Biometrics 101: An Overview & Analysis of Your Rightful Identity

Ever since Apple released the iPhone 5S in 2013, the biometric market has exploded. From Tom Shaw, VP at USAA declaring the “password is dying” to Stephen Harper publicly endorsing the technology while in office, saying “you can fake your name, you can fake your documents, but you cannot fake your fingerprints”, one thing is clear – there is no shortage of biometric coverage in the media.

Yet, over the last half year at BioConnect, I’ve found myself having to explain biometric modalities over and over again and I’m starting to wonder how well people really understand the technical jargon found in the media.

So, what are biometrics?

The International Organization for Standardization defines biometrics as

“The biological and behavioural characteristic of an individual from which distinguishing, repeatable biometric features can be extracted for the purpose of biometric recognition". 

To clarify, there are two different categories of biometrics – physiological biometrics and behavioural biometrics.

Physiological biometrics are related to the shape of the body and are measured directly from the user (static).  Some of the many physiological modalities are:

1. Fingerprint recognition – Unique points on your finger’s ridges and valleys, called minutiaes, are used for biometric identification.
2. Iris recognition – A mathematical pattern of the veins found in your iris can be created. The veins are very complex and have random patterns, which is why they are unique to you.
3. Hand geometry – The geometric shape of your hand – such as the length of your fingers, distance between knuckles and the width of your hand can serve as identification.
4. Static signature recognition – One scanned signature is visually compared against another using advanced algorithms.
5. Vein recognition – The vein pattern in an individual’s finger or palm is unique to them and can be used in identity management.
6. Facial recognition –Each person has approximately 80 facial landmarks, characterized by facial peaks and valleys, which are unique and measurable. Examples of these are the distance between your eyes, width of your nose, shape of your cheekbones and length of your jaw bone, all which can be inserted into a face print (template) for identification.

Behavioural biometrics however are related to an individual’s pattern of behaviour. They require the user to perform an activity (non-static) – in that sense, behavioural biometrics are not about what the user is, but what the user does. Examples of these are:

1. Voice recognition – People are verified by comparing their spoken voice against a voice print (template) (1:1 match) for “gatekeeping” (authentication). Speaker identification is the task of identifying an unknown speaker using a 1:N (one to many) match where the voice is compared against N number of templates. This can be performed without the users’ knowledge.
2. Typing recognition – The way users’ type on a keyboard is unique to them. Your keystroke dynamics are a measure of the rhythm, speed and habitual typing pattern. The duration that a key is pressed (called dwell time) and the between releasing a key and pressing the next key (called flight time) are the raw measurements taken during keystroke analytics.
3. Dynamic signature recognition – When signing on a digitized tablet, a user’s signature can be authenticated in real time by analyzing the pressure, azimuth (angle of stylus, finger or pen), spatial coordinates and other factors.
4. Gait –The way in which an individual walks to determine their identity. The gait is analysed based on stride length, foot angle, speed, rhythm, and squat performance, among others.
5. Electrocardiogram (ECG) –The five peaks and troughs, known as PQRST patterns, map each heartbeat. The pattern is unique to every individual, as the heart’s size, shape and position inside the body affects its shape.

All of these modalities have one common goal – to serve as an identification or authentication strategy. Each modality can serve multiple purposes – whether you’re looking for an easier way to lock your door or a more secure method of accessing your bank account, you can choose from multiple modalities.

So the question is…Which do you choose?

Deciding which biometric modality to deploy depends heavily on which industry you’re in and which scenarios exist. Biometrics range in their levels of accuracy, convenience, availability, cost and user acceptance. To put this into perspective, for someone logging into their banking app to view their balance (a low risk activity), fingerprint recognition might be suitable for read only, as it is both convenient and available on most cell phones. However, in high risk transactions, such as identifying military personnel, many seek to integrate iris recognition as it is 90-99% accurate and can be captured anywhere from a 6- to 12-meter radius.

No matter which you choose, your biometrics cannot be shared, stolen or forgotten.  So how ready is the enterprise to make sense of this wave coming? 

They are not. And this what makes me most excited about the value @BioConnect brings to the world.  We understand the enterprise, we have built a device & modality agnostic identity platform. Allowing the enterprise to use all biometrics for a true omni-channel authentication strategy!

And we are just getting started..