Biometric Identification Abstract Accurate and automatic identification and authentication of users is a fundamental problem in network environments. Shared secrets such as PIN or passwords and key devices like smart cards just are not enough in some cases. What is needed is something that could verify that you are physically the person you claim to be - biometrics. Biometric identification technologies have been associated generally with very costly top secure applications. Today the core technologies have evolved and the cost of the equipment is going down dramatically due to the integration and increasing processing power. Certain applications of biometric identification technology are now costeffective, reliable and highly accurate. As a result, there is no technological or financial barriers for stepping from the pilot projects to widespread deployment. This paper introduces the biometric technologies and the problematic incorporated.
Table of Contents 1. Introduction 1.1 History 1.2 Definitions
1. Introduction Before we go any further let us define exactly what we mean when we talk about biometric technologies. The term 'biometrics' refers strictly speaking to a science involving the statistical analysis of biological characteristics. Here biometrics is used in a context of making analysis of human characteristics for security purposes. The distinction can be clarified with following definition: "A biometric is a unique, measurable characteristic or trait of a human being for automatically recognizing or verifying identity." This measurable characteristic, Biometric, can be physical, such as eye, face, finger image, hand and voice or behavioral, like signature and typing rhythm. Biometric system must be able to recognize or verify it quickly and automatically. It is often said that with biometric products you are able to reach the highest level of security. To help illustrate this point, a much-quoted definition is used by the biometrics industry. Three levels of security are:
The lowest level of security is defined as something you have in your possession, such as an ID badge with a photograph on it.
The second level of security is something that you know; such as a password used with computer login or PIN code to use your bank account card on ATM. 3
The highest level of security is something what you are and something that you do. This is essentially what biometric technology is all about. It is clear that people see exciting potential in this technology. One has to keep in mind that biometric technologies are
not even at their best the sole key to security problems. Only with proper system design and smart use of strong cryptography biometric identification systems can claim their big promises. On worst scenarios possibilities of whole new kind of fraud is also possible. This is due to the fact that biometric information of large amount of individuals stored on central databases is always a risk to our privacy.
1.1 Definitions Biometrics can be used for identification and verification of different things about human beings. Identification a.k.a recognition is one-to-many comparing process of a biometric sample or a code derived from it against all of the known biometric reference templates on file. If the acquired sample matches a template stored within error marginal the identity of the enrollee is also matched to that of the previously stored reference. The stored identity information really should not reveal the
physical identity of the owner of the biometric, but instead a role, which authorizes the use of service or access. Verification is process of comparing a submitted biometric sample against single biometric reference of a single enrollee whose identity or role is being claimed. The reference template doesn't have to reside in large database but can be carried with oneself within a smart card or other security device. If the verification process is well designed the biometric information is not revealed to the system, only the result: match or non-match is confirmed. All biometric identification or authentication technologies operate using the following four stage procedure:
Capture - A physical or behavioral sample is captured by the system during enrolment and also in identification or verification process.
Extraction - Unique data is extracted from the sample and a template is created.
Comparison - The template is then compared with a new sample.
Match/Non Match - The system then decides if the features extracted from the new sample are a match or a non match.
When comparing different biometrics the probabilities of false rejection (FRR) of true owner of biometric and false acceptance of 5
fraudulent user (FAR) are used to measure the accuracy and performance of biometric technology. Physical Biometric devices have 3 primary components:
An automated mechanism that scans & captures a digital or analog image of a living personal characteristic.
Another entity handles compression, processing, storage, and comparison of the captured data with the stored data.
The third interfaces with application systems. On biometric systems there are various template storage options. The
biometric template can reside in
Biometric device. This is usually the case on small, closed systems.
Database on central computer.
Plastic card or token (barcode, stripe, optical, pcmcia, smart card)
1.2 History The human beings themselves recognize each other by familiar characteristics of the face and voice, this inbuilt system is very sophisticated. The human beings have noticed the need for verifiable measurements to assure that the human sensors are not cheated. Biometrics as the word we
have defined here have existed for centuries in a very simple and non sophisticated way; at the time of pharaohs height measurement was used, study of finger images dates back to ancient China. Also signatures have been an established authentication method throughout the recent history. Automatic
Biometric technology was
controlling access in some top secret applications. In the late 1960’s famous device called "Identimat” was introduced. It was a machine that measured finger length and shape of the hand and was installed in a time-keeping system at Shearson Hamill, a Wall Street investment firm. It was retired as late as 1987! FBI began automatically check finger images at late 1960s and began larger scale use of automatic finger scanning systems in 70s. Today Automated Fingerprint Identification Systems (AFIS) are used by law enforcement throughout the world. Other technologies are younger and more complex. The uniqueness of human eye, especially on patterns of retina and iris, was used first time in the mid 1980s on a biometric system. Face recognition and dynamic signature verification are even newer issues. Today the emphasis has moved from the basic research towards commercialization and usability. The human factor and user interface aspects has to be taken count of, otherwise the public will choose the old, conventional way to do things.
