ISO/IEC TR 24741:2007
(Main)Information technology — Biometrics tutorial
Information technology — Biometrics tutorial
ISO/IEC TR 24741:2007 describes the main biometric technologies, with some historical information. An annex describes the work of creating International Standards for biometrics and provides a layered model for the placement of the various International Standards being produced, with a short description of each. A second annex contains some of the terms and definitions currently used in these International Standards or the drafts of these International Standards.
Technologies de l'information — Tutoriel biométrique
General Information
Relations
Standards Content (Sample)
TECHNICAL ISO/IEC
REPORT TR
24741
First edition
2007-09-15
Information technology — Biometrics
tutorial
Technologies de l'information — Tutoriel biométrique
Reference number
ISO/IEC TR 24741:2007(E)
©
ISO/IEC 2007
---------------------- Page: 1 ----------------------
ISO/IEC TR 24741:2007(E)
PDF disclaimer
This PDF file may contain embedded typefaces. In accordance with Adobe's licensing policy, this file may be printed or viewed but
shall not be edited unless the typefaces which are embedded are licensed to and installed on the computer performing the editing. In
downloading this file, parties accept therein the responsibility of not infringing Adobe's licensing policy. The ISO Central Secretariat
accepts no liability in this area.
Adobe is a trademark of Adobe Systems Incorporated.
Details of the software products used to create this PDF file can be found in the General Info relative to the file; the PDF-creation
parameters were optimized for printing. Every care has been taken to ensure that the file is suitable for use by ISO member bodies. In
the unlikely event that a problem relating to it is found, please inform the Central Secretariat at the address given below.
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2007
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means,
electronic or mechanical, including photocopying and microfilm, without permission in writing from either ISO at the address below or
ISO's member body in the country of the requester.
ISO copyright office
Case postale 56 • CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland
ii © ISO/IEC 2007 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC TR 24741:2007(E)
Contents Page
Foreword . v
Introduction. vi
1 Scope.1
2 Introduction and general history .1
2.1 What are biometric technologies?.1
2.2 History.2
3 Technology overview.3
3.1 Eye technologies.3
3.1.1 Iris characteristics.3
3.1.2 Retina characteristics.3
3.2 Face technologies.4
3.3 Finger ridge technologies.4
3.3.1 Finger scanning.4
3.3.2 Finger image verification.5
3.3.3 Finger image identification.5
3.3.4 Palm technologies.5
3.4 Hand geometry technologies.6
3.5 Finger geometry technologies.6
3.6 Dynamic signature technologies.6
3.7 Speaker recognition technologies.7
3.8 Vein patterns.7
3.9 Keystrokes.8
3.10 Possible future biometric technologies .8
3.10.1 Scent.8
3.10.2 DNA.8
3.10.3 Ear shape.8
3.10.4 Body potential differences .8
4 A general biometric system .9
4.1 Conceptual diagram of a general biometric system .9
4.2 Conceptual components of a general biometric system .10
4.2.1 Data capture subsystem.10
4.2.2 Transmission subsystem.10
4.2.3 Signal processing subsystem.11
4.2.4 Data storage subsystem.11
4.2.5 Matching subsystem.12
4.2.6 Decision subsystem.13
4.2.7 Administration subsystem.14
4.2.8 Interfaces.14
4.3 Functions of a general biometric system.14
4.3.1 Enrolment phase.14
4.3.2 Recognition phase.15
5 Fundamental concepts.16
6 International Standards for biometrics technical interfaces .18
6.1 BDBs and BIRs.18
6.2 Common Biometric Exchange Formats Framework (CBEFF) .19
6.3 The BioAPI International Standard .19
6.4 The BIP International Standard.20
© ISO/IEC 2007 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC TR 24741:2007(E)
7 Performance testing.20
7.1 General.20
7.2 Types of technical tests .21
8 Biometrics and information security.22
9 Example applications.23
9.1 Law enforcement.23
9.2 Civilian applications.23
9.2.1 Banking applications.24
9.2.2 Benefit systems.24
9.2.3 Computer systems access.24
