Issues in Integrating Biometrics
Issues in Integrating Biometrics
Gordon H. Dechman
President, FingerPrint USA
Although the applicability of biometric technologies and processes to large scale
problems has been widely discussed for a number of years, the actual employment of
biometrics has been generally limited to small-scale trial applications, and the few largescale attempts have been less than overwhelmingly successful. But still, the discussion
of large-scale biometric applications continues to grow, just as the biometric industry
itself.
Aside from basic issues of cost-per-checkpoint and Type-1 / Type-2
performance, a number of complex and inter-related issues are involved in the selection
and successful implementation of biometrics. Although these “Integration Issues” can be
summarized in a very few elements of consideration, the issues themselves can only be
assessed and addressed with respect to the specific, detailed requirements of a
particular application.
In this paper, the elements of specification of system requirements are
summarized, and are discussed as the only meaningful reference point for addressing
the complex issues of integrating biometrics into large-scale applications.
1.0
ELEMENTARY BIOMETRIC CONSIDERATIONS
At top level, the basic considerations in deciding to use biometrics, and in
selecting a particular biometric technology, are an exercise in “needs assessment”
followed by a review and assessment of available technologies.
The needs assessment is essentially a justification of the requirement, based on
anticipated benefits of the use of biometrics in one or more target applications. The
technology assessment is often based simply on the acquisition cost of the biometric
devices, and on compatibility of the biometric process with current operations.
The typical components of a basic consideration of the implementation of a
biometric technology are listed and described in Table 1.
FingerPrint USA
Page 1
Issues in Integrating Biometrics
Table 1
Basic Considerations in Biometric Selection
1.
Statement of Need: The reasons for the requirement for biometric
checks. These are often stated in terms of the problem to be solved
and the “benefits” of a biometric security check:
> Security of Facilities, Property, Information, etc.
> Cost management or allocation.
> Fraud prevention.
2.
Operational (Applications) Considerations: An assessment of
biometrics from an operational perspective, including:
> Requirements for positive identification within the application to
achieve the anticipated benefits.
> Sensitivity of the application to Type-1 and Type-2 Errors
> Operational compatibility of the biometric with current operations.
> User Characteristics and an assessment of user acceptance.
3.
Assessment of Alternative Biometric Technologies / Devices: A
technical and cost assessment of particular technologies, often
based primarily on vendor information, and including:
> Assessment of Identification Performance
> Cost of Acquisition / Cost of Operations
These considerations are not difficult, especially for an operations or security
manager who has an intuitive understanding of the security problems and the benefits of
a biometric system. But before a biometric system can be successfully implemented,
fundamental questions that frame the integration issues must be addressed, including:
What is the compatibility of the biometric devices and processes:
...with the existing information systems infrastructure?
...with applications programs or systems that are in place or are needed?
Which of the required security applications functions are:
...provided in the biometric device package?
...available from the biometric manufacturer at extra cost?
...available from third party developers?
...non-existent and must be developed?
Do the biometric devices and applications packages meet all of the technical and
operational requirements?
Even in fairly simple applications, addressing the integration issues can become quite
complex.
FingerPrint USA
Page 2
Issues in Integrating Biometrics
2.0
SPECIFYING SYSTEM REQUIREMENTS
In order to address the integration issues, it is first necessary to look again at the
requirements for the biometric system, but this time from a technical point of view. The
specification of detailed technical requirements for the system provides a solid
foundation for system implementation, and the more complex the system, the more
critical this step. Table 2 provides a general set of elements that comprise a
specification of technical and operational requirements for a biometric system. The
following section provides a detailed look at each of these key elements of system
requirements.
