BIOMETRIC AND FORENSIC ANATOMY

By

Prof. A.O.IBEGBU
Department of Anatomy,
Faculty of Basic Medical Sciences
Federal University Ndufu Alike Ikwo
1
Terms and Definitions used in biometrics
• Biometrics, is an automatic automated recognition or
identification of an individual based on his or her
physiological (fingerprints, iris of the eyes) or behavioral
(signature) characteristics or traits.

• Biometrics is a general term used alternatively to

describe an individual or a person.

2
• Biometrics is the measurement and statistical
analysis of people's physical and behavioral
characteristics.

• The technology is mainly used for identification and

access control, or for identifying individuals that are
under surveillance.

• The basic premise of biometric authentication is that

everyone is unique and an individual can be identified
by his or her intrinsic physical or behavioral traits.

• The term biometrics is derived from Greek words bio

meaning life and metric meaning to measure.
3
 Types of Biometrics
 Physiological
 Face
 Fingerprint
 Hand geometry
 Retina
 Iris recognition
 Behavioral
 Signature
 Voice

4
There are two main types of biometric identifiers:
• Physiological and Anatomical characteristics: The
shape and composition of the body.
• Behavioral characteristics: The behavior of a person.
• Physiological and Anatomical characteristics are
related to the shape of the body. Examples include, but
are not limited fingerprint, palm veins, face recognition,
DNA, Palm print, hand geometry, Iris recognition, retina
and odor/scent or ear features.
• Behavioral characteristics are related to the pattern of
the behavior of a person, such as typing rhythm, gait,
gestures and voice called behaviometrics .
• Certain biometric identifiers, such as monitoring
keystrokes or gait in real time, can be used to provide
continuous authentication instead of a single one-off
authentication check. 5
 Iris recognition

Iris scanning measures the iris

pattern in the colored part of the
eye,

6
Retina
recognition

Images back of the eye

and compares blood
vessels with existing data

7
Fingerprint Recognization

8
• Other areas that are being explored in the quest to
improve biometric authentication include brainwave
signals, electronic tattoos, and a password pill that
contains a microchip powered by the acid present in
the stomach.
• Once swallowed, it creates a unique ID radio signal
that can be sensed from outside the skin, turning the
entire body into a password.
• Authentication by biometric verification is becoming
common in corporate and public security systems,
consumer electronics, and point-of-sale applications.
• In addition to security, the driving force behind
biometric verification has been convenience, as there
are no passwords to remember or security tokens to
carry.
• Measuring someone’s gait doesn’t even require a
contact with the person.
9
• Biometric devices, such as fingerprint readers,
consist of:
• A reader or scanning device.
• Software that converts the scanned information
into digital form and compares match points.
• A database that stores the biometric data for
comparison.

10
Accuracy of biometrics
• The accuracy and cost of readers has been a
limiting factor in the adoption of biometric
authentication solutions
• But the presence of high quality cameras,
microphones, and fingerprint readers in mobile
devices means biometrics is likely to become
more common method of authenticating users,
• Particularly as the new fast Identity Online
(FIDO) specification means that two factor
authentication using biometrics is becoming cost
effective and in a position to be rolled out to the
consumer market.

11
• The quality of biometric readers is improving all the time,
but they can still produce false negatives and false
positives.
• One problem with fingerprints is that people inadvertently
leave their fingerprints on many surfaces they touch, and
it’s fairly easy to copy them and create a replica in silicone.
• People also leave DNA everywhere they go and
someone’s voice is also easily captured.
• Dynamic biometrics like gestures and facial expressions
can change, but they can be captured by HD cameras and
copied.
• Also, whatever biometric is being measured, if the
measurement data is exposed at any point during the
authentication process, there is always the possibility it can
be intercepted.
• This is a big problem, as people can’t change their physical
attributes as they can a password.
• While limitations in biometric authentication schemes are
real, biometrics is a great improvement over passwords 12as
a means of authenticating an individual.
Face Recognization

13
 DISCUSSION

• Do you think biometrics will be the primary

approach for authenticating people to prevent
identity theft?

