June 17, 2005 By Thomas J. Fournier
In the post-911 environment of increased emphasis on security, biometric authentication of system users has received considerable focus as more business and government agencies seek to overcome the shortcomings of badge-and-pass code identification. Those shortcomings include high administrative costs as well as reduced certainty of authentication due to pass code and card sharing or theft.
Biometrics is synonymous with "biometry," the statistical study of biological phenomena. In our case biometrics more specifically refers to measuring unique physical characteristics for verification of personal identity. A number of biometric measurement techniques have been developed and are commercially available, including analysis and characterization of the human iris, fingerprints, hand, voice, face and even vein patterns.
In March of 2001 the National Physical Laboratory (NPL) in Middlesex, U.K. -- the UK's national standards laboratory -- published a study evaluating the efficacy of all six of these biometric authentication methods.(1)
The biometric study was conducted by NPL's Centre for Mathematics and Scientific Computing and it rigorously evaluated various biometric authentication devices using 200 volunteer subjects. NPL found that, when compared to the other five biometric identification methods, the iris-scanning method was the most accurate. Test subjects were "enrolled" onto the iris scan system by sitting before a small, special purpose digital camera and waiting a few seconds for the associated computer and software to characterize and memorize the unique patterns within the detail of one of their irises. From there the subject was invited back for multiple attempts at iris identification over a period averaging 55 days. The procedure on the follow up visits involved seeing whether the iris-scan system would accept or reject the subject's claimed identity based on comparing the current iris scan with the iris scan stored during enrollment. It also involved seeing if the system would accept them under a falsely claimed identity.
An inspector logs in. The iris scanner is the small tilted object on the table, below and to the left of the Vehicle Identification Number bar-code scanner. The inspector's eye appears on the top left of the monitor.
NPL found that the iris scan system had an impressive zero false acceptance rate, meaning that it never accepted a person claiming a false identity. Its false rejection rate -- meaning the frequency with which it denied access unfairly -- was only 1.8 percent for single tries and less than 0.2 percent when a legitimately enrolled subject tried as many as three times to get system access. All of the other biometric methods had false acceptance rates dramatically higher.
In general, where the sensitivity of a biometric measurement system is adjustable, there is a trade off between false rejection rates (legitimate user denied access) and false acceptance rate (illegitimate user allowed access). As the machine is adjusted to reduce the probability of letting an illegitimate user gain access, the number of legitimate users denied access tends to go up. For example, according to the NPL study, when the various systems tested operate so as to achieve a false acceptance rate of 0.01 percent (1 in 10,000 illegitimates gain access) the percentage of legitimate users that would be denied access is shown in