4.2 Data for identification
I have already mentioned signatures, photographs and fingerprints as examples of the kinds of data that have been used for authenticating a person's identity. Many other types of data have been used or suggested. DNA is widely used, but mostly in criminal investigations. Iris recognition, which relies on distinctive patterns in the coloured part of the eye, is another technique. Figure 4 shows a collage of iris patterns.
Whatever type of personal data is used, it needs to be unique for each individual. The fingerprinting system depends on everyone having different fingerprints. Facial recognition depends on no two faces being the same. Iris patterns appear to be unique to each individual. In fact, the patterns in the left and right eyes of the same individual are different, and identical twins have different iris patterns.
Activity 15 (exploratory)
What advantages for identification does biometric data have over non-biometric data such as names and addresses, passwords, etc?
Two advantages occur to me. The first is that everyone's biometric data is (or is believed to be) unique, whereas non-biometric data sometimes cannot be guaranteed to be unique. The second is that biometric data should be harder to steal than non-biometric data.
For many decades the only biometric data that was routinely used to authenticate someone's identity was photographic data. For instance, passports and membership cards have traditionally had photographs. However, the development of IT has opened up possibilities for using other kinds of data. With biometric data in a digital form, comparison of data becomes a mathematical operation that can be computerised, rather than requiring human checking. I can illustrate this with a highly simplified example.
Suppose a piece of biometric data consists of a person's numerical scores on three different criteria (maybe eye separation, eye size and eye colour). One person's data might consist of the binary equivalent of the three numbers 24, 7 and 125, where each number represents the value of a different physical property. Another person's data might be 26, 6 and 122. Each number in the second set of data is close to the corresponding number in the first set. A computer could calculate how close this second set of data was to the first by comparing each of the three numbers in turn. A preset threshold can be applied such that if the two sets of data are closer than the threshold they are judged to be a match. If they are not closer than the threshold, they are not a match. Note that although the comparison can be computerised, the threshold itself is set by a human.
Biometric data is not immune from theft or forgery. There are cases of people making a cast of someone else's finger and using it to gain access to systems that use fingerprint recognition (Bowcott, 2004). A disadvantage of biometric data is the difficulty of restoring security once it has been breached. For instance, if a user's fingerprint has been copied, a replacement fingerprint cannot be offered, whereas a replacement password can easily be issued.