Biometrics summary

Biometrics: New Developments in Electronic Identity Verification



Introduction



Biometrics can be defined as the science of using unique personal
characteristics related to physiological features or behavioural traits of a
person as a means for identification or verification of that person. It
requires a combined hardware and software system for automated
identification or verification. To accomplish this, the system needs to be
able to receive biometric samples (enrolment), extract biometric features
from the samples, compare the extracted features from the sample with stored
templates from a database of individuals, and then indicate whether there is
identification or verification as a result of the comparison[1]. Generally,
biometrics technology does this through sampling and comparing such features
as faces, hands, fingers, eyes, voices, and even smells. However, they can
also do so by using emotions or states of mind of a person, such as fear or
gladness.



Fundamentally, biometric systems have three inter-related components: a
sensor, a verification device, and a database of templates. A person
registers with the system before using it. Registration involves a human
characteristic being translated by the sensor into a digital configuration
or bit pattern. Identification or verification of the person as being
'secure' is done using the appropriate device and access to the database of
templates to compare the presented pattern with that stored in the database.
The result is either a match or a rejection of that person.



There is some difference between identification and verification. In
identification, the question is 'who am I', so that personal identity must
be established. For verification, the question is 'am I whom I claim to be'
and involves confirming or denying a person's claimed identity. Certain
biometric systems may solve the relevant question better than others.
Whatever the question, biometrics has the advantages that it is intended the
person must be physically present at the point of identification or
verification, and the process obviates the need to remember passwords or
carry some kind of token (such as a card that displays a constantly changing
identification code).



Biometrics technology can be used for access to internet facilities,
computer networks, automatic teller machines, and buildings or other venues.
The range of uses in particular situations is remarkable and can include
sending fingerprints in real time for doctors to submit prescriptions to
pharmacies via the world wide web for patient pick up, fingerprint
identifiers on magnetic stripes of electronic funds transfer and credit
cards, voice recognition for electronic banking services, hand or finger
geometry readers at turnstiles for annual pass-holders of venues, facial
recognition systems tied to users of smart cards, facial recognition for
interactive television allowing for two-way communication and to monitor and
track a person's viewing habits, and monitoring body movements in
automobiles with sensors that can detect dangerous states such as
micro-sleep before they cause an accident.



Biometrics uses mathematical and statistical techniques when collecting,
processing and storing unique details of a person's characteristics. This
also means that a biometric system is essentially a pattern recognition
system. In this regard, two important performance characteristics of
biometric systems can be noted. These are the 'false rejection' and the
'false acceptance'.



A false rejection is when the biometric system is not able to verify the
legitimate claimed identity of a person. The statistical measure here is
the False Rejection Rate (FFR) which is the probability of failure to be
able to verify legitimate claims of identity. Generally this is an
inconvenience. The false acceptance is when the biometric system wrongly
verifies the identity by comparing biometric features from non identical
individuals. Here, the False Acceptance Rate (FAR) statistic refers to the
probability of incorrect verifications. Generally, this is a security
hazard and also shows poor implementation.



Suppliers of biometric systems often refer to the FAR and FRR to describe
their system's capabilities. Obviously these measures are dependent on some
threshold level and increasing this level will reduce the probability of
false acceptance and enhance security, but the system's availability may
also be reduced because of the risk of more false rejections. Another
statistic used is the Equal Error Rate (EER) which is the point at which the
likelihood of a false accept and false reject are the same.



Five promising biometric techniques are iris scanning, fingerprint imaging,
signature dynamics, hand geometry and facial recognition.



Technique 1: Iris scanning



Overview of the technique



The pupil of the eye has a distinctly coloured ring around it called the
iris. This tissue has some 450 distinctive characteristics for each person.
Iris scanning uses a small, high-quality camera to capture a monochrome
(black and white) high resolution image of the iris. The software used
defines the boundaries of the iris, coordinates of the iris, and zones for
analysis within the coordinate system. What eventuates is a hexadecimal
representation of the data. The technique is quite advanced and an iris can
be scanned within a quarter of a second, with code for the template being
generated within 1 second[2]. The database search time of templates[3] is
also very fast, as it only takes about a second to go through hundreds of
thousands of records because of the ease of the mathematical comparison
involved.