2.Basic Architecture of Biometric Identification
To understand better biometric identification then we have to concentrate on the basic architecture of biometric model. A generic biometric model consists of five subsystems, namely
a) Data collection and transmission Data collection involves use of sensors to detect
physiological or behavioural
characteristics. The measured biometric must be unique and repeatable over multiple measurements. The data collection subsystem most directly impact 8
user .Sensor specification determines the intrusiveness of the system. Intrusiveness is the degree to which the user feels that the measurement process violates his personal space, and is often correlated to how close the user has to be near the sensor. For instance, a retinal scan, which requires close proximity to the camera, is considered far more intrusive than a voice recognition system.
b). Signal processing The signal processing subunit uses feature extraction algorithms to extract true biometric information from the sample in the presence of noise introduced during data collection and transmission. Additional measurements are made if any flaw or corruption is noted, to ensure good quality. Pattern matching involves comparing the feature sample to a stored sample. (Biometric data can be stored locally on the biometric device, some central database/server, on a smart card issued to user.) The result of comparison is sent to the decision system to determine the match.
c) Decision making and data storage The decision subsystem uses statistical method to confirm authentication if
the variance between the sample and template data is within a certain threshold.
3. Biometrics Biometric systems come in many shapes and sizes. This can range from distinct hardware, software to complete systems. All biometric systems have the principles of capture, extraction and comparison and matching in common. Different biometrics, measures or traits of human body focus on very different features. Only thing common among them is that they are considered unique.
3.1 Eye Biometrics which analysis the eye are generally thought to offer the highest levels of accuracy. They can be divided in two specific technologies: examination of iris and retina patterns. As internal parts of human eye are very well protected the sight being the most important sensor, the biometric data is also safe and immune to degradation in normal life on the contrary to more external parts like fingertips. In medical science examination of the eye is used as one indication that could reveal the certain illnesses and for example the user excessive usage of drugs and alcohol. This is information the user does not necessarily want to reveal to the operator of the scanning 10
device. According to the equipment manufacturers, they concentrate into extracting the unique pattern from the eye, and not any other information, thus ensuring the privacy of user.
3.1.1 Iris The iris is the only internal organ normally visible from outside the body. The main feature of iris is that it is protected internal organ of the eye, behind the cornea and the aqueous humour. Visually examined iris is the colored ring of textured tissue that surrounds the pupil of the eye as shown.
Each iris is a unique structure, featuring a complex system which is stable and unchanging throughout life and is not very susceptible to wear and injury. Indeed, an individual’s right and left iris patterns are completely different.
Iris scanning takes advantage of random variations in the visible features the iris, the colored part of the eye. The iris consists largely of a system of muscle that expand and contract the pupil in response to changing lighting conditions. After taking a picture of the eye, the system samples the radial and angular variations of each individual iris to form an Iris Code, a digital file that serves as a reference in database. A person using the system simply looks into a camera. The computer program then locates the iris. Next, the system locates the iris' outer and inner edges.
Sample of Iris to form Iris Code
The monochrome camera uses both visible and infrared (700-900nm) light. The program maps segments of the iris into hundreds of vectors. Then 12
analyze the information density of iris patterns roughly at the rate of 3.4 bits per square millimetre. Position, orientation and spatial frequency provide the basis for calculation of the Iris Code. The system also manages to take into account normal changes in the eye. For example, the system compensates for papillary expansion and contraction. It can also detect reflections from the cornea. There are two types of iris recognition systems: automatic capture and manual capture. In the manual system, the user must adjust the camera forward or backward a few inches in order to bring the iris into focus. Further the user must be within 6 – 12 inches of the camera. This requires substantial supervision and instruction.
Manual Iris Scan security system
The automatic capture system incorporates a set of cameras to automatically locate the users face and eye, therefore removing the need to manually focus the camera. This system is substantially easier to use.
