Biometric Authentication Methods and How They Work

In the past, we have talked at length about fingerprint matching, facial recognition, Iris scans and other biometric technologies with their advantages and applications. In this article we take a step back and talk about how these different biometric authentication methods are categorized, the matching logic and technology involved and suitable applications for each.

Biometric Authentication Process
Biometric Authentication Process

Biometric Authentication Process

Biometric authentication methods can be broadly classified based on the physical, psychological or behavioral human aspect that is used for identification. Thus we have two main categories of biometric authentication methods

  1. Physiological authentication: These methods rely on physical human attributes which may be touched and seen even with the naked eye. They match details of physical attributes like shape, size, geometry, color etc. They can only be used when the authentication is done in-person, that is when the person is physically present at the place where authentication is required. The process usually involves two steps.
  2. Enrollment: This is the initial step when a person registers for a service which requires biometric authentication. In this step the detailed biometric data related to the physiological factor is extracted, processed and stored as a template to be used in the future.
  3. Matching: This happens every time the person needs to be authenticated. In this a live template is extracted, processed and matched against the stored template.
  4. Behavioral authentication: These methods rely on attributes or micro-habits which cannot be seen or touched but rather observed, noticed and perceived. Recognizing and identifying unique aspects of a person’s behavior requires systems with superior intelligence that have been trained over a period of time to study, understand and analyse these aspects. Behavioural authentication methods may be used when the person is not available in person but interacting with the system via a phone, desktop/mobile app, kiosk etc. 

Unlike physiological authentication, there may not be a defined enrollment phase in these methods. Data used for authentication may be gathered behind the scenes as part of the AI training or learning phase and then used whenever the person interacts with the system. The accuracy of behavioral biometrics for every individual would ideally increase with repeated use as the system learns more about the person.   

Authentication Methods 

With this background we now look at the different physiological and behavioral authentication methods used today with the unique attribute used in each case as the trusted credential for authentication.

Physiological Authentication Methods

  1. Fingerprint Scan: Probably the most popular biometric authentication method in use today, this relies on the unique pattern formed by raised areas called ridges, branches and bifurcations that are present on the top of every human finger. Finger print authentication can be commonly seen at immigration counters, office attendance systems, and on smart phones and laptops for access management.
  2. Face Recognition: Face recognition can be commonly seen on smart phones today replacing passcodes to login to the phone. Face recognition creates a geometrical map of the persons facial features and uses it for authenticating the person. Face recognition may be also used by CCTV surveillance systems.
  3. Iris Scan: Iris is the ring-shaped region around the pupil of our eyes. This region is multi-coloured with the colours forming an unique pattern. A high-resolution digital camera is used to capture the image of the iris at a close distance both at the enrolment and matching phases. Iris scans are also used at immigration counters as well as in government buildings for access to specific facilities.
  4. Retina Scan: Similar to the iris, the retina is also a part of the eyes. The blood vessels in the retina form a unique pattern that is used for authentication.

Behavioral Authentication Methods

  1. Voice Recognition: Voice recognition uses a unique pattern of a person’s vocal characteristics also known as a voiceprint to identify the person. This is mostly used in call centre or in IVR applications to verify the identity of the user who is calling.
  2. Engagement Pattern: This relates to how a person engages with the system and could include location from which the system is being accessed, frequency of use and devices used for access. Engagement patterns may be effectively used to filter humans from bots.
  3. Keystrokes Dynamics: Keystrokes depend on the typing pattern of the person when using a keyboard. Factors that create the typing pattern include overall speed, intervals between keystrokes, pressure applied on individual keys etc. Keystroke dynamics may be used to verify the identity of users interacting with chatbots. 
  4. Navigation Patterns: Similar to keystroke dynamics, mouse and finger movements also form a unique pattern and may be used as an authentication mechanism.

(This guest post is written by David Smith.)

Leave a Reply