Getting started with biometric locks?

Question

I am not sure if this is the place to ask this question and if it is not, i would really appreciate it if you could direct me to the right place. I wanted to understand the functionality and the system behind biometric locking. I was wondering where i could begin and the different kind of bio signals or prints that could be used for it.

Answer 1

In a lock you have a key (in a normal lock it is an actual key) having some features (grooves, indentations, crenellations) that

• are difficult (ideally impossible) to duplicate
• are difficult (" ") to tamper with, and do not degrade/change with time
• are easy to verify
• generate a very large keyspace (reducing the feasibility of a brute force approach)
• are cheap to make ;-)

In a biometric lock the key is a living organism (e.g. you), hence the bio- part, and the features are some measurements (hence the -metric) on said organism.

Several measurements can be taken from a human being, but when you check them out with the above checklist some difficulties pop out:

• fingerprints are easy to duplicate
• retinal image is complex to acquire
• the voiceprint is prone to changes
• muscle memory is again prone to changes
• DNA scan is either slow, or not sufficiently accurate

In all cases, you also need to verify that the sample is valid (e.g. the DNA is "pure" and comes from an actual living human, rather than having been spliced from a stolen handkerchief).

Whenever a measurement is prone to changes, it needs either to be measured with great accuracy and multiple attempts (which becomes awkward), or the acceptance criteria need to be relaxed; and in that case the "keyspace" shrinks and the duplicability of the measurement may become easy (e.g. computer generated voice samples from recordings).

Mixing several measurements, also adding in the mix some that per se would not be reliable, can increase accuracy and reduce the vulnerability. For example a fingerprint reader could be equipped with several individually unreliable sensors to verify:

• the IR emission (passive) is that of a live human finger
• the IR emission (passive) shows fluctuations at approximately the heartbeat frequency
• the IR and visible reflectivity (active) are those of human flesh with nothing (such as a thin fingerprint-printed silicone layer) between sensor and flesh (optionally we could measure oxygen and CO2 saturation)
• dielectric characteristics are those of a human finger ...

The problem becomes then one of cost (and false negatives: a sweaty finger might be electrically misread, nail enamel or dirt might change or impair blood readings, oxygen saturation could vary due to medical reasons...).

Once the "defense" sensors have given their okay, you run a feature extractor on the raw signal, and from the basic features and an average feature survey you can establish the information associated to each feature.

For a fingerprint, the "features" could be the presence and (relative) position of specific markings - ridges, whorls, loops and so on. For human voice, the spectral content of same. For muscle memory, the timings and precision of some well-known and repetitive task such as typing one's name on a keyboard. For DNA it could simply be a given DNA sequence (...ACTGATTTCAAC...). And so on.

Ultimately this yields a string of bits, which is the representation of the signal also "cleaned" of unwanted variations (in the fingerprint case, these would be caused by finger pressure, speed, alignment; in the DNA case we would look for a sequence between two easily recognized and unique 'marker' sequences, possibly amplified and reconstructed from several samples) and noise (in the finger's case, possibly dirt or sweat).

It is then a matter of searching a user database for the desired string. Finally this yields a basic information ("found" or "not found") and possibly a user identification ("Found: user ID 123456").