Biometric Identification

Last updated
November 27th, 1998

Simo Huopio
Department of Computer Science
Helsinki University of Technology
Simo.Huopio@iki.fi

Seminar on Network Security:
"Authorization and Access Control in Open Network Environment"


 

Abstract

Accurate and automatic identification and authentication of users is a fundamental problem in network environments. Shared secrets such as PINs or passwords and key devices like smart cards just are not enough in some cases. What is needed is something that could verify that you are physically the person you claim to be - biometrics.

Biometric identification technologies have been associated generally with very costly top secure applications. Today the core technologies have evolved and the cost of the equipment is going down dramatically due to the integration and increasing processing power. Certain applications of biometric identification technology are now cost-effective, reliable and highly accurate. As a result, there is no technological or financial barriers for stepping from the pilot projects to widespread deployment. This paper introduces the biometric technologies and the problematics incorporated.

Table of Contents

top of page
Abstract

1. Introduction
    1.1 History
2. Definitions
3. Biometrics
    3.1 Eye
        3.1.1 Iris
        3.1.2. Retina
    3.2 Face
    3.3 Fingerprint
    3.4 Hand geometry
    3.5 Finger geometry
    3.6 Palm
    3.7 Signature
    3.8 Voice
    3.9 Future biometrics
4. Comparison
5. Integration
    5.1 APIs
    5.2 Applications
    5.3 Privacy
6. Conclusions
7. References

Further Information
Glossary
Links
Companies

1. Introduction

Before we go any further let us define exactly what we mean when we talk about biometric technologies. The term 'biometrics' refers strictly speaking to a science involving the statistical analysis of biological characteristics. Here biometrics is used in a context of analysing human characteristics for security purposes. The distinction can be clarified with following definition:

"A biometric is a unique, measurable characteristic or trait of a human being for automatically recognizing or verifying identity."

This measurable characteristic, Biometric, can be physical, such as eye, face, finger image, hand and voice or behavioural, like signature and typing rhythm. Biometric system must be able to recognize or verify it quickly and automatically.

It is often said that with biometric products you are able to reach the highest level of security. To help illustrate this point, a much quoted definition is used by the biometrics industry. Three levels of security are:

It is clear that people see exciting potential in this technology. One has to keep in mind that biometric technologies are not even at their best the sole key to security problems. Only with proper system design and smart use of strong cryptography biometric identification systems can claim their big promises. On worst scenarios possibilitiy of wholy new kind of fraud is ade possible. This is due to the fact that biometric information of large amount of inividuals stored on central databases is always a risk to our privacy.

1.1 History

The human beings themselves recognize each other by familiar characteristics of the face and voice, this inbuilt system is very sophisticated. The human beings have noticed the need for verifiable measurements to assure that the human sensors are not cheated. Biometrics as the word we have defined here have existed for centuries in a very simple and non sophisticated way; at the time of pharaohs height measurement was used, study of finger images dates back to ancient China. Also signatures have been an established authentication method throughout the recent history.

Automatic Biometric technology was first applied in controlling access in some top secret applications. In the late 1960’s famous device called "Identimat” was introduced.  It was a machine that measured finger length and shape of the hand and was installed in a time-keeping system at Shearson Hamill, a Wall Street investment firm. It was retired as late as 1987! [8] FBI began automatically check finger images at late 1960s and began larger scale use of automatic finger scanning systems in 70s. Today Automated Fingerprint Identification Systems (AFIS) are used by law enforcement throughout the world. [11,13]

Other technologies are younger and more complex. The uniqueness of human eye, especially on patterns of retina and iris,  was used first time in the mid 1980s on a biometric system. Face recognition and dynamic signature verification are even newer issues.

Today the emphasis has moved from the basic research towards commercialization and usability. The human factor and user interface aspects has to be taken count of, otherwise the public will choose the old, conventional way to do things. [18]

2. Definitions

Biometrics can be used for identification and verification of different things about human beings.

Identification a.k.a recognition is one-to-many comparing process fo a biometric sample or a code derivated from it against all of the known biometric reference templates on file. If the acquired sample matches a template stored within error marginal the identity of the enrollee is also matched to that of the previously stored reference. The stored identity information really should not reveal the physical identity of the owner of the biometric, but instead a role which authorizes the use of service or access.

Verification is process of comparing a submitted biometric sample against single biometric reference of a single enrollee whose identity or role is being claimed. The reference template doesn't have to reside in large database but can be carried with oneself within a smart card or other security device. If the verification process is well designed the biometric information is not revealed to the system, only the result: match or non-match is confirmed.