3.1.2. Retina The retina is the layer of blood vessels situated at the back of the eye. As 13
with iris, the retina forms a unique pattern and begins to decay quickly after death. Retina biometrics often thought, along with the iris scanning, to be the most accurate of all the biometrics. The technique used to capture data from the retina is often thought to be the most inconvenient for end users. A user must position the eye approximately three inches from an eyepiece, stabilize head movement and focus on a green dot. After this has been performed the system uses a beam of light to capture the unique characteristics in the area known as fovea, situated in the center of retina. Because of the high accuracy, the retina biometrics are usually found in the high security applications where preventing false acceptance is extremely important. Partly this is achieved by setting high threshold for accepting the scanned biometric.
3.2 Face Face recognition technologies analyze the unique shape, pattern and positioning of facial features. The face is natural biometric because it is a key component in the way we humans remember and recognize each other. Face recognition is very complex technology and largely software based. Artificial intelligence is used to simulate human interpretation of faces. The problem with human face is that people do change over time; wrinkles,
beard, glasses and position of the head can affect the performance considerably. To increase the accuracy and adapt to these changes some kind of machine learning has to be implemented. There are essentially two methods of capture: using video or thermal imaging. Video is more common as standard video cameras can be used. The precise position and angle of the head and surrounding lightning conditions may affect the system's performance.
The complete facial image is usually captured and a number of points on the face can then be mapped, position of the eyes, mouth and nostrils as examples. More advanced technologies make three-dimensional map of the face which multiplies the possible measurements that can be made. Thermal imaging has better accuracy as it uses facial temperature
variations caused by vein structure as the distinguishing trait. As the heat pattern is emitted from the face itself without source of external radiation these systems can capture images despite the lighting conditions, even in the dark. The drawback is cost, thermal cameras are significantly more expensive than standard video. One-to-one verification is mainly used with this method. Certain new systems have announced the possibility to one-tomany identification, even real time from live video feed.
3.3 Fingerprint scanning Fingerprint scanning is one of the most commercially successful biometric technologies used for the identification these days in the world. Systematic classification of fingerprints scanning started in the 1800's and is developed further through extensive use in forensic societies. The technology has got fairly positive user response in the enrolled pilot projects, while drawbacks and disappointments have occurred through the years. Taking ones fingerprints is often associated in the way criminals are treated. The main points for which fingerprints are generally used for scanning are as
Positive identification and tighter security than existing token systems (e.g., proximity cards, magnetic keys, swipe cards, passwords) that can easily be lost, borrowed, stolen, or hacked
Convenience and ease-of-use due to no more hassles with lost or stolen keys, swipe cards, or badges
Significant cost advantages over older, traditional access solutions Traditional finger scanning technique is analysis of small
unique marks of the finger image known as minutiae. Minutiae points such as finger image ridge endings or bifurcations, branches made by ridges. The relative position of minutiae is used for comparison, and according to empirical studies, two individuals will not have eight or more common 17
minutiae. Because no fingers have identical prints, even from the same person or identical twins. Fingerprint matching techniques can be placed into two categories:
a) Minutae based Minutiae-based techniques first find minutiae points and then map their relative placement on the finger. However, there are some difficulties when using this approach. It is difficult to extract the minutiae points accurately when the fingerprint is of low quality. Also this method does not take into account the global pattern of ridges and furrows.
Digitized fingerprint image with the minutiae points extracted. b) correlation based
The correlation-based method is able to overcome some of the difficulties of the minutiae-based approach. However, it has 18
some of its own shortcomings. Correlation-based techniques require the precise location of a registration point and are affected by image translation and rotation.
Correlation method for detection of registration point Finger
environmental disturbance. As the image is captured when the finger is touching the scanner device it is possible that dirt, condition of the skin, the pressure and alignment of the finger all affect the quality of fingerprint. This has appeared to be a problem with the introduction of the system; users had to wipe and clean their fingers each time before scanning their finger if they did not want to be falsely rejected. To minimize the degradation caused by erroneous user interaction usability and ergonomics have to be taken special
care of. When capturing the fingerprint image directly from the fingertip, a.k.a "live-scan", four main techniques are available:
Optical image capture typically involves a light source which is refracted trough a prism. Users place a finger on a glass surface known as platen. Light shines on the parts of the fingertip touching the glass and the formed image is captured.