Current applications in E-Finance/E-Commerce



Access to buildings and facilities is the most common use. Also, inmates in
corrections facilities can be identified through iris scanning. Iris
scanning has been trialled with automatic teller machines in various
countries. Because of its non contact and unobtrusive nature[4], it has
also been trialled to authenticate air travellers in Germany[5] and some
other airports around the world. Passengers enrolled in the system can go
to unmanned kiosks to perform ticketing and check-in if no transport of
luggage is required.



Implementation Problems/Weaknesses



Iris identification technology is tremendously accurate and there is only a
small chance of false acceptance or false rejection. The EER is also small,
being 1:1.2 million. Furthermore, the algorithms used can account for
occlusion or blocking of the iris because the remaining part of the iris
(not less than one third) can still be acceptably used. Even though the
iris as living tissue is subject to change, algorithms can account for this.
It has been explained by Daugman (a leader in the field of iris research) as
being like a "homogenous rubber sheet"[6] which, despite its distortion,
retains certain consistent qualities.



However, there are some problems. The whole system may not scale well.
Generally, the current technology requires entire master files to be stored
in local memory of every terminal and this requires regular synchronisation
to ensure that new personal templates are distributed to remote terminals to
become part of the master file. This may become unmanageable as a networked
solution grows in size. Further, small businesses may require a system with
lesser image quality and not so sophisticated templates being sufficient.
But this scaling down may not be that easily accomplished and so businesses
can only consider high quality systems, with less costly solutions not being
available.



Potential future applications in E-Finance/E-Commerce

Iris biometric traits cannot be easily lost, stolen or recreated. They are
unique to each individual and this form of biometrics is seen as an answer
to combat theft and fraud, particularly when dealing with the order and
purchase of goods over the internet, whether electronically or physically
delivered. Inter-business supplies could benefit through the security
available. Other future uses are in the finance industry, such as trustee
and custodian services, which require online authentication[7] of clients
(particularly for transactions involving large sums or which can legally
only be made by approved persons), and user validation for networked access
to computer applications.

Likelihood for widespread commercial/consumer uptake



Iris scanning requires high cost equipment if one wants the best security.
At present it has low user acceptance. This is likely to continue, so that
this form of biometric technology will be confined to niche markets or for
firms and facilities requiring very high security.



Technique 2: Fingerprint imaging



Overview of the technique



This technology extracts features from impressions made by a person's
distinct ridges (minutiae) on the fingertips. The fingerprints can be flat
or rolled. A flat print captures only the central area between the fingertip
and first knuckle. A rolled print captures ridges on both sides of the
finger as well. Digitally scanned fingerprints are generally flat or plain
prints.



Current applications in E-Finance/E-Commerce



The technology is one of the best known and most widely used biometrics.
Fingerprint identification technologies are: well established having been
used in law enforcement for over 100 years; proven and refined by demanding
law enforcement applications and forensics over the last few decades;
recognized internationally for positive identification of individuals;
legally accepted through precedents in the court system and for legal
proceedings; and mature as evidenced by competing products in the
marketplace.



The technology has been used alongside some magnetic stripes of electronic
funds transfer and credit cards for identification purposes and for access
to high security sites. Disney World in the USA has used a fingerprint
scanner to verify season-pass holders entering the theme park[8].





Implementation Problems/Weaknesses



The technology is scalable in that only 1 or 2 fingers need be used to get
good authenticity. Law enforcement agencies may use 8 to 10 fingers, and if
necessary commercial systems can also be scaled upwards. It should be noted
that inked based fingerprints for law enforcement can be subject to
smearing, over-inking or under-inking. Scanned electronic fingerprints also
produce their own set of problems, mainly that images can be subject to
geometric distortion, image breakup and other quality problems. This can be
problematic where very high identification accuracy is required, in terms of
both FRR (false negative) and FAR (false positive) errors.



