Biometric Technologiesand Verification

Systems

Biometric Technologiesand Verification

Systems

John R. Vacca

AMSTERDAM • BOSTON • HEIDELBERG • LONDON

NEW YORK • OXFORD • PARIS • SAN DIEGO

SAN FRANCISCO • SINGAPORE • SYDNEY • TOKYO

Butterworth-Heinemann is an imprint of Elsevier

Acquisitions Editor: Pamela ChesterAssistant Editor: Kelly WeaverSenior Marketing Manager: Phyllis CerysProject Manager: Jeff FreelandCover Designer: Stewart LarkingCompositor: Cepha Imaging Private LimitedCover Printer: Phoenix Color Corp.Text Printer/Binder: The Maple-Vail Book Manufacturing Group

Butterworth-Heinemann is an imprint of Elsevier30 Corporate Drive, Suite 400, Burlington, MA 01803, USALinacre House, Jordan Hill, Oxford OX2 8DP, UK

Copyright © 2007, Elsevier Inc. All rights reserved.

No part of this publication may be reproduced, stored in a retrieval system, or transmitted inany form or by any means, electronic, mechanical, photocopying, recording, or otherwise,without the prior written permission of the publisher.

Permissions may be sought directly from Elsevier’s Science & Technology RightsDepartment in Oxford, UK: phone: (+44) 1865 843830, fax: (+44) 1865 853333,E-mail: permissions@elsevier.com. You may also complete your request on-linevia the Elsevier homepage (http://elsevier.com), by selecting “Support & Contact”then “Copyright and Permission” and then “Obtaining Permissions.”

Recognizing the importance of preserving what has been written, Elsevier prints its books onacid-free paper whenever possible.

Library of Congress Cataloging-in-Publication DataVacca, John R.

Biometric technologies and verification systems / by John Vacca.p. cm.

Includes bibliographical references and index.ISBN-13: 978-0-7506-7967-1 (alk. paper)ISBN-10: 0-7506-7967-0 (alk. paper)

1. Biometric identification. I. Title.

TK7882.B56V33 2007006.4–dc22

2006051915

British Library Cataloguing-in-Publication DataA catalogue record for this book is available from the British Library.

ISBN: 978-0-7506-7967-1

For information on all Butterworth-Heinemann publicationsvisit our Web site at www.books.elsevier.com

Printed in the United States of America07 08 09 10 11 12 10 9 8 7 6 5 4 3 2 1

This book is dedicated to David Lee.

Contents

Foreword xi

Acknowledgments xiii

Introduction xv

Part 1: Overview of Biometric Technology andVerification Systems 1

CHAPTER 1: What Is Biometrics? 3

CHAPTER 2: Types of Biometric Technology andVerification Systems 19

CHAPTER 3: Biometric Technology and VerificationSystems Standards 55

Part 2: How Biometric Eye Analysis Technology Works 71

CHAPTER 4: How Iris Pattern Recognition Works 73

CHAPTER 5: How Retina Pattern Recognition Works 85

Part 3: How Biometric Facial Recognition Technology Works 93

CHAPTER 6: How Video Face Recognition Works 95

CHAPTER 7: How Facial Thermal Imaging in the InfraredSpectrum Works 105

vii

viii Contents

Part 4: How Biometric Fingerscanning AnalysisTechnology Works 113

CHAPTER 8: How Finger Image Capture Works 115

CHAPTER 9: How Fingerscanning Verification andRecognition Works 135

Part 5: How Biometric Geometry AnalysisTechnology Works 147

CHAPTER 10: How Hand Geometry ImageTechnology Works 149

CHAPTER 11: How Finger Geometry Technology Works 157

Part 6: How Biometric Verification Technology Works 167

CHAPTER 12: How Dynamic Signature VerificationTechnology Works 169

CHAPTER 13: How Voice Recognition Technology Works 175

CHAPTER 14: How Keystroke Dynamics Technology Works 181

CHAPTER 15: How Palm Print Pattern RecognitionTechnology Works 187

CHAPTER 16: How Vein Pattern Analysis RecognitionTechnology Works 195

CHAPTER 17: How Ear-Shape Analysis Technology Works 203

CHAPTER 18: How Body Odor and/or Scent AnalysisTechnology Works 215

CHAPTER 19: How DNA Measurement Technology Works 239

Contents ix

Part 7: How Privacy-Enhanced Biometric-BasedVerification/Authentication Works 257

