Biometric methods of computer security. Biometric authentication systems as a way to implement control What are the biometric methods for protecting information

The problem of identifying a person when accessing classified information or an object has always been a key one. Magnetic cards, electronic badges, coded radio messages can be forged, keys can be lost, and even appearance can be changed if desired. But a number of biometric parameters are absolutely unique to humans.

Where is biometric security applied?

Modern biometric systems provide high reliability of object authentication. Provide access control in the following areas:

• Transferring and receiving confidential information of a personal or commercial nature;
• Registration and entry to the electronic workplace;
• Implementation of remote banking operations;
• Protection of databases and any confidential information on electronic media;
• Access systems to rooms with limited access.

The level of security threat from terrorists and criminal elements has led to the widespread use of biometric systems for the protection and management of access control, not only in government organizations or large corporations, but also among individuals. In everyday life, such equipment is most widely used in access systems and smart home control technologies.

The biometric security system includes

Biometric characteristics are a very convenient way to authenticate a person, as they are highly secure (hard to fake) and cannot be stolen, forgotten or lost. All modern methods of biometric authentication can be divided into two categories:

1. Statistical, these include unique physiological characteristics that are invariably present with a person throughout his life. The most common parameter is a fingerprint;
2. dynamic are based on acquired behavioral traits. As a rule, they are expressed in subconscious repeated movements during the reproduction of any process. The most common are graphological parameters (handwriting individuality).

Statistical Methods

IMPORTANT! Based on this, it was found that, unlike the iris, the retina can change significantly throughout a person's life.

Retinal scanner manufactured by LG

Dynamic Methods

• A fairly simple method that does not require specialized equipment. Often used in smart home systems as a command interface. To build voice patterns, frequency or statistical parameters of the voice are used: intonation, pitch, voice modulation, etc. To increase the level of security, a combination of parameters is used.

The system has a number of significant drawbacks that make its widespread use inappropriate. The main disadvantages include:

• The ability to record a voice password using a directional microphone by intruders;
• Low identification variability. Each person's voice changes not only with age, but also for health reasons, under the influence of mood, etc.

In smart home systems, it is advisable to use voice identification to control access to rooms with an average level of secrecy or control various devices: lighting, heating system, curtains and blinds, etc.

• Graphological authentication. Based on the analysis of handwriting. The key parameter is the reflex movement of the hand when signing a document. To take information, special styluses are used with sensitive sensors that register pressure on the surface. Depending on the level of protection required, the following parameters can be compared:
• Signature template- the picture itself is compared with the one in the device's memory;
• Dynamic Options– compares the speed of the signature with the available statistical information.

IMPORTANT! As a rule, in modern security systems and SKUR for identification, several methods are used at once. For example, fingerprinting with simultaneous measurement of hand parameters. This method significantly increases the reliability of the system and prevents the possibility of forgery.

Video - How to secure biometric identification systems?

Manufacturers of information security systems

At the moment, several companies are leading the market for biometric systems that an ordinary user can afford.

The use of biometric systems in business will not only significantly increase the level of security, but also help to strengthen labor discipline in an enterprise or office. In everyday life, biometric scanners are used much less frequently due to their high cost, but with an increase in supply, most of these devices will soon become available to the average user.

Vladislav Sharov

Security is a substance that is difficult to quantify, because it is difficult to imagine a client sacrificing their own security for reasons of economy. The growth of the terrorist threat and the need to improve security systems have led to the fact that the size of the biometric equipment market has recently begun to grow rapidly - it is expected that by 2007 it will reach $ 7 billion. The largest customers of biometric systems will be not only commercial institutions, but and government services and departments. Particular attention will be paid to airports, stadiums and other facilities in need of mass visitor control systems.

Already in 2006, citizens of the EU countries will become owners of so-called electronic passports - documents built on a special microcircuit that contains some biometric data of the owner (for example, information about fingerprints, iris), as well as related civil data (card numbers insurance, driver's license, bank accounts, etc.). The scope of such documents is almost unlimited: they can be used as international identity cards, credit cards, medical cards, insurance policies, passes - the list goes on and on. On September 20, 2004, the President of the Russian Federation signed a decree on the creation of an interdepartmental group that should prepare for the introduction of passports with biometric information. The deadline for preparing a package of documents was given before January 1, 2006.

But if in everyday life we ​​still have to get used to biometric systems, then in some areas biometrics has already been actively used for several years. And one of those areas is computer security. The most common solution based on biometric technologies is identification (or verification) by biometric characteristics in corporate network or at startup workstation(PC, laptop, etc.).

Biometric recognition of an object consists in comparing the physiological or psychological characteristics of this object with its characteristics stored in the system database. The main goal of biometric identification is to create such a registration system that would rarely deny access to legitimate users and at the same time completely exclude unauthorized access to computer storage of information. Compared to passwords and cards, such a system provides much more reliable protection, because one's own body can neither be forgotten nor lost.

When it comes to protecting a workstation, then the biometric data templates (for example, fingerprints) of registered users are stored in a secure storage directly on this workstation. After successfully completing the biometric identification procedure, the user is granted access to operating system. In the case of a corporate network, all biometric data templates of all network users are stored centrally on a dedicated authentication server. When entering the network, the user, passing through the biometric identification procedure, works directly with a specialized server, on which the provided identifiers are verified. The allocation of a separate biometric authentication server in the corporate network structure allows building scalable network solutions and storing confidential information on such a server, access to which will be provided only by the biometric identifying feature of the information owner.

When building corporate solutions, quite often, in addition to entering the network, biometric verification procedures are integrated into other programs used in the company, for example, into enterprise management systems, various office applications, corporate software, etc. With this approach, the data of all users necessary for identification are centrally stored on the authentication server, and the user himself is relieved of the need to remember passwords for all programs used or to constantly carry various cards with him.

In addition, cryptographic protection tools have become quite widespread, in which access to encryption keys is provided only after the biometric identification of their owner. It should be noted that in the field of computer security, the template of the biometric characteristic used, as a rule, undergoes a one-way transformation, i.e. it is impossible to restore a fingerprint or an iris pattern from it by a reverse procedure.

Authentication Methods

As you know, authentication involves verifying the identity of the subject, which in principle can be not only a person, but also software process. Generally speaking, authentication of individuals is possible upon presentation of information stored in various forms. Authentication allows you to reasonably and reliably differentiate the rights of access to information that is in common use. However, on the other hand, there is a problem of ensuring the integrity and reliability of this information. The user must be sure that he is accessing information from a trustworthy source and that this information has not been changed without appropriate authorization. A one-to-one (one-attribute) match search is commonly referred to as verification. It is characterized by high speed and imposes minimal requirements on the computing power of the computer. A one-to-many search is called identification.

Biometric authentication technologies can be divided into two broad categories - physiological and psychological. The first includes methods based on the physiological (static) characteristics of a person, that is, an integral, unique characteristic given to him from birth. It analyzes such features as facial features, eye structure (retina or iris), finger parameters (papillary lines, relief, joint length, etc.), palm (its imprint or topography), hand shape, pattern of veins on the wrist or thermal image.

The group of psychological methods includes the so-called dynamic methods, which are based on the behavioral (dynamic) characteristics of a person. In other words, they use the features characteristic of subconscious movements in the process of reproducing an action. These characteristics include the person's voice, the features of his signature, the dynamic parameters of the letter, the features of text input from the keyboard, etc.

Any biometric system allows you to recognize a certain pattern and establish the authenticity of specific physiological or behavioral characteristics of the user. Logically, the biometric system (Fig. 1) can be divided into two modules: registration and identification. The registration module is responsible for ensuring that the system learns to identify a specific person. At the registration stage, biometric sensors scan its necessary physiological or behavioral characteristics, creating their digital representation. A special module processes this representation in order to extract the characteristic features and generate a more compact and expressive representation, called a template. For a facial image, such characteristic features may be the size and relative position of the eyes, nose, and mouth. A template for each user is stored in the database of the biometric system.

The identification module is responsible for recognizing a person. During the identification stage, the biometric sensor registers the characteristics of the person whose identification is being carried out and converts these characteristics into the same digital format in which the template is stored. The resulting template is compared with the stored one to determine if the templates match each other. When using fingerprint identification technology in the authentication process, the user name is entered for registration, and the fingerprint replaces the password. This technology uses the username as a pointer to get the user's account and check a one-to-one match between the pattern of the fingerprint captured at enrollment and the previously stored pattern for the given username. Otherwise, the fingerprint template entered during registration is compared with the entire set of saved templates.

Static Methods

By fingerprint

This method is based on the unique pattern of papillary patterns on the fingers of each person (Fig. 2). Fingerprints are the most accurate, user-friendly and cost-effective biometric available in the world. computer systems identification. By eliminating the need for passwords for users, fingerprint recognition technology reduces help desk calls and lowers network administration costs.

Typically, fingerprint recognition systems are divided into two types: for identification, or AFIS (Automatic Fingerprint Identification Systems) and for verification. In the first case, the prints of all ten fingers are used.

The benefits of fingerprint access are ease of use, convenience and reliability. There are two fundamental fingerprint recognition algorithms: individual details(characteristic points) and along the relief of the entire surface of the finger. Accordingly, in the first case, the device registers only some areas that are unique for a particular imprint, and determines their relative position. In the second case, the image of the entire print is processed. In modern systems, a combination of these two methods is increasingly being used, which makes it possible to avoid the disadvantages of both and increase the reliability of identification.

One-time registration of a person's fingerprint on an optical scanner does not take too much time. A CCD camera, either as a separate device or built into the keyboard, takes a snapshot of the fingerprint. Then, with the help of special algorithms, the resulting image is converted into a unique "template" - a map of microdots of this print, which are determined by the gaps and intersections of lines in it. This template (not the fingerprint itself) is then encrypted and written to a database to authenticate network users. One template stores from several tens to hundreds of microdots. At the same time, users do not have to worry about their privacy, since the fingerprint itself is not stored and cannot be recreated from microdots.

