prints and images. The images are not used as a biometric. In fusion, we would expect that the weights applied to the sensors used for authentication/ identification should be based on the reliability of the biometric. The WAVE asked the question: How does one compensate for these issues in operational environments? In response, it was stated this is one of the issues to be addressed in the R&D of multimodal systems.
The promise of fusion also carries with it the need for more research.
The WAVE spoke with Jean-Francois Mainguet, the developer of the swipe sensor. This is embedded in the HO iPAC h5450 and h5550 PDAs. All the major fingerprint systems use either an area or swipe sensor.
His perspective was interesting:
A 100 year old technology is going digital. This was an excellent event to gain insights into the status of biometric research. Research plays an important role for providing the technology base for emerging applications of biometrics. At ICBA we saw projects both big and small built on biometrics research.
Biometrics based on fingerprints is only the beginning. The recent big scale biometric projects discussed here are examples where biometrics can have a societal contribution. We note that there is a close coupling between biometrics research and these practical projects. Hong Kong is a leader in both research and application. The U.S. is struggling with its research agenda while some of the signs are positive as reflected in the NSF funded assessment.
It is clear that biometrics can have value when applied on a mass scale. At the same time this is where the challenges lie. Earlier we spoke of the Grand Challenge which is posed by biometrics and the presentations only reinforced this. However, this will not happen in a vacuum. Much of the core science is missing. Many of the practical business issues have also not been addressed. Paramount in the mind of the public is privacy issues.
Given that the digital infrastructure will not become less hostile, biometrics is likely to play an increasing role. Yet, the challenges for the application of this technology remain formidable. Only a big project will have the necessary impact. As we have seen at ICBA, this crosses political, geographic and cultural boundaries. In reality, the technical issues may be minor compared to the latter boundaries.