CHAPTER 20: How Fingerprint Verification/AuthenticationTechnology Works 259

CHAPTER 21: Vulnerable Points of a Biometric VerificationSystem 287

CHAPTER 22: How Brute Force Attacks Work 317

CHAPTER 23: How Data-Hiding Technology Works 339

CHAPTER 24: Image-Based Challenges/Response Methods 359

CHAPTER 25: How Cancelable Biometrics Work 381

Part 8: Large-Scale Implementation/Deployment ofBiometric Technologies and Verification Systems 393

CHAPTER 26: Specialized Biometric EnterpriseDeployment 395

CHAPTER 27: How to Implement Biometric Technology andVerification Systems 417

Part 9: Biometric Solutions and Future Directions 459

CHAPTER 28: How Mapping-the-Body Technology Works 461

CHAPTER 29: Selecting Biometric Solutions 501

CHAPTER 30: Biometric Benefits 541

Glossary 587

Index 607

Contents

Foreword

From the movie screen to the office building—biometric verification systemsthat were once the fancy of moviemakers and science fiction writers are quicklybecoming commonplace. Just a few years ago, most people were skeptical thatbiometric technology would ever be used as widely as it is now. The consensusthat biometrics would take decades to find its way into common use was a grosserror. Publishers, editors, writers, and forecasters missed the mark by at least adecade.

Finally, a book that explains and illustrates what individuals and organiza-tions can do with biometric technologies and verification systems has arrived.I know that John Vacca wanted to write this book ten years ago, but editorsthought that biometric technologies and verification systems were not going tomake it out of the lab.

This book provides comprehensive coverage of biometric technologiesand verification systems, and provides a solid education for any student orprofessional in a world where concerns about security have become the norm.

It covers biometric technologies and verification systems from top to bottom,and also provides explanations of the most important aspects of the technologyand how to best use that technology to improve security.

I highly recommend this book for all IT or security professionals as well asthose entering the field of security. I also highly recommend it to curriculumplanners and instructors for use in the classroom.

Michael ErbschloeSecurity Consultant and AuthorSt. Louis, Missouri

xi

Acknowledgments

There are many people whose efforts on this book have contributed to itssuccessful completion. I owe each a debt of gratitude and want to take thisopportunity to offer my sincere thanks.

A very special thanks to my Senior Acquisitions Editor, Mark A. Listewnik,without whose continued interest and support this book would not have beenpossible, and Assistant Editor Kelly Weaver, who provided staunch support andencouragement when it was most needed. Thanks to my Project Manager, JeffFreeland, and my copyeditor, Janet Parkinson, whose fine editorial work hasbeen invaluable. Thanks also to my marketing manager, Chris Nolin, whoseefforts on this book have been greatly appreciated. Finally, thanks to all of theother people at Academic Press/Butterworth-Heinemann and Elsevier Scienceand Technology Books, whose many talents and skills are essential to a finishedbook.

Thanks to my wife, Bee Vacca, for her love, her help, and her understand-ing of my long working hours. Also, a very, very special thanks to MichaelErbschloe for writing the foreword. Finally, I wish to thank all the organiza-tions and individuals who granted me permission to use the research materialand information necessary for the completion of this book.

xiii

Introduction

Biometric technologies are crucial components of secure personal identifica-tion and verification systems, which control access to valuable information,to economic assets, and to parts of the national infrastructure. Biometric-based identification and verification systems support the information-basedeconomy by enabling secure financial transactions and online sales, and byfacilitating many law enforcement, health, and social service activities. SinceSeptember 11, 2001, the national requirements to strengthen homeland secu-rity have fallen short, hindering government and industry interest in attemptingto apply biometric technologies to the automated verification of the identity ofindividuals.