14
• Active Impostor Acceptance– when an access control system incorrectly
recognizes and accepts a biometric sample which has been altered,
modified, or cloned.
• Algorithm– a sequence of instructions that instructs a biometric system
on how to solve a problem. It could have a finite number of steps in the
instruction to use in computing whether the sample and the template
are matched.
• Application Program Interface (API)– a set of protocols use to
standardize an application by a developer. For example, an API may be
added or interchanged by an application developer into any biometric
system.
• Application Developer– an application programmer or manufacturer
that develops and applies any software
• Artificial Neural Network– an artificial intelligence system which allows
learning to take place in the system. it may use past experiences and
compute whether a biometric sample is a match with a template
• Application Specified Integrated Circuit (ASIC)-a silicon chip for a
biometric system which is specifically produced to enhance performance
• Attempt– the moment a biometric sample is being submitted for
verification. An “attempt” may happen more than once in cases where it
is denied or rejected.
• Authentication– biometric data is considered to be correct and valid. 15
“Validation” is the preferred term.
• Behavioral Biometric– pattern of biometrics that is established
after a given amount of time. It is not necessarily a physiological
trait.
• Biometric– a physical trait or pattern which is unique to every
individual. It often used to verify and authenticate a person’s
identity who is enrolled into a system. Biometric patterns can be
anything from fingerprints, iris scans, facial recognition or even
voice recognition.
• Biometric Application– the implementation of any system that
involves biometric data.
• Biometric data– a sample taken from individual which is unique
to their own person. Common biometric data are: fingerprint,
voice and iris scans, palm vein patterns and even facial patterns.
• Biometric Engine– the portion of the biometric software system
that processes the gathered data. It can start to operate from
the data capture, extraction, comparison down to the matching.
• Biometric Identification Device– gathers, reads an compares
biometric data. Biometric System is the term more often use.
Biometric Sample Data- the data captured by a system collected
from a person of interest or a user. 16
• Biometric System– an automated system which:
• 1. Collects or captures biometric data via a scanner
2. Extracts the data from the actual submitted sample
3. Compares the scanned data from those capture for reference
4. Matching the submitted sample with the templates
5. Determining or verifying whether the identity of the
biometric data holder is authentic.
• Biometric Taxonomy– a method of classification using gathered
biometric data. It can also be the classification of biometric data
according to their use in a given system such as:
• • Cooperative versus Non-cooperative User
• Overt vs. Covert Biometric System
• Habituated vs. Non-habituated user
• Supervised vs. unsupervised User
• Standard Environment vs. Non-standard Environment
• Biometric Technology– A system or application which is
designed to employ biometric data. It can also be classified
further according to the type of biometrics being used in the
system.
17
• Capture– the process of collecting biometric data from the end user or
enrollee. Most biometric ata are “capture” by use of an image scanner in
cases of fingerprints, palm vein patterns or a camera to collect facial an
iris scans.
• Certification– testing gathered biometric data against a system or
software to verify its ability to perform. The application will be then
tested according to set standards for certification. Testing organizations
are the ones that issue certifications.
• Comparison– comparing a biometric sample with previously gathered
samples or against a template or templates for verification of the identity
• Claimed Identity– a biometric sample of an enrolled user of the system
• Claimant– person who submits his biometric sample for identity
verification. Claimants may either have true or false identities.
• Closed Set Identification-users need to be enrolled into a biometric
system and verified for access to be granted
• CMOS or Complementary Metal Oxide Semiconductor-a kind of circuit
(integrated) used by some biometric systems due to its low power
consumption 18
• D Prime– statistical measure which grades the ability of a
system to distinguish between biometric samples or individuals.
The higher D prime number means that the system is more
capable of distinguishing between samples.
• Degrees of Freedom– the number of independent features in a
biometric system
• Encryption-the conversion of any biometric data into a code
which cannot be easily read. A password may be used to
decrypt or decode the data
• End User– an enrolled or about to enroll individual who has his
biometric data submitted for verification
• End User Adaptation-users of a biometric system are able to
adjust accordingly to it after being familiar with the test
• Enroll-the user who has their biometric template entered into
the system
• Enrolment-gathering and processing of biometric data with the
intent of storing them into a database
• Enrollment Time-time spent the moment biometric data is
collected and successfully processed 19
• Equal Error Rate– the rate in which the rate of false rejection is almost
equal to the rate of false acceptance
• Extraction– the moment a biometric sample is converted into data after
which it compared to a biometric template.
• Failure to Acquire– a biometric system fails to capture, extract and store
the ata
• Failure to Acquire rate-the number of times that a failure to acquire
occurs
• False Acceptance– the biometric system accepts either a false identity or
incorrectly identifies a wrong identity against a claimed one
• False Match Rate-the moment a match between enrollee and submitted
data is done which in turn results to a rejection
• False Rejection– occurs when an enrolled identity is rejected by the
system or when it fails to verify a legitimate identity
• False Rejection Rate– the probability that a biometric system will fail to
identify a legitimate identity
• The equation is:
• FRR=NFR/NEIA or FRR=NFR/NEVA
• • FRR is the false rejection rate
• NFR- number of false rejections
• NEIA number of enrollee identification attempts 20
• NEVA-number of enrollee verification attempts
• Field Test– a sample trial done in the outside or Real world
• Goats Biometric System– pattern of activity done by system end-users
which varies beyond the specified range allowed. Consequently, it may be
rejected by the system.
• Hamming Distance-a measure of dissimilarity. It is actually the disagreeing
bits between two binary vectors.
• Identification or Identity– biometric sample which is matched against
templates and other biometric references
• Impostor– a person who poses as a verified user by submitting his own
biometric sample
• In House Test– series of testing done in a closed facility or laboratory. It
may or may not involve the use of external participants or subjects.
• Live Capture– the actual process of gathering biometric sample from a live
user using a biometric system
• Match or Matching– the process of matching a template versus a
submitted biometric sample. It is then rejected or accepted based on the
whether the score has met the threshold or not.
• Open- Set Identification– identifying users who are not enrolled in the
system. Opposite of closed set identification
• Original Equipment Manufacturer or Module-an organization which
assembles a biometric system from different parts or an independent
module which can be integrated into a biometric system 21
• Passive Impostor Acceptance– when an impostor’s submitted sample is verified and
accepted by the system.
• Personal Identification Number (PIN)-usually a four digit number is entered into a
system to gain access
• Performance criteria– a set of standards or criteria which is used to evaluate the
performance of the system
• Physiological or Physical Biometric– a physical characteristic used as biometric data. This
includes: fingerprints, face recognition, ear shape, iris recognition, palm and retina scans.
• Receiver Operating curves– a graph showing how the false rejection and false
acceptance rates varies with one another
• Recognition– widely use term is identification
• Response Time– the amount of time in which a biometric system analyzes a sample and
returns with a decision
• Template or Reference Template Data– a biometric measurement which is used to
verify succeeding biometric data
• Third Party Test-a test done by an independent party in a controlled environment
• Threshold or Decision Threshold– acceptance level of any given biometric system. it may
be tightened or widened accordingly to make the system meet certain requirements. If
the data falls above or below the threshold, it is rejected. If the sample falls within the
acceptable range it is accepted.
• Throughput Rate– the number of users a biometric system can successfully process
within a given time
• Type 1 error– See “false rejection”
• Type 2 Error– See “false acceptance”
• User– the client of any biometric vendor. Essentially, they are the clients that purchase
the technology but may or may not enroll themselves into the system. End-users are 22
those who enroll their biometric data into the system.
• Validation-the process of comparing a biometric sample
with the biometric data in the system whose identity is
claimed
• Wavelet Transform/Scalar quantization or WSQ-a
compression algorithm used to compress used to reduce
the size of reference templates
• Zero Effort Forgery-an impostor uses the actual
biometric sample of an enrolled user