All biometric identification or authentication technologies operate using the following four stage procedure:

When comparing different biometrics the probabilities of false rejection (FRR) of true owner ot biometric and false acceptance of fraudulent user (FAR) are used to measure the accuracy and performance of  biometric technology.

Physical Biometric devices have 3 primary components:

On biometric systems there are various template storage options. The biometric template can reside in

3. Biometrics


Biometric systems come in many shapes and sizes. This can range from distinct hardware, software to complete systems. All biometric systems have the principles of capture, extraction and comparison and matching in common. Different biometrics,  measures or traits of human body focus on very different features. Only thing common among them is that they are considered unique.

3.1 Eye

Biometrics which analyze the eye are generally thought to offer the highest levels of accuracy. They can be divided in two specific technologies: examination of iris and retina patterns. As internal parts of human eye are very well protected the sight being the most important sensor, the biometric data is also safe and immune to degradation in normal life on the contrary to more external parts like fingertips.

In medical science examination of the eye is used as one indication that could reveal the certain illnesses and for example the users excessive usage of drugs and alcohol. This is information the user does not necessarily want to reveal to the operator of the scanning device. According to the equipment manufacturers, they concentrate into extracting the unique pattern from the eye, and not any other information, thus ensuring the privacy of user. Still, as the analysis of the eye information is done in software new features can and could be incorporated in the software without notice.

3.1.1 Iris

The iris is a protected internal organ of the eye, behind the cornea and the aqueous humour. Visually examined iris is the coloured ring of textured tissue that surrounds the pupil of the eye. Each iris is a unique structure, featuring a complex system which is stable and unchanging throughout life. When analysed the information density of iris patterns is roughly 3.4 bits per square millimetre and complexity has about 266 degrees of freedom. [6] The iris is closely connected to the human brain and is said to be one of the first parts of the body to decay after death. [15] This makes recreation or use of a dead eye for fraudulent purposes very difficult. Additional tests that can be used against eye replicas can include testing the natural pupillary motion and unique refractions to different infrared light sources.

Iris scanning visualized
Picture 2: Visualization of iris scan and extracted "IrisCode"
Picture (C) IriScan, Inc.


 


The image of iris is captured with a black and white video camera in a well lit environment. The pattern is extracted after elastic deformations, such as pupillary dilation and constriction, are reversed mathematically which is possible after localizing the inner and outer boundaries of iris. After pseudo polar cordinate mapping and using method called complex valued 2D Gabor wavelets a bit stream, typically total 256 bytes of information, is obtained. The amount and uniqueness of extracted information make the False Accept probability lowest of all known biometrics. [3] The scanning can be made from the distance of few meters so the user does not feel the process intrusive.

3.1.2.Retina

The retina is the layer of blood vessels situated at the back of the eye. As with iris, the retina forms a unique pattern and begins to decay quickly after death. Retina biometrics are often thought, along the iris scanning, to be the most accurate of all the biometrics. [15]

The technique used to capture data from the retina is often thought to be the most inconvenient for end users. An user must position the eye approximately three inches from an eyepiece, stabilize head movement and focus on a green dot. After this has been performed the system uses a beam of light to capture the unique characteristics in the area known as fovea, situated in the center of retina.

Because of the high accuracy, the retina biometrics are usually to be found in high security applications where preventing false acceptance is extremely important. Partly this is achieved by setting high threshold for accepting the scanned biometric.

3.2 Face

Face recognition technologies analyze the unique shape, pattern and positioning of facial features. The face is natural  biometric because it is a key component in the way we humans remember and recognize each other. Face recognition is very complex technology and largely software based. Artificial intelligence is used to simulate human interpretation of faces. [16] The problem with human face is that people do change over time; wrinkles, beard, glasses and position of the head can affect the performance considerably. To increase the accuracy and adapt to these changes some kind of machine learning has to be implemented.

There are essentially two methods of capture: using video or thermal imaging. Video is more common as standard video cameras can be used. The precise position and angle of the head and surrounding lightning conditions may affect the system's performance. The complete facial image is usually captured and a number of points on the face can then be mapped, position of the eyes, mouth and nostrils as a example. More advanced technologies make three-dimensional map of the face which multiplies the possible measurements that can be made. Thermal imaging has better accuracy as it uses facial temperature variations caused by vein structure as the distinguishing trait. As the heat pattern is emitted from the face itself without source of external radiation these systems can capture images despite the lighting conditions, even in the dark. The drawback is cost, thermal cameras are significantly more expensive than standard video. [15, 16]

One-to-one verification is mainly used with this method. Certain new systems have announced the possibility to one-to-many identification, even real time from live video feed.