Table 2
General Elements of Biometric System Specifications
Functional Requirements
> Identification / Identity Verification
> Biometric Data Management
> Transaction Data Management
> Special Applications Functions
Operational Requirements
> Operations Concepts
> Modes of Operation
> Classes of Users
> Availability, Reliability and Maintainability
Technical Requirements
> System Architecture
> Capacity
> Performance
> Compatibility with Existing Systems
> Physical Conditions and Constraints
2.1
Functional Requirements
The Functional Requirements of the system detail the specific functions to be
performed or accomplished by the system. For biometric systems, there are four major
types of functions to be considered.
FingerPrint USA
Page 3
Issues in Integrating Biometrics
2.1.1
Identification Requirements
Biometric systems perform at least two of the three principal identification
functions: Enrollment, Identity Verification, and Identification. It is necessary to specify
the requirements in detail for each of these functions:
For Enrollment functions:
Information elements that comprise an enrollment record:
PIN
Name
Biometric Record
Backup Biometric
Photograph
Position Information
User Class
Access Privileges
Enrollment Mechanisms
On-line Live Enrollment
Off-line Enrollment
For Verification functions:
Responses to Positive Verification
Responses to Denied Access Attempt
Re-tries
Alarms and Signals
Record Information
For Identification functions:
Identification Search Objectives, Situations and Conditions
Responses to Negative Search Result
Responses to Positive Identification
2.1.2
Biometric Data Management
The requirements for managing the biometric record data collected by the
Enrollment process. Elements of these data management requirements include:
Activating and deactivating records
Purging, archiving and restoring records
2.1.3
Transaction Data Management
The requirements for managing the transaction records produced by the
biometric system include:
Transaction Logging
Activity Reports
Data Analysis and Evaluation
Archival Storage
FingerPrint USA
Page 4
Issues in Integrating Biometrics
2.1.4
Special Applications Functions
The functions of the biometric system that are specific to the particular
application being served by the system must be clearly delineated. Examples of these
types of functions include:
User Class-specific Functions
Application Functions (e.g.: Time & Attendance or DBMS Security) and
Linkages
2.2
Operational Requirements
The Operational Requirements of the system detail the concepts for how the
system is to be used, the classes and privileges of users, and the availability required of
the system to support all aspects of the operations.
2.2.1
Operations Concepts
The Operations Concept for a biometric system describes the operational
processes or procedures, the control of the processes and the flow of information
associated with each process. Elements of the Operations Concept include:
The Purpose or objective of each set of operational procedures
Processes and Process Flow
Functional Processes
Data Processing and Analysis
Process Control and Control Flow
Information Flow
Data Sources
Data Additions and Edits
Data Dissemination
Data Storage
2.2.2
Modes of Operation
In addition to the basic Concept of Operations, it is necessary to detail all of the
anticipated modes of operation, and any special Process, Control and Information flows
FingerPrint USA
Page 5
Issues in Integrating Biometrics
peculiar to one or more specific operational modes. Examples of special modes of
operation that could or will involve different processes and procedures include:
Attended & Unattended Operations
Backup and Degraded Modes of Operation.
2.2.3
Classes of Users
The operational requirements must also address the functions and processes of
the system that are user-specific, not only defining the processes that can be performed
by each class of users, but also defining information and control requirements, including:
Access Privileges
Authorization and Management
Reporting Requirements
2.2.4
Availability, Reliability and Maintainability
Finally, the operational requirements for the system must specify the availability,
reliability, and maintainability requirements for the system.
Elements of these
requirements are:
Availability:
The amount of time a system is operational (“up time”) as a
percentage of total time, specified for both central hosts and terminals, and
taking into account both preventive maintenance and remedial maintenance.
Reliability: Usually specified as an expectation value of Mean Time Between
Failures (“MTBF”) of specific units of biometric equipment.
Maintainability: The expectation value for the Mean Time To Repair (“MTTR”) a
specific system component, and the specification of the maintenance
requirements for the system, including:
2.3
o
Preventive Maintenance
o
Remedial Maintenance
o
Spares and Sparing
Technical Requirements
The Technical or “System” Requirements detail the specific capacity,
performance and related technical requirements associated with each of the system
functions and operational procedures. For biometric systems, there are a number of
FingerPrint USA
Page 6
Issues in Integrating Biometrics
technical parameters that make up a system requirements specification. The major
types of parameters are discussed in the following paragraphs.