As you know, biometric technologies are automated methods for identify-ing a person or verifying a person’s identity based on the person’s physiologicalor behavioral characteristics. Physiological characteristics include fingerprints,hand geometry, and facial, voice, iris, and retinal features; behavioral character-istics include the dynamics of signatures and keystrokes. Biometric technologiescapture and process a person’s unique characteristics, and then verify that per-son’s identity based on comparison of the record of captured characteristicswith a biometric sample presented by the person to be verified. After manyyears of research and development, biometric technologies have become reli-able and cost-effective, and acceptable to users. However, new applications ofbiometrics are being somewhat successfully implemented in more secure traveldocuments, visas, and personal identity verification cards. These applicationshelp to safeguard valuable assets and information and contribute to the safetyand security of automated transactions, but have fallen short of strengtheninghomeland security.

Both public and private sectors are looking for reliable, accurate, and prac-tical methods for the automated verification of identity. And they are usingbiometric technologies in a wide variety of applications, including health andsocial service programs, passport programs, driver licenses, electronic banking,

xv

xvi Introduction

investing, retail sales, and law enforcement (such as it is). Verification systemsare usually characterized by three factors:

■ Something that you know, such as a password;

■ Something that you have, such as an ID badge;

■ Something that you are, such as your fingerprints or your face.

Systems that incorporate all three factors are stronger than those that useonly one or two factors. Verification using biometric factors can help to reduceidentity theft and the need to remember passwords or to carry documents, whichcan be counterfeited. When biometric factors are used with one or two otherfactors, it is possible to achieve new and highly secure identity applications.For example, a biometric factor can be stored on a physical device, such as asmart card that is used to verify the identification of an individual. Today, theidentification cards that are issued to employees for access to buildings and toinformation, and the cards that are used for financial transactions, often includebiometric information.

Biometric factors can also be used with encryption keys and digital signaturesto enhance secure verification. For example, biometric information could usepublic key infrastructure (PKI) systems that incorporate encryption (such asFederal Information Processing Standard [FIPS] 197, Advanced EncryptionStandard). Encrypting the biometric information helps to make the systemmore tamper-resistant.

What’s So Special About This Book?

Knowing when and how to weave biometrics into the security fabric of acustomer’s enterprise requires a comprehensive understanding of:

■ The magnitude of the end user’s unique security needs/desires;

■ The size of the end user’s budget;

■ The environment in which the technologies will be used;

■ What technologies the customer is already using;

■ Which specific biometric technology and verification systems bestaddress the end user’s unique needs within the available budget.

Different types of businesses require different levels of security. Biometricshave been particularly popular as a physical access strategy with data centersand network co-location facilities. For example, this book will show how cus-tomers in this industry are using a combination of biometrics, CCTV, and

Introduction xvii

mantraps to control access into main entry points and biometric readers torestrict access to network equipment cages. Common denominators in thesekinds of applications are:

■ Mission-critical servers, storage devices and miles of CAT-5, 6, and 7cable reside throughout their facilities;

■ The data residing and circulating through the facility is extremelysensitive;

■ The locations are remote and unmarked and access is tightly restricted,so throughput is not as critical an issue;

■ Robust budgets that accommodate the maximum levels of security.

However, most businesses do not share these characteristics. Networkingequipment and data storage devices usually are stored centrally, creating a local-ized security hot spot. In contrast, most enterprise or campus environmentshave to provide access to a large number of employees, partners, vendors, andcustomers, all with varying levels of access privileges. In this situation, through-put, convenience, and transparency are priority issues. Proximity card accesscurrently offers the best method of addressing these issues and also provides thebasis for the photo identification requirement most organizations have. The bestpractice here would be to harden security as traffic approaches the organization’shot spots with the use of biometric readers, most of which are compatible withand are designed to easily replace card readers.

In addition, biometric technology and verification systems suppliers havemade radical improvements in the costs of their products. For example, a fin-ger scan reader that may have cost $500 only two years ago is now availablefor under $100, with many other readers available for under $200 per unit.More sophisticated iris scan readers have moved from the $7,000 range intothe $4,000 range, and some manufacturers are predicting sub-$1,000 unitssoon. That being said, biometric technology and verification systems are stillsubstantially more expensive to purchase than most card technologies, whichare also dropping in cost. So while end users may express interest in deployingbiometrics in their facilities, corporate budgets will often determine whetherthat will actually happen.