Accuracy, interoperability and cost-effectiveness are dependent on the
quality of fingerprint images. If quality is poor, identification
performance is reduced. The use of fingerprint images from another scanner
with different image accuracy characteristics may also degrade the
identification performance. Compressed fingerprint images are more
susceptible to image degradation and loss of information when used in
telecommunications or for template archival[9]. These are risks that must
be taken into account in using this technology.



Potential future applications in E-Finance/E-Commerce



Advances in digital imaging has led to the development of Automated
Fingerprint Identification System (AFIS) methodologies using electronic
'live-scan' flat (or plain) impression fingerprint images as the basis for
identification. The associated fingerprint scanners are also simple and
relatively inexpensive. Another aspect is that they can use significantly
reduced fingerprint information to minimize capture times and storage
requirements, but still allow for good and valid levels of identification
performance.



Developing uses include welfare payments, driver licensing, border control,
immigration and military personnel identification. On the personal side,
laptop computers can be made with integrated fingerprint sensors for access
control. The same applies to personal digital assistants (PDA) and mobile
phones.



Likelihood for widespread commercial/consumer uptake



As the laptop computer market is very competitive, uptake of this
fingerprint technology is expected. The same applies to PDAs. Both these
contain highly sensitive information which needs to be better protected.
Similarly, the mobile phone market is looking for security, especially for
payment transactions as wireless m-commerce opens up and expands. Another
potential is for doctors to prescribe medicines on line by way of
fingerprint identification. Also, the technology has the capability of
incorporating the element of intent necessary for valid signatures, and so
can be an alternative to encrypted digital signatures for robust contractual
purposes.



The relatively long history of fingerprint technology and its extensive use
in forensics means that it should be capable of having the shortest time to
market in comparison to other biometric methods.



Technique 3: Signature dynamics



Overview of the technique



This technology works by using the hand which holds a stylus or electronic
pen (using light or lasers) to sign a digitizer pad. Software that is now
available analyzes some 90 separate biometric measurements of signature
behaviour. These include stroke direction, order of writing, number of
times the pen is lifted, angle of the pen, pressure, speed, and
acceleration. The technology can readily detect forgeries even if a forged
signature is visually indistinguishable from a real one, as it is impossible
for a forger to copy the unique biometrics that created the original[10].
The measurements are bundled into a 'biometric token' (in this case a
substitute for database templates used in other biometric techniques), which
contains additional evidentiary information about the signer's claimed
identity, time and date of signature, and software and hardware used in the
signing. The token is encrypted and electronically bound to the signed
document so that it cannot be clipped or copied for placing onto another
electronic document. The process also involves generating a mathematical
check-sum that indicates any subsequent alteration[11] to the document or
signature.



Current applications in E-Finance/E-Commerce



Chase Manhattan Bank has tested dynamic signature verification (DSV) to
identify corporate clients initiating transactions. In the USA hospitals,
pharmacies and insurance firms are using this technology to authenticate
electronic documents[12]. It does not require recourse to certification
authorities (a trusted third party), as can happen with digital signatures.
However, a verification authority can still be used to securely store
standardised signatures[13] if need be.



Implementation Problems/Weaknesses



The technology relies on unique behavioural characteristics concerning the
manner in which someone signs as well as the static shape of their finished
signature. As the static image alone cannot be relied on, forgery is
difficult. However, to achieve authentication delicate sensors are needed
inside the writing instrument as well as being embedded in the writing
surface to detect a person's unique characteristics. Another recent
innovation is measuring the acoustic emissions that are generated as a
person writes their signature. All this means that the digitizer pad
(writing tablet) and stylus (writing instrument) must both be properly
maintained to obtain consistent results.



Furthermore, writing a signature is difficult for some people (eg due to
injury or medical condition) or their signature may not be very legible,
causing lack of validation. The degree of imprecision needs to be quite
small.