An example application of using face biometric could be strict file access control: the video stream from camera attached to monitor is monitored by program which ensures that the legitimate user's face is on the sight all the time when classified information is manipulated onscreen. If the user turns away or goes away from the screen the secret files are hidden from the screen.

3.3 Fingerprint


Fingerprint scanning a.k.a fingerscanning is one of the most commercially successful biometric technologies today. [16] It is widely accepted that no fingers have identical prints, even from the same person or identical twins. Systematic classification of fingerprints started in the 1800's and is developed further trough extensive use in forensic societies. The technology has got fairly positive user response in the enrolled pilot projects, while drawbacks and disappointments have occurred trough the years. Taking ones fingerprints is often associated in the way criminals are treated. Also the used systems have not always shown even nearly the ideal performance which have been reached in clean and sterile laboratory environment.


Picture 3: Digitized fingerprint image with the minutiae points extracted.
Image (C) 1998 Idex AS

Traditional fingerscanning technique is analysis of small unique marks of the finger image known as minutiae. Minutiae points such as finger image ridge endings or bifurcations, branches made by ridges. The relative position of minutiae is used for comparison, and according to empirical studies, two individuals will not have eight or more common minutiae. [7]. A typical live-scan fingerprint will contain 30-40 minutiae. Other systems analyse tiny sweat pores on the finger which, in the same way as minutiae, are uniquely positioned. Fingerscanning is not immune to environmental disturbance. As the image is captured when the finger is touching the scanner device it is possible that dirt, condition of the skin, the pressure and alignment of the finger all affect the quality of fingerprint. [6] This has appeared to be a problem with the introduction of the system; users had to wipe and clean their fingers each time before scanning their finger if they did not want to be falsely rejected. To minimize the degradation caused by erroneous user interaction usability and ergonomics have to be taken special care of.

When capturing the fingerprint image directly from the fingertip, a.k.a "live-scan", four main techniques are available:

Fingerscanning is suitable to both one-to-one verification and one-to-many identification schemes. When talking about identification usually we're concerned about the AFIS systems predominantly used by law enforcement organizations around the world. It is developed for rapid and automatic comparison of single finger images with a large database of known images. In addition of live-scans, images collected from criminal suspects and crime scenes, known as latents can be added to the database. As the system has been in use for some time now databases have grown very large. For example FBI database contains approximately 70 million fingerprints. [6]

It is impossible to reconstruct a fingerprint from the biometric template file, still that itself does not prevent using it to fraudful purposes. If not secured by methods of strong cryptography the communication with the external scanner and for example a PC could be vulnerable to replay attack. The best way could be that the biometric data is not transferred externally in any case. This could be possible with smart cards with fingerscanning device incorporated. It is possible as a technique today but we have to wait the applications for a few years.

3.4 Hand geometry


When measuring hand geometry biometrics, three-dimensional image of the hand is taken and the shape and length of fingers and knuckles are measured. Hand geometry has been in use for many years in various applications, predominantly for access control. The technology does not achieve the highest levels of accuracy but it is convenient and fast to use.

On the capture process a user places a hand on the reader, aligning fingers with specially positioned guides. Cameras, positioned on above and on the side of hand capture images from which measurements are taken at selected points.

As the hand geometry is not found to be as unique as for example fingerprints or eye scans it cannot be used as accurate identification. Because of its user-friendliness it is well suited to user id verification. [5]

Hand with biometric measurements visualized
Picture 4: Hand with biometric measurements visualized
Image (C) Michigan State University

3.5 Finger geometry

Finger geometry biometric is very closely related to hand geometry. The use of just one or two fingers means more robustness, smaller devices and even higher throughput.

Two variations of capture processes are used, first being similar to hand geometry presented above. The second technique requires the user to insert a finger into a tunnel so that three-dimensional measurements of the finger can be made.

3.6 Palm

Palm biometrics is close to fingerscanning and in particular AFIS technology. [15] Ridges, valleys and other  minutiae data are found on the palm as with finger images. Main interest in palm biometrics industry is law enforcement as latent images - "palmprints" - found from the crime scenes are equally useful as latent fingerprints. Certain vendors are also looking at the access control market and hope to follow the footsteps of fingerscanning.