9.2.4 Immigration control.24
9.2.5 National identity cards.24
9.2.6 Physical access control .24
9.2.7 Prisons and police applications .25
9.2.8 Telephone systems.25
9.2.9 Time, attendance and monitoring applications .25
9.2.10 Civil background checks.25
10 Biometrics and privacy.25
10.1 General.25
10.2 Biometric technology acceptability.26
10.3 Protection from identity theft .26
10.4 Privacy.26
11 Conclusions.27
Annex A (informative) A brief summary of International Standards activity .28
A.1 Background on biometrics standardization.28
A.2 Layers or areas of biometric standardization and Working Groups.28
A.3 Layer 1 Standards (approved or in preparation for initial standards).30
A.4 Layer 2 Standards (approved or in preparation for initial standards).30
A.5 Layer 3 Standards (approved or in preparation for initial standards).30
A.6 Layer 4 Standards (approved or in preparation for initial standards).31
A.7 Layer 5 Standards (approved or in preparation for initial standards).31
A.8 Layer 6 Standards (approved or in preparation for initial standards).31
A.9 Layer 7 Standards (approved or in preparation for initial standards).31
A.10 Vocabulary work (approved or in preparation for initial standards).31
A.11 A brief summary of the above Standards or Technical Reports .32
A.11.1 Layer 1 Standards.32
A.11.2 Layer 2 Standards.36
A.11.3 Layer 3 Standards.38
A.11.4 Layer 4 Standards.38
A.11.5 Layer 5 Standards.38
A.11.6 Layer 6 Standards.39
A.11.7 Layer 7 Standards.40
A.11.8 Vocabulary Standards.40
Annex B (informative) Terms and definitions used in International Biometric Standards .41
B.1 General concepts.41
B.2 Data-related terms.42
B.3 Capture-related terms.44
B.4 Enrolment-related terms.44
B.5 Process and system-related terms.45
B.6 Person-related terms.46
B.7 Comparison-related terms.47
B.8 CBEFF-related terms.51
B.9 BioAPI-related terms.52
B.10 Application-related terms.52
B.11 Performance-related terms.53
Bibliography.55
iv © ISO/IEC 2007 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC TR 24741:2007(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
In exceptional circumstances, the joint technical committee may propose the publication of a Technical Report
of one of the following types:
— type 1, when the required support cannot be obtained for the publication of an International Standard,
despite repeated efforts;
— type 2, when the subject is still under technical development or where for any other reason there is the
future but not immediate possibility of an agreement on an International Standard;
— type 3, when the joint technical committee has collected data of a different kind from that which is
normally published as an International Standard (“state of the art”, for example).
Technical Reports of types 1 and 2 are subject to review within three years of publication, to decide whether
they can be transformed into International Standards. Technical Reports of type 3 do not necessarily have to
be reviewed until the data they provide are considered to be no longer valid or useful.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC TR 24741, which is a Technical Report of type 3, was prepared by Joint Technical Committee
ISO/IEC JTC 1, Information technology, Subcommittee SC 37, Biometrics.
© ISO/IEC 2007 – All rights reserved v
---------------------- Page: 5 ----------------------
ISO/IEC TR 24741:2007(E)
Introduction
“Biometric authentication” is the automatic recognition of individual persons based on distinguishing biological
and behavioural traits. The field is a subset of the broader field of human identification science. Example
technologies include fingerprinting, face recognition, hand geometry, speaker recognition and iris recognition.
At the current level of technology, DNA analysis is a laboratory technique not fully automated and requiring
human processing, so it is not considered “biometric authentication” under this definition (it is not currently
automatic and fast, but may become so in the near future).
Some techniques (such as iris recognition) are more biologically based and some (such as signature recognition)
are more behaviourally based, but all techniques are influenced by both behavioural and biological elements.
