During enrollment in a biometric authentication system, step 1 is that the ________
In addition to biographic data, many ID systems collect fingerprints, iris scans, facial images, and/or other biometry to use for biometric recognition—automatic recognition of individuals based on their biological or behavioral characteristics (ISO/IEC 2382-37). This process involves comparing a template generated from a live biometric sample (e.g., a fingerprint or selfie) to previously stored biometric(s) to determine the probability that they are a match. Show Biometric recognition encompasses both biometric identification—the process of searching against a biometric enrollment database to find and return the biometric reference identifier(s) attributable to a single individual (i.e. 1:n)—and biometric verification—the process of confirming a biometric claim through biometric comparison (i.e. 1:1) (ISO/IEC 2382-37). These processes can be used to perform two distinct tasks in foundational ID systems:
Biometric recognition has rapidly proliferated in modern ID systems in part because it is currently the most accurate and efficient technology available for deduplicating large populations to ensure statistical uniqueness—particularly in countries without existing authoritative sources of identity information—and because it can provide a relatively high level of assurance during authentication. As such, biometrics can be a key ingredient in ensuring the trustworthiness of ID systems. At the same time, however, biometrics are not required or appropriate in all contexts. In particular, the collection and use of biometric data presents some particular data protection and exclusion risks and can significantly add to the cost of the ID system and add operational complexity. The choice to use biometrics—as well as the particular type of biometric data collected—should be informed by these risks and costs, as well as the objectives, planned use cases, and other constraints to the ID system identified in the planning phase. Additional analysis on biometric modalities and their use for authentication can be found in the ID4D Technology Landscape report. In addition, a more comprehensive ID4D Guide on Biometrics is forthcoming. Types of biometricsCountries that plan to use biometric recognition for deduplication and/or authentication can chose from a variety of biometric characteristics (i.e., “modes”). In general biometrics fall into two major categories:
This section provides a brief comparison of the primary biological biometrics used in national-scale ID systems for biometric recognition. For a more detailed evaluation some emerging biometric modalities (voice, vascular, DNA, etc.) see the ID4D Technology Landscape report. Table 28. Comparison of biometric technologies commonly used in ID systems
Source: Adapted from the Digital Identity Toolkit and Technology Landscape for Digital Development, and informed by expert consultations. As shown in Table 28, different biometric modes vary in terms of their:
In practice, many countries adopt a multimodal strategy and collect more than one type of biometric data. This is beneficial for multiple reasons:
The choice of which biometrics to use—if any—will have implications in terms of the trustworthiness and inclusivity of the ID system, as well as potential risks. These issues are discussed below, with particularly attention to inclusion challenges, use with children, and concerns regarding privacy and exclusion. Practitioners will also need to make related decisions regarding the technical standards used for biometric recognition, as well as back-end systems used for biometric deduplication. Figure 21. Key considerations for using biometrics
Challenges for accuracy and inclusionIn deciding the set of biometrics to use, special attention needs to be given to the ability to collect these characteristics from the entire population. For example, there are specific groups and conditions—both of which may be overrepresented in developing countries—where FTE errors during enrollment and FNMRs during biometric verification are likely to be more common. Where individuals are unable to enroll, or where authentication procedures fail to confirm that a person is who they claim to be, this will lead to exclusion. There are three categories of people that present difficulties for biometric recognition, including:
In addition, there are other factors that can lead to accuracy and inclusion challenges with biometric recognition, including:
Some of these issues may be addressed through:
To ensure the inclusion of this group, it is vital that the identity provider develop transparent and practical methods of exception handling. For duplicate biometric enrollment checks during registration, this could involve identity proofing by other means, such as witnesses, alternate documents, demographic deduplication, and more. For authentication, there must be alternative methods of proving someone’s identity when biometric verification fails or is not possible, in order to ensure that people are not denied access to rights and services for which they are eligible and entitled. Exception handling procedures must be complemented by strong grievance redressal mechanisms to ensure that no one is excluded or unfairly treated as a result of the ID system. This is also true for any other type of authentication method and is not limited to the use of biometrics. Children and biometricsOne persistent inclusion challenge with ID systems that use biometrics is that many biometrics take time to develop or stabilize after birth. For example, the viability of the following modes depends on age (see also Table 28):
