Biometrics refers to the automatic identification of a person based on his/her physiological or behavioral characteristics such as finger scan, retina, iris, voice scan, signature scan etc. This method of identification is preferred over traditional methods involving passwords and PIN numbers for various reasons: the person to be identified is required to be physically present at the point-of-identification; identification based on biometric techniques obviates the need to remember a password or carry a token. With the increased use of computers as vehicles of information technology, it is necessary to restrict access to sensitive/personal data. By replacing PINs, biometric techniques can potentially prevent unauthorized access to or fraudulent use of ATMs, cellular phones, smart cards, desktop PCs, workstations, and computer networks. A biometric system is essentially a pattern recognition system, which makes a personal identification by determining the authenticity of a specific physiological, or behavioral characteristics possessed by the use. Depending on the context, a biometric system can be either a verification (authentication) system or an identification system.
Biometrics is a rapidly evolving technology, which is being widely used in forensics such as criminal identification and prison security, and has the potential to be used in a large range of civilian application areas. Biometrics can be used to prevent unauthorized access to ATMs, cellular phones, smart cards, desktop PCs, workstations, and computer networks. In automobiles, biometrics can replace keys with key-less entry devices Biometrics technology allows determination and verification of one’s identity through physical characteristics. These characteristics can include face recognition, voice recognition, finger/hand print scan, iris scans and even retina scans. Biometric systems have sensors that pick up a physical characteristic, convert it into a digital pattern and compares.
A person’s identity can be resolved in two ways:
Motivation behind invention of Biometrics is the basic need of a person being authenticated automatically and accurately. Authentication is the process of verifying that an user requesting a network resource is who he/she claims to be or not. Conventional authentication methods are based on two types:
Something that you “have” – e.g., Key, Magnetic Card or Smart card.
Something that you “know” – e.g., PIN or Password
Biometric authentication method uses personal features i.e.
Something you “are”.
Humans have used body characteristics such as face, voice, gait, etc. for thousands of years to recognize each other. Alphonse Bertillon, chief of the criminal identification division of the police department in Paris, developed and then practiced the idea of using a number of body measurements to identify criminals in the mid 19th century. Just as his idea was gaining popularity, it was obscured by a far more significant and practical discovery of the distinctiveness of the human fingerprints in the late 19th century. Soon after this discovery, many major law enforcement departments embraced the idea of first “booking” the fingerprints of criminals and storing it in a database (actually, a card file). Later, the leftover (typically, fragmentary) fingerprints (commonly referred to as latents) at the scene of crime could be “lifted” and matched with fingerprints in the database to determine the identity of the criminals. Although biometrics emerged from its extensive use in law enforcement to identify criminals (e.g., illegal aliens, security clearance for employees for sensitive jobs, fatherhood determination, forensics, positive identification of convicts and prisoners), it is being increasingly used today to establish person recognition in a large number of civilian application.. 
The latest research indicates using a combination of biometric avenues for human identification is more effective, and far more challenging.
Traditionally, passwords (knowledge-based security) and ID cards (token-based security) have been used to restrict access to secure systems. However, security can be easily breached in these systems when a password is divulged to an unauthorized user or a card is stolen by an impostor. The emergence of biometrics has addressed the problems that plague traditional verification methods. Biometrics refers to the automatic identification (or verification) of an individual (or a claimed identity) by using certain physiological or behavioral traits associated with the person. By using biometrics it is possible to establish an identity based on “who you are” rather than by “what you possess” (for example, an id card) “what you remember” (for example, a password). Current biometric systems make use fingerprints, hand geometry, iris, retina, face, facial thermograms, signature, gait, palm print and voiceprint to establish a person’s identity.
While biometric systems have their limitations they have an edge over traditional security methods in that they cannot be easily stolen or shared. Besides bolstering security, biometric systems also enhance user convenience by alleviating the need to design and remember passwords. Moreover, biometrics is one of the few techniques that can be used for negative recognition where the system determines whether the person is who he or she denies to be.