Also, current biometric product design necessitates that units be deployedindoors, as most have not been made rugged enough for prolonged exposureto outdoor conditions or vandalism. The amount and kind of traffic may alsoaffect the selection of biometrics or cards. For instance, in parking structureapplications or near main entrances, wireless card technologies like proximityare more convenient than biometrics.

Introduction

xviii Introduction

End users will be more inclined to buy off on biometric value propositions ifthey can leverage rather than replace their current systems. This leveraging canbe accomplished in a number of ways. A pure biometric system would functionalmost exactly like a card access system. Individuals attempting to gain accesspresent their finger, hand, eye, or face, or speak into a microphone, in the sameway they would present their card. The difference is that the typical proximitycardholder identification number requires 26 to 85 bits of memory. The typicalfingerprint template used by a biometric system requires 250 to 1,000 bytes or,if you recalculate those numbers into bits for comparison, 2,000 to 8,000 bits.Obviously, it takes substantially more processing time and power to verifythe identity of an individual biometric scan against a database of hundreds orthousands of others versus a cardholder number.

There are a few ways to use a customer’s existing card-based system tosolve this problem. One way is to associate each individual cardholder num-ber with that person’s biometric template. This can be done easily during theenrollment process, and requires that individuals present their existing cardto a card reader either installed next to a biometric reader or actually builtinto it. The cardholder number tells the biometric system where to look onthe template database for the individual’s stored template, greatly reducingthe amount of processing required to verify the authenticity of the biometricscan. Another way to simplify processing is to store the biometric templateon a smart card. This eliminates the need for a separate biometric templatedatabase and the infrastructure needed to support it, because the smart cardprovides all of the storage and security needed. This is an especially popularmethod for government agency customers who are already using smart cardtechnology for both physical and logical access. The third way to get aroundthe processing problem is to store the biometric template on the controllerpanel.

After settling these issues, you still have to determine which kind of biomet-ric technology and verification system best matches your customer’s situation.The three technologies that this book will show to be the most practical cur-rently are finger scan, hand scan (or hand geometry), and eye scan (either retinaor iris). This book will also show you how to use voice or facial scan technologiesto provide a practical solution for most commercial physical security applica-tions. In addition, this book will show you how biometric technologies andverification systems offer the user the ability to adjust sensitivity or tolerancelevels to balance false-accept and false-reject rates.

There is usually an indirect correlation between accuracy, as measured inthe number of unique characteristics the technology can discern, and cost.

Introduction xix

The level of intrusiveness is also an important consideration, because customerswho deploy intrusive procedures into the organization could become the targetof enterprise-wide hostility. Eye scan technology is probably the most accu-rate technology of the group, but it is also the most expensive and perceivedto be the most intrusive. Retina scan products require that users positiontheir eye within half an inch of the reader while over 400 unique featuresare scanned from the back of the eye. Iris scan technology offers a similar levelof accuracy (around 260 unique features) and similar price, but is less intru-sive. Individuals need only get within three feet for a reliable scan. Becauseeither eye scanning process requires the individual to get into position andhold their eyes steady (usually for around two seconds), only the most security-conscious employees will be able to truly appreciate the reliability of eye scantechnology.

Finger scan technology is probably the most popular of the biometric tech-nologies and verification systems for a wide range of applications includinglogical access, Internet security, banking, and point-of-purchase. It offers agood balance between accuracy and cost and generally has managed to shakethe criminal identification stigma. Traditional optical finger scan technologywill most likely be replaced with newer silicon technology that requires lesssurface scanning area and less maintenance than optical scanning.

Given the current state of development among the various biometric tech-nology and verification systems alternatives, hand scan, also known as handgeometry, integrates best with physical access systems and is the preferredchoice for combining accuracy (up to 90 unique features or measurements)and cost, with a minimal perceived amount of intrusion. Hand geome-try templates are the smallest available from current biometric technologyand verification systems at around 9 bytes (72 bits), which translates intoreduced processing and storage requirements. Hand geometry readers aredesigned to correctly position the individual’s hand and ensure quick, efficientreads.