The advantage of ultrasonic scanning is the ability to determine the required characteristics on dirty fingers and even through thin rubber gloves. It is worth noting that modern systems recognition cannot be deceived even by freshly chopped fingers (a microcircuit measures the physical parameters of the skin).

The probability of error in user identification is much less than other biometric methods. The quality of fingerprint recognition and the possibility of its correct processing by the algorithm strongly depend on the state of the finger surface and its position relative to the scanning element. Different systems have different requirements for these two parameters. The nature of the requirements, in particular, depends on the applied algorithm.

Hand geometry

This technology evaluates several dozen different characteristics, including the size of the palm itself in three dimensions, the length and width of the fingers, the outlines of the joints, etc. Using a special device (Fig. 3), consisting of a camera and several illuminating diodes , they give different projections of the palm), a three-dimensional image of the hand is built. In terms of reliability, hand geometry identification is comparable to fingerprint identification, although the palm reader takes up more space.

Rice. 3. Identification by brush geometry.

According to the location of the veins on the front side of the palm

Using an infrared camera, the pattern of veins on the front side of the palm or hand is read, the resulting image is processed, and a digital convolution is formed according to the arrangement of the veins.

According to the geometry of the face

Face identification is, without a doubt, the most common way of recognition in everyday life. But in terms of technical implementation, it is a more complex (from a mathematical point of view) task than fingerprint recognition, and requires more expensive equipment (digital video or photo camera and video image capture card). After receiving the image, the system analyzes the parameters of the face (for example, the distance between the eyes and nose). This method has one significant advantage: it takes very little memory to store data about one sample of the identification template. And all because, as it turned out, a human face can be "disassembled" into a relatively small number of sections that are unchanged in all people. For example, to calculate a unique template corresponding to a particular person, only 12 to 40 characteristic regions are required.

When constructing a three-dimensional image of a person's face, the contours of eyebrows, eyes, nose, lips, etc. are highlighted on it, the distance between them is calculated and not just an image is built, but also many of its variants for cases of face rotation, inclination, changes in expression. The number of images varies depending on the purpose of the application. this method(for authentication, verification, remote search over large areas, etc.). Most algorithms make it possible to compensate for the fact that an individual has glasses, a hat and a beard. For this purpose, infrared face scanning is usually used.

On the iris of the eye

Quite reliable recognition is provided by systems that analyze the pattern of the human iris. The fact is that this part of the human body is very stable. It practically does not change throughout life, does not depend on clothing, pollution and wounds. We also note that the shells of the right and left eyes differ significantly in the figure.

When recognizing by the iris, active and passive systems are distinguished. In systems of the first type, the user must adjust the camera himself, moving it for more accurate aiming. Passive systems are easier to use because the camera is automatically configured in them. The high reliability of this equipment allows it to be used even in correctional facilities.

The advantage of iris scanners is that they do not require the user to focus on the target because the pattern of iris spots is on the surface of the eye. In fact, the video image of the eye can be scanned at a distance of less than a meter.

On the retina

The method of identification by the retina of the eye has received practical application relatively recently - somewhere in the middle of the 50s of the now last century. It was then that it was proved that even in twins, the pattern of retinal blood vessels does not match. In order to register in a special device, it is enough to look through the peephole of the camera for less than a minute. During this time, the system manages to illuminate the retina and receive the reflected signal back. Retinal scanning uses low-intensity infrared radiation directed through the pupil to the blood vessels at the back of the eye. From the received signal, several hundred original characteristic points are selected, information about which is averaged and stored in the encoded file.

The disadvantages of such systems include, first of all, the psychological factor: not every person is pleased to look into an unknown dark hole, where something shines into the eye. In addition, you need to look very carefully, since such systems, as a rule, are sensitive to the wrong orientation of the retina. Retinal scanners have become very popular for accessing top-secret systems, as they guarantee one of the lowest access denial rates for registered users and an almost zero error rate.

According to the thermogram of the face

This authentication method is based on the unique distribution of arteries on the face that supply blood to the skin and generate heat. To obtain a thermogram, special infrared cameras are used. Unlike face geometry recognition, this method allows you to distinguish even twins.

Dynamic Methods

By voice

This is one of the oldest technologies, but now its development has accelerated, as it is expected to be widely used in "smart buildings". There are quite a few ways to construct a voice identification code; as a rule, these are various combinations of frequency and statistical characteristics of the voice. Here, such parameters as pitch, modulation, intonation, etc. can be evaluated. Unlike appearance recognition, this method does not require expensive equipment - a sound card and a microphone are enough.

Voice identification is convenient, but at the same time not as reliable as other biometric methods. For example, a person with a cold may have difficulty using such systems. The voice is formed from a combination of physiological and behavioral factors, so the main issue with this biometric approach is identification accuracy. Currently, voice recognition is used to control access to a medium security room.

By handwriting

As it turned out, the signature is the same unique attribute of a person as his physiological characteristics. In addition, the signature identification method is more familiar to any person, since, unlike fingerprinting, it is not associated with the criminal sphere.

One of the promising authentication technologies is based on the uniqueness of the biometric characteristics of the movement of the human hand during writing. There are usually two methods for processing signature data: simple pattern matching and dynamic verification. The first of them is very unreliable, since it is based on the usual comparison of the entered signature with the graphic samples stored in the database. Because the signature cannot always be the same, this method has a high error rate. The dynamic verification method requires much more complex calculations and allows real-time recording of the parameters of the signature process, such as the speed of the hand movement in different areas, the pressure force and the duration of the various stages of the signature. This gives a guarantee that even an experienced graphologist cannot forge the signature, since no one is able to exactly copy the behavior of the hand of the owner of the signature.

The user, using a standard digitizer and a pen, imitates his usual signature, and the system reads the movement parameters and compares them with those that were previously entered into the database. If the signature image matches the standard, the system attaches to the signed document information about the user's name, his e-mail address, position, current time and date, signature parameters, including several dozen characteristics of motion dynamics (direction, speed, acceleration) and others. This data is encrypted, then the check sum, and all this is encrypted again, forming a so-called biometric label. To set up the system, a newly registered user performs the procedure for signing a document five to ten times, which allows obtaining average indicators and a confidence interval. First this technology used by PenOp.

Signature identification cannot be used everywhere - in particular, this method is problematic to apply to restrict access to premises or to access computer networks. However, in some areas, for example, in the banking sector, as well as everywhere where registration takes place important documents, verifying the correctness of the signature can be the most effective, and most importantly, easy and inconspicuous way.

By keyboard handwriting

The method is generally similar to the one described above, but instead of signing, it uses a certain code word (if a user's personal password is used, this is called two-factor authentication), and no special equipment is required, except for a standard keyboard. The main characteristic, according to which the convolution is built for identification, is the dynamics of the set of the code word.

Comparison of methods

To compare various methods and methods of biometric identification, statistical indicators are used - the probability of an error of the first kind (not letting "one's own" into the system) and an error of the second kind (letting "alien" into the system). It is very difficult to sort and compare the biometric methods described above according to indications of type I errors, since they vary greatly for the same methods due to the strong dependence on the equipment on which they are implemented. Nevertheless, two leaders have emerged - fingerprint authentication and iris authentication.

Solutions using fingerprint methods

According to experts, to date, computer fingerprinting systems have reached such perfection that they can correctly identify a person by his fingerprints in more than 99% of cases. The competition, held by the National Institute of Standards and Technology (NIST) of the US Department of Commerce, revealed the top three winners among such systems. NIST has extensively tested 34 fingerprint identification systems on the market from 18 different companies. The study was funded by the US Department of Justice as part of a program to integrate fingerprint identification systems used by the FBI and the US Department of Homeland Security.

A set of 48,105 sets of fingerprints belonging to 25,309 people was used to test the systems. The best (and approximately the same) results were shown by systems manufactured by the Japanese company NEC, the French Sagem and the American Cogent. The study showed, in particular, that the percentage of errors for various systems significantly depends on how many fingerprints are taken from a particular person for identification. The record result was 98.6% for single-finger identification, 99.6% for two, and 99.9% for four or more fingers.

More and more new systems based on this method of identification appear on the market. For example, SecuGen (http://www.secugen.com), a security company, offers hardware and software that allows the use of fingerprint identification in networks under Windows control. It is enough for the user to put a finger on the sensor so that the program recognizes it and determines the tolerance level. The scanning sensor used in the system manages with a resolution of 500 dpi. The system is currently capable of running Windows NT/2000 and Windows Server 2003. A nice innovation that facilitates authorization is the ability to match fingerprints of different user fingers with different registration records.

Both keyboards and mice are available today with a built-in fingerprint scanner (Fig. 4). For example, Microsoft Corporation (http://www.microsoft.com) offers a set of Microsoft Optical Desktop with Fingerprint Reader (keyboard plus mouse with fingerprint reader). The Optical Desktop with Fingerprint Feature USB keyboard has multimedia keys, five programmable buttons and a Tilt Wheel that can scroll text both vertically and horizontally. Wireless mouse The Wireless IntelliMouse Explorer comes with a separate USB Fingerprint Reader, offers noticeably longer battery life, and is also equipped with a Tilt Wheel.

Rice. 4. Mouse with scanner.

However, the fact that Microsoft has mastered the release of mice and keyboards with built-in fingerprint scanners does not mean that you cannot start Windows without passing biometric identification. At present, the corporation is simply following the general trend. And then - who knows.