2.3.1
System Architecture
The System Architecture is the overall specification of the structure of the
system, in terms of computer and network components.
The System Architecture
identifies the locations and functions of the following typical system elements:
Central Hosts
Processing Server
Database Server
Access Control Server (e.g., Web server)
User Access Terminals
Enrollment Terminals
Verification Terminals
Administrative Terminals
Communications Requirements
LAN/WAN Connectivity
Network Security (Firewalls, etc.)
2.3.2
Capacity Requirements
System capacity parameters which must be specified address the information
storage requirements for the system as a whole, and at the system host, network node
and terminal levels. These capacity parameters include:
Content and size of biometric data records
Number of individuals in the system
Transaction record data contents and duration of storage
Anticipated population growth and system expansion requirements
2.3.3
Performance Requirements
Each of the functional processes of the system has an associated set of
Performance requirements. The major specification elements for each of the principal
functions of a biometric system are as follows:
FingerPrint USA
Page 7
Issues in Integrating Biometrics
For Identification functions:
Enrollment time
ID Verification Accuracy and Type-1/Type-2 Error Performance
Identification Accuracy
For Processing functions:
Terminal Peak / Average Loads
Network Peak / Average Loads
Host Peak / Average Loads
2.3.4
Systems Compatibility Requirements
The systems compatibility requirements describe the elements of the existing
information systems infrastructure that must either host or interface with the biometric
system. Elements of the existing systems infrastructure that must be specified include:
2.3.5
Hosts and Terminals
Networks and Communications
Operating Systems
Software
Hosting and Systems Interfaces
Applications Interfaces and Support
Physical Conditions and Constraints
These requirements describe the physical and environmental conditions and
constraints associated with the various system modes of operation. These types of
specifications include:
Size & Weight Limitations
Electrical Power Requirements
Environmental Conditions (Temperature / Relative Humidity / Dust)
o Operating Ranges
o Storage Ranges
Shock & Vibration Specifications in Mobile and Field Applications
3.0
REVISITING THE BIOMETRIC SYSTEM REQUIREMENTS
With the definition of the detailed system specifications in hand, a focused review
of specific biometric technologies and products can be accomplished.
The system
specification process clearly focuses the requirements for each of the principal biometric
functions:
Enrollment Points & Functions
FingerPrint USA
Page 8
Issues in Integrating Biometrics
Verification Points & Functions
Central Management Site & Functions
Network Topology & Transaction Flows
The re-visitation of consideration of the biometric technologies, in the light of
clearly focused functional and performance requirements, can comprehensively address
the question:
“How do the functional and performance characteristics of a particular set of
biometric technologies, devices and applications fit the functional, operational
and technical requirements of the system?”
There are two critical objectives of this process. The first is to identify the
shortfalls in functional capabilities and system incompatibilities between the biometric
device/system and the applications requirements or systems infrastructure. Key
elements of this process include the following considerations:
The Fundamental Consideration is Security:
This is not just how well (how fast and how accurately) the biometric technology
works when it works, but
o Under what conditions does the biometric not perform adequately, and
what can be done about it?
o What are the system vulnerabilities?
Data Considerations:
o
Compatibility and Compliance of the biometric and transaction records
and related functions.
Applications Considerations:
o
Availability of applications functions.
The second objective of the biometric technology review process is to determine
whether or not the capability shortfalls and technical incompatibilities can be overcome.
4.0
INTEGRATION ISSUES
Integration Issues arise because, generally, there is no completely “off-the-shelf”
solution in which a biometric capability will satisfy all aspects of a particular application.
