Measuring Life the Digital Way

The former complex technology is fast becoming the most used for identity management; the main reason for this new trend is its promised accuracy

By Sonam Gulati, eGov Bureau

Use of biometrics is fast catching up in every sector all over the world.

The former complex technology has now become the most simplified form of identity management. One of the main reasons for this is accuracy. For example, fingerprints are one of the most reliable modes for identification; the crossover accuracy of digital biometrics fingerprint technology has been calculated to be 1:500 for a single finger. Use of multiple fingers increases the accuracy exponentially. It is highly unlikely (estimated at 1 in 64 billion) that any two fingerprints would be identical and therefore impossible to tell apart. This is the factor where the technology of biometrics works. Fingerprints are one of the few parts of the human body which are unique in a way that they can never be duplicated or be same as anyone else’s and thus are used by biometrics. The other parts that can be used by biometrics are Iris/retina recognition (considered the most accurate), Facial recognition and Palm prints, DNA, Hand Geometry, Vascular Pattern.

Biometrics as a technology, in simple words, measures a particular set of vital statistics of human body to determine/establish identity. However, the scope of using biometrics for identity management is limitless. In particular for India, the world’s second largest populous country, identity management is a challenging task.

Biometrics has lately gained momentum in India and is being largely used in almost all SMEs to enterprise offices, mainly for attendance in place of access card or time-sheets. But that’s not all, the most ambitious project of the country-Aadhar- which aims to give a unique identification number (UID) to all the citizens is using biometrics technology for identification. A unique number is being given to every individual in lieu of their iris, fingerprint and facial recognition encryptions.

Any application that requires establishing the identity of individual has potential for implementing biometric technology. These days, even some laptops are embedded with fingerprint scanner that is used during the login process. Biometric algorithms are used to convert these biometric samples into biometric template, match against all the templates previously enrolled (de-duplication process) and store the new template if it is not duplication.  It will complete the enrolment process and store the template along with background information (e.g. name, address) that will be used in the authentication process. Once enrolled, the system collects another sample of the individual, uses the same Biometric algorithms to convert this into biometric template and compares with the stored template (1:1 matching process).  If it matches with the template  against claimed identity of the person enrolled earlier, authentication process confirms identity, else rejects it.

In this matching of identity, there are two kinds of errors that can occur, False Acceptance and False rejection. False acceptance is accepting the identity against a person who he/she is not and false rejection is rejecting the identity of a person who he/she is. “Biometrics is considered to be the most reliable technology available for confirming the identity of a person. The biometric algorithms have evolved in the last years to such levels that the false rejection or acceptance errors have been reduced to a minimum level,” said Rajdeep Sahrawat, Senior General Manager, Tata Consultancy Services (TCS) on talking about the biometrics technology. “These particular errors can also be conquered by using a fusion of multiple algorithms, like using both iris and fingerprint for identification,” he added.

Technology per se

Not all body parts can be used by biometrics for the purpose of identification. Biometrics as a technology can only identify algorithms that have certain key features like, universality; uniqueness; permanence of a feature measures how well a biometric resists aging and other variance over time; collectability – the ease with which acquisition of the template; performance, accuracy, speed, and robustness of technology used; acceptability, in terms of degree of approval of a technology; circumvention, ease of use of a substitute or susceptibility to duplication.

Apart from the features above the identification part of the technology, which enrolls, matches and identifies the algorithm fed into it depends on certain key aspects which are as follows:

Authentication speed- Time taken to identify or match the template fed is very critical as often while identity authentication is on, if it takes too long then the whole purpose of using a high-end technology is defeated. There is also a chance of it affecting the server if at the same time many templates are being fed across the sectors then it has a strong chance of affecting the server if the speed is not upto mark.

Template size- the size of the algorithm being fed, whether it is a fingerprint or a niris or face recognition, should be in sync with the server because if too many big templates are fed the server might crash out.

FAR & FRR- As mentioned above FAR refers to False Acceptance Ratio and FRR refers to False Rejection Ratio, for a successful biometric identification module both of these ratios have to be a bare minimum otherwise does not function as accurately as it should.

“Biometrics Simplifies Identity Verification”

R S Sharma,
Director General & Mission Director, Unique Identification Authority of India (UIDAI)

What are the advantages of using Biometrics over other technologies for identity management?