Definition of Biometrics:
Any automatically measurable, robust and distinctive physical characteristic orpersonal trait that can be used to identify an individual or verify the claimed identity of anindividual is called Biometrical Identification or simply Biometrics. It’s a combination of two Greek words: Bios means Life and Metrics means To Measure.A wide variety of systems require reliable personal recognition schemes to eitherconfirm or determine the identity of an individual requesting their services. The purpose of such schemes is to ensure that the rendered services are accessed only by a legitimate user, and not anyone else. Biometric recognition refers to the automatic recognition of individuals based on their physiological and/or behavioral characteristics. 
Figure 1: Block Diagram Of Biometric Systems. 
A biometric system is essentially a pattern recognition system that operates byAcquiring biometric data from an individual, extracting a feature set from the acquired data ,And comparing this feature set against the template set in the database. Depending on the Application context, a biometric system may operate either in verification mode orIdentification mode.Verification Mode: In the verification mode, the system validates a person’s
Identity by comparing the captured biometric data with her own biometric
Template stored system database. In such a system, an individual who desires
To be recognized claims an identity, usually via a PIN (Personal Identification
Number), a user name, a smart card, etc., and the system conducts a one-to- one
comparison to determine whether the claim is true or not (e.g., “Does this
Biometric data belong to Bob?”). Identity verification is typically used for
Positive recognition, where the aim is to prevent multiple people from using the
Identification Mode: In the identification mode, the system recognizes an
Individual by searching the templates of all the users in the database for a
Match. Therefore, the system conducts a one-to-many comparison to establish an
individual’s identity (or fails if the subject is not enrolled in the system database)
without the subject having to claim an identity (e.g., “Whose biometric data is
this?”). Identification is a critical component in negative recognition
applications where the system establishes whether the person is who she
(implicitly or explicitly) denies to be. The purpose of negative recognition is to
prevent a single person from using multiple identities. Identification may also be
used in positive recognition for convenience (the user is not required to claim an
identity). While traditional methods of personal recognition such as passwords,
PINs, keys, and tokens may work for positive recognition; negative recognition can only be established through biometrics. 
04.1 Block Diagram Of Working Of Biometric System:
The block diagrams of a verification system and an identification system are
Depicted in Figure 2; user enrollment, which is common to both the tasks is also graphically Illustrated.
Figure 2: Block diagrams of enrollment, verification and identification tasks are shown using the
Four main modules of a biometric system, i.e., sensor, feature extraction, matcher, and system
BIOMETRIC SYSTEM ERRORS:
Two samples of the same biometric characteristic from the same person (e.g., two
impressions of a user’s right index finger) are not exactly the same due to imperfect imaging conditions (e.g., sensor noise and dry fingers), changes in the user’s physiological or behavioral characteristics (e.g., cuts and bruises on the finger), ambient conditions (e.g., temperature and humidity) and user’s interaction with the sensor (e.g., finger placement).Therefore, the response of a biometric matching system is the matching score,(XQ, XI) (typically a single number), that quantifies the similarity between the input and the database template representations (XQ and XI, respectively). The higher the score, the more certain is the system that the two biometric measurements come from the same person. The system decision is regulated by the threshold, t: pairs of biometric samples generating scores higher than or equal to t are inferred as mate pairs (i.e., belonging to the same person); pairs of biometric samples generating scores lower than t are inferred as non-mate pairs (i.e., belonging to different persons). The distribution of scores generated from pairs of samples from the same person is called the genuine distribution and from different persons is called the impostor distribution (see Figure 3a).
Figure 3(a): FMR and FNMR for a given threshold t are
Displayed over the genuine and impostor score distributions
Figure 3(b): Choosing different operating points (t) results inDifferent FMR and FNMR. The curve relating FMR to FNMRat different thresholds is referred to as Receiver Operating
A biometric verification system makes two types of errors:False Match: mistaking biometric measurements from two different persons to
be from the same person.False Non-Match: mistaking two biometric measurements from the same
person to be from two different persons.
There is a trade-off between false match rate (FMR) and false non-match rate
(FNMR) in every biometric system. In fact, both FMR and FNMR are functions of the
system threshold t; if t is decreased to make the system more tolerant to input variations
and noise, then FMR increases. On the other hand, if t is raised to make the system more
secure, then FNMR increases accordingly. The system performance at all the operating
points (thresholds, t) can be depicted in the form of a Receiver Operating Characteristic
(ROC) curve. A ROC curve is a plot of FMR against (1-FNMR) or FNMR for various
threshold values, t (see Figure 3b).