Tactile or thermal techniques use sophisticated silicon chip sensitive to pressure or heat to capture the finger image. Thermal image maps also heat patterns detail that is below the surface adding the accuracy rejecting artificial finger mock-ups.
Capacitance silicon sensors measure electrical charges and give an electrical signal from the areas where the finger ridges are touching the sensor surface. No signal is generated by the valleys.
Ultrasound image capture.
Finger scanning is suitable to both one-to-one verification and one-to-many identification schemes. When talking about identification usually we're concerned about the AFIS systems predominantly used by law enforcement organizations around the world. It is developed for rapid and automatic comparison of single finger images with a large database of known images.
In addition of live-scans, images collected from criminal suspects and crime scenes, known as latent can be added to the database. As the system has been in use for some time now databases have grown very large. For example FBI database contains approximately 70 million fingerprints. More developed algorithms are prepared which are more robust to noise in fingerprint images and deliver increased accuracy in real-time. A commercial fingerprint-based authentication system requires a very low False Reject Rate (FAR) for a given False Accept Rate (FAR). This is very difficult to achieve with any one technique. We are investigating methods to pool evidence from various matching techniques to increase the overall accuracy of the system. In a real application, the sensor, the acquisition system and the variation in performance of the system over time is very critical. We are also testing our system on a limited number of users to evaluate the system performance over a period of time.
3.4 Hand geometry When measuring hand geometry biometrics, three-dimensional image of the hand is taken and the shape and length of fingers and knuckles are measured. Hand geometry has been in use for many years in various applications, predominantly for access control. The technology does not 21
achieve the highest levels of accuracy but it is convenient and fast to use. On the capture process a user places a hand on the reader, aligning fingers with specially positioned guides. Cameras, positioned on above and on the side of hand capture images from which measurements are taken at selected points. As the hand geometry is not found to be as unique as for example fingerprints or eye scans it cannot be used as accurate identification. Because of its user-friendliness it is well suited to user id verification.
Hand with biometric measurement visualized Image
3.5 Finger geometry Finger geometry biometric is very closely related to hand geometry. The 22
use of just one or two fingers means more robustness, smaller devices and even higher throughput. Two variations of capture processes are used, first being similar to hand geometry presented above. The second technique requires the user to insert a finger into a tunnel so that three-dimensional measurements of the finger can be made.
3.6 Palm scanning Palm biometrics is close to finger scanning and in particular AFIS technology. Ridges, valleys and other minutiae data are found on the palm as with finger images. Main interest in palm biometrics industry is law enforcement as latent images - "palmprints" - found from the crime scenes are equally useful as latent fingerprints. Certain vendors are also looking at the access control market and hope to follow the footsteps of finger scanning.
3.7 Signature Signature is one of the most accepted methods of asserting ones identity. As we normally use it the signature is scrutinized as a static trace of pen on the paper. In digitized form the static geometry of signature is not enough to ensure the uniqueness of its author.
Signature biometrics often referred to dynamic signature verification (DSV) and look at the way we sign our names. The dynamic nature differentiates it from the study of static signatures on paper. Within DSV a number of characteristics can be extracted from the physical signing process. Examples of these behavioral characteristics are the angle of the pen is held, the time taken to sign, velocity and acceleration of the tip of the pen, number of times the pen is lifted from the paper. Despite the fact that the way we sign is mostly learnt during the years it is very hard to forge and replicate. Signature data can be captured via a special sensitive tablet or pen, or both. On some simpler cases equipment found rather cheap from normal computer stores can be used. A variation on these techniques has been developed and is known as acoustic emission. This measures the sound that a pen makes against paper. Because of the behavioral nature of signature, more than one signature enroll is needed so that the system can build a profile of the signing characteristic.
3.8 Voice scanning Voice biometrics examines particularly the sound of the voice. Therefore it has to be distinguished as a technology from the also very much researched field of speech recognition. On the following these few 24
closely related but different terms are explained. Speech recognition can be defined as a system that recognizes words and phrases that are spoken. Voice identification has been derived from the basic principles of speech recognition.
Speaker recognition focuses on recognizing the speaker, and is accomplished either by speaker verification or speaker identification.
Speaker verification is a means of accepting or rejecting the claimed identity of a speaker.
Speaker identification is the process of determining which speaker is present based solely on the speaker's utterance. The speaker identification application evaluates the input with models stored in a database to determine the speaker's identity.
