Table of Contents
What is the biometric recognition and what does biometrics mean?
In the era of mobile connectivity, IoT (Internet of Things) and cloud computing, traditional log-in methods based on user ID and password to authenticate digital identity are not enough. To face the new cyber threats, companies rely on biometric recognition to increase the security of network connected systems and protect data.
What is biometric identification?
Known as AIDC – Automatic Identification and Capture, the biometric recognition system is a particular type of computer system that identifies a person on the basis of one or more physiological and / or behavioral characteristics thanks to algorithms and acquisition sensors. These characteristics are compared with previously acquired data, and stored in the database.
Physiological and behavioral characteristics fall within the realm of biometrics. This word derives from the Greek bìos, meaning “life”, and métron, which means “count” or “measure”. Biometrics, according to the Italian Encyclopedia Treccani, is the “discipline that studies biophysical quantities to identify their operating mechanisms, measure their value and induce a desired behavior in specific technological systems”.
Authentication by biometric recognition is common in information technology as a form of identification and access control to information, to electronic or mechanical devices with key function, to control access to places and to recognize individuals under surveillance.
The first identification method based on biometric data for bulls from the Paris prison by the criminologist Alphonse Bertillon, son of the statistician Louis Bertillon and brother of the demographer and statistician Jacques. In 1870 Bertillon was appointed service photographer at the prefecture of Paris and began to record all the physical characteristics of the detainees, creating the first forensic and criminal identification laboratory.
Thus was born judicial anthropometry, known at the time as the “Bertillon system”. It was an identification system that spread rapidly throughout Europe and consisted in the detection of physical measurements of an individual’s body (skull, length of limbs, length of fingers and toes, length of the nose, ear characteristics) accompanied by photos. front and side signs, and accurate descriptions on a card called “Anthropometric Observations”.
The “Bertillon system” made it possible to recognize a re-arrested person who presented a false identity. Its creator organized training courses for policemen in London and Paris, but soon the surveys carried out by the trained agents proved to be inaccurate and over time the technique was abandoned. Furthermore, the discovery of the fingerprint marked the beginning of a new era for criminology.
Biometric identifiers: the features that define an individual
Biometrics indicate that there are different types of characteristics:
- Universal: they all have these characteristics;
- Unique: two individuals cannot have it;
- Permanent: they do not vary over time;
- Collectible: can be measured in quantity.
Thus, biometric identifiers are distinctive and measurable characteristics used to identify an individual. They are divided into:
- Color and size of the iris
- Hand silhouette
- Palm of the hand
- Ear shape
- Physiognomy of the face
- Voice imprint
- Keyboard typing style
- Body movements.
The physiological characteristics are quite stable or subject to small variations over time. Instead, the behavioral ones are influenced by the psychological condition of the individual so they must be updated often.
Verification and identification: how do biometric systems work?
A biometric system follows two operating modes:
- Verification process – 1 to 1 matching: when the subject declares her identity, the system compares the image in real time with that in the database;
- Identification -1 to many matching: when the real-time image is compared with all the images in the system database to be associated with the most similar one.
What are the application of biometric technologies?
The biometric identification system is used in several sectors:
- Public bodies and institution
As already mentioned, the use of biometric technologies guarantees greater security for systems, transactions and data. Here are the main applications:
- Authentication of physical access in protected areas;
- Security in financial transactions;
- Fraud prevention;
- Protection and protection of internet banking;
- Identification of subjects;
- Airport security;
- Filing of criminals;
- Identification and filing of migrants.
Furthermore, biometric applications can be used alone or in combination with other technologies, such as smart cards, cryptographic keys, RFID and digital signature
Biometric recognition and GDPR: contents of EU Regulation 2016/679
The GDPR, General Data Protection Regulation, or EU Regulation 2016/679, governs the processing of biometric data. The regulation aims to strengthen the protection of personal data of citizens and residents of the European Union, both within and outside the borders of the EU. In addition, it simplifies the regulatory environment concerning international affairs by unifying the regulations within the EU.
The biometric data falls within the special categories of personal data and the GDPR, in art. 9 par. 1, prohibits its treatment. However, there are some exceptions indicated in par. 2:
- the data subject has given explicit consent to the processing of those personal data for one or more specified purposes;
- processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security;
- to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
- processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;
- processing relates to personal data which are manifestly made public by the data subject;
- for the establishment, exercise or defense of legal claims or whenever courts are acting in their judicial capacity;
- for reasons of substantial public interest;
- processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services;
- for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices;
- for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89.