The above terminology is borrowed from communication theory, where the goal is to detect a message in the presence of noise.
The failure to capture (FTC) rate and the failure to enroll (FTE) rate are also used to
summarize the accuracy of a biometric system. The FTC rate is only applicable when the
biometric device has an automatic capture functionality implemented in it and denotes the
percentage of times the biometric device fails to capture a sample when the biometric
characteristic is presented to it. This type of error typically occurs when the device is not
able to locate a biometric signal of sufficient quality. The FTE rate denotes the percentage of times users are not able to enroll in the recognition system. There is a tradeoff between the FTE rate and the perceived system accuracy (FMR and FNMR). FTE errors typically occur when the system rejects poor quality inputs during enrollment. Consequently, the database contains only good quality templates and the perceived system accuracy improves. Because of the interdependence among the failure rates and error rates, all these rates (i.e., FTE, FTC, FNMR, and FMR) constitute important specifications in a biometric system, and should be reported during performance evaluation. The accuracy of a biometric system in the identification mode can be inferred using the system accuracy in the verification mode under simplifying assumptions. 
A number of biometric characteristics exist and are in use in various applications. Each biometric has its strengths and weaknesses, and the choice depends on the application. No single biometric is expected to effectively meet the requirements of all the applications. In other words, no biometric is “optimal”. The match between a specific biometric and an application is determined depending upon the operational mode of the application and the properties of the biometric characteristic.Various Biometric Technologies that were designed till now are as given below:
Hand & Finger Geometry Recognition
Gait Sequence Analyzing
Palm print Recognition
Of these the last five viz: Ear Scanning, Gait Sequence Analyzing, Keystroke
Analyzing, Odor Sensing, and Palm print Recognition are not very effective. 
The phrase, “It’s written all over your face,” has taken on new meaning with a system that captures, digitizes and stores the unique heat patterns of the human face. Now, not only will faces betray emotions, but they also will provide vital statistics including name, birth date and personal preferences.
The identification process begins by capturing the multitude of differences in each human face. The amount of heat emitted from an individual’s face depends on nine factors, including the location of major blood vessels that send heat both inward and outward, the skeletal system thickness and the amount of tissue, muscle and fat in the area
Due to large number of properties influencing facial thermal appearance and the also due to extremely large number of variations possible in each of this properties, the certainty of unique facial thermal appearance among individual humans is nearly infinite. Therefore, every human thermal facial image is unique to an individual, and this image remains consistent from birth to old age. Even identical twins do not share the same infrared (IR) image. In addition, these characteristics cannot be altered or camouflaged, and they are not affected by age or health status. These peculiar elements lend themselves to forming the basis for positively identifying a person. Commercial off-the-shelf IR cameras can capture a thermogram, or picture image, of these distinct heat-produced components. For identification purposes, the facial thermogram system compares 19,000 points, as opposed to the 78 points used when comparing fingerprint samples.
Advances in semiconductor technologies have made multi-element IR detectors possible, permitting more rapid image acquisition through reduced dependence on mechanical scanning. These improvements have decreased the number of steps needed to synthesize an image. The speed at which these images can be captured facilitates the use of this technology as a security device.
In addition, IR cameras were cryogenically cooled, a process that took as long as 10 minutes. Un-cooled cameras are now available that are less expensive than the cooled versions and do not require the cool-down period. Both types work effectively with the system and are able to recognize the other’s images.
The first step of the process is entering a person’s thermal image into the system with the use of the IR camera. Once the image has been captured, it is digitized and stored in a database. The image is then registered and linked to a personal identification number (PIN) or security badge. A keypad or badge reader is situated at all points of entry in a facility. To gain access, a person must first scan the badge or enter the PIN, which indicates an identity to the facial recognition system. An infrared camera at the same location captures the individual’s thermogram and transmits it to the control unit, where, using a computer and algorithms, it is compared to the thermal image on file. Access is granted only when the two images are identical. The system does not rely on the badge or PIN for security because they are not the secure portion of the process but rather a convenient means to identify a person to the system.