The sound of a human voice is caused by resonance in the vocal tract. The length of the vocal tract, the shape of the mouth and nasal cavities are all important. Sound is measured, as affected by these specific characteristics. The technique of measuring the voice may use either text dependent or text independent. On the former speech templates are made from a number of words or phrases which are trained in the system. On the latter the voice is analyzed as syllable, phoneme, triphone or more fine-grained part at a time
so on the recognition phase speaker doesn't have to use specific words. On most sophisticated systems the factors analyzed are dependent only on unique physical characteristics of the vocal tract so if you catch a cold or use different tones of speech is not affect the performance of the system. Evident threat to poorly designed speaker recognition/verification system is replay attack especially when text dependent methods are used. The only way to get completely around of it is to combine voice recognition to other biometric methods. The text independent method gives much more freedom in the voice analyzing interaction, the scene is then more alike a challenge-response pair. In applications, such as phone banking and other man-machine interaction which is voice controlled the voice could be constantly monitored and verified to be authorized.
4. Future biometrics A system that analyses the chemical make-up of body odor is currently in development. In this system sensors are capable of capturing body odor from non-intrusive parts of the body such as the back of the hand. Each unique
human smell consists of different amount of volatiles. These are extracted by the system and converted into a biometric template.
a) DNA SCANNING All testing and fastest possible analysis of the human DNA takes at least 10 minutes to complete and it needs human assistance. Thus, it cannot be considered as biometric technology in its sense of being fast and automatic. Additionally current DNA capture mechanisms, taking a blood sample or a test swab inside of the mouth, are extremely intrusive compared to other biometric systems. Apart from these problems DNA, as a concept, has a lot of potential.
b) EAR SHAPE Ear shape biometrics research is based on law enforcement needs to collect ear markings and shape information from crime scenes. It has some potential in some access control applications in similar use as hand geometry. There are not excessive research activities going on with the subject.
c) KEYSTROKE DYNAMIC SCANNING Keystroke dynamics is a strongly behavioral, learnt biometric. As being behavioral, it evolves significantly as the user gets older. One of the many problems includes that highly sophisticated measuring software and statistical calculations have to be made real time if the user actions should be constantly verified. Standard keyboard could be used in simplest cases.
d) VEINCHECK Veincheck is a technique where infrared camera is used to extract vein pattern from the back of the hand. The pattern is very unique and the capture method is user friendly and non-intrusive as hand geometry check. Maybe combining them could result very accurate and easy-to-use biometric. The body of human being has indefinite number of details which could be used for biometric measurement. The habit to use clothes renders major of those unresearched details out of sight from non-intrusive measurement devices. Despite the most of the visible and audible traits of man have been already mapped out the race of finding new biometrics still goes on. As an example, there is even talk of a device that could measure the frequency emitted from the vibration of a person's major organs. 28
5. Comparison chart With the following chart the features of major biometrics can be compared side to side. Eye/Iris Level accuracy
of Very High
Ease of use
Verification/ both Identification
lightning, aging, glasses, facial hair
Dry, dirty or Diseases such damaged as artiris or finger rheumatism images
Illiteracy, constantly changing or "easy" signatures
Backgroun d noise; colds and other factors
Law Manufacturin industrial enforcement g/ , corporate shop floors
6. Integration 6.1 APIs To make interoperability possible between the access control or other application software and the biometric scanning hardware devices standardization and application programming interfaces (APIs) are needed. Beneath the API layer is hardware dependent driver software which is
supplied from the hardware manufacturer. Due to the nature of and rather young age of the technology most of the system providers use proprietary interfaces to their hardware. The following interfaces are available or are confirmed to be under development:
BAPI Working Deigned primarily for fingerprint scanners. Group - BWG (many Claimed to fit also to other technologies. companies)
Bio API Consortium Multilevel, object oriented approach. In (many companies) rather early stage.
Research project to define a generic API to various biometric technologies. The spec. and reference implementation will be made available for free.
Voice API SVAPI SRAPI
/ SVAPI committee Targeted to only speaker verification and / (many companies) identification systems.
