What are biometrics? Let's discuss current biometric screening types, and what the future holds for biometric verification technology. Read on for more.
When you hear the word biometrics, what’s the first thing that comes to mind? Biologists measuring a vial of cells; a science teacher’s scoring rubric they use for their student’s tests; or maybe it’s a feature on one of Batman’s state-of-the-art tools he uses as the world’s greatest detective.
Think of biometrics in two parts: “Bio” as in “biology.” Biology is the scientific study of life and living organisms. “Metrics,” isn’t just a tool the world uses (excluding the USA) for measuring the distance between places; Metrics are a rules-based system of measuring data, often used for comparative or tracking purposes.
Biology is largely qualitative; metrics are quantitative. How can two things that are seemingly incongruous come together in order to provide an authentication application that creates safety and security in the digital world, bridging the gap between the divide with reality? Many experts today argue that because biometrics identifiers are unique to everyone, biometric identification is ultimately more secure than traditional passwords, two-factor authentication, and knowledge-based answers.
In this guide, we’ll answer some common questions about what biometrics are, how a basic biometric recognition system works with a person’s identity, and discuss current biometric identification solutions and screening types. Read on for more.
Biometric types and their indicators: physiological and behavioral
If you’ve ever unlocked your mobile device with your finger, scanned your face to see how much money is in your bank’s app, or yelled “Hey Alexa” to find out how long to cook an egg – congratulations! You’ve used your biometrics. Biometrics (including the ones used in the aforementioned example) fall into one of two categories: physiological and behavioral.
A person’s fingerprint -the most common biometric used in the world today to identify a person- is categorized as a “physiological” biometric indicator - a specific physical pattern on a person’s body. A scan of the same person’s face, or face recognition, is also a physiological biometric, but can also be segmented to show other physiological biometric sensors like ear-shape, width of eyes apart from one another, nose shape and length, hair type and others. Physiological biometric data is analyzed with things like facial recognition and fingerprint readers – items that are fairly commonplace on mobile devices like smart phones, laptops, and tablets.
A person’s voice is a “behavioral” biometric indicator – specific patterns that are related to an individual’s actions. A physical fingerprint can be lifted off of a device, but, the way you use said device can be measured to make a profile. Though there are some crossovers to physical traits, behavioral biometric indicators are increasingly being used in digital applications and online to follow and determine who a person is based on a set of patterns created by how they behave. For example, most modern companies that have a digital platform will look at behavioral characteristics like scrolling on a web page with a mouse, swiping on a web page to indicate mobile browsing, or clicks vs. hard presses as one method of biometric recognition that can help build a profile of a person’s identity.
Physiological – shape of the body.
- Fingerprint – the ridges on your finger
- Hand geometry – how far your fingers are apart from one another, finger length, etc.
- Palm print – hand lines found on your palm and palm thickness/width
- DNA - analysis of a genetic sequence
- Blood – blood type
- Facial measurements – including ear geometry, nose, head size and shape, eye distance, hair color, etc.
- Iris and retinas – color and eye shape
- Veins – vein patterns in eyes, hands,
- Heart beats and EKG
Behavioral – patterns identified in human behavior
- Typing rhythm and keystroke dynamics
- Walking gait
- Voice and speech inflections
- Web navigation – scrolling and swiping
- Written text recognition like a signature or font
- Geo-location and IP Addresses
- Purchasing habits
- Device use
- Browser history and cookies
How do biometrics work? What are biometrics used for?
Let’s go back to the intro, where we broke down “biometrics” into two words: biology and metrics. Metrics often involve the comparison of data sets to find patterns and look at trends. Biometrics do the same, by comparing a biological data set of “something a person has” with “something they are” - a phrase often used by identity experts discussing the “lock and key” and token approach to identification and authentication of users in modern password systems.
How biometrics work in tech: Whether physiological or behavioral, here’s how a basic system works:
- Biometric software like “face recognition” captures the biological input that a user provides (in this case, a face)
- The software measures the capture to create a baseline data point template or the “lock” that will be the determining data point for future uses
- The biometric characteristics that are measured and captured are converted and stored as data in internal hardware on the device used, or on a cloud platform during the enrollment phase
- From there, biometric sensors compare any new inputs as a potential “key” to the previously derived string of data in the “lock.” Only the matching biometrics, whether its physiological or behavioral characteristics, provided will confirm a person’s identity and unlock the service or account
Important things to note: The biometric template, or the “lock” as we're calling it here, isn’t the whole image but rather a code that’s generated describing the biometric features of the “lock” image within the context of the specific biometric technology. If a person were to look at the data of a fingerprint someone provided in the template “lock” after they scanned their finger to their phone, it would show a sequence of code instead of zoomed-in picture of your finger’s prints.
After enrollment and storage, any time a biometric input is scanned into a system as a “key” to unlock access, the biometric is compared to and measured by the data that’s described in the template “lock.” If the biometric key matches, the door is unlocked. If the biometric key doesn’t fit, the user is denied.
One of the main advantages of biometric authentication is that the “locks” or templates aren’t whole images of the entire biometric data a user provides. For example, if a hacker was able to break into a database of biometric “locks,” they wouldn’t suddenly have access to sensitive images of people’s biometrics, nor have the ability to suddenly unlock all of their services that use biometrics with their “key” since they don’t physically contain the biometric characteristics or traits.
A large part of why biometrics allow a high-level of security is that current commercial technology prevents biometric characteristics from being re-engineered digitally for nefarious purposes. You have to have the real, physical fingerprint to be able to use and be approved by a fingerprint scanner. However, the speed of technological changes mean it’s a matter of “when” not “if" technology is created to replicate biometric characteristics.
Most experts would agree that an ideal biometric system should require a live biometric to be presented every time for access. In addition, biometric identification solutions shouldn’t be the only thing that a ‘lock’ asks for as the ‘key’; a multi-factor authentication system that blends biometric characteristics like fingerprint readers in combo with voice recognition among other more traditional items like 2FA or passwords would provide optimal security.
Types of Biometric Technology and their uses
Today, there are a huge number of applications and services that utilize biometric technology. Here are some common ones that people interact with daily:
- Personal hardware – phones, laptops, PCs, tablets.
- Financial transactions – payments like wire transfers often ask for verification of a person’s identity before processing
- Healthcare - Biometrics can help doctor’s offices, hospitals, and clinicians keep better records of patients, or prevent violations by preventing the disclosure of medical records to non approved parties
- Law enforcement - Agents use biometrics daily to catch and track criminals. Fingerprints and DNA analysis anyone? Biometrics are also used by jails and prisons to manage inmates. For instance, agents will take pictures of an inmate’s tattoos in order to track criminal organization affiliation and build a biometric characteristics profile
- Airports – Many modern airports are beginning to use facial recognition biometrics. Travelers can enroll by having a photo of their eyes and face captured by a camera. When traveling, instead of waiting in long queues to be processed, passengers simply walk into an expedited queue, look into a camera that compares their face to their biometric database, and are approved