23
Biometric Technology terms and technique
classifications:
• 1. AFIS or Automated Fingerprint– a database of fingerprints used by law
enforcement agencies. However, some civil or government agencies may also
use the same database to verify identities.
• Binning is one method of classification being used in some AFIS systems.
Physical characteristics of the fingerprints such as loops, arches and whorls are
further classified and stored in “Bins” according to their category. This method
is used to make searches faster with a high egree of reliability.
• 2. Body Odor-a smell given off by the human body which is biometrically
analyzed.
• 3. DNA– a human gene chain which is unique to every individual. Due to many
underlying issues, the technology is not yet automatic and does not rank well
alongside other biometric technologies
• 4. Ear Shape-biometrics of the ears
• 5. Face Recognition– facial features are analyzed and gathered as biometric
data
• Eigen Face– a method that represents the human face as a linear deviation from
an average or mean face
• Eigen Head– a 3d version of the Eigen Face
• Face Monitoring– used for checking the attendance of a user to a desktop, it
applies facial recognition technology.
• Facial thermogram– detects and scans the heat signature from the face 24
• Auto Correlation– two identical finger patterns are overlaid to create a
Moire fringe.
• Bifurcation- a branch mae by more than one finger image ridge.
• Capacitance- a finger image capture technique that detects an electrical
charge.
• 7. Finger Geometry– analyzes the shape of one or more fingers
• 8. Hand geometry or Hand recognition– analyzes and measures the shape
of the hand
• 9. Iris Recognition– a biometric system that reads and scans iris features
which is the colored ring the surrounds the pupil
• 10. Keystroke Dynamics– the typing rhythm of the end user is analyzed
and gathered as behavioral biometric data
• 11. Palm– a biometric analysis of the palm of the hand
• 12. Retina– a biometric analysis of the blood vessels at the back of the eye
• 13. Signature verification– a behavioral biometric that analyses a
signature made by the end user. Another signature verification may also
analyze the speed, velocity and pressure exerted by the end user when
signing his name and not just the image made.
25
• 14. Speaker Verification– a speech pattern analysis
of a behavioral biometric.
• Subsystems in this category are:
• • Fixed text system
• Free text system
• Speaker Dependent-is able to distinguish between
voices
• Speaker Separation– a system which is able to
differentiate between voices and blot out background
noise
• Speech Recognition-recognizes the words but not
the speaker
• Speaker Verification Application Program Interface-
API for speaker verification systems
• Text Dependent System-requires a speaker to say a
specific set of words
• Text Independent System-creates voiceprints from
unrestricted speech and does need a specific set of
words to be spoken
26
• Bring Your Own Authentication (BYOAuth) is a
computing concept in which an employee-owned
device, such as a key fob or smartphone, can be used
to provide authentication credentials within a
business environment.
• BYOAuth typically requires a standards-based
multifactor authentication (MFA) framework that
supports a wide variety of authentication
technologies, such as fingerprint scanning, voice
recognition or iris scanning. If the authentication
technology is built into a consumer mobile device, it
may be possible for an app to use the device's
capabilities to provide an authentication factor.