3.7 Signature

Signature is one of the most accepted methods of asserting ones identity. As we normally use it the signature is scrutinized as a static trace of pen on the paper. In digitized form the static geometry of signature is not enough to ensure the uniqueness of its author.

Signature biometrics are often referred to dynamic signature verification (DSV) and look at the way we sign our names. [15] The dynamic nature differentiates it from the study of static signatures on paper. Within DSV a number of characteristics can be extracted from the physical signing process. Examples of these behavioural characteristics are the angle of the pen is held, the time taken to sign, velocity and acceleration of the tip of the pen, number of times the pen is lifted from the paper. Despite the fact that the way we sign is mostly learnt during the years it is very hard to forge and replicate.

Signature data can be captured via a special sensitive tablet or pen, or both. On some simpler cases equipment found rather cheap from normal computer stores can be used. A variation on these techniques has been developed and is known as acoustic emission. This measures the sound that a pen makes against paper. Because of the behavioural nature of signature, more than one signature enroll is needed so that the system can build a profile of the signing characteristics.
 

3.8 Voice

Voice biometrics examines particularly the sound of the voice. Therefore it has to be distinguished as a technology from the also very much researched field of speech recognition. On the following these few closely related but different terms are explained. [10] The sound of a human voice is caused by resonance in the vocal tract.  The length of the vocal tract, the shape of the mouth and nasal cavities are all important. Sound is measured, as affected by these specific characteristics. [15]

The technique of measuring the voice may use either text dependent or text independent. On the former speech templates are made from a number of words or phrases which are trained in the system. On the latter the voice is analysed as syllable, phoneme, triphone or more fine-grained part at a time so on the recognition phase speaker doesn't have to use specific words. On most sophisticated systems the factors analysed are dependent only on unique physical characteristics of the vocal tract so if you catch a cold or use different tones of speech is not affect the performance of the system. [10]

Evident threat to poorly designed speaker recognition/verification system is replay attack especially when text dependent methods are used. The only way to get completely around of it is to combine voice recognition to other biometric methods. The text independent method gives much more freedom in the voice analysing interaction, the scene is then more alike a challenge-response pair. In applications, such as phone banking and other man-machine interaction which is voice controlled the voice could be constantly monitored and verified to be authorized.

3.9 Future biometrics

A system that analyses the chemical make-up of body odor is currently in development. In this systems sensors are capable of capturing body odor from non-intrusive parts of the body such as the back of the hand. Each unique human smell consists of different amount of volatiles. These are extracted by the system and converted into a biometric template.

All testing and fastest possible analysis of the human DNA takes at least 10 minutes to complete and it needs human assistance. [15] Thus, it cannot be considered as biometric technology in its sense of being fast and automatic. Additionally current DNA capture mechanisms, taking a blood sample or a test swab inside of the mouth, are extremely intrusive compared to other biometric systems. Apart from these problems DNA, as a concept, has a lot of potential.

Ear shape biometrics research is based on law enforcement needs to collect ear markings and shape information from crime scenes. It has some potential in some access control applications in similar use as hand geometry. There are not excessive research activities going on with the subject.

Keystroke dynamics is a strongly behavioural, learnt biometric. As being behavioural, it evolves significantly as the user gets older. One of the many problems include that highly sophisticated measuring software and statistical calculations have to be made real time if the user actions should be constantly verified.  Standard keyboard could be used in simplest cases.

Veincheck is a technique where infrared camera is used to extract vein pattern from the back of the hand. The pattern is very unique and the capture method is user friendly and non-intrusive as hand geometry check. Maybe combining them could result very accurate and easy-to-use biometric.

Others

The body of human being has indefinite number of details which could be used for biometric measurement. The habit to use clothes renders major of those unreseached details out of sight from non-intrusive measurement devices. Despite the most of the visible and audible traits of man have been already mapped out the race of finding new biometrics still goes on. As an example, there is even talk of a device that could measure the frequency emitted from the vibration of a person's major organs. [1]

4. Comparison chart

With the following chart the features of major biometrics can be compared side to side.
 