Potential future applications in E-Finance/E-Commerce



This technology is an alternative to digital signatures[14]. It presents an
answer to the abundance of digital signature techniques and a more direct
means of identifying an individual. Because it incorporates the traditional
and universally understood event of signing it provides a mutually
understood environment about the parties' intentions and their being bound
by the contents of a document or transaction. This makes its potential and
future use attractive as it fits easily within the legal definition of a
signature (being a mark associated with a particular individual and made
with the requisite intent) [15]. Accordingly, it has potential where legal
certainty is required.



Likelihood for widespread commercial/consumer uptake



DSV combined with cryptography provides a powerful assurance of
non-repudiation. Detection of any alteration of a document subsequent to
its being signed will also be obvious. Provided the additional
infrastructure of electronic writing stylus and pad are plugged into the
mainboard of an end user's computer, the technology has a certain appeal
which cultivates easy user acceptance. Costs should be relatively low to
facilitate commercial use.



Technique 4: Hand geometry



Overview of the technique



This technology measures the width, height, and length of the fingers,
distances between joints, and shapes of the knuckles. An optical camera is
used with light-emitting diodes, mirrors and reflectors to capture
three-dimensional images of the front, back and sides of the hand. From
these images, a wide range of measurements (the better systems use up to 96
measurements) are extracted from the hand. The template of each person is
stored in a database and hand readers are then used to verify a person
against that template (mathematical pattern).



Current applications in E-Finance/E-Commerce



Hand geometry systems are used for access control at facilities ranging from
nuclear power plants to day care centres. They have been around for over
ten years to give one-to-one verification and are well established in
commercial use being the preferred biometric for access control and for time
and attendance applications at workplaces[16]. In the USA the technology
has been used for the Immigration and Naturalization Service's Passenger
Accelerated Service System (INSPASS) where hand geometry readers verify an
air travellers' identity[17].



Implementation Problems/Weaknesses



While, specific hand features are not descriptive enough for identification,
the combination of various features does give robust verification. However,
weather conditions, temperature changes, pregnancy, medical conditions and
certain medications can affect hand size which leads to errors with hand
readers. Furthermore, hand size and geometry does change over time,
especially in the very young and the very old. It also happens that the
hand readers do not support extreme sizes. Lastly, people are somewhat
reluctant to place their hands where many others have touched and so hygiene
issues also arise. There are also currently no interoperability standards.



Potential future applications in E-Finance/E-Commerce



The technology is not that cheap, but still viable. It can be used with
smart cards that record unique hand measurements. Potential use lies with
international travelers passing through customs, where they present their
smart card and place their hand in a reader that verifies their
identity[18]. This is a non invasive method so has less privacy
implications. While hand geometry is not always distinctive, it is an ideal
choice for frequent verification (with fingerprints being used for
infrequent identification).



Likelihood for widespread commercial/consumer uptake



Hand geometry data is easy to collect and experimental results show an up to
a 97 percent rate of success in classification[19], so it is certainly
suitable in medium security environments and can be used in high security
environments. It is also easy to use, relatively fast at a few seconds per
scan and convenient, which means the use of hand geometry systems should
continue to grow. Prices do remain high (compared to fingerprint scanners)
and so hand readers tend to be deployed in sensitive areas such as vaults
and data centres. For time and attendance functions, hand readers improve
payroll accuracy and reduce costs by eliminating 'buddy-punching'.



Technique 5: Facial recognition



Overview of the technique



Facial recognition technology identifies people by areas of the face not
easily altered. Mainly, the upper outlines of the eye sockets, areas around
the cheekbones, and the sides of the mouth. It provides a first level scan
of a person usually within large crowds, but low level security situation,
using standard close circuit television hardware integrated with face
recognition software that compares scans with high quality images in a
database. It is a passive technology that does not require user interaction
and works from a distance.



Current applications in E-Finance/E-Commerce



Niche retail outlets have used live facial scans that are compared with a
stored template to give a personal welcome to regular customers. In a
converse situation, the casino industry has used facial databases of scam
artists for quick detection and removal from premises by security personnel.
Also, static images such as digitized passport photographs can be compared
to templates in facial databases. Therefore, facial recognition can be used
for either identification or verification. In addition, because facial
images can be captured from video cameras, facial recognition is the only
useful biometric that can be used for surveillance purposes.