27
• Facial recognition (or face recognition) is a biometric
method of identifying an individual by comparing
live capture or digital image data with the stored
record for that person.
• Facial recognition systems are commonly used for
security purposes but are increasingly being used in a
variety of other applications. The Kinect
motion gaming system, for example, uses facial
recognition to differentiate among players. Some
mobile payment systems use facial recognition to
securely authenticate users, and facial recognition
systems are currently being studied or deployed for
airport security.

28
• Most current facial recognition systems work with numeric
codes called faceprints. Such systems identify 80 nodal points
on a human face. In this context, nodal points are end points
used to measure variables of a person’s face, such as the
length or width of the nose, the depth of the eye sockets and
the shape of the cheekbones. These systems work by
capturing data for nodal points on a digital image of an
individual’s face and storing the resulting data as a faceprint.
The faceprint can then be used as a basis for comparison with
data captured from faces in an image or video.
• Facial recognition systems based on faceprints can quickly
and accurately identify target individuals when the conditions
are favorable. However, if the subject’s face is partially
obscured or in profile rather than facing forward, or if the
light is insufficient, the software is less reliable. Nevertheless,
the technology is evolving quickly and there are several
emerging approaches, such as 3D modeling, that may
overcome current problems with the systems.

29
• Other biometric identification systems include
speaker recognition, iris recognition, skin texture
recognition, fingerprint scanning and
finger vein identification.

30
 voice authentication
• Voice authentication is a biometric method of speaker recognition based
on measuring the distinctions in individual voices to uniquely identify
users.
• Instead of a password, which might be forgotten or not strong enough
to ensure security, voice authentication allows people to use their
voices themselves as passwords. Voice authentication can also be used
in conjunction with other methods for multifactor authentication.
• The technologies behind voice authentication developed in tandem
through developments in speech synthesis and speech recognition, two
overlapping fields of study. Study of the structures used to produce
speech revealed hundreds of measurable characteristics that are distinct
in the voices of individuals. In combination, those metrics make up a
unique voice print for each user that is harder to fake than a finger print.
• There are two methods used in voice authentication: text-based
(constrained mode) and text-independent (unconstrained mode). Text-
based modes use scripted words which may also be verbal passwords;
the words used can be changed. Text-independent modes can use
whatever words are spoken to recognize individuals and thus can be
used for surreptitious identification. In each method, the recorded audio
waveforms are analysed to pick out hundreds of behavioral and
physiological individual characteristics.
31
• Identity theft, also known as identity fraud, is a
crime in which an imposter obtains key pieces of
personally identifiable information, such as Social
Security or driver's license numbers, in order to
impersonate someone else.
• The information can be used to obtain credit,
merchandise and services in the name of the
victim, or to provide the thief with false
credentials. In addition to running up debt, in rare
cases, an imposter might provide false
identification to police, creating a criminal record
or leaving outstanding arrest warrants for the
person whose identity has been stolen.
32
• Identity theft is categorized two ways: true name and
account takeover. True-name identity theft means the
thief uses personal information to open new accounts.
The thief might open a new credit card account, establish
cellular phone service or open a new checking account in
order to obtain blank checks.
• Account-takeover identity theft means the imposter uses
personal information to gain access to the person's
existing accounts. Typically, the thief will change the
mailing address on an account and run up a huge bill
before the person whose identity has been stolen
realizes there is a problem. The internet has made it
easier for an identity thief to use the information they've
stolen, because transactions can be made without any
personal interaction.