There are no purely “behavioural” or “biological” biometric systems.
Biometric authentication is frequently referred to as simply “biometrics”, although this latter word has
historically been associated with the statistical analysis of general biological data. The word “biometrics”, like
“genetics”, is usually treated as singular. It first appeared in the vocabulary of physical and information
security around 1980 as a substitute for the earlier descriptor “automatic personal identification”, in use in the
1970s. Biometric systems recognize “persons” by recognizing “bodies”. The distinction between person and
body is subtle, but is of key importance in understanding the inherent capabilities and limitations of these
technologies. In our context, biometrics deals with computer recognition of patterns created by human
behaviours and biological structures, and is usually associated more with the field of computer engineering and
statistical pattern analysis than with the behavioural or biological sciences.
Today, biometrics is being used to recognize individuals in a wide variety of contexts, such as computer and
physical access control, law enforcement, voting, border crossing, social benefit programs and driver licensing.
vi © ISO/IEC 2007 – All rights reserved
---------------------- Page: 6 ----------------------
TECHNICAL REPORT
ISO/IEC TR 24741:2007(E)
Information technology — Biometrics tutorial
1 Scope
This Technical Report provides a tutorial on biometrics.
It contains a description of the architecture of biometric processes and of the processes themselves.
An annex provides further details of International Standards' activity in the field of biometrics.
A further annex provides terms and definitions that are in use in these International Standards.
2 Introduction and general history
2.1 What are biometric technologies?
The all-encompassing term ‘biometrics’ refers to the quantification or statistical analysis of biological
characteristics. In this context, we are concerned with technologies that analyze human characteristics for
recognition security purposes. The statistical science of biometrics, usually used in biomedical contexts, is a
separate discipline. A broadly accepted definition of biometrics for recognition states that:
A biometric is a unique, measurable characteristic or trait for automatically recognizing or verifying the identity
of a human being.
The agreed SC37 definition comes in two parts, and broadly agrees with the above. It is recommended that
the word biometric be normally used only as an adjective, and not where the fuller term biometric
characteristic (as above) would be more appropriate. We have for adjectival use:
biometric
of or having to do with biometrics
and for noun use:
biometrics
automated recognition of individuals based on their behavioural and biological characteristics
So, biometric technologies are concerned with the physical parts of the human body or the personal traits of
human beings, and the recognition of individuals based on either or both of those parts or traits. It is important
to note the term ‘automatic’ in the above definition. This essentially means that a biometric technology must
recognize or verify a human characteristic quickly and automatically, in real time. (A fuller explanation of the
various biometric technologies is given in clause 3.) In summary the most common physical biometric
characteristics are the eye, face, fingerprints, hand and voice; while signature, typing rhythm and gait are the
most common behavioural biometric characteristics. Use of DNA is excluded today, as it is not yet a fast
automated process, although that is likely to change in the next few years.
© ISO/IEC 2007 – All rights reserved 1
---------------------- Page: 7 ----------------------
ISO/IEC TR 24741:2007(E)
2.2 History
In a non-sophisticated way, biometric characteristics have been used for centuries. Parts of our bodies and
aspects of our behaviour have historically been used, and continue to be used, as a means of identification.
The study of fingerprinting dates back to ancient China; we often remember and identify a person by their face
or by the sound of their voice; and a signature is the established method of authentication in banking, for legal
contracts and many other walks of life.
The modern science of recognizing people based on physical measurements owes much to the French police
[3] [11]
clerk, Alphonse Bertillon, who began his work in the late 1870s (Beavan, 2001 ; Cole, 2001 ). The
Bertillon system involved multiple measurements, including height, weight, the length and width of the head,
width of the cheeks, and the lengths of the trunk, feet, ears, forearms, and middle and little fingers.