Implementation Problems/Weaknesses



Facial recognition technology is relatively easy to fool[20]. Lighting, age,
facial hair, surgery, hats, head coverings and masks all affect results
thereby giving false reject rates. In surveillance applications, lower
accuracy results in multiple candidate returns from large crowds or
populations[21]. Consequently, secondary processing is required. A USA
Department of Defense study found that accuracy rates are only 51%[22].
Face scanners can also be fooled by people turning their heads slightly.
Loose matches cause a flood of false positives (someone being wrongly
identified) which is a waste of processing time.



Potential future applications in E-Finance/E-Commerce



Facial recognition is likely to remain a surveillance tool instead of a
baseline identifier. It is very unlikely to be used for critical 'one to
all' match applications. Even for online e-commerce the use of web cameras
on personal computers will not solve the problems involved with facial
recognition to make it a strong identification method. There is also the
problem of loss of image quality when compressed or conveyed for
telecommunications purposes



Likelihood for widespread commercial/consumer uptake



As with hand geometry, facial recognition is useful for time and attendance
logging at workplaces. It also has useful capabilities at airport screening
stations for authenticating frequent fliers ('trusted passengers') or for
catching persons trying to use false or stolen identity documents to access
secured areas.



Conclusion



In order to obtain a market breakthrough biometric systems must fulfil
certain market criteria. These are: acceptance by the general public by
being user friendly and convenient; being available to virtually all of the
general public; having an affordable price depending on volume; and having
an acceptable security level and reliability. For commercial providers
biometric authentication of users must be seen to be positive and be able to
launch more business so as to attract more end users.



References



- , 2000, 'Iris scans take off at airports', ComputerWorld, 17 July 2000.



Baker, S. A. & Yeo, M. S. 1999, Trends in International Authentication
Legislation - A Report Prepared for the Internet Law and Policy Forum,
Steptoe & Johnson, Washington, D.C.,
http://www.ftaa-alca.org/SPCOMM/derdoc/eci31r1e.doc



Banisar, D. 1996, 'Big Brother Goes High-Tech', CovertAction Quarterly, No.
56, Spring 1996, http://mediafilter.org/caq/CAQ56brother.html



Bone, J. M. & Blackburn, D. M. 2002, 'Face Recognition at a Chokepoint -
Scenario Evaluation Results', Technical Report,
http://www.dodcounterdrug.com/facialrecognition



Broderick, L. A. 1998, Statement of Lisa A. Broderick, CEO, PenOp, Inc.
regarding Biometrics and the Future of Money before the Subcommittee on
Domestic and International Monetary Policy House Committee on Banking and
Financial Services, 20 May 1998,
http://financialservices.house.gov/banking/52098lab.htm



Daugman, J. 1999, How Iris Recognition Works, University of Cambridge, The
Computer Laboratory, Cambridge, United Kingdom,
http://www.cl.cam.ac.uk/users/jgd1000/irisrecog.pdf



Dechman, G. H. 1996, 'Fingerprint Identification Standards for Emerging
Applications', Biometrics In Human Services USER GROUP, Vol. 1, No. 2,
November 1996, pp. 7-9.



Gifford, M. M., McCartney. D. J. & Seal, C. H. 1999, 'Networked biometrics
systems - requirements based on iris recognition', BT Technology Journal,
Vol. 17, No. 2, April 1999.



Hanssen, J. & Mathiassen, S.B. 1999, Embedded Fingerprint Recognition
Processor, Idex AS, Heggedal, Norway,
http://www.cms.livjm.ac.uk/library/E...34-Hanssen.pdf



International Biometric Group, 2003, Iris-Scan: How it Works, International
Biometric Group, New York, United States of America,
http://www.ibgweb.com/reports/public...scan_tech.html



International Biometric Group, 2003, Iris Recognition: The Technology,
International Biometric Group, New York, United States of America,
http://www.iris-scan.com/iris_technology.htm



Jueneman, R. & Robertson, R. 1998, 'Biometrics and Digital Signatures in
Electronic Commerce', Jurimetrics, Vol. 38, No.3, p.427.



