Personal identification has always been at the core of data security and access control. Before the technological era, physical identification documents were used extensively in security controls. With the rise in technological innovation and complexities within human-computer interaction, biometric identification was born to alleviate the challenges associated with physical identification techniques. Over the years, digitization has made it crucial to enforce biometric systems across many platforms. Although biological identifiers have made businesses more efficient and safe, the system poses significant challenges to personal data security. The origins of biometric authentication fuelled by the need for seamless transactions led to a series of scientific and technological breakthroughs leading to various biometric authentication systems. Analyzing these systems leads to a more profound understanding of their current roles in society and the challenges and future implications.
The Origin and Evolution of Biometric Authentication
While biometrics have been around since the Babylonian kingdom, the first biometric authentication system was not established until the 1800s. Alphonse Bertillon devised a method for categorizing and comparing convicts based on their physical proportions (Thakkar, 2022). Despite its flaws, Bertillon’s technique was the trigger for employing physical traits to authenticate identity. Fingerprints became widely utilized to identify offenders and sign contracts in the 1880s (Thakkar, 2022). People’s distinct fingerprints, which are symbolic of one’s identity, became general knowledge making them useful for identification. Thakkar (2022) records that Edward Henry created the Henry Classifier Model fingerprint standard that formed the basis for further developments. Bertillon’s techniques were gradually phased out, and the Henry Classification Method became the norm for criminal identity validation. As a result, a century of inquiry into other distinct biological markers that could be utilized as a form of identification began.
Society has progressed from ancient personal identification methods, where individuals had limited alternatives for identifying others, to the age of pattern recognition and biometrics, where no external item or token is required to identify others. Harakannanavar et al. (2019) record that biometrics allow a person to be determined solely by their biological or behavioral features rather than by associations, possessions, or any other hidden information. Biometrics, which uses technology to speed up the process of personal authentication, was born out of the necessity for precise identification. Considering of the changing technological landscapes, more innovative solutions to personal identification are likely to be developed in the future.
The Biometric Authentication Process
The system of operation of biometric authentication is such that specific users’ data is captured and compared to the saved sample for decision-making. Biometric systems, at their basic level, are pattern matching systems that capture biometric correlations or characteristics using either image capture devices, such as cameras, or sound or motion acquisition devices. A biometric system’s operation can be broken down into two parts, as shown in fig. 1 below; the enrollment (learning) phase and the authentication (verification) phase (Harakannanavar et al., 2019). The enrolment stage is in charge of identifying a specific person in the training system. The enrolling procedure directly impacts the efficiency, accuracy, and utility of a biometric system. As an initial stage, it is structured such that unique identifiers lead to a specific individual in the system. So far, this process has been efficient, enabling organizations and formal institutions to prevent unauthorized access in a fast and seamless process.
A biometric system collects the set of credentials over one or more collection cycles during the enrolling process. This representation is processed by a feature extractor, which produces a template, which is a more concise and descriptive representation (Harakannanavar et al., 2019). The size and proportional placements of the eyes, nose, and mouth retrieved from a face image are examples of these traits. Each user’s template is then saved in a central database for the verification process. In the latter stage, a single marker is pre-processed in comparison to the stored sample. This step reveals the essence of biometric identification since an individual can only be allowed by the system based on the ratio of similarity. This way, the technique enables the responsible parties to make crucial decisions that would have otherwise taken long to initiate and finalize.
Common Biometric Identification Methods
While fingerprint identification was the first technique following the innovation, other methods such as face and iris recognition have been established, adding to the diversity and facilitating a more straightforward identification process. With a wide range of options, different entities can select an authentication method that best suits their needs within the specific circumstances. Notably, each technique has merits and drawbacks that should be considered in decision-making. As the business environment changes, other identification methods may be developed.
A fingerprint recognition system is among the oldest personal identification methods that involve matching a series of system-stored data to a person’s fingerprint captured. The pattern, which appears as a series of black lines and white spaces, creates a verification platform that enables a matching criterion (Rui & Yan, 2018). Although this mode has facilitated easy and quick transactions, it is limited by the condition of the finger. Notably, if the finger is damp and wrinkled, the biometric characteristic recognition rate suffers. Therefore, research should be extended in this area to develop systems that account for minor injuries and finger dampness.