As evidence that this technology provides security, a proof-of-concept demonstration was conducted. Using an interactive system, more than 1,000 human facial images were collected and analyzed during the first phase of the demonstration. At this stage, developers showed that each thermogram is unique to an individual; an IR camera is an effective means for capturing the images; and images can be digitized, stored and matched in a security scenario using a computer and mathematical algorithms.
Thermograms also were taken of 12 test subjects. To verify the system’s effectiveness, the 12 individuals were randomly mixed with the general population from the initial collection of more than 1,000. During this evaluation, an analyst successfully identified the test subjects as they passed through a transit point. Images were also collected in uncontrolled lighting conditions, including total darkness, and were used to recognize known individuals without their knowledge or cooperation. 
The photograph of a person can be used from a distance. Even the subject may not be even known that his picture is being taken.
When thermogram is used, even the use of a mask will be detected.
The main disadvantage of face recognition is similar to problems of
photographs: people who look alike can fool the scanners.
Some systems have difficulty in maintaining high levels of performance as
the database grows in size. So mostly used in identification purpose.
Different poses do affect the entire process. Because pictures of the same
person taken from different positions will be different. 
Humans have used fingerprints for personal identification for many centuries and the matching accuracy using fingerprints has been shown to be very high. A fingerprint is the pattern of ridges and valleys on the surface of a fingertip, the formation of which is determined during the first seven months of fetal development. Fingerprints of identical twins are different and so are the prints on each finger of the same person. Today, a fingerprint scanner costs about US $20 when ordered in large quantities and the marginal cost of embedding a fingerprint-based biometric in a system (e.g., laptop computer) has become affordable in a large number of applications. The accuracy of the currently available fingerprint recognition systems is adequate for verification systems and small- to medium scale identification systems involving a few hundred users. Multiple fingerprints of a person provide additional information to allow for large-scale recognition involving millions of identities. 
It is very easy to use.
The device is very cheap and portable.
The device used to recognize Fingerprints consumes less power.
The current fingerprint recognition systems require a large amount of
computational resources, especially when operating in the identification mode.
Fingerprints of a small fraction of the population may be unsuitable for
automatic identification because of genetic factors, aging, or environmental
Parameters of Biometrics:
A number of biometric characteristics may be captured in the first phase of processing. However, automated capturing and automated comparison with previously stored data requires that the biometric characteristics satisfy the following
Universal: Every person must possess the characteristic/attribute. The
attribute must be one that is universal and seldom lost to accident or disease.
Uniqueness: Each expression of the attribute must be unique to the
individual. The characteristics should have sufficient unique properties to distinguish one person from any other. Height, weight, hair and eye color are all attributes that are unique assuming a particularly precise measure, but do not offer enough points of differentiation to be useful for more than categorizing.
Permanence: They should be constant over a long period of time. The
attribute should not be subject to significant differences based on age either episodic or chronic disease.
Collectability/Measurability: The properties should be suitable for capture
without waiting time and must be easy to gather the attribute data passively.
Performance: it is the measurement of accuracy, speed, and robustness of
Acceptability: The capturing should be possible in a way acceptable to a
large percentage of the population. Excluded are particularly invasive
technologies, i.e. technologies which require a part of the human body to be
taken or which (apparently) impair the human body. Circumvention- Ease of
use of a substitute.
There are also some other parameters which are very important during the
analysis of a biometric trait, these are:
Reducibility: The captured data should be capable of being reduced to a file
which is easy to handle.
Reliability and Tamper-resistance: The attribute should be impractical to mask
or manipulate. The process should ensure high reliability and reproducibility.
Privacy: The process should not violate the privacy of the person.
Comparable: Should be able to reduce the attribute to a state that makes it
digitally comparable to others. The less probabilistic the matching involved, the
more authoritative the identification.
Among the various biometric technologies being considered, the attributes which
satisfy the above requirements are fingerprint, facial features, hand geometry, voice,
iris, retina, vein patterns, palm print, DNA, keystroke dynamics, ear shape, odor,
Table below shows a comparison of various biometric systems in terms of above
mentioned parameters. A. K. Jain ranks each biometric based on the categories as
being low, medium, or high. A low ranking indicates poor performance in the
evaluation criterion whereas a high ranking indicates a very good performance.