Levey, L. 2001, Electronic Signature Capture Technology - A Presentation to
AASHTO, Computime, 22 January 2001,
http://www.dot.state.ia.us/aashtodm/topaz.doc



Liu, S. & Silverman, M. 2001, 'A Practical Guide to Biometric Security
Technology', IT Professional, January-February 2001, pp. 27-32,
http://computer.org/itpro/homepage/J.../security3.htm



Perkin, J. 2000, 'Human Touch Heralds Easier and Safer Electronic Commerce',
Financial Times, London, 6 December 2000: 9.



Phillips, P. J., Grother, P., Micheals, R., Blackburn, D. M., Tabassi, E. &
Bone, J. M. 2002, Face Recognition

Vendor Test 2002: Evaluation Results,
http://www.frvt.org/DLs/FRVT_2002_Evaluation_Report.pdf



Sanchez-Reillo, R., Sanchez-Avila, C. & Gonzalez-Marcos, A. 2000, 'Biometric
Identification through Hand Geometry Measurements', IEEE Transactions on
Pattern Analysis and Machine Intelligence, Vol. 22, No. 10, October 2000,
pp. 1168-1171.



Standage, T. 2002, 'Biometric Fact and Fiction - Body-scanning technology
has its drawbacks', The Economist, 1 November 2002,
http://www.cfo.com/article/1,5309,8026||A|3|,00.html



Vacca, J. 2002, Biometric Security Solutions, Prentice Hall, 25 October
2002,
http://www.informit.com/isapi/product_id~{C3A2803B-7E73-4341-AB9F-BC91D275E970}/element_id~{15DCB9ED-FFAB-4270-8236-60C5FF50940E}/st~{FB0C976E-DFD7-47DC-9AA6-490E0AACCC3C}/session_id~{BDD35FCD-A809-4C0B-823D-37E9ACAA7EBE}/content/articlex.asp



Zekos, G. I. 1999, EDI: Electronic Techniques of EDI, Legal Problems and
European Union Law, Web Journal of Current Legal Issues, Blackstone Press,
http://webjcli.ncl.ac.uk/1999/issue2/zekos2.html





----------------------------------------------------------------------------
----

[1] Hanssen, J. & Mathiassen, S.B. 1999, Embedded Fingerprint Recognition
Processor, Idex AS, Heggedal, Norway,
http://www.cms.livjm.ac.uk/library/E...34-Hanssen.pdf



[2] Daugman, J. 1999, How Iris Recognition Works, University of Cambridge,
The Computer Laboratory, Cambridge, United Kingdom,
http://www.cl.cam.ac.uk/users/jgd1000/irisrecog.pdf

[3] International Biometric Group, 2003, Iris-Scan: How it Works,
International Biometric Group, New York, United States of America,
http://www.ibgweb.com/reports/public...scan_tech.html

[4] Perkin, J. 2000, 'Human Touch Heralds Easier and Safer Electronic
Commerce', Financial Times, London, 6 December 2000: 9.

[5] - , 2000, 'Iris scans take off at airports', ComputerWorld, 17 July
2000.

[6] International Biometric Group, 2003, Iris Recognition: The Technology,
International Biometric Group, New York, United States of America,
http://www.iris-scan.com/iris_technology.htm



[7] Gifford, M. M., McCartney. D. J. & Seal, C. H. 1999, 'Networked
biometrics systems - requirements based on iris recognition', BT Technology
Journal, Vol. 17, No. 2, April 1999.

[8] Liu, S. & Silverman, M. 2001, 'A Practical Guide to Biometric Security
Technology', IT Professional, January-February 2001, pp. 27-32,
http://computer.org/itpro/homepage/J.../security3.htm



[9] Dechman, G. H. 1996, 'Fingerprint Identification Standards for Emerging
Applications', Biometrics In Human Services USER GROUP, Vol. 1, No. 2,
November 1996, pp. 7-9.