6.2 Privacy Biometric templates of people provide a reference from one human being unique to just one identity. This can be too tempting target to link different personal data to if stored on a central database. Solutions with central databases are reasoned for better service. For example replacement of smart card which has biometric information inside is time consuming and inconvenient if the biometric data cannot be recovered from anywhere else
than the users body itself. In the privacy point of view storing templates on central databases, even in encrypted form, is always a possible threat. The biometric information is not needed there, in most cases unique but anonymous identifiers could be stored instead. These identifiers would then be referred to when the person initiates authorization sequence, authenticity is then validated by cryptographic challenge-response sequence with the smart card holding the secret key. The problematics with the key management with the biometric methods stays the same as in any other distributed authorization scheme. One possible improvement to this could be technique called biometric encryption. In that concept the biometric scan itself could be converted to unique key that could be used in encryption or hash algorithms or to anonymize the user information. One problem is that the nature of encryption algorithms are far from fuzzy computation that would be needed when using biometric scans, the scan is identical to another scan of the same trait only in probabilistic relation, they are never exactly the same. If not secured by methods of strong cryptography the communication with the external scanner and for example a PC could be vulnerable to replay attack. The best way could be that the biometric data is not transferred externally in any case. This could be possible with smart cards with finger scanning 31
device incorporated. It is possible as a technique today but the cost limits its use on larger scale right away. The SPKI schemes and standards like X.509 will definitely incorporate the means and terms of storing the biometric data in the same hierarchy of trust as the public and secret keys.
7. Applications These days biometric is playing an important role in many application which are listed below
7.1INTERNET SECURITY Litronix, USA, a leading provider of public key infrastructure (PKI)-based Internet security solution, has developed biometric identification techniques for use in electronic data applications such as digital networks and smart cards. Apart from Iris, Voice and handwritten signature recognition can be used for authentication purpose when digitally signing a document or obtaining access to secure webpages. The smart card, integrating voice and handwritten functions, incorporates the appropriate biometric template to deliver the final match and authorization.
There is planning to incorporate capture, manipulation, enrollment, and extraction features in the smart card reader also.
7.2 CYBER SECURITY Cyber security has been built- in signature security management features of Adobe Acrobat software. This software enables the handwritten signature to be included as an electronic signature in any Acrobat portable document format (PDF) file on the web. Anyone can online use his handwritten signature to authorise and sign electronic Acrobat documents. Costs involved in businesses are reduced, as signed document and forms are available online, and productivity and security are increased when vendors and suppliers can quickly access sighed, secure and trusted electronic documents.
7.3 BIOMETRIC SMART CARD Polaroid and Atmel have developed secure identity cards that merge ultra-secure smart card, Finger print verification, Biometric imaging. These cards will be used in e-commerce, online, remote access, and any IT environment where authentication is required.
The information stored in the card is protected by circuits inside the card that perform encryption/decryption of the data in the card. The tiny smart card circuits in these ID cards are actually integrated circuits, called smart card ICs, supplied by Atmel’s smart card ICs can perform critical encryption/decryption functions within the card and are able to securely identify the person or system reading the card. The cards, known as ATSSSC1608 smart card ICs, provide 17408 bits of serial EEPROM memory organized into nine zones, of which there are eight user zones and one configuration zone. These provide secure identification without the need for a microprocessor. The chip include 64-bit authentication, eight sets of passwords, and authentication and passwords counters.
7.4 BIOMETRIC CELLULARS Fujistu microelectronics has developed an innovative fingerprint identification system that combines sweep sensor technology with advanced algorithms to provide a powerful, dependable, easy-to-use authentication for PDAs, cell phones, and other mobile devices. The sensor measure just 1.28x0.20cm and is powered by sophisticated algorithms that generate unique minutiae templates that correspond to specific fingerprint features. A 34
single fingerprint sweep across the sensor capture fingerprint feature to rapidly authenticate user of cell phones and PDAs.
8. Conclusions Authorizing the user with secret PIN and physical token is not enough for applications where the importance of user being really the one certified is emphasized. If biometric technologies are not used we accept the possibility that the token and secrecy of PIN can be compromised. On applications like bank account cards the companies count the money lost because of fraud and value the risk with the bottom line. When new uses like electronic id-cards which are validated with automation emerge the possible harm done to a individual cannot be paid back to account, it must be prevented. Biometrics itself is not solution to this problem. It just provides means to treat the possible user candidates uniquely. When doing so biometric system handles the unique data scanned from the user. Secrecy of this information has to be ensured by strong cryptographic methods. The best case could still be that the biometric templates would never leave the scanner device, with or without encryption. The result should only be granting the scanning device, which could be special smart card carried by user itself, to complete the challenge-response sequence needed. In that case your fingerprint may be the password, but the problematics with management of public and secret cryptographic keys stays the same.