Eye/Iris Eye/Retina Face Fingerscan Hand geom Signature Voice
Level of accuracy Very High Very High High High High High High
Ease of use Medium Low Medium High High High High
Barrier to attack Very High Very High Medium High High Medium Medium
Public acceptancy Medium Medium High Medium High Very High High
Long-term stability High High Medium High Medium Medium Medium
Verification/ Identification both both both both verification only both verification?
Standards - - - ANSI/NIST,
FBI Image compression		 - - SVAPI
Possible interference Glasses - lightning, aging, glasses, facial hair Dry, dirty or damaged finger images Diseases such as artiris or rheumatism Illiteracy, constantly changing or "easy" signatures Background noise; colds and other factors
Sample target industries Nuclear facilities, medical services,          correctional institutions see Iris General Law enforcement, corporate Manufacturing/
shop floors		 industrial remote banking, remote database access
Single-node price (includes hardware, 1997 figures) $5000 $5000 $1500 $1200 $2100 $1000 $1200
Table 1: Comparison chart of different biometrics [11,13,16]

5. Integration

5.1 APIs

To make interoperability possible between the access control or other application software and the biometric scanning hardware devices standardization and application programming interfaces (APIs) are needed. Beneath the API layer is hardware dependent driver software which is supplied from the hardware manufacturer. Due to the nature of and rather young age of the technology most of the system providers use proprietary interfaces to their hardware.

The following interfaces are available or are confirmed to be under development:
 
Name Author Comments
BAPI BAPI Working Group - BWG (many companies) Deigned primarily for fingerprint scanners. Claimed to fit also to other technologies.
BioApi BioAPI Consortium (many companies) Multilevel, object oriented approach. In rather early stage. 
HA-API DoD / US govermental Research project to define a generic API to various biometric technologies. The spec. and reference implementation will be made available for free.
VoiceAPI / SVAPI / SRAPI SVAPI committee (many companies) Targeted to only speaker verificatin and identification systems.

5.2 Applications

The natural application of biometric technologies is replacement of PIN, physical token or both needed in automatic authorization or identification schemes. Additional uses are automation of human identification or role authentication in such cases where assistance of another human needed in verifying the id card and its beholder.

Different application cases include:

In Finland the biometric techniques have not been widely used, at least in public places. Natural targets for piloting these things are institutes concerning national security. The recent news have told that like military has taken in use an face scanning system in some sites. Possible, more widespread use of biometrics could be incorporating it to the national ID card project. It will start without, but biometric methods could easily replace the PIN needed.

5.3 Privacy

Biometric templates of people provide a reference from one human being unique to just one identity. This can be too tempting target to link different personal datas to if stored on a central database. Solutions with central databases are reasoned for better service to John Doe customer. For example replacement of smart card which has biometric information inside is time consuming and inconvenient if the biometric data cannot be recovered from anywhere else than the users body itself.

In the privacy point of view storing templates on central databases, even in encrypted form, is always a possible threat. The biometric information is not needed there, in most cases unique but anonymous identifiers could be stored instead. These identifiers would then be referred to when the person initiates authorization sequence, authenticy is then validated by cryptographic challenge-response sequence with the smart card holding the secret key.

The problematics with the key management with the biometric methods stays the same as in any other distributed authorization scheme. [9] One possible improvement to this could be technique called biometric encryption. In that concept the biometric scan itself could be converted to unique key that could be used in encryption or hash algorithms or to anonymize the user information. One problem is that the nature of encryption algorithms are far from fuzzy computation that would be needed when using biometric scans, the scan is identical to another scan of the same trait only in probabilistic relation, they are never exactly the same. Another thought is how secret could be the key that could be extracted directly from your fingertip? [17]

If not secured by methods of strong cryptography the communication with the external scanner and for example a PC could be vulnerable to replay attack.[2] The best way could be that the biometric data is not transferred externally in any case. This could be possible with smart cards with fingerscanning device incorporated. It is possible as a technique today but the cost limits its use on larger scale right away.

The SPKI schemes and standards like X.509 will definitely incorporate the means and terms of storing the biometric data in the same hierarchy of trust as the public and secret keys. [12,13,14]

6. Conclusions

Authorizing the user with secret PIN and physical token is not enough for applications where the importance of user being really the one certified is emphasized. If biometric technologies are not used we accept the possibility that the token and secrecy of PIN can be compromised. On applications like bank account cards the companies count the money lost because of fraud and value the risk with the bottom line. When new uses like electronic id-cards which are validated with automation emerge the possible harm done to a individual cannot be paid back to account, it must be prevented.

Biometrics itself is not solution to this problem. It just provides means to treat the possible user candidates uniquely. When doing so biometric system handles the unique data scanned from the user. Secrecy of this information has to be ensured by strong cryptographic methods. The best case could still be that the biometric templates would never leave the scanner device, with or without encryption. The result should only be granting the scanning device, which could be special smart card carried by user itself, to complete the challenge-response sequence needed. In that case your fingerprint may be the password, but the problematics with management of  public and secret fcryptographic keys stays the same.