But Casio Computer has developed a prototype LCD display with a built-in fingerprint scanner. The device, which has a diagonal of 1.2 inches, is designed for mobile phones. Fingerprint scanners are typically based on CCDs that capture an image, or based on an array of capacitor sensors whose capacitance varies according to the nature of the pattern. The design of the Casio display uses a layer of optical sensors on a transparent substrate 0.7 mm thick, which, in turn, is placed on top of a conventional LCD screen. As Casio explains, CCD sensors do not read fingerprints well from soiled fingers, and condenser ones - if the skin is too dry. According to representatives of the company, its optical sensors do not have these disadvantages.

Domestic companies are also actively working on the "biometric front". One of the main activities of CenterInvest Soft (http://www.centreinvest.com) is "biometrics for business" (bio2b). It should be noted that the company has licenses from the State Technical Commission of the Russian Federation and FAPSI for performing work in the field of information security and the use of cryptographic protection tools, as well as a license from the FSB for the right to work with documents containing information constituting a state secret. The biometric solutions of "CenterInvest Soft" can be divided according to their purpose into two large groups: biometric protection of information resources and biometric identification with limited physical access. To protect information resources, the company offers both its own developments and products of other (Russian and foreign) companies.

Thus, the bio2b BioTime software and hardware solution is designed to create a system for monitoring and recording the real working time of personnel. It also provides management operational information about absent employees. The solution consists of the BioTime software and hardware complex (equipment for biometric authentication, a server for storing accounts and an event database, software for registering the arrival / departure of employees, automatic generation of reports and their distribution) and a set of services (supply and configuration of equipment and software, support systems, training of users and system administrators).

BioTime works as follows. A PC with a biometric scanner and client software is installed at the checkpoint. Coming to work, the employee puts his finger on the window of the biometric authentication scanner. The system identifies the employee according to his account in the database and registers the event. At the end of the working day, a similar procedure is followed. The process of scanning and recognition takes 1-2 s. In addition to a PC at the authentication sites, a database server and BioTime software, the complex includes biometric fingerprint scanners U-Match Book or U-Match Mouse from BioLink Technologies (http://www.biolink.ru), certified by the State Technical Commission and the State Standard of the Russian Federation . Note that these devices have the functions of protection against dummies and "dead" fingers.

Another solution, bio2b BioVault, is a software and hardware system for protecting confidential information stored on a PC from unauthorized access (use, distortion, theft). It combines fingerprint biometric user authentication technologies and information encryption software. The complex includes BioLink U-Match Book or BioLink U-Match Mouse fingerprint scanners, BioLink Authentication Center client software for authenticating users when logging into the network Microsoft Windows(Windows NT/2000, Active Directory domains are supported) and Novell NetWare, as well as the BioVault confidential information encryption system from SecurIT (http://www.securit.ru). The latter allows you to create and use protected logical drives, which are special container files on a hard, removable or network drive, where information is stored in encrypted form and is not available to outsiders even if the drive or computer is removed.

Do not remain aloof from biometrics and the giants of the computer industry. Since 1999, when IBM (http://www.ibm.com) announced the industry's first PC with built-in security, the corporation has effectively set the security standard for other PC manufacturers. As a founding member of the Trusted Computing Group (http://www.trustedcomputinggroup.org), an industry-standard security organization, IBM is committed to building the industry's most innovative and secure PCs. In October last year, the corporation introduced the first ThinkPad T42 laptop with an integrated fingerprint scanner. This family now includes a model that not only simplifies access to restricted resources (for example, personal and financial information, Web sites, documents, and e-mail), but also provides high level protecting data with new tools biometric control and built-in security subsystem.

In the first "biometric" IBM ThinkPad laptops, the fingerprint scanner works in conjunction with the Embedded Security Subsystem, forming an additional layer of protection that is organically built into the system. The fingerprint scanner is located on the wrist rest, under the cursor block (Fig. 5). To log in, open applications, access Web sites or databases, the user simply swipes his finger across a small horizontal sensor. The scanning process takes only a few seconds; thus, ease of use is combined with the maximum level of protection available in standard notebooks. The ThinkPad's fingerprint scanner captures more data than traditional image sensors because it scans a larger surface area of ​​the finger, thereby eliminating identification errors.

IBM has also enhanced its Embedded Security Subsystem with the release of updated version Client Security Software Version 5.4 with optional Secure Password Manager. The new version simplifies the installation and use process, and for the first time this software comes pre-installed. The new version supports fingerprint and complex password authentication, and both identification methods can be used both together and as an alternative to each other. The new software and embedded security chip are integrated with the fingerprint scanner, which ensures the protection of critical information (including encryption keys, electronic details and passwords) and prevents unauthorized use of the notebook.

Note that the Embedded Security Subsystem is a key component of the IBM ThinkVantage technology suite that makes it easy to deploy, connect, secure, and support ThinkPad laptops and ThinkCentre desktops. The fingerprint scanner, on the other hand, is just one component of the IBM security portfolio. This complex includes servers, operating systems, identity tools, middleware, Internet privacy, network access, information storage, system management tools, as well as consulting solutions. The complex protects information from threats from hackers, viruses and worms, from electronic spam, from problems associated with the use of new wireless technologies, and ensures compliance with government information security regulations.

IBM has also become an authorized reseller of Utimaco (http://www.utimaco.com) software, which provides full encryption of all content. hard drive. This feature protects your notebook from unauthorized use if it is stolen or lost. Utimaco Safeguard Easy is the first full disk encryption product fully compatible with ThinkVantage's IBM Rescue and Recovery technology, which automatically backs up/restores the contents of an entire hard drive, ensuring data loss protection in the event of an OS failure. In 2005, the corporation will reportedly expand the use of previously announced biometric security solutions to include embedded fingerprint scanners in other ThinkPad notebook models and introduce new fingerprint scanners for ThinkCentre desktops and ThinkPad notebooks.

Scanning the iris or voice recognition at the entrance to a secret object has long ceased to be only an element of spy films. Biometric security systems are becoming more reliable and more affordable over time, which gives reason to pay attention to this range of technologies.

Biometric Authentication Methods

First, a little terminology. Authentication is an authentication procedure by reading certain parameters (like a password or signature) and comparing them with a value in some database (password entered during registration, signature samples, etc.). Biometric authentication occurs using as a key biological properties that are unique and measurable.

The advantages of this group of methods lie on the surface: losing, stealing or forging a key parameter is more difficult than a password or a card, because this is a property of a person who is always with him.

Biometric authentication is divided into two types:

1. static, where permanent properties are used throughout life (fingerprint pattern, retinal or iris pattern, etc.).
2. Dynamic where the acquired properties of a person are used (features of performing habitual actions: movements, speech, underlining).

A third type can also be distinguished - combined authentication, which is a combination of the first two and does not have its own distinctive features.

Static Methods

Based on the recognition of stable (relatively) and unique parameters human body A wide variety of authentication methods with different characteristics have been created.

Dynamic Methods

Fewer authentication methods based on acquired traits have been developed, and in terms of reliability and reliability they are inferior to most static ones. At the same time, the cost characteristics of dynamic methods and ease of use add to their attractiveness.

Biometric security systems

Regardless of which authentication method is used, they all serve the same purpose: to distinguish a person or group of people with authorized access from everyone else.

Application in daily life

In everyday life, biometric technologies are increasingly common. First of all in a smartphone, a lifelong companion modern man, it is feasible to implement several methods at once to confirm the identity of the owner:

Not only reading technologies are constantly improving, but also recognition algorithms.

Models with retinal and iris scanners have already been released, but so far these technologies cannot be called perfect, because. there is information that they are relatively easy to deceive.

The same methods can be used to protect access to information on other gadgets and PCs, to devices in " smart home". You can already find door locks on sale, where a finger is used instead of a key, and the market for biometric technologies for everyday life continues to develop rapidly. Despite constant innovations and improvements in other areas, at the moment, the fingerprint method is the most developed, widespread and suitable for personal use.

Application in access control systems (ACS)

There are many enterprises, the entrance to the territory of which is allowed only to a certain circle of people. Usually they have a fence, guards and checkpoints. Checkpoints are:

• controller(the control that decides whether to allow access);
• reader(touch element that perceives identifiers);
• identifiers(keys to gain access) to all who must go inside.

From the point of view of the organization of the protective system, the number of people passing control is important, allowable level errors and resistance to deception.

Based on biometric features (as identifiers) systems have proven themselves well in this sense. If the most stringent control is necessary, the most reliable methods are used (authentication by retina, iris, fingerprint), sometimes a combination of them. For ordinary enterprises (where the main goal is to determine whether a worker is present and for how long), less reliable, but simpler solutions (voice authentication and others) are suitable.

Manufacturers of equipment for biometric security

The largest companies in the market:

• BioLink(Russia) produces systems using combined authentication methods, such as BioLink U-Match 5.0 - a fingerprint scanner with a built-in magnetic and/or chip card reader.

• ZKTeco(China) distributes low-cost devices that provide access control and time tracking for factories, financial and public institutions. Fingerprints and facial geometry are used.