Once the decision has been made about where biometric technology andverification systems will be used in your customer’s organization, which kindof technology will be used, and how it will be integrated with existing systems,the final step is to train customer security personnel. Not only will they needto know how to adjust the tolerances of the readers to balance false-accept andfalse-reject rates, they also will need to know how to calm employees’ fearsthat their identities may be stolen. Additionally, the security director shouldexpect some level of animosity toward the biometric readers when some employ-ees are unable to access areas to which they are authorized due to improper

Introduction

xx Introduction

use or narrow tolerance settings. Thoroughly preparing the security person-nel can go a long way toward smoothing the path to acceptance of the newtechnology.

So, with the preceding in mind, the three most important selling points ofthis book are:

1. Positive identification technology and systems

2. Physical access control technology and systems

3. Biometric engineering design techniques

Furthermore, biometric technology and verification systems offer a numberof benefits to both businesses and consumers. It is these benefits, in addi-tion to the factors noted earlier, that are driving their increased usage andacceptance:

■ Combating credit card fraud

■ Preventing identity theft

■ Restoring identity

■ Enhanced security

■ Data verification/authentication

Any situation that allows for an interaction between man and machine iscapable of incorporating biometrics. The benefits of biometrics will make thetechnology’s use, and consequently its acceptance, inevitable.

As discussed in this book, the public acceptance of biometrics is not neces-sarily inevitable. It will only come if the privacy concerns associated with thetechnology are effectively addressed.

Whether biometrics are privacy’s friend or foe is entirely dependent uponhow the systems are designed and how the information is managed. While thebiometric industry has made some positive initial steps, without private sectordata protection legislation, companies are still free to use biometric data withoutrestriction.

It must be recognized that the use of biometrics needs to conform tothe standards and expectations of a privacy-minded society. The responsibil-ity to ensure that this new technology does not knowingly or unknowingly

Introduction xxi

compromise consumer privacy lies not only with businesses, but also withconsumers.

Businesses must acknowledge and accept their obligation to protect theircustomers’ privacy. Prior to introducing any biometric system, the impact thatsuch an application may have on consumer privacy should be fully assessed.To appropriately and effectively balance the use of biometric information forlegitimate business purposes with the consumer’s right to privacy, companiesshould adopt and implement the fair information practices and requirementsdiscussed in this book. Voluntary adoption of such practices is essential if thereis to be meaningful privacy protection of consumers’ biometric data in theprivate sector.

Finally, consumers need to advocate for their own privacy rights. Theycan make a difference by only doing business with companies that follow fairinformation practices and that make use of the privacy-enhancing aspects ofbiometrics in the design of their information management systems protectiontechniques. Consumer preferences will be key in defining the appropriate usesand protection of biometrics. Consumers have the power—they need to use itwisely.

Purpose

With the preceding in mind, the purpose of this book is to show experienced(intermediate to advanced) industry, government, and law enforcement profes-sionals how to analyze and conduct biometric security, and how to report thefindings leading to incarceration of the perpetrators. This book also providesthe fundamental knowledge you need to analyze risks to your system and toimplement a workable biometric security policy that protects your informationassets from potential intrusion, damage, or theft. Through extensive hands-onexamples (field and trial experiments) and case studies, you will gain the knowl-edge and skills required to master the deployment of biometric security systemsto thwart potential attacks.

Scope

This book discusses the current state of the art in biometric verifica-tion/authentication, identification, and system design principles. The bookalso provides a step-by-step discussion of how biometrics works; how biometric

Introduction

xxii Introduction

data in human beings can be collected and analyzed in a number of ways;how biometrics are currently being used as a method of personal identificationin which people are recognized by their own unique corporal or behavioralcharacteristics; and how to create detailed menus for designing a biometricverification system. Furthermore, the book will also discuss how human traitsand behaviors can be used in biometrics, including fingerprints, voice, face,retina, iris, handwriting, and hand geometry. Essentially, biometrics is thesame system the human brain uses to recognize and distinguish the man inthe mirror from the man across the street. Using biometrics for identifyingand verifying/authenticating human beings offers some unique advantages overmore traditional methods. Only biometric verification/authentication is basedon the identification of an intrinsic part of a human being. Tokens, such assmart cards, magnetic stripe cards, and physical keys, can be lost, stolen, orduplicated. Passwords can be forgotten, shared, or unintentionally observedby a third party. Forgotten passwords and lost smart cards are a nuisance forusers and an expensive time-waster for system administrators. In addition,this book will show how biometrics can be integrated into any applicationthat requires security, access control, and identification or verification of users.With biometric security, the key, the password, the PIN code can be dis-pensed with; the access-enabler is you—not something you know, or somethingyou have.