Three primary characteristics of ‘Aadhaar’ Number: Global (can be used across various applications), unique (one resident gets one identity), and permanent (remains same throughout the lifetime of the resident and is never assigned to anyone else) – allow Aadhaar system to offer a strong, portable national identity to every resident. Biometrics is the only mechanism to establish these characteristics. UIDAI has hence decided to use multi-modal (fingerprints and iris) biometrics for its purpose. Biometrics simplifies identity verification.

How practical is it to use biometric technologies in rural areas where fingerprint might get distorted due to manual labour?

Usage of multi-modal biometrics (fingerprints and iris) enables UIDAI to successfully use biometrics even in the rural conditions. Since our biometric standard covers all the ten finger prints, it will be possible to find at least one finger which is authentication – worthy. The residents can be informed of their ‘golden’ finger.

Security of information stored in the central repository is a big challenge. How is it being dealt?

Aadhaar system at Central ID Data Repository (CIDR) is guarded both physically and electronically with several security zones and specific access control mechanisms. The data is secured with the best encryption and is also designed to be tamper-proof, and is stored in a highly secure vault. UIDAI has procured several technologies such as  firewalls, network and host intrusion prevention systems, tamper-proof hardware  security appliances (for securing encryption keys) to ensure that information stored at  CIDR is fully protected. UIDAI has a comprehensive security policy to ensure the safety and integrity of its data.

Can we afford it?

“Five years back the usage of biometrics was not at a very impressive scale.  Over time it has increased due to increase in awareness as
well as reduction in cost. Today biometrics is a very affordable means for  identity management, especially the fingerprint recognition mode,” said Ranjit  Nambiar, Director of Sales – South Asia, HID Global. Talking about his associations with the government projects, he informed that HID Global has  been associated in the T3 project of Airport Authority of India and he  commented, “If you take Metro or Airport projects, cost is never a factor as  security concerns are much more serious and thus affordability is never an  issue.”

The affordability of technology as such depends on project to project where a  simple access control system in an SME might just take an economic fingerprint  authentication device and a highlevel organisation such as Indian Space  Research Organsation (ISRO) or any other threat-prone  organisation would opt for a multi-spectral technology which uses multiple identification algorithms.  All in all the cost definitely has come down with many a small offices also opting  for biometric to the earlier modes of identification.

The UID project is a government investment where the data is being collected  from all over the country to provide each citizen with one unique number  which could be used in place of all other identification proofs. For UID there is  no use as such of the data they are collecting and storing, thus their RoI would  come from the various applications where this data may be used for matching  the templates. For example, if a person wants a phone connection or a LPG connection, he/she will just have to provide the UID number and the  verification would be done on its basis, the authorities may charge a fee on that  matching of the algorithm.


The possibilities are endless, a biometric algorithm can be stored in a chip in a  ‘Smart Card’ and be used by the person for various purposes, or it could be used  for financial inclusion by giving such smart cards to BPL families for  proper identification for micro-finance, also the biometric data could be used  for basic identity management in various developmental programmes of the  government where duplicate or multiple identities are the biggest problems.  The possibility of misuse of information stored and illegitimate invasion of  privacy of the individuals are the two biggest counter criticisms.

“As far as  privacy breach is concerned, first of all, Aadhaar project keeps the privacy concerns of a resident at the centre of the various technology applications  developed and adopted. Secondly, The UIDAI will not reveal personal  information in the Aadhaar database – the only response will be a ‘yes’ or ‘no’ to  requests to verify an identity, thus privacy will never be compromised,”  Said R S Sharma, Director General & Mission Director, UIDAI.

With increasing  use of the technology there are other operative challenges mushrooming too.  Like maintaining the kind of support systems, using the right method to record biometrics and not over doing it. “The biggest challenge is Interoperability.  There is a need for creation and follow-up of International Biometric standards  to stop proprietary algorithm used in biometric technology. This will  eventually reduce cost and build a sustainable model for the future,”  commented Sanjeev Mathur, CEO, Smart Identity Devices Pvt. Ltd.

Talking  about cases where the finger might get cut or a person might get blind on other such circumstances where the template might not match despite being of that  person only, Ranjit Nambiar of HID commented, “It is end of the day  technology and it will always need manual techniques as a benchmark. It is not  a standalone identity management solution. We would always need traditional  forms of identi- fication in place.”

Biometrics or any technology cannot be a panacea or a nostrum for all our ailments but yet we can take from it what is  relevant. Biometric identity management sure has some scope in a country like  ours with a diverse population, as it is for all of us to witness a history which  in the process of beingwritten.