• ekey biometric systems(Austria) - the European leader, produces fingerprint scanners, which use thermal and radio frequency analysis for greater accuracy.

transcript

1 Ministry of Education of the Republic of Belarus Educational Institution “Belarusian State University Informatics and Radioelectronics” Department of Information Security A. M. Prudnik, G. A. Vlasova, Ya. V. Roshchupkin BIOMETRIC METHODS OF INFORMATION PROTECTION » Minsk BSUIR 2014

2 UDC: (076) LBC 5th Ya73 P85 Reviewers: Department of Automated Command and Control Systems of Troops of the Educational Institution “Military Academy of the Republic of Belarus” (protocol 11 dated); Dean of the Faculty of Telecommunications of the Educational Institution "Higher State College of Communications", Ph.D. allowance / A. M. Prudnik, G. A. Vlasova, Ya. V. Roshchupkin. Minsk: BSUIR, p. : ill. ISBN Issues of ensuring access control and information protection with the help of biometric methods and tools, general concepts and definitions of biometrics are considered. The classification and comparative analysis of the main (fingerprints, hand geometry, iris, face image, signature, voice) and additional biometric parameters (DNA, retina, etc.), their information features, stages of comparison are given. The types of errors in authentication systems are considered. The principles of choosing biometric parameters for access control systems, as well as types of attacks on biometric systems are analyzed. The presented teaching aid will be very useful for students of telecommunication specialties and specialists in the field of access control and information protection. UDC: (076) BBC 5th ya73 ISBN Prudnik A. M., Vlasova G. A., Roshchupkin Ya. V., 2014 Belarusian State University of Informatics and Radioelectronics, 2014

3 CONTENTS 1. AUTHENTICATION AND BIOMETRIC PARAMETERS General concepts of authentication and biometric parameters Authentication protocols Features of authentication methods Hybrid authentication methods Biometric authentication requirements BASIC BIOMETRIC PARAMETERS Fingerprint recognition Iris recognition Hand geometry recognition Face recognition Human voice recognition Signature verification ADDITIONAL BIOMETRIC PARAMETERS DNA Identification Retinal Recognition Thermogram Recognition Gait Recognition Keyboard Handwriting Recognition Ear Shape Recognition Skin Reflection Recognition Lip Movement Recognition Body Odor Identification , specific to biometrics Negative authentication Trade-offs ATTACK ON B IOMETRIC SYSTEMS Pattern Recognition Model Attacks on Biometric Identifiers

4 5.3. Frontal Attacks Fraud Internal Attacks Other Attacks Combination of Smart Cards and Challenge-Response Biometrics Abbreviated Biometrics BIOMETRIC CHOICE Biometric Properties Application Properties Evaluation Methods Availability and Cost Advantages and Disadvantages of Biometrics Biometric Myths and Misconceptions CONCLUSION LITERATURE

5 1. AUTHENTICATION AND BIOMETRIC PARAMETERS Strong authentication, i.e. identification of the identity of the addressing party, is becoming a necessary attribute of everyday life. Today, people use it when performing the most common actions: when boarding a plane, conducting financial transactions, etc. There are three traditional methods of authentication (and / or authorization, i.e., allowing access to a resource): 1) by ownership of physical objects such as keys, passport and smart cards; 2) knowledge of information that must be kept secret and that only a certain person can know, such as a password or passphrase. Knowledge may be relatively sensitive information that may not be secret, such as mother's maiden name or favorite color; 3) by biometric parameters, physiological or behavioral characteristics, by which people can be distinguished from each other. The three authentication methods can be used in combination, especially with automatic authentication. For example, a bank card as a property requires knowledge (password) to perform transactions, a passport is a property with a face and a signature, which refers to biometric parameters. Since items can be lost or forged, and knowledge can be forgotten or transferred to another person, methods of determining identity and access to resources based on knowledge and ownership are unreliable. For secure identity authentication and secure exchange information between parties should use biometrics. A person cannot forge, lose, steal or transfer biometric parameters to another person without causing injury. Currently, biometric technologies provide the greatest guarantee of identity identification and form the basis of security where accurate authentication and protection from unauthorized access to objects or data are of utmost importance. General concepts of authentication and biometric parameters or behavioral characteristics. Physiological biometrics, such as fingerprints or hand geometry, are physical characteristics that are typically measured at a specific point in time. Behavioral biometrics, such as a signature or voice, are a series of actions and last for a certain period of time. 6

6 Physiological biometric parameters are quite diverse and one sample of them is usually sufficient for comparison. With regard to behavioral biometric parameters, a single sample may not provide sufficient information to identify a person, but the temporal change in the signal itself (under the influence of behavior) contains the necessary information. Physiological (static) and behavioral (dynamic) biometric parameters complement each other. The main advantage of static biometrics is the relative independence from the psychological state of users, the low cost of their efforts and, therefore, the possibility of organizing biometric identification of large flows of people. There are six biometrics most commonly used in automated authentication systems today (Table 1.1). Basic biometric parameters Physiological Fingerprints Iris Geometry of the hand Face Signature Voice Behavioral Table 1.1 Work is also underway on the use of additional biometric parameters (Table 1.2). Additional biometric parameters Physiological DNA Ear shape Odor Retina Skin reflection Thermogram Gait Behavioral Keyboard handwriting 2) uniqueness: for biometrics, no two people have the same biometric characteristics; 3) persistence: biometric characteristics must be stable over time; 4) measurability: biometric characteristics must be measurable by some physical reader; 7

7 5) acceptability: the user community and society as a whole should not object to the measurement/collection of biometrics. The combination of these properties determines the effectiveness of the use of biometrics in order to protect information. However, there are no biometric parameters that absolutely satisfy any of these properties, as well as parameters that would combine all these properties at the same time, especially if the fifth property of acceptability is taken into account. This means that there is no universal biometric parameter, and the use of any biometric protection method is determined by the purpose and required characteristics of the information system. An information security system based on biometric authentication must meet requirements that are often incompatible with each other. On the one hand, it must guarantee security, which implies high authentication accuracy and low error rates. On the other hand, the system must be user-friendly and provide the required computational speed. At the same time, confidentiality requirements must be met. At the same time, the cost of the system should allow the possibility of its application in practice. The complexities that arise in the development and application of biometric systems also include the legal aspects of the use of biometrics, as well as the problems of physical security and data protection, access rights management and system recovery in the event of a breakdown. Therefore, any biometric authentication method is the result of many compromises. In all biometric authentication systems, two subsystems can be distinguished (Fig. 1.1): 1) registration of an object (using several measurements from a reader, a digital model of a biometric characteristic (biometric template) is formed); 2) object recognition (measurements read during an authentication attempt are converted into a digital form, which is then compared with the form obtained during registration). There are two biometric comparison methods: 1) verification comparison with a single template selected on the basis of a certain unique identifier that distinguishes a particular person (for example, an identification number or code), i.e. a one-to-one (1: 1) comparison of two biometric templates; 2) identification - comparison of the measured parameters (human biometric template) with all records from the database of registered users, and not with one of them selected on the basis of some identifier, i.e. i.e. unlike verification, identification is a one-to-many (1:m) comparison. eight

8 Fig. Biometric authentication system Biometric registration (Fig. 1.2) is the process of registering objects in a biometric database. During registration, the biometric parameters of the object are recorded, significant information is collected by the property extractor and stored in the database. Using a specific identification number (a unique combination of numbers), the machine representation of the biometric parameter is associated with other data, such as a person's name. This piece of information can be placed on some object, for example, on a bank card. Fig. Biometric registration Positive registration registration for verification and positive identification. The purpose of such registration is to create a database of legitimate objects. Upon registration, an identifier is given to an object. Negative registration registration for negative identification is the collection of data about objects that are not allowed in any applications. The databases are centralized. Biometric 9

9 patterns and other identification data are stored in a negative identification database. This can be done by force or secretly, without the assistance of the subject himself and his consent. Registration is based on information about the user in the form of "hard data", i.e. from official documents or other reliable sources such as a birth certificate, passport, pre-established databases and government databases of criminals. Similarity determination is done by humans, which is a potential source of error. The task of the authentication module is to recognize the object at a later stage and identify one person among many others, or to verify the identity by determining the match of its biometric parameters with the given ones. For identification, the system receives a biometric sample from an object, extracts significant information from it, and searches the database for records that match it. For biometric identification, only biometric characteristics are used. On fig. 1.3 shows the main blocks that make up a biometric identification system. Patterns from the database are compared with the submitted pattern one by one. At the end of the procedure, the system issues a list of identifiers that are similar to the entered biometric parameter. Fig. Biometric identification The identification system can work in two different modes: 1) positive identification (the system determines whether the person is registered in the database. In this case, errors of false access or false refusal of access can be made. Similar to verification); 2) negative identification (the system checks for the absence of an object in some negative database. This may be, for example, a database of wanted criminals. Similarity omission errors false negative and false similarity errors false positive may occur). Biometric verification differs from identification in that the submitted biometric samples are compared with one registered 10

10 entries in the database. The user provides some property that points to one biometric template from the database. Fig. Biometric verification For verification, the object represents some identifier (identification number, bank card) and biometric parameters. The system reads biometric indicators, highlights certain parameters, compares them with the parameters registered in the database under the number this user. After that, the system determines whether the user is really who he claims to be or not. The presentation of the unique identifier in fig. 1.1 is shown with a dotted arrow. Distinguish between centralized and distributed databases. The centralized database stores the biometric information of all registered objects. A distributed database stores biometric information in a distributed form (for example, on smart cards). The object provides the system with a single biometric template stored on some medium, such as a smart card. The biometric system compares this template with a biometric sample provided by the person. In practice, many systems use both types of databases, distributed for daily offline verification and centralized for online verification or for reissuing cards in case of loss without remeasurement of biometric parameters. The vast majority of people believe that the database stores samples of a fingerprint, a person's voice, or a picture of the iris of his eye. But in fact, in most modern systems, this is not the case. A special database stores a digital code that is associated with a specific person who has access rights. The scanner or any other device used in the system reads a certain biological parameter of a person. Next, it processes the resulting image or sound, converting them into a digital code. It is this key that is compared with the contents of a special database to identify a person. eleven

11 Thus, at the heart of any biometric system are reading (unique information is extracted from a physical and/or behavioral sample and a biometric sample is compiled), matching (the presented sample is compared with a stored sample from the database), and decision making (the system determines whether the biometric samples and makes a decision to repeat, end or change the authentication process) Authentication protocols The operation of any authentication system is implemented according to a specific protocol. A protocol is a specific sequence of steps by two or more parties that are going to solve a problem. The order of the steps is very important, so the protocol regulates the behavior of both parties. All parties agree to the protocol, or at least understand it. Let's take a telephone conversation as an example. After dialing the number, the caller hears beeps followed by a click when the other end picks up the phone. According to the protocol, the person answering the call must speak first, saying "Hello!" or by naming yourself. After that, he calls himself the initiator. Only after completing all the steps in this sequence, you can start a conversation. If you simply pick up the phone and do nothing, the conversation may not take place at all, as the generally accepted procedure will be violated. Even if the caller hears a click, without a verbal confirmation of the connection, he cannot start the conversation first. The standard start of a telephone conversation is an example of a protocol. An authentication protocol is the (automated) process of deciding whether an entity's credentials are sufficient to confirm its identity to allow it access based on those credentials or other tokens. Any authentication protocol that uses different methods (and different biometric identifiers) can be defined and executed based on the credentials presented. The authentication protocol must be: established in advance (the protocol is fully defined and developed before it is used. The sequence of passing through the protocol and the rules governing operation must be determined. Criteria must also be indicated by which the identity of the authentication credentials will be determined); mutually agreed upon (all parties involved must agree to the protocol and follow established order); unambiguous (none of the parties can violate the sequence of steps due to their misunderstanding); detailed (for any situation, a procedure must be defined. This means, for example, that the protocol provides for the handling of exceptional cases).