[10] Broderick, L. A. 1998, Statement of Lisa A. Broderick, CEO, PenOp, Inc.
regarding Biometrics and the Future of Money before the Subcommittee on
Domestic and International Monetary Policy House Committee on Banking and
Financial Services, 20 May 1998,
http://financialservices.house.gov/banking/52098lab.htm

[11] Baker, S. A. & Yeo, M. S. 1999, Trends in International Authentication
Legislation - A Report Prepared for the Internet Law and Policy Forum,
Steptoe & Johnson, Washington, D.C.,
http://www.ftaa-alca.org/SPCOMM/derdoc/eci31r1e.doc

[12] Vacca, J. 2002, Biometric Security Solutions, Prentice Hall, 25 October
2002,
http://www.informit.com/isapi/product_id~{C3A2803B-7E73-4341-AB9F-BC91D275E970}/element_id~{15DCB9ED-FFAB-4270-8236-60C5FF50940E}/st~{FB0C976E-DFD7-47DC-9AA6-490E0AACCC3C}/session_id~{BDD35FCD-A809-4C0B-823D-37E9ACAA7EBE}/content/articlex.asp

[13] Zekos, G. I. 1999, EDI: Electronic Techniques of EDI, Legal Problems
and European Union Law, Web Journal of Current Legal Issues, Blackstone
Press, http://webjcli.ncl.ac.uk/1999/issue2/zekos2.html

[14] Jueneman, R. & Robertson, R. 1998, 'Biometrics and Digital Signatures
in Electronic Commerce', Jurimetrics, Vol. 38, No.3, p.427.

[15] Levey, L. 2001, Electronic Signature Capture Technology - A
Presentation to AASHTO, Computime, 22 January 2001,
http://www.dot.state.ia.us/aashtodm/topaz.doc

[16] Vacca, J. 2002, Biometric Security Solutions, Prentice Hall, 25 October
2002,
http://www.informit.com/isapi/product_id~{C3A2803B-7E73-4341-AB9F-BC91D275E970}/element_id~{15DCB9ED-FFAB-4270-8236-60C5FF50940E}/st~{FB0C976E-DFD7-47DC-9AA6-490E0AACCC3C}/session_id~{BDD35FCD-A809-4C0B-823D-37E9ACAA7EBE}/content/articlex.asp

[17] Liu, S. & Silverman, M. 2001, 'A Practical Guide to Biometric Security
Technology', IT Professional, January-February 2001, pp. 27-32,
http://computer.org/itpro/homepage/J.../security3.htm.

[18] Banisar, D. 1996, 'Big Brother Goes High-Tech', CovertAction Quarterly,
No. 56, Spring 1996, http://mediafilter.org/caq/CAQ56brother.html

[19] Sanchez-Reillo, R., Sanchez-Avila, C. & Gonzalez-Marcos, A. 2000,
'Biometric Identification through Hand Geometry Measurements', IEEE
Transactions on Pattern Analysis and Machine Intelligence, Vol. 22, No. 10,
October 2000, pp. 1168-1171.

[20] Bone, J. M. & Blackburn, D. M. 2002, 'Face Recognition at a
Chokepoint - Scenario Evaluation Results', Technical Report,
http://www.dodcounterdrug.com/facialrecognition

[21] Phillips, P. J., Grother, P., Micheals, R., Blackburn, D. M., Tabassi,
E. & Bone, J. M. 2002, Face Recognition

Vendor Test 2002: Evaluation Results,
http://www.frvt.org/DLs/FRVT_2002_Evaluation_Report.pdf

[22] Standage, T. 2002, 'Biometric Fact and Fiction - Body-scanning
technology has its drawbacks', The Economist, 1 November 2002,
http://www.cfo.com/article/1,5309,8026||A|3|,00.html

Yesterday Leads to Tomorrow