Chapter Ten. Usable Biometrics

Lynne Coventry

BIOMETRICS OFFER A TECHNOLOGICAL SOLUTION TO THE AUTHENTICATION OF INDIVIDUALS. Biometrics confirm that the actual person, rather than merely his or her token or identifier, is present. Thus, biometrics may reduce the effort of a person's trying to identify himself and in doing so potentially reduce the chances of authentication fraud.

The term biometrics is derived from the Greek bio (life) and metric (measure). Biometrics, as a means of identification, can be traced back to both ancient Egypt^[1] and China. Pioneering work on modern biometrics technologies dates back to the late 1960s, when researchers began looking at voice patterns, fingerprints, and hand geometry as a means for establishing unique individual identity. By the mid-1980s, the biometrics industry was established and the first systems went live in controlled environments. In recent years, with the heightened security concerns gripping much of the world and the rising amount of fraud in the commercial sector, biometrics technologies have received a great deal of attention. However, the application of biometrics spans all industries.

^[1] B. Miller, "Vital Signs of Identification," IEEE Spectrum (Feb. 1999), 422430.

To date, the growth of biometrics technologies has been driven by a mainly system-centered approach, dealing with the problems of unique digital identifier extraction, template handling, and recognition algorithms. With very few exceptions,^{[2], [3], [4]} the usability community has not been involved in the design or evaluation of biometrics, and the traditionally quoted biometrics performance measures are no guarantee of real-world performance. The success of the biometrics approach is strongly influenced by user factors including the size and range of the user population. To facilitate successful biometrics implementations, more research is required into these user factors.

^[2] L. Coventry and G. Johnson, "More Than Meets the Eye! Usability and Iris Verification at the ATM Interface," in S. Brewster et al. (eds.), Proceedings of the IFIP TC 13 International Conference on Human Computer Interaction, (Edinburgh, 1999).

^[3] F. Deane, K. Barrelle, R. Henderson, and D. Mahar, "Perceived Acceptability of Biometric Security Systems," Computers and Security 14 (1995), 225231.

^[4] F. P. Deane, R. D. Henderson, D. P. Mahar, and A. J. Saliba, "Theoretical Examination of the Effects of Anxiety and Electronic Performance Monitoring on Biometric Security Systems," Interacting with Computers 7 (1995), 395411.

After a brief introduction to biometrics and their uses, this chapter investigates the user factors that will ultimately impact the successful implementation of biometrics security. We primarily focus these ideas within the context of self-service applications such as Automated Teller Machines (ATMs), to highlight the technical and user factors to consider when implementing a biometrics solution. Some technical issues of biometrics are outside the scope of this chapter; these include the handling of templates and images, integration issues, and standards.^{[5], [6], [7], [8]}

^[5] F. L. Podio et al., "A Biometric Application Programming Interface Industry StandardBenefits for the Users and the Enterprise," Proceedings of CTST 2000;http://www.ctst.com.

^[6] Biometric Application Programming Interface (BioAPI) Specification, Version 1.0, March 1.

^[7] ANSI X9.84, Biometric Information Management and Security (2000); http://www.x9.org.

^[8] F. L. Podio et al., "NISTIR 6529 Common Biometric Exchange File Format" (cited Jan. 3, 2001); http://www.nist.gov/cbeff.