Some biometric technologies itself are ready for mass markets. The off-the-shelf components available are suitable for very small scale, closed systems. Before larger scale deployment the integration to SPKI schemes and standards like X.509 has to be completed.

7. References

[1] Agaron L, "Show me some ID - Biometrics is leaving its fingerprints on the market with low-cost devices", PC Week Online article, 12.1.1998 [referred 9.11.1998]
< http://www.zdnet.com/pcweek/news/0112/12bio.html >

[2] Cuijpers E.P.E, A design for a safe internet communication channel with the help of smartcards, Master's thesis, Eindhoven University of Technology
<http://www.iscit.surfnet.nl/team/Erik/masterth/masterth.htm>

[3] Daugman J, Recognizing persons by theirs iris patterns, University of Cambridge The Computer Laboratory.
< http://www.iriscan.com/basis.htm >

[4] Davies G. Simon, Touching big brother - How biometric technologies wil fuse flesh and machine, "Information Technology & People", Vol 7, No. 4 1994
<http://www.privacy.org/pi/reports/biometric.html>

[5] Department of Computer Science And Engineering - Michigan State University, Hand geometry [referred 20.11.1998]
< http://biometrics.cse.msu.edu/hand_geometry.html >

[6] Fingerprint Identification, Pattern Recognition and Image Processing Lab,  Department of Computer Science And Engineering, Michigan State University [referred 10.11.1998]
< http://biometrics.cse.msu.edu/fingerprint.html >

[7] Idex AS, Biometric verification/identification. A short primer with focus on fingerprint recognition, Idex AS [referred 10.11.1998]
< http://www.idex.no/biometrics.html >

[8] Konstantinos N. Yfantis, Applications of Biometrics & Implications for Security
and Ethics, University of Illinois at Urbana-Champaign,  November 13, 1997
< http://www.staff.uiuc.edu/~efantis/biometrics/sld001.htm >

[9] Laban J, Privacy issues surrounding personal identification systems, April, 1996
<http://www.dss.state.ct.us/pubs/diprivac.pdf>

[10] Mammone R, Your voiceprint will be your key. How voice ID works, and why you'll be using it Speech Technology Magazine January/February 1998 [referred 2.11.1998]
<http://www.speechtechmag.com/st11/voicekey.htm>

[11] Ritola J, Silmä- vai sormitunnistus? - Uusia piiriratkaisuja henkilön automaattitunnistuksen,  Prosessori 9/1998

[12] Reinert L, Luther S,Biometrics, Tokens & Public Key Certificates.The Merging of Technologies ,Version 1 - 18 March 1998
< http://www.biometrics.org/REPORTS/cert.pdf >

[13] Reinert L, Tokeneer - User Authentication Techniques using Public Key Certificates
Part 2: Authentication Information Including Biometrics, 31 December 1997
< http://www.biometrics.org/REPORTS/cert_stu_pt2.pdf >

[14] Reinert L, Luther C, TOKENEER - User Authentication Techniques Using Public Key Certificates Part 3: An Example Implementation, National Security Agency Central Security Service, 10 February 1998
<http://www.biometrics.org/REPORTS/study.pdf>

[15] Roethenbaugh G (ICSA) Biometrics Explained, 12.10.98 [referred 28.10.1998]
<http://www.icsa.net/services/consortia/cbdc/explained.shtml>

[16] Roethenbaugh G (ICSA) ICSA Biometric Buyer’s Guide, 29.10.98 [referred 2.11.1998]
< http://www.icsa.net/services/consortia/cbdc/bg/>

[17] Tomko G, Biometrics as a Privacy-Enhancing Technology: Freind or Foe of Privacy?, September 15th [referred 2.11.1998]
<http://www.dss.state.ct.us/digital/tomko.htm>

[18] Yu C-H, Huang N, China - Fingerprint ID Banking Fails, Newsbytes Pacifica 30.4.1996 [referred 9.11.1998]
< http://www.nb-pacifica.com/headline/chinafingerprintidban_577.shtml >

[19] Weigert C, Der Bio-Schlüssel: Elektronischer Fingerabdruck erhört die Sicherheit, Elektronik 1998, Nro. 21

Additional information, more links and glossary can be found at
< http://www.iki.fi/netsec/supplement.html >


This paper is located at < http://www.iki.fi/shuopio/netsec/paper.html >