The process of integrating the biometric into a comprehensive systems solution requires
the implementation of interfaces and applications software, and the integration of both
FingerPrint USA
Page 9
Issues in Integrating Biometrics
custom and commercial components into a unique system, which is custom tailored to
satisfy all of the functional, operational and technical requirements of the application.
When a biometric technology has been selected for a particular application, a
thorough assessment of the biometric technology and products must be made as
described in the preceding sections, with respect to the detailed requirements of the
application. This process will identify the requirements for custom development and
integration.
The integration issues, then, are an assessment of how to accomplish the
development and integration of custom capabilities and to integrate the application with
the existing systems infrastructure. Table 3 provides a list of the fundamental integration
issues that must be considered in preparing for a large system implementation.
Table 3
Fundamental Integration Issues
Device Capabilities
API
Computer System Interfacing Capabilities
Built-in Applications
Development Issues
Development Tools
Source Code Availability
Technical OEM / Integrator-Level Documentation
Support Issues
Manufacturer Technical Support
Manufacturer Maintenance Support
Third Party Support
As shown in Table 3, the three primary areas of consideration in addressing the
integration of biometric technologies into large scale applications are consideration of
the capabilities of the biometric devices themselves, the development and integration
tools that are available to support the integration, and the technical support that is
available. The following paragraphs discuss each of these integration issues.
FingerPrint USA
Page 10
Issues in Integrating Biometrics
4.1
Biometric Device Capabilities
Of major importance are the capabilities that are built into the biometric device or
system to support integration. These capabilities include:
Applications Program Interface (API)
Types of software interfaces provided
Capabilities of the software interfaces
Software design tools provided in the API to support custom development
Computer System Interfacing Capabilities
Hardware Interfaces
Drivers
Bus & Operating System Compatibility
Networking
Card Input and Storage Systems
Built-in Applications
Basic Functions (Device-internal and in a software system package)
o Enrollment & Verification
o Enrollment Record Storage / Management
o Transaction Logging
Applications Functions
o User Authorization and Access Privilege Management
o External Device and Process Control
o Advanced Transaction Data Management, Analysis & Reporting
o Network Operations
4.2
Development Issues
Development issues are concerned with the specific tools outside the device or
system that are available to support the development of a custom integration. The
vendor or manufacturer ordinarily has these development tools and detailed integratorlevel documentation, but the tools, documentation, and source code may not be
available at all from the manufacturer. It is essential to determine the availability and
cost of at least detailed integrator-level documentation of the system before committing
to an applications approach requiring custom integration.
4.3
Support Issues
The availability of strong technical and maintenance support from the
manufacturer or vendor is essential to controlling the risk of a complex integration effort.
FingerPrint USA
Page 11
Issues in Integrating Biometrics
The capabilities, willingness and performance record of the manufacturer/vendor should
be carefully assessed during the product/technology evaluation process.
This
assessment can only partially be made through discussions with the sales
representatives.
For large programs, discussions with company management are
recommended.
In addition, identification of other integrators who are experienced in the
integration of the selected biometric can provide an independent insight into product and
manufacturer capabilities. An experienced integrator may also provide a source of thirdparty technical support to the application development effort.
5.0
SUMMARY
In order to succeed in the implementation of a large scale biometric application, it
is essential to thoroughly assess the candidate biometric technologies with respect to
the key Integration Issues of product capabilities, development tools, and the availability
of technical support.
The detailed specification of the functional, operational and
technical requirements is the only basis from which such an assessment can be made.
Without the up-front assessment of integration issues, there is no effective way to
manage the development risks.
About the Author
Gordon Dechman is President and Chief Engineer of FingerPrint USA, a small business
with expertise in current identification technologies and applications. He has over thirty years
experience in computer systems applications engineering and integration, and has worked
specifically in the application of biometrics for more than the past fifteen years. FingerPrint USA
provides Systems Engineering and Integration services in support of the analysis, definition and
development of information technology systems and applications, and is experienced in a broad
range of biometric technologies and applications areas.
FingerPrint USA
Page 12