Finally, this book leaves little doubt that the field of biometric secu-rity is about to evolve even further. This area of knowledge is now beingresearched, organized, and taught. No question, this book will ben-efit organizations and governments, as well as their biometric securityprofessionals.

Target Audience

This book is primarily targeted at those in industry, government, and lawenforcement who require the fundamental skills to develop and implementsecurity schemes designed to protect their organizations’ information fromattacks, including managers, network and systems administrators, technicalstaff, and support personnel. This list of personnel also includes, but is notlimited to, security engineers, security engineering designers, bioinformaticsengineers, computer security engineers, molecular biologists, computer securityofficers, computational biologists, security managers, university-level profes-sors, short course instructors, security R&D personnel, security consultants,and marketing staff.

Introduction xxiii

Organization of This Book

The book is organized into nine parts composed of 30 chapters and an extensiveglossary of biometric terms and acronyms at the end.

Part 1: Overview of Biometric Technology andVerification Systems

Part 1 discusses what biometrics are, types of biometrics technology andverification systems, and biometrics technology and verification systemsstandards.

Chapter 1, “What Is Biometrics?,” sets the stage for the rest of the book byshowing the importance of biometrics as a method of protection for enterprises,government, and law enforcement.

Chapter 2, “Types of Biometric Technology and Verification Systems,” pro-vides an overview of biometric technologies that are currently available andbeing developed, current uses of these technologies, and issues and challengesassociated with the implementation of biometrics.

Chapter 3, “Biometric Technology and Verification Systems Standards,”discusses related biometric standards development programs and business plans.

Part 2: How Biometric Eye AnalysisTechnology Works

Part 2 discusses how iris pattern recognition and retina pattern recognitionworks.

Chapter 4, “How Iris Pattern Recognition Works,” discusses how iris-basedpersonal identification (PI) or recognition uses the unique visible characteristicsof the human iris (the tinted annular portion of the eye bounded by the blackpupil and the white sclera) as its biometric.

Chapter 5, “How Retina Pattern Recognition Works,” examines theanatomy and uniqueness of the retina, and forms the foundation for the fol-lowing: the technology behind retinal pattern recognition, sources of problems(errors) and biometric performance standards, strengths and weaknesses ofretinal pattern recognition, and the applications of retinal pattern recognition.

Introduction

xxiv Introduction

Part 3: How Biometric Facial RecognitionTechnology Works

Part 3 discusses how video face recognition and facial thermal imagingworks.

Chapter 6, “How Video Face Recognition Works,” shows how computersare turning your face into computer code so it can be compared to thousands,if not millions, of other faces.

Chapter 7, “How Facial Thermal Imaging in the Infrared Spectrum Works,”proposes a method that enhances and complements Srivastava’s approach.

Part 4: How Biometric Fingerscanning AnalysisTechnology Works

Part 4 discusses how finger image capture and finger scanning verification andrecognition works.

Chapter 8, “How Finger Image Capture Works,” thoroughly discusses fingerimage capture technology, which is also called fingerprint scanning.

Chapter 9, “How Fingerscanning Verification and Recognition Works,”discusses how fingerprint sensors solve the size, cost, and reliability problemsthat have limited the widespread application of fingerscanning verification.

Part 5: How Biometric Geometry AnalysisTechnology Works

Part 5 discusses how hand geometry image technology and finger geometrytechnology works.

Chapter 10, “How Hand Geometry Image Technology Works,” discusseshow handprint recognition scans the outline or the shape of a shadow, and notthe handprint.

Chapter 11, “How Finger Geometry Technology Works,” discusses how afew biometric vendors use finger geometry or finger shape to determine identity.

Part 6: How Biometric VerificationTechnology Works

Part 6 discusses how dynamic signature verification technology, voice recogni-tion technology, keystroke dynamics technology, palm print pattern recognition

Introduction xxv

technology, vein pattern analysis recognition technology, ear shape analysistechnology, body odor analysis technology, and DNA measurement technologyworks.