Categorization of iris colour and pattern was also included in the system. By the 1880s, the Bertillon system
was in use in France to identify repeat criminal offenders. Use of the system in the United States for the
identification of prisoners began shortly thereafter and continued into the 1920s.
Although research on fingerprinting by a British colonial magistrate in India, William Herschel, began in the
late 1850s, knowledge of the technique did not become known in the western world until the 1880s (Faulds,
[13] [18] [16]
1880 ; Herschel, 1880 ) when it was popularized scientifically by Sir Francis Galton (1888) and in
[47]
literature by Mark Twain (1893). Galton’s work also included the identification of persons from profile facial
measurements.
By the mid-1920s, fingerprinting had completely replaced the Bertillon system within the U.S. Bureau of
Investigation (later to become the Federal Bureau of Investigation). Research on new methods of human
identification continued, however, in the scientific world. Handwriting analysis was recognized by 1929
[36] [44]
(Osborne, 1929 ) and retinal identification was suggested in 1935 (Simon and Goldstein, 1935 )
None of these techniques was "automatic", however, so none meets the definition of “biometric authentication”
being used in this Technical Report. Automatic techniques require automatic computation (and are expected
to be fast). Work in automatic speaker recognition can be traced directly to experiments with analogue filters
[38]
done in the 1940s (Potter, Kopp and Green, 1947 ) and early 1950s (Chang, Pihl, and Essignmann, 1951
[10] [39]
). With the computer revolution picking up speed in the 1960s, speaker (Pruzansky, 1963 ) and
[46]
fingerprint (Trauring, 1963 ) pattern recognition were among the very first applications in automatic signal
processing. By 1963, a “wide, diverse market” for automatic fingerprint recognition was identified, with
potential applications in “credit systems”, “industrial and military security systems” and for “personal locks”.
[6] [17]
Computerized facial recognition research followed (Bledsoe, 1966 ; Goldstein, Harmon, and Lesk, 1971 ).
In the 1970’s, the first operational fingerprint and hand geometry systems were fielded (for example, the
[52]
Identimat system), results from formal biometric system tests were reported (Wegstein, 1970 ;), measures
[27]
from multiple biometric devices were being combined (Messner, Cleciwa, Kibbler, and Parlee, 1974 ; Fejfar,
[14] [28]
1978 ) and government testing guidelines were published (NBS, 1977 ).
Running parallel to the development of hand technology, fingerprint biometrics were making progress in the
60s and 70s. During this time a number of companies were involved in automatic identification of fingerprints
to assist law enforcers. The manual process of matching prints against criminal records was laborious and
used up far too much manpower. Various fingerprint systems developed for the FBI in the 1960s and 70s
increased the level of automation, but these were ultimately based on human fingerprint comparisons.
Automated Fingerprint Identification Systems (AFIS) were first implemented in the late 70s, most notably the
Royal Canadian Mounted Police AFIS in 1977. The role of biometrics in law enforcement has mushroomed
since then and Automated Fingerprint Identification Systems (AFIS) are used by a significant number of police
forces throughout the globe. Building on this early success, fingerprinting is now exploring a range of civilian
markets.
In the 1980s, fingerprint scanners and speaker recognition systems were being connected to personal
computers to control access to stored information. Based on a concept patented in the 1980s (Flom and Safir,
[15] [12]
1987 ), iris recognition systems became available in the mid-1990s (Daugman, 1993 ). Today there are
close to a dozen approaches used in commercially-available systems, utilizing hand and finger geometry, iris
and fingerprint patterns, face images, voice and signature dynamics, computer keystroke, and hand vein
patterns.
2 © ISO/IEC 2007 – All rights reserved
---------------------- Page: 8 ----------------------
ISO/IEC TR 24741:2007(E)
Today’s speaker verification systems have their roots in technological achievements of the 1970s, while
biometric technologies such as signature verification and facial recognition are relative newcomers to the
industry. The migration from R&D towards commercialization continues today. Research in universities and
by biometric vendors throughou
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.