12 V modern world computers and communications are used as a means of gaining access to services, privileges and various applications. The operators of such systems are usually unfamiliar with the users, and the decision to grant or deny access should be largely determined without human intervention. The user cannot trust the operators and other users of the system due to the anonymity of registration and remoteness, so protocols are needed by which two parties that do not trust each other can interact. These protocols, in essence, will regulate behavior. Authentication will then be carried out according to the protocol between the user and the system, the user will be able to log in and gain access to the application. The protocol itself does not guarantee security. For example, an organization's access control protocol may determine hours of operation, but will not improve security. Cryptosystems can be used to securely authenticate and secure the exchange of information based on the agreements of the two parties. Features of authentication methods Traditional authentication methods (by property, by knowledge and by biometric parameters) were used long before automatic electronic authentication was required. These techniques have evolved as printing, photography, and automation technologies have improved. P on property. Anyone with a certain item, such as a key or magnetic stripe card, can access the app (i.e., be authorized). For example, anyone who has the keys to a car can drive it. K on knowledge. People with certain knowledge are entitled to access. Authentication here is based on secret knowledge, such as password, lock cipher and answers to questions. The important word in this definition is "secret": knowledge must be kept secret to ensure the security of authentication. You can highlight unclassified information that is important for authentication. A computer user ID or bank account is often requested for authentication, and since they are not secret, this does not prevent attempts to impersonate their owner in order to gain access. B by biometric parameter. This salient feature a person that can be somehow measured (or sampled) in the form of a biometric identifier and that distinguishes a person from all other people. It is difficult to exchange, it is difficult to steal or forge, unlike property and knowledge, it cannot be changed. Ownership and knowledge in the form (account number, password) = (property, knowledge) = (P, K) is the most common authentication method (protocol). This method is used to control access to a computer, the Internet, a local network, e-mail, voice mail, etc. When using 13

13 authentication methods P and K, information is compared, while the user (real person) is not associated with a more or less established "personality". But the identity identified by ownership of the property P is associated with the anonymous password K, not the actual registered person. The Biometric Authentication Method B provides additional security by not replacing the biometrics, so this method, namely user authentication, is more secure. In table. Figure 1.3 shows four user authentication methods that are widely used today. Since biometric parameters are inherent properties of a person, it is very difficult to fake them without his knowledge, and even more so it is impossible to exchange them; in addition, a person's biometric characteristics can only change in the event of a serious injury, certain diseases, or tissue destruction. Therefore, biometric identifiers can confirm the identity of the user in the authentication protocol, which other methods of authentication that use property and knowledge cannot do. With a combination of the latter method (B) in table. 1.3 with method P and/or K we will get additional biometric methods such as (P, B) (for example, passport, smart card and biometric template); for credit cards, the combination is often used: P, K, B P credit card, K mother's maiden name, B signature. Existing authentication methods and their properties Table 1.3 Method Examples Properties Can be exchanged, Credit cards, badges, duplicate, What we have (P) keys can be stolen or lost What we know (K) Password, PIN, Most passwords it is not difficult to guess the mother's maiden name, it is possible to guess, they can be transferred personal information to others and forgotten. Fingers, Impossible to transfer to others, Unique characteristics face, disclaimer unlikely, user (B) iris, very difficult to fake, voice recording cannot be lost or stolen Boundaries between property and knowledge can be fuzzy. For example, identifying parts of an item (property) can be digitized and stored in a compressed form, like a sequence of notches on a key. This in a sense transforms property into knowledge. fourteen

14 However, this identification method is considered physical because authentication is done by a physical object and not by the information itself, even if the instantiation is based on the information. A credit card number (which can be used both online and over the phone) is knowledge, but a credit card (which can be used at an ATM) is property. In addition, secret knowledge can also be attributed to biometrics, since they are measurable and are a unique property of a person. A signature as a biometric (and to a lesser extent a voice) includes knowledge. This means that the signature can be changed at will, but it will also be easier to forge it. This encourages researchers involved in the problems of automatic signature recognition to study examples of malicious attacks that use falsifications. The fundamental difference between biometric authentication and other authentication methods is the concept of degree of similarity, the basis of comparison technology. An authentication protocol that uses a password always produces the exact result: if the password is correct, the system allows access; if not, it refuses. Thus, there is no concept of probability of similarity here. Therefore, there is no problem of exact definition of similarity. Biometric technologies are always probabilistic and use statistical methods to analyze the likelihood of similarity. There is always a small, sometimes extremely small chance that two people can have the same compared biometric samples. This is expressed in terms of error rates (false access and false deny rates) and internal error rates (minimum achievable error rate for a given biometric) that are associated with the biometric authentication system and biometric identifiers. The advantage of passwords over biometrics is the ability to change them. If the password has been stolen or lost, it can be revoked and replaced with a new version. This becomes impossible in the case of some biometric options. If the parameters of someone's face were stolen from the database, then it is impossible to cancel them or issue new ones. Several methods of reversible biometrics have been developed. Reversible biometrics is a distortion of a biometric image or properties before they are matched. One of the particular solutions may be, for example, the use of not all biometric parameters. For example, for identification, the pattern of papillary lines of only two fingers (for example, the thumbs of the right and left hands) is used. If necessary (for example, when the pads of two “key” fingers are burned), the data in the system can be corrected so that from a certain moment the index finger of the left hand and the little finger of the right hand (the data of which had not previously been recorded in the system and could not be be compromised). fifteen

15 Hybrid Authentication Methods One of the important challenges of biometric authentication is the ability to compare different parameters, such as passwords and knowledge, and biometric identifiers. For hybrid authentication, one or more methods or signs are used T = (P (by property), K (by knowledge), B (by biometric parameters)). For personal authentication, each feature provided by the user must be compared with the feature stored during registration. To make a decision about the similarity of these features, it is necessary to integrate the results of the comparison different devices comparisons that verify features. Comparison of ownership or simple knowledge such as a password is done by exact comparison. Two issues should be considered: 1) credential merging (a better option would be to combine two or more authentication methods. Associating property P or knowledge K with biometric parameters B reduces the task of biometric identification to biometric verification, i.e. reduces it to matching 1: 1 instead of matching 1:t); 2) combination of biometric parameters (the requested credential data may include different biometric parameters, i.e. (B1, B2), where B1 is a finger and B2 is a face. The possibility of combining several biometric parameters is an object of increased attention of researchers and designers). Thus, the use of any of the listed methods P, K or B means that it should be possible to match through the verification of ownership and knowledge and comparison of the biometric parameter. Property and knowledge marks require an exact match. Biometric matching can be approximate to a certain extent Biometric Authentication Requirements Biometric identity authentication becomes a difficult task when high accuracy, ie, low error rates, is required. In addition, the user should not be able to subsequently deny the operation performed by him and at the same time experience as little inconvenience as possible during the authentication procedure (the possibility of contactless reading, the user-friendliness of the interface, the size of the template file (the larger the image size, the slower the recognition), etc.). d.). At the same time, the authentication system must also meet the requirements of confidentiality and be resistant to forgery (unauthorized access). The sustainability of biometric authentication systems to the environment should also be taken into account (performance may become unstable depending on environmental conditions).

16 Thus, the main requirements for biometric systems are as follows: 1) accuracy (does the system always make the right decision about the object); 2) calculation speed and the ability to scale databases; 3) handling of exceptional cases when the biometric parameters of an object cannot be registered (for example, as a result of illness or injury); 4) cost (including the cost of training users and staff); 5) confidentiality (ensuring anonymity; data obtained during biometric registration should not be used for purposes to which the registered individual did not give consent); 6) security (protection of the system from threats and attacks). It is known that the weakest point of biometric technologies is the existing possibility of deceiving the authentication system by imitation. The security of a biometric authentication system depends on the strength of the links between registered entities and more accurate "verified data" such as a passport. It also depends on the quality of the verified data itself. For authentication, you need to use such biometric parameters that will not create new vulnerabilities and loopholes in the security system. If a biometric authentication system is to guarantee a high level of security, the choice of biometric must be taken seriously. Biometric authentication should be part of a comprehensive security system, which includes, among other things, the means of protecting the biometric system. System security is ensured by eliminating vulnerabilities at attack points, i.e. to protect the "valuable assets" of the application, for example, by preventing the interception of information. 17

