Click here for Top of Page
Right Arrow: Next
Right Arrow: Previous

With a security-conscious society, old methods of human identification applicable in a small, closed, and static community are not easy to extend to large and mobile communities. New technologies and practices have to be adopted. The science of automatically identifying people based on their physiological and behavioral characteristics is known as biometrics. Biometrics is an emerging technology with more potential to revolutionize modern human identification needs than any other security related technology can provide. Biometrics systems are inherently pattern recognition systems that need to make decisions about whether the newly acquired signal matches a known and previously enrolled template. For centuries, several methods of human identification have been used though often for socially negative applications. For example, anthropometric measurements were used to identify prisoners using the Bertillon system; and fingerprints were used as a non-repudiable signature for business transactions [1].  Most of these applications were innovative and seem to have been invented primarily to serve forensic/law enforcement needs. Coupled with this is the perception that these methods need to be applied to criminals mostly. And the media often portrays quite unrealistic and scary uses of biometrics as well. Such negative connotations and very high expectations in the users’ mind continue to plague the use of biometrics for other positive applications.

Nevertheless, biometrics continues to gain acceptance in many areas as only it can provide the ultimate non-repudiation technology. The top six biometrics modalities are fingerprints, face, iris, hand geometry, speaker recognition, and dynamic signature recognition. Semi-automated methods of handling biometrics signals have existed for more than half a century. Fully automatic methods for non-forensic applications have come into use more recently. Examples include a border crossing application at airport access control points that uses iris recognition and computer or PDA access systems that use fingerprints. With the advent of smaller and more efficient devices resulting from advances in scanning/acquisition technology and faster and cheaper computing power, new developments in reliable algorithms for handling biometrics signals have positively contributed to wide spread use of biometrics today. The unfortunate incident of September 11, 2001, has made the jobs of most governments harder, as they need to be able to identify their citizens accurately.  This has significantly raised the need for biometrics.

While biographical information such as name, date of birth, address and names of parents can be used for identification, relying purely on those pieces of information cannot lead to a trusted system. Biometrics is a handy tool to provide the badly needed trust in such systems. Many countries are now rolling out citizen ID cards, voter ID cards, e-passports and other government approved documents to associate their citizens with an identity. Identity management issues in such systems are highly challenging. For example, a key requirement in a citizen ID card system is that a citizen should be enrolled only once and no duplicates should exist in the system [2]. Using biometrics to catch duplicates during enrollment is an extremely challenging task as the number of records in such systems can be on the order of hundreds of millions. With the inherent errors associated with any biometrics in terms of false accept and false reject rates, there is a great research challenge facing the pattern recognition community. Yet another law-enforcement use of biometrics is in the area of watchlist matching. For ordinary citizens to be safe, governments need to look for bad guys who appear on watchlists. The most trusted way of identifying someone with high confidence is through the use of biometrics. Even here, the issue of the underlying errors associated with a biometric comes into the picture.

Often it is proposed that more than one biometrics modality should be used to improve the coverage as well as the accuracy of identification. This is a great research problem as an optimal solution in this space can be an extremely valuable tool in the hands of the governments. In most of these large scale identification applications, there are many “systems” types of challenges, for instance, meeting the daily throughput rate can involve significant hardware and cost. In order to cope with the dynamic load patterns, cloud computing types of approaches can be adopted, but issues related to data security can impede the adoption of clouds.

While many novel biometrics modalities are being developed [3], there are many security challenges that biometrics subsystems raise. These can leave additional security holes if not handled properly. For example, the input acquisition system needs to be able to detect fake latex fingerprints or fake designer contact lenses in the eye. As large biometrics systems are deployed, new creative attacks on biometrics systems will be invented. We have proposed a pattern recognition based model to analyze the threats to such systems [4, 5].

