Biometric Basics

Locksmiths who are just getting into biometrics need answers to some key questions. “Why should I be interested? What exactly is biometrics? Can I make money providing this service? How hard is it to learn?” and “How practical is it for some of my customers?”

A biometric system eliminates the need for carrying a key, fob, badge, card or other item that can be given away, lost or stolen. Biometrics is designed to disallow unauthorized people from gaining access using unauthorized information (password/PIN) or equipment (ID badge/card).

Biometrics is the science of measuring human characteristics. Biometrics is divided into two general categories; physiological (body) and behavioral (actions). Physiological characteristics are unique to every person and include DNA, face shapes, eye (retina or iris), fingerprint and hand/palm geometry.

Behavior characteristics include actions such as writing your signature and voice patterns. Again, according to scientists, these actions are unique and no two people perform these actions in exactly the same way. Even identical twins do not have identical characteristics.

For this article we will discuss biometrics of the physiological characteristics, beginning with fingerprints, the well-used science for determining whether a suspect was actually at a crime scene or whether a person is who he or she says. According to historical references, the Babylonians (almost 4,000 years ago) were the first known civilization to use fingerprints to identify criminals.

Have you ever wondered why fingers, thumbs, hands and toes have ridged patterns from which prints can be taken? These ridged patterns have a biological purpose. They provide assistance when gripping objects and probably amplify the tactile vibrations (notifying the person) that are triggered when these appendages contact uneven surfaces.

Finger/thumb prints are the most common. The fingerprint area usually refers to the “pad” above the last joint of thumb and the fingers. A fingerprint is an impression of the friction ridges of a finger/thumb. Friction ridges are the raised portions of the outer layers of the skin (epidermis) on the fingers (digits) that usually appear like adjacent lines. They generally follow common shapes. They appear to run parallel in expanding and contracting configurations to each other.

There are three basic fingerprint ridge patterns: Arch, Loop, and Whorl. Each of these ridge patterns enters on one side of the finger pad and exits on the same or opposite side. The ridges of an Arch pattern rise in the center and slope back down to exit the other side. The ridges of a Loop pattern form a curve and usually exit on the same side they entered. The ridges of a Whorl pattern form circularly around a central point on the finger.

A fingerprint consists of one or more connected ridge patterns. Within each pattern, there are many ridges which vary slightly, yet follow somewhat continuous patterns. These variations, known as Minutia, individualize each fingerprint.

A person’s fingerprints can vary by factors including hormonal changes, weight gain or loss, aging, etc. To ensure accurate reading, fingerprinting methods/analysis must be capable of taking these variations into consideration.

You are watching a police drama. The good guy/gal is examining the crime scene, grabs a roll of clear tape, tears off a segment and places it onto a smooth surface. Lifting the tape, the viewing audience is able to get a glimpse of fingerprint. Here is why it’s possible.

Fingers naturally produce a glandular secretion from within the skin’s friction ridges. These secretions are deposited when the finger pads contact a surface when the conditions are appropriate. If the surface is smooth and the fingers do not slide as they are lifted from the surface, they will form an image of the friction ridges. The secretion will dry, leaving a residual pattern that can be carefully collected.

As a society that needs a faster and more permanent method for collecting fingerprints, we use ink.

Once a fingerprint has been collected, the next step is identifying the unique characteristics of the ridge patterns and the minutia. In the days before computers, an army of people would compare the questionable fingerprint against all of the fingerprints on record.

Once the computer became a practical tool, scientific calculations replaced the human eye and fingerprints could be compared faster. These computerized calculations use the characteristics, a measuring/analyzing system (originally made up of 12 points) and properties of human skin set-up the different methods of fingerprint recognition. 
Once computer processors became fast enough, optical fingerprint readers (sensors) were developed. Specialized digital cameras capture a digital image of the pad’s ridge pattern(s) and minutia when the finger pad is placed against or slid along a touch surface. The method and the touch surface can vary by product and design. Once the finger pad is placed in the proper position, a light source illuminates the area from beneath and an electronic image is captured. The captured image is processed, creating an electronic template using a predetermined number of extracted features in order to compare and identify the match. This fingerprint has been enrolled into the system.
The fingerprint reader’s software program preforms two functions. First, it enrolls the fingerprint, which involves obtaining (reading) the biometric data from the finger pad. This data is analyzed, a template is created and stored. A template is a manageable package of the chosen characteristics extracted from the details collected from the finger pad. If the number of characteristic compared is too many, the matching can become extremely cumbersome and the comparison time becomes excessive. If the package contains too few characteristics, comparison time is shortened and there may not be enough information to prevent a wrong fingerprint to be considered the right fingerprint.
The second function is comparing all of the stored templates with the new biometric information detected (fingerprint scan). For the purpose of authentication, the test biometric template is compared to all templates within the database and the closest match score is determined. If the closest match is within the adjusted threshold, the software deemed that it belongs to the individual and is authenticated. If the threshold is adjusted too open, there can be more than one match, creating false positives.
Note: For consistent detection, it is recommended that hands are clean without markings on the finger pads. It is also important to keep the surface of the reader’s sensor clean without any scratches.