33
• There are many different examples of identity theft, such as:
• Tax-related identity theft, where a thief files a false tax return with the
Internal Revenue Service (IRS) using a stolen Social Security number.
• Medical identity theft, where a thief steals information, including
health insurance member numbers, to receive medical services. The
victim's health insurance provider may get the fraudulent bills, which
will be reflected in the victim's account as services they received.
• Child identity theft, where a child's Social Security number is misused
to apply for government benefits, open bank accounts and other
services. Children's information is often sought after by criminals, as
the damage may go unnoticed for a long time.
• Senior identity theft, where a senior is the target of an identity thief.
Seniors are often in contact with medical professionals and insurance
providers, and may be used to giving out their personal information.
They may also not be as aware of the scamming methods thieves use
to steal their information.

34
How to tell if your identity has been stolen
• Here are some warning signs that a person may be an identity
theft victim:
• Victim notices withdrawals from their bank account that
weren't made by them.
• Victim doesn't receive bills or other important pieces of mail
containing sensitive information.
• Victim finds false accounts and charges on their credit report.
• Victim is rejected from a health plan because their medical
records reflect a condition they don't have.
• Victim receives an Internal Revenue Service notification that
another tax return was filed under their name.
• Victim is notified of a data breach at a company that stores their
personal information.
• If a person has lost or has had his wallet containing bank cards,
driver's license and other forms of identification stolen, it is
possible their information may end up being used to commit
identity theft.
35
Password
• A password is a string of characters used to verify the
identity of a user during the authentication process.
Passwords are typically used in conjuncture with a
username; they are designed to be known only to the
user and allow that user to gain access to a device,
application or website. Passwords can vary in length
and can contain letters, numbers and special
characters. Other terms that can be used
interchangeably are passphrase for when the
password uses more than one word, and passcode
and passkey for when the password uses only
numbers instead of a mix of characters, such as a
personal identification number.
36
Creating a secure password
• Many organizations set password policies so
employees create strong passwords and use best
practices for their login credentials. Some of the best
practices for password requirements include:
• A minimum length of eight characters with a limit of
anywhere from 16 to 64 characters or possibly even
higher;
• The inclusion of both uppercase and lowercase
letters with case sensitivity;
• The use of at least one number; and
• The use of at least one special character.

37
• Two-factor authentication (2FA) -- 2FA requires users to provide two
authentication factors that include a combination of something the user
knows -- like a password or PIN; something the user has -- like an ID card,
security token or smartphone; or something the user is -- biometrics.
• Biometrics -- Biometric technology is mainly used for identification and
access control. Biometrics includes physiological characteristics such as
fingerprints or retinal scans, and behavioral characteristics such as typing
patterns and voice recognition.
• Multifactor authentication (MFA) -- MFA is similar to 2FA except that it is
not limited to only two authentication factors. It also uses something the
user knows, something the user has and something the user is.
• Tokens -- A security token is a physical hardware device like a smart card
or key fob that a user carries to authorize access to a network.
• One-time passwords (OTP) -- An OTP is an automatically generated
password that only authenticates a user for a single transaction or session.
These passwords change for every use and are typically stored on security
tokens.
• Social logins -- A social login in when users can authenticate themselves
on applications or websites by connecting to their social media account
such as Facebook or Google instead of using a separate login for each and
every site.
38
• Single-factor authentication (SFA) is the
traditional security process that requires a user
name and password before granting ...
See complete definition

39