Face recognition systems are the second-most used techniques due to their ease of application and interpretation. Face recognition technologies have sprung out as a result of the idea that each individual has a unique face characteristic that can be utilized for authentication. High-resolution cameras capture the face, which is then used as a reference for matching (Harakannanavar et al., 2019). To identify or validate a person’s identity, the template is then matched utilizing multiple pattern matching approaches. The main drawback of this method is that variations in illumination and changes in face position affect the accuracy of the face detection, calling for further inquiry into a more effective system.
The hand geometry is unique for every person, providing an essential personal identification technique. Although it is used minimally in business operations, this approach is practical in that it compares a person’s hand geometry, measured by three or more fingers, to the sample stored in the database. Harakannanavar et al. (2019) note that this method is disadvantageous due to its large hardware requirement. Iris and retina recognition are also recognized as viable authentication methods that are mainly applied in high-security systems. DNA identification is the newest method that provides advanced security measures regarding to identification. However, due to the complex data acquisition processes involved and the fact that it is not automatic, this approach is rarely used in ordinary authentication schemes (Harakannanavar et al., 2019). It is primarily reserved for highly sensitive applications for which another method may be ineffective.
Applications and Advantages of Biometric Authentication
The development of biometric identification techniques was derived from the need for improved systems that would solve the inherent limitations experienced with passwords and unlock tokens. Before the introduction of biometric systems, denial of service was a significant problem whereby subsequent entry of wring details caused the system to crash, posing additional challenges (Rui & Yan, 2018). Nonrepudiation is a considerable benefit derived from biometric techniques that were not available in the traditional authentication methods. For as long as the system provides a sufficient matching ratio for access, the user’s credentials cannot be disputed.
Backed by the benefits identified above, many organizations and institutions have applied biometric technologies for more efficient operations. Financial institutions such as banks have applied these systems for online transactions through mobile platforms and in-person transactions that initially required identity cards for authorization (Thakkar, 2022). Some schools have also adopted biometric systems to facilitate students’ admissions and service delivery within the institutions. The need for security personnel has also been reduced by biometric systems for entry into facilities.
Current Challenges and the Future of Biometric Authentication
While biometrics has several benefits for specific businesses, there are also concerns about its application. Organizations may, for example, ignore the security of data-driven security solutions, posing hazards to data security (Memon, 2017). If malicious actors intercept biometric data as it is being transferred to a centralized database, they can use it to execute other transactions fraudulently. Malicious people could obtain sensitive data, including private messages and financial details, by capturing a user’s biometric data and employing it to open a biometric-secured device.
Another possible concern with biometric identification is that, once a link is established, an institution may use it for applications apart from those for which it was designed. Memon (2017) remarks function creep, which entails unauthorized use of personal data, is one of the significant threats to privacy. For example, a firm may consider the technology valuable for a staff monitoring system, but after installing a biometric system, the corporation may discover that it can track an individual’s exact location. When a system is vulnerable to replay attacks, client biological information is frequently leaked, which is also a type of privacy disclosure.
Inappropriate disclosure of personal data is a potential hazard, leading to privacy and security concerns. There are two ways to divulge personal data in biometric authentication mechanisms: practical contexts and network environments (Memon, 2017). People can reveal their biological data in existing at any time, including fingerprints left upon touching certain products, signatures left when transacting with a credit card, face and iris data contained in high resolution images, voice captured in public places, and so on. Biometric data could be stolen, interfered with, or wrongly utilized during storage and transfer in a network context.
An automatic way of distinguishing a person’s physiological or behavioral feature constitutes biometric technologies. The numerous forms of biometric authentication mechanisms were addressed in this study. Colleges, government offices, and businesses are among the civilian and industrial uses of biometrics-based identification that are gaining traction today. With its various application areas, biometric technologies provide solid user authentication. However, the system should be evaluated to prevent unauthorized use of personal data beyond the purposes for which it was collected to minimize the privacy challenges.
Harakannanavar, S. S., Renukamurthy, P. C., & Raja, K. B. (2019). Comprehensive study of biometric authentication systems, challenges and future trends. International Journal of Advanced Networking and Applications, 10(4), 3958-3968. Web.
Memon, N. (2017). How biometric authentication poses new challenges to our security and privacy [in the spotlight]. IEEE Signal Processing Magazine, 34(4), 196-194. Web.
Rui, Z., & Yan, Z. (2018). A survey on biometric authentication: Toward secure and privacy-preserving identification. IEEE Access, 7, 5994-6009. Web.
Thakkar, D. (2022). Biometric authentication now and then: History and timeline. Bayometric. Web.