17 2. BASIC BIOMETRIC PARAMETERS There are six most commonly used (basic) biometric parameters. These include: fingers, face, voice (speaker recognition), hand geometry, iris, signature Fingerprint recognition Fingerprinting is the identification of a person by fingerprints, or rather, by the so-called papillary pattern. Fingerprinting is based on the fact that, firstly, the fingerprint is unique (in the entire history of fingerprinting, two matching fingerprints belonging to different persons have not been found), and secondly, the papillary pattern does not change throughout a person's life. The skin of the fingers has a complex relief pattern (papillary pattern), formed by alternating ridges (0.1 0.4 mm high and 0.2 0.7 mm wide) and grooves-depressions (0.1 0.3 mm wide). The papillary pattern is fully formed in the seventh month of fetal development. Moreover, as a result of the research, it was found that fingerprints are different even in identical twins, although their DNA indicators are identical. In addition, the papillary pattern cannot be modified, neither cuts, nor burns, nor other mechanical damage to the skin are of fundamental importance, because the stability of the papillary pattern is ensured by the regenerative ability of the main layer of the epidermis of the skin. Therefore, it can be argued that today fingerprinting is the most reliable way to identify a person. Methods for comparing fingerprints Despite the diversity of the structure of papillary patterns, they lend themselves to a clear classification that ensures the process of their individualization and identification. In each fingerprint, two types of features can be defined: global and local. Global signs are those that can be seen with the naked eye. Another type of features are local. They are called minutiae, unique features for each imprint that determine the points of change in the structure of papillary lines (end, bifurcation, break, etc.), the orientation of papillary lines and the coordinates at these points. Practice shows that the fingerprints of different people can have the same global features, but it is absolutely impossible to have the same micropatterns of minutiae. Therefore, global attributes are used to divide the database into classes and at the stage of authentication. At the second stage of recognition, local features are already used. eighteen

18 Principles of comparison of prints by local features Stages of comparison of two prints: Stage 1. Improving the quality of the original print image. The sharpness of the borders of papillary lines increases. Stage 2. Calculation of the field of orientation of the papillary lines of the imprint. The image is divided into square blocks with a side greater than 4 px, and the angle t of the orientation of the lines for a fragment of the imprint is calculated from the brightness gradients. Stage 3. Binarization of the fingerprint image. Reduction to a black and white image (1 bit) by thresholding. Stage 4. Thinning of lines of the image of a print. Thinning is performed until the lines are 1 px wide (Fig. 2.1). Fig. Thinning lines of the imprint image Stage 5. Isolation of minutiae (Fig. 2.2). The image is divided into blocks of 9 9 pixels. After that, the number of black (non-zero) pixels around the center is counted. A pixel in the center is considered to be a minutiae if it is non-zero itself and there is one neighboring non-zero pixels (minutia "ending") or two (minutia "bifurcation"). Fig Isolation of minutiae The coordinates of the detected minutiae and their orientation angles are written in the vector: W(p) = [(x 1, y 1, t 1), (x 2, y 2, t 2) (x p, y p, t p)], where p is the number of minutiae. nineteen

19 When registering users, this vector is considered a standard and is recorded in the database. When recognizing, the vector determines the current fingerprint (which is quite logical). Stage 6. Comparison of minutiae. Two prints of the same finger will differ from each other in rotation, offset, zoom and/or contact area depending on how the user places his finger on the scanner. Therefore, it is impossible to tell whether an imprint belongs to a person or not based on a simple comparison of them (the vectors of the reference and the current imprint may differ in length, contain inappropriate minutiae, etc.). Because of this, the matching process must be implemented for each minutia separately. Comparison stages: data registration; search for pairs of corresponding minutiae; assessment of conformity of prints. When registering, the parameters of affine transformations (rotation angle, scale and shift) are determined, in which some minutia from one vector corresponds to some minutia from the second. When searching for each minutia, you need to iterate up to 30 rotation values ​​(from 15 to +15), 500 shift values ​​(for example, from 250 px to +250 px) and 10 scale values ​​(from 0.5 to 1.5 with a step of 0, one). Total up to steps for each of the 70 possible minutiae. (In practice, all possible options are not sorted out after selecting the desired values ​​for one minutia, they are also trying to substitute them for other minutiae, otherwise it would be possible to compare almost any imprints with each other). The assessment of conformity of imprints is carried out according to the formula K = (D D 100%) / (p q), where D is the number of matched minutiae, p is the number of minutiae of the standard, q is the number of minutiae of the identified imprint. If the result exceeds 65%, the prints are considered identical (the threshold can be lowered by setting a different vigilance level). If authentication was performed, then this is where it ends. For identification, this process must be repeated for all fingerprints in the database. Then the user with the highest matching level is selected (of course, his result must be above the 65% threshold). for example, AFIS (Automated fingerprint identification systems). In the Republic of Belarus, AFIS (automatic fingerprint identification system). The principle of operation of the system: according to the form, a fingerprint card, personal information, fingerprints and palm prints are “hammered”. Integral characteristics are placed (you still have to manually edit the bad ones)

20 seals, good system arranges itself), a “skeleton” is drawn, that is, the system, as it were, circles the papillary lines, which allows it to determine the signs very accurately in the future. The fingerprint card goes to the server, where it will be stored all the time. "Sledoteka" and "trace". "Trace" fingerprint taken from the scene. "Sledoteka" database of traces. As well as fingerprints, the traces are sent to the server, and it is automatically compared with fingerprints, both existing and newly introduced ones. The trace is being searched until a suitable fingerprint card is found. Method based on global features. Global feature detection (loop head, delta) is performed. The number of these features and their mutual arrangement allows us to classify the type of pattern. The final recognition is performed on the basis of local features (the number of comparisons is several orders of magnitude lower for a large database). It is believed that the type of pattern can determine the character, temperament and abilities of a person, so this method can be used for purposes other than identification / authentication. Graph based method. The original image (Fig. 2.3) of the print (1) is converted into an image of the papillary line orientation field (2). On the field, areas with the same orientation of the lines are noticeable, so it is possible to draw boundaries between these areas (3). Then the centers of these regions are determined and graph (4) is obtained. The dashed arrow d marks the record in the database during user registration. The determination of the similarity of imprints is implemented in the square (5). Further actions are similar to the previous method of comparison by local features. Fingerprint scanners Fig Method of comparing fingerprints based on graphs Types and principle of operation Fingerprint readers are currently widely used. They are installed on laptops, in mice, keyboards, flash drives, and are also used as separate external devices and terminals sold complete with AFIS systems. 21

21 Despite external differences, all scanners can be divided into several types: 1. Optical: FTIR scanners; fiber; optical lingers; roller; contactless. 2. Semiconductor (semiconductors change properties at the points of contact): capacitive; pressure sensitive; thermal scanners; radio frequency; lingering thermal scanners; capacitive lingering; radio frequency lingering. 3. Ultrasonic (ultrasound returns at various intervals, reflected from grooves or lines). The principle of operation of a fingerprint scanner, like any other biometric verification device, is quite simple and includes four basic steps: recording (scanning) biometric characteristics (in this case, fingers); highlighting the details of the papillary pattern at several points; converting the recorded characteristics into the appropriate form; comparing the recorded biometric characteristics with a template; making a decision about the match or non-match of the recorded biometric sample with the template. Capacitive sensors (fig. 2.4) consist of an array of capacitors, each of which is two connected plates. The capacitance of a capacitor depends on the applied voltage and on the dielectric constant of the medium. When a finger is brought to such an array of capacitors, both the dielectric constant of the medium and the capacitance of each capacitor depend on the configuration of the papillary pattern at a local point. Thus, the capacitance of each capacitor in the array can uniquely identify the papillary pattern. The principle of operation of optical sensors (Fig. 2.5) is similar to that used in household scanners. Such sensors consist of LEDs and CCD sensors: the LEDs illuminate the scanned surface, and the light, reflected, is focused on the CCD sensors. Since the light reflectance depends on the structure of the papillary pattern at a particular point, optical sensors allow you to record the image of a fingerprint. 22

22 Fig Structure of a capacitive sensor Fig Structure of an optical sensor Thermal sensors (Fig. 2.6) are an array of pyroelectrics. electric charges due to a change in spontaneous polarization. The temperature in the interpapillary cavities is lower than on the surface of the papillary line roller, as a result of which the array of pyroelectrics allows you to accurately reproduce the papillary pattern. The electromagnetic field sensors (Fig. 2.7) have generators of an alternating radio frequency electric field and an array of receiving antennas. When a finger is brought to the sensor, the lines of force of the generated electromagnetic field exactly follow the contour of the papillary lines, which allows the array of receiving antennas to fix the structure of the fingerprint. Let us consider in more detail the principle of operation of the most popular lingering thermal scanners in our time. They implement a thermal method for reading fingerprints, based on the property of pyroelectric materials to convert the temperature difference into voltage. A temperature difference is created between the cells of the sensing element under the papillary ridges and grooves. The grooves do not contact the sensing element, so the temperature of the sensing element under the grooves remains equal to the ambient temperature. A feature of the temperature method is that after a while (about 0.1 s) the image disappears, since the finger and the sensor come into thermal equilibrium. 23

23 Figure The structure of electromagnetic field sensors The rapid disappearance of the temperature pattern is one of the reasons for the use of scanning technology. To take a print, you need to slide your finger across the rectangular-shaped sensing element (0.4 14 mm or 0.4 11.6 mm). During finger movement, the scanning speed must exceed 500 fps (set by clock frequency). The result is a sequence of frames, each of which contains a part of the overall picture. Next, the fingerprint is reconstructed programmatically: several lines of pixels are selected in each frame and identical lines are searched in other frames, a complete image of the fingerprint is obtained by combining frames based on these lines (Fig. 2.8). Fig Frame-by-frame reading of a fingerprint pattern and its reconstruction The method of frame-by-frame reading does not require calculation of the speed of movement of the finger along the reader and allows reducing the area of ​​the silicon substrate of the matrix by more than 5 times, which reduces its cost by the same factor. The resulting image, however, has a high resolution. An additional advantage of scanning is that the reading window is self-cleaning and leaves no fingerprints after reading. Typically, the reconstructed image has dimensions of mm, which corresponds to dots. At eight bits per point, bmp storage requires 140 KB of memory per image. For security reasons, as well as to reduce the amount of memory occupied, the recognition system does not store a fingerprint image, but a standard that is obtained from the fingerprint by highlighting characteristic details. Identification algorithms are based on comparison of presented samples with standards. During the initial registration of the user, a fingerprint is read and a template is allocated, which is stored in the system's memory (multiple templates can be stored). In the future, when identifying from the read 24