Two forms of fingerprint identification are in use today - authentication and identification. Authentication is where the test fingerprint characteristics alone are compared to all biometric templates within the database. The closest match within the determined threshold is deemed the individual and is authenticated.

When a secondary form of identification, such as PIN, user name or password is made part of the identification process, authentication becomes identification. The process is as follows. When enrollment occurs, each fingerprint template is stored within the secondary form of identification. When a fingerprint is tested, the secondary form of identification is entered. This identification is used to identify the person’s fingerprint template. Once the template has been identified, the test fingerprint is compared to the recorded fingerprint template. If the chosen characteristics are within the determined threshold, the test fingerprints are identified as from the same person.

Identification eliminates searching and comparing the all of the enrolled templates. This saves time. Processing speed is an important consideration. To check a new fingerprint against all of the fingerprints on record can be very time consuming.

Employees do not want to wait for several minutes before gaining access, especially if a significant number of employees enter at one time. Using an authentication- based biometric system is practically limited to the expensive units whose components are part of a system. On less sophisticated (inexpensive) systems, the processing speed is comparably slower or the number of templates is more limited.

IMPORTANT: Before selling a biometric reader/lock, test an existing system that has a similar number of templates (users) to the number your client is considering. Discuss the time requirements before installing a unit.

If a secondary form of authentication is part of the process, the time required usually decreases as the analysis searches the second form first to narrow the search parameters. Only the fingerprint data associated with this identification is compared with the new fingerprint. This form of authentication is considered verification.
The greatest number of fingerprint readers are incorporated into computers. Fingerprint recognition devices for desktop and laptop computers are available as a standalone device for older computers and built into newer computers ,eliminating the need to type passwords.

The most common locksmith application for fingerprint lock mechanisms are safes.  Several years ago I wrote about the GunVault, a fingerprint recognition lock mechanism having a 30-user capacity. Since then Sargent & Greenleaf has introduced the Biometric Keypad, a replacement keypad that works with many Sargent and Greenleaf electronic safe locks. The Biometric Keypad lets the end-user operate the lock by authorized fingerprint alone, or by code and fingerprint.

Door lock (access control) related biometric systems have previously been limited to larger networked systems requiring a high level of security where money is not a major consideration.

Today, fingerprint readers are available for locksmith related applications sold through locksmith distribution. The General Lock Helix 100 fingerprint reader can be wired into a single door or networked electronic access control system. Using the Helix 100 in a single-door system has the capacity for 100 fingerprint templates.
The MARKS USA 195 BIO - Fingerprint Reader with lockset provides biometric access control using a self-standing optical reader and an electrified Grade 1 cylindrical Survivor Series leverset. This battery powered single door system has a capacity for storing 100 finger templates with a FRR of .1% and an FAR of .001%.
Knowing the terminology is important to understanding how biometrics function and whether the system you are considering using will properly satisfy the needs of your customers. We have discussed time as a factor.

However, another important consideration is accuracy. Will the fingerprint reader correctly identify the enrolled template with the test template? Two rate percentages explain the accuracy of the fingerprint reader.

False Reject Rate (FRR) is the probability that the fingerprinting software “incorrectly determines the failure” of a match between the test fingerprint template and the same person’s enrolled template that is in the same database. The FRR indicates the percent of valid inputs being rejected.

False Accept Rate (FAR) is the probability that the fingerprinting software “incorrectly determines the successful” of a match between the test fingerprint template and a non-matching enrolled template that is in the same database. The FAR measures the percent of invalid matches being accepted.

Remember, for most vehicle mechanical key codes, there are approximately 2000 codes within a code series. In addition, some key codes are so similar that there can be unwanted ghost keys, keys not designed to open codes other than the one they were cut for, but capable of operating other locks. If we use 2000 key codes as an example and if 100,000 vehicles were built using this code series and the same number of key codes, each key code would operate 50 vehicles. Lets us further assume that some of the key codes could act as a ghost and operate a key code or two that were similar. There would be several key codes that could operate up to 150 vehicles. This would be a False Acceptance Rate of approximately 0.1%.

Unlike mechanical locks, many of the fingerprint readers can be adjusted to increase or decrease the sensitivity. As the sensitivity of fingerprint reader increases, it decreases the False Acceptance Rate, but can increase the False Reject Rate, making it harder for the correct persons to gain access.

Security today can easily be compromised because passwords, identification badges and other forms can be stolen (identity theft), freely given or lost. The built-in resistance of biometrics can offer a significant amount of protection that is much more difficult to circumvent.

As a secondary benefit, job attendance can be tied into a biometric system. This eliminates the possibility of a second employee clocking in or out for another employee.