Given that it is currently not feasible to capture stable biological biometrics at birth—nor are there yet clear use cases as part of a foundational ID system—countries have a few options for the use of biometrics for children in an ID system. The first option is to enroll young children without biometric information—or with information that will change over time—and either add or update this information at a later date (e.g., at the first year of high school, for practical reasons). A second option is simply to only include older children and adults in the ID system. Typically, such solutions also include linking the child’s record with their parents (see Box 29), which can also help establish statistical uniqueness of a child at the point of birth registration. Box 29. Examples of incorporating children into an ID system with biometrics or alternative methods of establishing uniqueness In the Indian state of Haryana, children are enrolled in Aadhaar using a parent’s number which is biometrically authenticated. The biometric data for the child must be uploaded when they turn five years old, and the identity re-registered at age 15. Peru’s ID system also collects infant biometric information (such as footprints and a photo) in combination with parent’s fingerprints. Countries may also implement a mandatory renewal period in order to update children’s biometrics and other information. In Argentina, for example, children are required to renew their ID at age 8. Indonesia’s population register (SIAK) covers all ages, however biometrics are collected at age 17 (or younger for married women) for the issuance of a national ID smartcard (e-KTP). A child’s identity record is created—and a unique ID number (NIK) assigned—at the time of birth registration, which is also when the child is included in the parents’ or guardian’s family registration book (KK) and a moment when the Ministry of Home Affairs checks if the child may have already been registered in the same KK (i.e. deduplication). A child ID card (KIA) is optional at any age up to the age of eligibility of an e-KTP. Source: Adapted from the Digital Identity Toolkit and Argentina Case Study (forthcoming). This is an area where technology is potentially changing fast, and companies and researchers are working to develop and test biometric capture devices specifically tailored for infants (e.g., foot geometry and ear shape). Privacy concerns for biometricsThe processing of biometric data—whether in raw image or template format, and whether encrypted or not—must be subject to the same legal, procedural, and technical controls used to protect other types of sensitive PII. In addition to the general risks of processing any type of PII, however, there are some particularities about biometric data that introduce additional privacy concerns, including that:
While legal measures (e.g., prohibiting the use of biometrics collected for the ID system for unauthorized surveillance or forensics) and technical controls (e.g., encryption of biometrics when stored and in transit) can improve the security of this data, no system is foolproof. For example, even if biometrics are stored as encrypted templates in order to eliminate the possibility of a thief accessing the original images, there is still the possibility that synthetic biometric images can be reconstructed from templates (see, for example Chu et al. 2012 and Cao & Jain 2015). (For this reason, keeping centrally-stored biometrics as templates does not substantially increase security; conversely keeping centrally-stored biometrics as images has additional benefits, such as the ability to generate new templates with a different algorithm). With improvements in artificial intelligence (AI) and machine learning, the ability to spoof biometrics is likely to become easier over time. Therefore, although it may be more difficult to steal a biometric than a password, the potential consequences of this theft—e.g., the inability to reissue a biometric and the inherent linkability of the data—may be more severe. Practitioners must fully weigh these risks against the potential benefits of using biometric recognition. Which one of the following is an example of twoSmart cards and biometrics is an example of two-factor authentication.
Which of the following is not one of the devices in radius central authentication?Security and Risk Management Midterm. Which of the following is the best description of twoTwo-factor authentication (2FA) is a security system that requires two separate, distinct forms of identification in order to access something. The first factor is a password and the second commonly includes a text with a code sent to your smartphone, or biometrics using your fingerprint, face, or retina.
Which of the following defines the crossover error rate for evaluating biometric systems?Which of the following defines the crossover error rate for evaluating biometric systems? EXPLANATION The crossover error rate, or the equal error rate, is the point where the number of false positives matches the number of false negatives in a biometric system.
|