24 fingerprints are also extracted sets of parts, which in this case are called samples. The samples are compared against a set of stored references, and if a match is found, the person is considered identified. If a sample is compared to a single reference, for example, to verify the identity of the smart card holder, this process is called authentication or validation. The process of comparing a sample and a standard (identification or authentication) is performed by software and does not depend on the technology by which the imprint image was obtained. Software for fingerprint reconstruction is supplied in sequence of frames (Fig. 2.9). Standard selection, verification and identification are carried out with the help of third-party software or with the help of independently developed programs. The thermal reading technique ensures high quality of the fingerprint image in various conditions of the finger surface: it does not matter whether it is dry, worn, with a small difference in levels between scallops and grooves, etc. The FingerChip reader successfully operates in harsh conditions, with large temperature fluctuations, high humidity , with various contaminants (including oil). In operating mode, the sensor is completely passive. If the temperature difference between the finger and the sensor becomes insignificant (less than one degree), the temperature stabilization circuit is activated, which changes the temperature of the reader and restores the temperature contrast. Fig. FingerChip software Another advantage of the thermal technique compared to other methods, especially capacitive ones, is the absence of the need for tight contact between the finger and the reader, which made it possible to use a special coating that provides protection against shock, abrasion, moisture and other environmental factors. fingers ANSI and FBI standards are now mainly used. They define the following requirements for the print image: each image is presented in uncompressed TIF format; the image must have a resolution of at least 500 dpi; the image must be grayscale with 256 brightness levels; the maximum angle of rotation of the imprint from the vertical is not more than 15 ; the main types of minutiae are ending and bifurcation. 25

25 Usually more than one image is stored in the database, which improves the quality of recognition. Images can differ from each other by shift and rotation. The scale does not change, since all prints are obtained from one device Recognition by the iris of the eye What is the iris The iris is shaped like a circle with a hole inside (the pupil). The iris consists of muscles, with the contraction and relaxation of which the size of the pupil changes. It enters the choroid of the eye (Fig. 2.10). The iris is responsible for the color of the eyes (if it is blue, it means there are few pigment cells in it, if there is a lot of brown). It performs the same function as the aperture in a camera, adjusting the light output. The iris is part of the eye. It lies behind the cornea and the aqueous humor of the anterior chamber. The unique structures of the iris are due to the radial trabecular meshwork; its composition: depressions (crypts, lacunae), comb-shaped screeds, furrows, rings, wrinkles, freckles, crowns, sometimes spots, vessels and other features. The pattern of the iris is largely random, and the greater the degree of randomness, the more likely it is that a particular pattern will be unique. Mathematically, randomness is described by degrees of freedom. Studies have shown that the texture of the iris has a degree of freedom of 250, which is much greater than the degrees of freedom of fingerprints (35) and facial images (20). The average dimensions of the iris: horizontally R 6.25 mm, vertically R 5.9 mm; pupil size is 0.2 0.7R. The inner radius of the iris depends on age, health, lighting, etc. It changes rapidly. Its shape can be quite different from a circle. The center of the pupil, as a rule, is displaced relative to the center of the iris towards the tip of the nose. Therefore, even a not very high-quality picture of her allows you to accurately determine the personality of a person. 26

26 Secondly, the iris is a rather simple object (almost a flat circle). So during identification it is very easy to take into account all possible image distortions that occur due to various shooting conditions. Thirdly, the iris of a person's eye does not change throughout his life from birth. More precisely, its shape remains unchanged (with the exception of injuries and some serious eye diseases), while the color may change over time. This gives iris identification an added advantage over many biometric technologies that rely on relatively short-lived parameters such as face or hand geometry. The iris begins to form on the 3rd month of intrauterine development. On the 8th month, it is a practically formed structure. In addition, it is formed by chance even in identical twins and human genes do not affect its structure. The iris is stable after the 1st year of life, the iris is finally formed and practically does not change until death, if there are no injuries or pathologies of the eye. The iris as an identifier. Properties of the iris as an identifier: isolation and protection from the external environment; the impossibility of change without visual impairment; reaction to light and pulsation of the pupil is used to protect against fakes; an unobtrusive, non-contact and covert method of obtaining images is possible; high density unique structures 3.2 bits / mm 2 or about 250 independent characteristics (other methods have about 50), 30% of the parameters are enough to decide on a match with a probability of no more. Advantages and disadvantages of technology a serious advantage. The fact is that some biometric technologies suffer from the following drawback. When a high degree of protection against errors of the first kind (probability of false admission FAR) is set in the settings of the identification system, the probability of errors of the second kind (false rejection in the FRR system) increases to unacceptably high values ​​of several tens of percent, while identification by the iris is completely devoid of this shortcoming. In it, the ratio of errors of the first and second kind is one of the best to date. Let's take a few figures as an example. Studies have shown that with a Type I error rate of 0.001% (excellent reliability), the Type II error rate is only 1%. 27

DV Sokolov THE CONCEPT OF "BIOMETRY". BIOMETRIC AUTHENTICATION PROTOCOLS Biometrics is a complex of constantly evolving technologies that have given rise to a new promising science. Same source

UDC 681.3.016: 681.325.5-181.48 A.O. Pyavchenko, E.A. Vakulenko, E.S. Kachanova DISTRIBUTED SYSTEM OF IDENTIFICATION AND ACCESS CONTROL Biometrics at the present stage can solve problems associated with the restriction

Passwords are used to protect programs and data stored on your computer from unauthorized access. The computer allows access to its resources only to those users who are registered

Biometric information security systems Author: teacher of computer science and mathematics Milkhina O.V. Biometrics: how it's done Biometric systems consist of two parts: hardware and specialized

Biometric Readers Using Biometric Readers Unlike passwords or identification cards, biometrics uniquely identify a specific person, and

ZKTECO Fundamental Concepts of Fingerprint Recognition Technology What is fingerprint? Fingerprints are tiny ridges, swirls, and depressions on the tip of each finger. They are formed

N.N. Alekseeva, A.S. Irgit, A.A. Kurtova, Sh.Sh. Mongush Application of image processing methods to the problem of recognition of the vascular pattern of the palm Every year, the requirements for security systems increase.

Bulletin of RAU. Series of physico-mathematical and natural sciences 2 2006 85-91 85 UDC 517. 8 SYSTEM OF COMPARISON OF FINGERPRINTS ON LOCAL FEATURES Gasparyan A.A. Kirakosyan Russian-Armenian (Slavonic)

Contents: Biometrics: Current Technologies Challenges of Classical Biometrics Behavioral Biometrics Benefits of Behavioral Biometrics Application of Behavioral Biometrics The New Reality of Security

Kashkin Evgeniy Vladimirovich tech. Sci., Associate Professor Merkulov Aleksey Andreevich post-graduate student Vasiliev Dmitry Olegovich master student Moscow Technological University, Moscow FEATURES OF IDENTIFICATION

ZKTECO BASIC CONCEPTS OF FINGER VEIN RECOGNITION What are finger veins? Veins are vessels that are present throughout the body and carry blood back to the heart. As the name suggests, veins

106 UDC 519.68: 681.513.7 S. A. Puchinin, Postgraduate Student, Department of Applied Mathematics and Informatics, Izhevsk State Technical University 1 REVIEW OF MATHEMATICAL METHODS OF IMAGE RECOGNITION

September 27, 2018 Attribute Management System Requirements Relying Party Assessed Risk Levels Identity Information Management Identity Policy Verifier Identification

Secure Authentication Network security is a key issue facing IT departments. The solution is formed from a set of elements, one of them is secure authentication important question is to ensure

Fujitsu World Tour 15 1. Infrared image of the palm 2. Blood hemoglobin in veins absorbs more radiation 3. Veins are darker in the image

EDUCATIONAL ENVIRONMENT OF A HIGHER EDUCATIONAL INSTITUTION Usatov Aleksey Gennadievich Student Gosudarev Ilya Borisovich Ph.D. ped. Sci., Associate Professor FGBOU VPO Russian State Pedagogical University.

О ъ (D2(q(z)q(z))q\z)) + D ^q"(z)]. The obtained equations make it possible to synthesize quasi-optimal non-stationary receivers of PEMI signals to assess the potential security of computer equipment

Identification and authentication. Review of existing methods. Asmandiyarova Z.Z. Bashkir State University Ufa, Russia Identification and authentication. Review of existing authentication methods.

