According to media reports, gesture-based biometrics are evolving rapidly, their usage primarily being associated with mobile devices and near field communications (NFC). The concept seems like a logical one; a series of defined gestures which may be interpreted in order to trigger certain actions. For example, an NFC device being oriented in a certain way close to a reader may allow one type of operation, while a different gesture with the device allows for another. Julian Ashbourn investigates whether gestures, in this context, really are a biometric.
Gestures might be used in conjunction with optical devices, such as cameras, or with portable devices such as smart phones and tablet computers, for a variety of applications. The concept is being promoted as a biometric, and patents have been issued on this basis. Nevertheless, there remains a distinction between behaviour allied to an identifiable physiological trait and behaviour in isolation. When the two are combined, certainly we may describe them as a biometric, but when separated, the situation becomes rather more complex.
Much depends upon the granularity of the behaviour in question. The granularity is the extent to which a system is broken down into small parts. If the granularity is fine enough to capture nuances which might vary between individuals in a distinct manner, then we might consider this to be a biometric. However, traditional behavioural biometrics, such as keystroke dynamics for example, have always struggled with this concept of granularity and uniqueness. If we extrapolate this thinking to gestures, then we have a granularity dichotomy to resolve. On the one hand, if the granularity is low enough for the gesture to be easily understood, remembered and practised by the user, then categorising this as a true biometric in the accepted sense becomes problematic, as the gesture may easily be replicated by any number of individuals. On the other hand, if granularity is increased to the level where users may define their own, sophisticated gestures, then the design of systems to recognise such a wide variety of gestures becomes, in itself, problematic.
Another distinction arises between gesture biometrics as currently perceived and traditional biometrics as we have come to understand them, and that is around the use of a reference template. The methodology usually followed with biometrics as used for identity verification, is that of registering a reference biometric which may be stored and used to compare against a live, or subsequently supplied sample, in order to judge the likeness between the two. The use of gestures, as currently perceived (with low granularity), is quite different. In this instance, the gesture, while definable, may be given by anyone and there is consequently no need to register an individual reference template. It is this usage model that calls into question whether gestures, as described, qualify as a biometric. Given the meaning of the word ‘biometric’ as literally a measure of life, it is hard to justify a gesture as a true biometric, especially as, conceivably, the gesture could easily be given by an automated machine.
While such a discussion may be interpreted as trivial, or as ‘splitting hairs’ actually, there is an important point to make here. If we accept a range of actions to be labelled as a biometric when, in fact, they are not, the interpretation of the term ‘biometric’ will be compromised and become muddled in general usage. This may also lead to misunderstanding in the broader public perception of the term and the implications thereof. This, in turn, may blur the distinction between biometrics used for identity verification purposes and other methodologies.
Particular vs generic action
Surely, a behavioural action, such as a gesture, may only be designated a biometric if it may be solely attributable to a particular individual. If the behavioural action is generic and cannot be attributed to an individual, then there would seem little point in measuring and classifying it, other than in equally generic terms. As previously suggested, it is a matter of granularity. For the behaviour to be attributable to a particular individual within a large population, there must be a sufficient number of measurable characteristics that may be captured and stored as an individual reference. The combination of those measured characteristics must provide, from a mathematical perspective, a sufficient granularity to distinguish one individual from another, among a user base of potentially millions.
Questions to be resolved
Developing a biometric based upon gestures to this degree would seem to present quite a challenge. How many gestures should be allowed within a sequence? Who will define what those gestures are and how they should be used? Should we allow users to define their own gestures? How will users remember a particular sequence of gestures? How will a biometric gesture reader operate? How will it know when it is or is not being presented with a gesture? What is the likelihood of someone accidentally replicating the gesture of another? There are many interesting questions and conundrums to be resolved in this context. It is true that our present understanding of the term ‘biometric’ has been biased slightly towards biometrics used for individual identity verification. Nevertheless, this reflects the current perception of the term and the associated technology.
Control of the user
So, what are we left with? The idea of a gesture being used as a trigger for a particular operation is feasible enough, especially when implemented in conjunction with a mobile device capable of NFC. One could foresee how a simple set of gestures could be remembered by the user and recognised by a reading device. One could also see many applications wherein such an approach might be utilised to good effect. However, such a methodology should not be confused with biometrics and, in particular biometric identity verification as popularly understood. If, however, we were to take the concept of gestures and develop the idea much, much further, into a highly granular set of sophisticated gestures and gesture recognition, then an entirely different set of possibilities arise.
For example, if the user could register their own sequence of sophisticated gestures into a reading device, then the same user could choose, should the situation arise, to change the sequence completely. Thus, the ‘biometric’ would remain absolutely under the control of the user, something which is not the case today. This might suit users quite well, although those, such as government agencies, who seek to identify and track individuals via biometric usage would, no doubt, be not so keen.
Once again, the conundrum appears because we are referring to gestures as biometrics. Perhaps we need an altogether different terminology to describe this concept of gestures. Assuming that we are dealing with human or biologically derived gestures, we might adopt the term ‘biosignum’. By placing the methodology under a different classification, we would allow for a greater flexibility in application.
It is conceivable, if not likely, that other ideas will come along which will be tempting to classify as biometrics. We shall need to be clear about our definition of the term if we are to maintain consistency. Many years ago, the author described a biometric as a physiological and/or behavioural trait which could be measured and stored electronically for the purpose of subsequent comparison with another sample. A simple gesture does not sit well with such a definition. A complex sequence of sophisticated gestures might better do so. Whether such a concept is ever developed into a practical methodology however, remains to be seen.