In addition to security there is also a privacy issue that needs to be addressed [5]. Biometrics are kinds of “non revocable” passwords that are tightly linked to the individual. The features used by automated systems can be hacked, or guessed using brute force methods. If a large database of biometrics is compromised, a large number enrollees can be rendered helpless. The other downside of biometrics is that when a biometric is collected, it can be used for other applications without the knowledge of the individuals, particularly to find their “life history” from other databases. For example, a health care provider may choose to set the charges for a service based on knowledge of the financial status of the patient by simply using the biometrics it collected to validate the patient’s identity. In order to prevent this type of privacy violation, we have proposed a cancelable biometrics technology [6] that makes such applications virtually impossible by suitably protecting the users’ interests. This area of biometrics research is still in its infancy.

Many other challenges exist in building a scalable, trusted, efficient, large scale biometrics recognition system. Ageing studies are an important part of biometrics systems. An intelligent system that can use ageing models to build a face after years of enrollment can be used to improve the biometrics recognition performance [7]. Efficient separation of intra-class variation from the inter-class variations is the key challenge in a biometrics system. Biometrics systems derive benefits from advances made in core technologies such as computer vision, pattern recognition, image processing, machine learning, statistics, and sensing technologies.

The dream for biometrics technology is to replace the existing authentication technologies from mobile commerce to border crossing control as the trusted key to the modern secure paradise where there is no identity theft and no need to carry a bagful of tokens and cards to execute needed transactions. Biometrics can revolutionize the modern world with all the trust needed to build this secure paradise.

Getting to Know…


Nalini K. Ratha, IAPR Fellow

by Nalini K. Ratha, IAPR Fellow (USA)

Biometrics:  The key to the gates of a secure and modern paradise

Other articles in the

Getting to Know...Series:


Recognition of Human Activities:  A Grand Challenge by J.K. Aggarwal

             October 2009   [html]   [pdf]



[1]. History of fingerprints;

[2]. R. Bolle, J. Connell, S. Pankanti, N. Ratha and A. Senior, Guide to Biometrics, ISBN: 0387400893, Springer, October 2003.

[3]. N. Ratha and V. Govindaraju (Eds), “Advances in Biometrics”, ISBN: 978-1846289200, Springer, October,  2007.

[4]. N. K. Ratha, J. H. Connell and R. M. Bolle, “Biometrics break-ins and band aids”, Pattern Recognition Letters, Vol. 24, No. 13, pp. 2105-2113, Sept. 2003.

[5]. N. K. Ratha, J. H. Connell and R. M. Bolle, “Enhancing security and privacy in biometrics-based authentication systems”, IBM Systems Journal, Vol. 40, No. 3, pp. 614-634, Sep. 2001.

[6]  N. K. Ratha, S. Chikkerur, J. H. Connell and R. M. Bolle, “Generating cancelable fingerprint templates”, IEEE Trans. on PAMI, Vol. 29, No. 4, pp. 561—572, April 2007.


Nalini K. Ratha is a Research Staff Member at the IBM Thomas J. Watson Research Center, Yorktown Heights, New York where he leads the biometrics research effort in the area of enhancing security of biometrics systems and performance evaluation of biometrics systems. He has published more than 80 papers in peer-reviewed journals and conferences, been issued 12 patents, co-edited two books, co-authored a text book, and served on the editorial board of several journals. He has been associated with several leading biometrics conferences. He has received several patent awards, a “Research Division” award, and an “Outstanding Technical Innovation Award” at IBM. He has been an adjunct professor at Cooper Union and NYU-Poly for the past several years.


Dr. Ratha received his Ph. D. from the Department of Computer Science at Michigan State University (USA) and his B.Tech in Electrical Engineering and M. Tech in Computer science and Engineering from the Indian Institute of Technology, Kanpur (India). He is a Fellow of IEEE, Fellow of IAPR, and Senior Member of ACM. Currently, he serves on the editorial board of IEEE Transactions on Pattern Analysis and Machine Intelligence and IEEE Transactions on Systems, Man and Cybernetics- Part B. His current research interests include biometrics, computer vision, pattern recognition, and special purpose architecture for computer vision systems.