Chapter 12, “How Dynamic Signature Verification Technology Works,”explores what new dynamic signature verification technology is doing to solveproblems.

Chapter 13, “How Voice Recognition Technology Works,” discusses howvoice recognition technology is a viable solution to securely and inexpensivelyauthenticate users both at a physical location and remotely.

Chapter 14, “How Keystroke Dynamics Technology Works,” discusses howkeystroke dynamics, a behavioral measurement, is a pattern exhibited by anindividual using an input device in a consistent manner.

Chapter 15, “How Palm Print Pattern Recognition Technology Works,”provides a brief overview of the historical progress of and future implicationsfor palm print biometric recognition.

Chapter 16, “How Vein Pattern Analysis Recognition Technology Works,”discusses why vein pattern recognition has gained sponsorship from compa-nies that have developed reputations for developing products that competesuccessfully in global markets.

Chapter 17, “How Ear-Shape Analysis Technology Works,” proposes a sim-ple ear shape model-based technique for locating human ears in side face rangeimages.

Chapter 18, “How Body Odor and/or Scent Analysis Technology Works,”discusses how research laboratories envision tools that could identify andtrack just about every person, anywhere—and sound alarms when the systemsencounter hazardous objects or chemical compounds.

Chapter 19, “How DNA Measurement Technology Works,” discusseshow an interesting application of the DNA “ink” would be to use it for theauthentication of passports or visas.

Part 7: How Privacy-Enhanced Biometric-BasedVerification/Authentication Works

Part 7 discusses how fingerprint verification/authentication technology, vul-nerable points of a biometric verification system, brute force attacks, datahiding technology, image-based challenges/response methods, and cancelablebiometrics works.

Introduction

xxvi Introduction

Chapter 20, “How Fingerprint Verification/Authentication TechnologyWorks,” contains an overview of fingerprint verification methods and relatedissues.

Chapter 21, “Vulnerable Points of a Biometric Verification System,” out-lines the inherent vulnerability of biometric-based verification, identifies theweak links in systems employing biometric-based verification, and presentsnew solutions for eliminating some of these weak links.

Chapter 22, “How Brute Force Attacks Work,” proposes a technique forgenerating keys for symmetric cipher algorithms (such as the widely used DataEncryption Standard (DES) and 3-DES), to show how brute force attacks workand how they can be prevented

Chapter 23, “How Data-Hiding Technology Works,” introduces two appli-cations of an amplitude modulation-based watermarking method, in which theresearchers hid a user’s biometric data in a variety of images.

Chapter 24, “Image-Based Challenges/Response Methods,” covers theinherent strengths of an image-based biometric user verification scheme andalso describes the security holes in such systems.

Chapter 25, “How Cancelable Biometrics Work,” discusses handwriting,voiceprints, and face recognition.

Part 8: Large-Scale Implementation/Deployment ofBiometric Technologies and Verification Systems

Part 8 discusses specialized biometric enterprise deployment and how toimplement biometric technology and verification systems.

Chapter 26, “Specialized Biometric Enterprise Deployment,” provides anoverview of the main types of device “form factors” that are available for practicaluse today.

Chapter 27, “How to Implement Biometric Technology and VerificationSystems,” deals with the implementation of social, economic, legal, andtechnological aspects of biometric and verification systems.

Part 9: Biometric Solutions and Future Directions

Part 9 discusses how mapping the body technology works, selecting biometricsolutions, biometric benefits, and a glossary consisting of biometric security-related terms and acronyms.

Introduction xxvii

Chapter 28, “How Mapping-the-Body Technology Works,” presents a con-tinuous human movement recognition (CHMR) framework, which forms abasis for the general biometric analysis of the continuous mapping of the humanbody in motion as demonstrated through tracking and recognition of hundredsof skills, from gait to twisting saltos.

Chapter 29, “Selecting Biometric Solutions,” briefly describes some emerg-ing biometric technologies to help guide your decision making.

Chapter 30, “Biometric Benefits,” shows you the benefits of using biometricsystems that use handwriting, hand geometry, voiceprints, and iris and veinstructures.

And, finally, the “Glossary” consists of biometric security–related terms andacronyms.

John R. VaccaAuthor and IT Consultantvisit us at http://www.johnvacca.com/

Introduction