Table 1: Comparison of various biometric systems 
The use of biometrics in authentication mechanisms is interesting because it has the possibility to establish the real connection between the physical user and the user’s identity. We always carry our biometrics with us and the loss of keys, tokens and forgotten passwords would not be the problem anymore. Biometrics also possesses some major problems, some of which are very hard to solve. First, like all authentication systems, we have a need to store the digital version of the biometrics (during enrollment). There always exists a way to break a systems security, even that of the most robust military organization, this leaves us with an abnormal problem concerned with the storage of biometrics information. If the system is penetrated and the biometrics- information is stolen or copied, in that case not only the systems security compromised even the identity of the physical user stolen forever. How can we change the pattern of our iris, our thumbprint, OR our voice? Moreover thumbprint the user left two months ago will not be exactly the same as the one he leaves today. The physical alignment of the biometrics is changing over time. The thumb will not be positioned in the same way two consecutive times in a row; at least it is very unlikely. The biometrics might also have changed. Consider that the user has been working on his summerhouse for the weekend and scratched his thumb. When he tries to log in to the system the digital copy will not match the evolved. A false positive is when the system authenticates a user even though he is not “right user”. Another problem with biometrics is that they can be physically copied. Finally, there exists a fatal practical problem with biometrics. If users are not willing to use the technology in fear of privacy, getting hurt by the mechanism, it will never successful. Biometrics can be a promising future method of authentication for systems that don’t communicate over common infrastructure. If biometric used remotely over a network we could use a base secret with the same entropy and get rid of the problems connected with biometrics. 
An extensive survey of the existing work in the domain of fingerprint based biometric systems has been carried out and the algorithms for fingerprint feature extraction, enhancement, matching, and classification are critically analyzed. It was found that the loop holes still existed in the biometric systems and an intelligent imposter could easily spoof these systems. In this thesis work, three techniques to improve security and three techniques to increase efficiency of the biometric systems have been proposed.
In the traditional cryptography the secret key is used to generate cipher text and at
the receiving end the same secret key is used to decode the message. The main
problems found in the traditional cryptographic systems are that of key entropy, key
uniqueness and key stability as discussed. In the proposed cryptographic based approach, the biometric (secret) template replaces the secret key to generate the cipher text and the same biometric template is used to decode the message at the receiving end. Thus the proposed approach has eliminated the need to remember complicated key sequences that could be forgotten, stolen or even guessed thereby making the biometric system more secure. The algorithm has been developed for this purpose and any security system based on this algorithm cannot be spoofed easily.
The third proposed approach to secure biometric system is based on the concept of
cancelable biometrics. One of the most critical problems associated with the
biometric template is that if somehow biometric data is compromised then it is
compromised forever. In other words, unlike to the passwords or tokens based
security systems, another set of security (in case secret template is hacked or stolen)
cannot be issued to a person in the biometric-based systems. The proposed approach
has addressed this problem by using the cancelable biometric. Original biometric
template is distorted by using some hash function to produce new biometric template
that is used for authentication purpose. In case the secret biometric template is
hacked or stolen then a new biometric template can be generated by using some
another hash function. The original biometric template is always safe as it is never
stored anywhere and thereby increases the security of the system. The remaining 35% of the total fingerprint is contributed by whorl and arch. The proposed classifier, classifies the input template into the four domains on the basis of left-loop, right-loop, whorl or arch during the enrolment process in order to create the template database, which is vertically classified into these four domains. During identification process, a minutiae template is generated of a particular classification domain and that template is searched in the corresponding domain of the template database thereby reducing the response time of the biometric system. Theoretically, it has been shown that the proposed approach is approximately forty times more efficient as compared with the existing approaches.
The author of the thesis has proposed another approach based on hand geometry to
improve the performance of the fingerprint verification system.
The algorithm proceeds to Phase-II only when Phase-I is successful thereby reducing
the processing time for rejecting the input template. The proposed approach has been found more efficient than other existing approaches on two accounts (i) on
theoretical basis it has been shown that the proposed approach has reduced the
response time five times approximately as compared to the existing approach; (ii)
intuitively the proposed approach requires lesser storage space as compared to
multi model based approaches.