Biometric accounting of working hours LLC Kairos Integrated security systems from the company LLC Kairos When implementing the system, you get an increase in the efficiency of the company; Strengthening labor

Biometric readers Biometric identification The most convenient and reliable technology: the identifier is always with you - you can not forget, lose or transfer to another: unique identification of a specific

Application graphic password in Windows 8 For a long time already password protection of Windows causes more and more complaints. How to be? In Windows 8, especially considering that this OS will be installed on tablet

What is biometrics? More recently, this term had a broad meaning and was used mainly where it was about the methods of mathematical statistics applicable to any biological phenomena. Now

Information protection module from unauthorized access «IRTech Security» Guide to CPS 2 ABSTRACT This document is a guide to a set of built-in information security tools (CPS)

264 Section 4. DOCUMENT SUPPORT OF MANAGEMENT Bobyleva MP Effective document management: from traditional to electronic. M. : MPEI, 2009. 172p. Information and analytical system “BARS. Monitoring-Education»

April 12, 2018 GOST R ХХХ.ХХ-2018 Identification and authentication. General Identity Attribute Management System Requirements Relying Party Assessed Risk Levels Management

Information Properties Confidentiality Integrity Availability Vulnerability Classification Design Vulnerability Implementation Vulnerability Operational Vulnerability Attack Classification Local Remote Malicious

FEDERAL STATE UNITARY ENTERPRISE "SCIENTIFIC RESEARCH INSTITUTE "VOSHOD"

Annual international scientific and practical conference "RusCrypto 2019" Methods for assessing trust in the results of primary identification Aleksey Sabanov, Ph.D. N.E. Bauman, Deputy General

Biometric Identification Systems Speaker: Maksim Kleshchev Biometric identification technologies Fingerprint Iris Eye Geometry of the face Geometry of the hand Saphenous veins Structure

Ministry of Education and Science of the Russian Federation

Tatarchenko Nikolai Valentinovich Timoshenko Svetlana Vyacheslavovna BIOMETRIC IDENTIFICATION IN INTEGRATED SECURITY SYSTEMS Everyone knows scenes from science fiction films: a hero approaches

113 UDC 004.93 D.I. Trifonov Identification of a person by the fractal dimension of fingerprints and access control systems The presented article is devoted to a new method of personality recognition,

UDC 57.087.1 APPLICATION OF BIOMETRIC IDENTIFICATION IN FITNESS CENTERS Erturk Ya., Medvedeva M.V. Federal State Budgetary Educational Institution of Higher Professional Education "PREU" G.V. Plekhanov" E-mail: [email protected] This article describes the use

UDC 59.6 DA Mon'kin ESTIMATION OF THE PARAMETERS OF QUASIHARMONIC PROCESSES IN BIOMETRIC SYSTEMS Wave processes are often encountered in engineering. A significant part of mechanical movements, movement periodically

Laboratory work 8 Comparative analysis of universal and specialized computers Program topic: Classification by level of specialization. Purpose of the work: to analyze universal and specialized

Biometric technologies in Post Bank Gurin P.A. Adviser to the President-Chairman of the Board 1. MAIN TYPES OF BIOMETRY International Classification of Human Identification Methods: Fingerprints

Shutte rst ock We usually recognize people we know by their faces, sometimes by their voice or handwriting, or by the way they move. In the past, the only way to identify travelers traveling

Privacy Policy This Privacy Policy (hereinafter referred to as the "Policy") applies to information obtained through this site, other sites and other interactive

FAL/12-WP/39 20/11/03 TWELFTH FACILITATION DIVISION (FAL) Cairo, Egypt, 22 March 2 April 2004 Agenda item 2. Facilitate formalities, protect travel cards

Rules for Ensuring Information Security in the Workplace 1. Introduction

PROSPECTS FOR SAFE INTEGRATION OF RESOURCES IN THE DIGITAL SPACE In my speech, I would like to consider the problem of the authorized use of electronic digital resources in the process of their integration

Biometric technologies: a new level of protection for banking applications Rushkevich Arkady Product Manager ABOUT THE COMPANY More than 20 years of history Cooperation with major companies and law enforcement agencies

Regulations on accounting, storage and use of carriers of key information, cryptographic means and electronic signature 1. Regulatory documents Federal Law of April 6, 2011 N 63-FZ "On

UDC 004.932 Fingerprint classification algorithm D.S. Lomov, student Russia, 105005, Moscow, MSTU im. N.E. Bauman, Department of Computer Software and information Technology" Scientific adviser:

Parameter estimation 30 5. GENERAL PARAMETER ESTIMATION 5.. Introduction

57 E.E. KANUNOVA, A.Yu. NAUMOVA Review of methods for digital image processing for the purpose of identifying and eliminating defects in archival documents UDC 004.92.4:004.65 Murom Institute (branch)

UDC 004.932+57.087.1 Shvets V.A., Candidate of Technical Sciences, Associate Professor, Vasyanovich V.V., Postgraduate Student (National Aviation University, Kyiv, Ukraine) Eliminating the disadvantage of false identification of the personality of monitoring and control systems

How secure are ekey fingerprint access solutions? Answers to frequently asked questions SECURITY of ekey fingerprint access solutions ekey products guarantee a very high level of

Purpose The subsystem of the Intellect PC, which implements the functions of face detection on the received video image, image processing in order to identify the biometric characteristics of the face, storage and comparison

Lab 2. Remote Authentication Protocols 1. Understanding Authentication Authentication is the process of verifying the identity of an identifier presented by a user. Considering the level of trust and

September 2 0 1 7 REVIEW OF ECONOMIC REFORM IN AZERBAIJAN

Authentication Methods STUDENT GROUP BIB1101 YULIA PONOMAREVA A little about the role of IP in modern life Basic concepts Information system The subject has an Identifier Provides an identifier Provides

Personal Data Protection Policy This Personal Data Protection Policy (hereinafter referred to as the "Policy") applies to information obtained through this site, other sites and other interactive

Guidance document Computer facilities Protection against unauthorized access to information Indicators of security against unauthorized access to information Approved by the decision of the chairman

APPROVED PFNA.501410.003 34-LU TRUSTED LOADER Dallas Lock Operator's (user) manual PFNA.501410.003 34 Sheets 12 2016 Contents INTRODUCTION... 3 1 PURPOSE OF SDZ DALLAS LOCK...

The topic of our scientific and practical work is "Biometric methods of information protection".

The problem of information security, ranging from an individual to the state, is currently very relevant.

Information security should be considered as a set of measures, including organizational, technical, legal, programmatic, operational, insurance, and even moral and ethical measures.

In this paper, we have studied the modern developing direction of information security - biometric methods and the security systems used on their basis.

Tasks.

During the study, we had to solve the following tasks:

• theoretically study biometric methods of information protection;
• explore their practical applications.

The subject of our research is modern access control and management systems, various biometric systems of personal identification.

The object of the study were literary sources, Internet sources, conversations with specialists

The result of our work are proposals for the use modern technologies personal identification. They will generally strengthen the information security system of offices, companies and organizations.

Biometric identification technologies make it possible to identify the physiological characteristics of a person, and not a key or a card.

Biometric identification is a method of identifying a person by individual specific biometric features inherent in a particular person.

Much attention is paid to this problem at international forums taking place both in our country and abroad.

On February 14, 2012, at the specialized forum "Security Technologies" in Moscow, at the International Exhibition Center, the most popular and new equipment for access control and time tracking, fingerprint recognition, facial geometry and RFID, biometric locks and much more were demonstrated.

We have studied a large number of methods, their abundance simply amazed us.

The main statistical methods are:

identification by capillary pattern on the fingers, iris, facial geometry, human retina, hand vein pattern. We also identified a number of dynamic methods: voice identification, heart rate, gait.

Fingerprints

Each person has a unique papillary print pattern. The features of the papillary pattern for each person are converted into a unique code, "Fingerprint codes" are stored in the database.

Advantages of the method

High Confidence

Low cost devices

A fairly simple procedure for scanning a fingerprint.

Disadvantages of the method

The papillary pattern of the fingerprint is very easily damaged by small scratches, cuts;

Iris

The pattern of the iris is finally formed at the age of about two years and practically does not change during life, except for severe injuries.

Advantages of the method:

Statistical reliability of the method;

Capturing an image of the iris can be done at a distance of a few centimeters to several meters.

The iris is protected from damage by the cornea

A large number of counterfeiting methods.

Disadvantages of the method:

The price of such a system is higher than the cost of a fingerprint scanner.

Facial geometry

These methods are based on the fact that the facial features and the shape of the skull of each person are individual. This area is divided into two areas: 2D recognition and 3D recognition.

2D face recognition is one of the most inefficient biometric methods. It appeared quite a long time ago and was used mainly in forensic science. Subsequently, computer 3D versions of the method appeared.

Advantages of the method

2D recognition does not require expensive equipment;

Recognition at considerable distances from the camera.

Disadvantages of the method

Low statistical significance;

There are requirements for lighting (for example, it is not possible to register the faces of people entering from the street on a sunny day);

Mandatory frontal face image

Facial expression should be neutral.

Venous hand drawing

This is a new technology in the field of biometrics. The infrared camera takes pictures of the outside or inside of the hand. The pattern of veins is formed due to the fact that blood hemoglobin absorbs infrared radiation. As a result, the veins are visible on the camera as black lines.

Advantages of the method

No need to contact the scanning device;

High Confidence

Disadvantages of the method

Exposure of the scanner to sunlight is unacceptable

The method is less explored.

Retina

The method based on scanning the retina until recently was considered the most reliable method of biometric identification.

Advantages of the method:

High level of statistical reliability;

There is little chance of developing a way to "deceive" them;

Non-contact method of data collection.

Disadvantages of the method:

Difficult to use system;

The high cost of the system;

The method is underdeveloped.

Technologies of practical application of biometrics

In the study of this topic, we have collected enough information about biometric protection. We came to the conclusion that modern biometric solutions are accompanied by stable growth. The market is seeing a merger of biometric companies owning different technologies. Therefore, the appearance of combined devices is a matter of time.

A big step towards improving the reliability of biometric identification systems is to combine the reading of different types of biometric identifiers in one device.

Multiple ID scanning is already being done when issuing visas for travel to the US.

There are various forecasts for the development of the biometric market in the future, however, in general, we can say about its further growth. Thus, fingerprint identification will still account for more than half of the market in the coming years. This is followed by face geometry and iris recognition. They are followed by other recognition methods: hand geometry, vein pattern, voice, signature.

This is not to say that biometric security systems are new. However, it must be admitted that lately these technologies have stepped far forward, which makes them a promising direction not only in ensuring information security, but also an important factor in the successful operation of security services.

The solutions we studied can be used as an additional identification factor, and this is especially important for comprehensive information protection.