Today’s biometric technologies are sophisticated methods of proving the identity of an individual. These technologies fall into two broad categories: physical biometrics and behavioral biometrics.
- Physical biometrics involves taking a biological or physiological snapshot of a part of a person’s face and/or body.
- Behavioral biometrics involves capturing a picture of an individual’s unique mannerisms.
In more precise, scientific terms, these biometric technologies may be defined as follows:
Physical biometrics: “Acquiring physical biometric samples which involves taking a measurement from subjects. This does not require any specific action by the subject. A physical biometric is based primarily upon an anatomical or physiological characteristic rather than a learned behavior.” (Reference 1)
Behavioral biometrics: “Acquiring behavioral biometric samples requires subjects to be active. They must perform a specific activity in the presence of a sensor. A behavioral trait is learned and acquired over time rather than based upon biology.” (Reference 1)
Differences between Physical Biometrics and Behavioral Biometrics
Based upon the definitions above, some very subtle differences between physical biometrics and behavioral biometrics can be observed. Probably the biggest difference is the amount of activity required by the end user. With physical biometrics, no specific action must be taken by the individual to collect his or her unique physiological and biological features (whether it be the hand, the finger, the iris, or retina, or even the vein patterns present from underneath the palm or the fingerprint). Of course, the end user must be cooperative for an effective sample to be captured; this is true of all biometric technologies. The image is captured, unique features are extracted, and either the individual is verified or not verified.
In the case of behavioral biometrics, however, the subject must perform a specific function or action (such as typing on a keyboard or signing your name), which is learned over time. Because of this learned behavior, any deviations or changes in the behavior-based biometric templates which are collected can occur over time, at a level much greater than physical-based biometric templates. Research and development are already underway in which a behavioral based biometric system can literally learn and take into account such changes in the behavior and mannerisms which can occur over the lifetime of an individual.
A perfect example of this would be the use of neural network technology. With this type of technology, computer-based learning and reasoning takes place in an attempt to closely follow the actions and patterns of the human brain.
Another difference between physical biometrics and behavioral biometrics is the number of measurements taken to extract the unique features. Both types of technologies involve collecting multiple images and multiple samples. But in physical biometrics, only one composite image (one measurement) is utilized to extract the unique features of an individual.
With behavioral biometrics, multiple samples are collected, but a composite sample is not created from which to extract the unique features. Rather, statistical profiles are created from each individual sample to positively verify or identify an individual. For example, with keystroke recognition, an end user must type multiple lines of text. Statistical profiles (primarily using Hidden Markov models) are created on the basis of each line of text typed, and from there, the unique patterns are observed and the individual is either fully verified or not verified at all.
Up Next: The remaining articles in this series will examine the various biometric modalities which are in existence today.
Sources/References:
- Certified Biometrics Learning System, Module 2, Biometrics Standards, Copyright 2010 IEEE, pp. 2-1.
Ravi Das is an Intermediate Technical Writer for a large IT Services Provider based in South Dakota. He also has his own freelance business through Technical Writing Consulting, Inc.
He holds the Certified In Cybersecurity certificate from the ISC(2).