The third approach, which has been proposed to reduce the response time, is based
on soft biometrics. As biometric technology matures, there will be an increasing interaction among the market, technology, and the applications. This interaction will be influenced by the added value of the technology, user acceptance, and the credibility of the service provider. As biometrics continues to advance scientifically and technologically, its use and acceptability as a means of security and authorization across various sectors will also grow. Biometrics would be a useful solution to the issue of security for mobile banking in rural areas as only thumb impression is quite enough for money transaction. Many biometric technology providers are already delivering biometric authentication for a variety of web-based and client/server based applications.
Continued improvements in the technology will increase performance at a lower
cost. [ 9]
Entering a locked house or conducting financial transactions will involve stepping up to a camera and punching in a PIN. The lens will capture the facial thermogram and compare it with a registered image for the number. A match will allow access. In private industry and government facilities, facial thermograms can be used to verify identity for access to secured areas.
The major applications of this technology so far have been: substituting for passports (automated international border crossing); aviation security, and controlling access to restricted areas at airports; database access and computer login; access to buildings and homes; hospital settings, including mother-infant pairing in maternity wards; “watch list” database searching at border crossings; and other Government programs. Iris recognition is forecast to play a role in a wide range of other applications in which a person’s identity must be established or confirmed.
Automated Teller Machine (ATM): Most of the leading banks have been
Experimenting with biometrics of ATM machines use and as general means of combining
Card fraud. Surprisingly, these experiments have rarely consisted of carefully integrated devices into a common process, as could be achieved with certain biometric devices
Telephone Transactions: No doubt many telesales and call center managers
have pondered the use of biometrics. It is an attractive possibility to consider, especially for automated processes.
Public Identity Cards: A biometric incorporated into a multipurpose public ID
cards would be useful in a number of scenarios if one could win public support for such a scheme. Unfortunately, in this country as in others there are huge numbers of individuals who definitely do not want to be identified. But we expect developments in this field in the near future. This will solve many border security problems, airport security, access to restricted buildings and sites. [ 10]
Reliable personal recognition is critical to many business processes. Biometrics refers to automatic recognition of an individual based on her behavioral and/or physiological characteristics. The conventional knowledge-based and token-based methods do not really provide positive personal recognition because they rely on surrogate representations of the person’s identity (e.g., exclusive knowledge or possession). It is, thus, obvious that any system assuring reliable personal recognition must necessarily involve a biometric component. This is not, however, to state that biometrics alone can deliver reliable personal recognition component. In fact, a sound system design will often entail incorporation of many biometric and non-biometric components (building blocks) to provide reliable personal recognition.
Biometric-based systems also have some limitations that may have adverse implications for the security of a system. While some of the limitations of biometrics can be overcome with the evolution of biometric technology and a careful system design, it is important to understand that foolproof personal recognition systems simply do not exist and perhaps, never will. Security is a risk management strategy that identifies, controls, eliminates, or minimizes uncertain events that may adversely affect system resources and information assets. The security level of a system depends on the requirements (threat model) of an application and the cost-benefit analysis. In our opinion, properly implemented
biometric systems are effective deterrents to perpetrators.
There are a number of privacy concerns raised about the use of biometrics. A sound
trade-off between security and privacy may be necessary; collective accountability/acceptability standards can only be enforced through common legislation. As biometric technology matures, there will be an increasing interaction among the market, technology, and the applications. This interaction will be influenced by the added value of the technology, user acceptance, and the credibility of the service provider. It is too early to predict where and how biometric technology would evolve and get embedded in which applications. But it is certain that biometric-based recognition will have a profound influence on the way we conduct our daily business.
K. Jain and S. Pankanti, “A Touch of Money”, IEEE Spectrum, pp. 22-27,
K. Jain, A. Ross and S. Prabhakar, “An Introduction to Biometric
Recognition”, IEEE Transactions on Circuits and Systems for Video
Technology, Special Issue on Image- and Video-Based Biometrics, Vol. 14, No.
1, pp. 4-20, January 2004.
Anil K. Jain, Ruud Bolle and Sharath Pankanti, “Biometrics: Personal
Identification in Networked Society”, Kluwer Academic Pub; ISBN:
(ref : http//scholar. Google / inspire ignite / biometric-systems)