Biometrics is the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.
In information technology, biometric authentication refers to technologies that measure and analyze human physical and behavioural characteristics for authentication purposes. Examples of physical (or physiological or biometrc) characteristics include fingerprints, eye retinas and irises, facial patterns and hand measurements, while examples of mostly behavioural characteristics include signature, gait and typing patterns. All behavioral biometric characteristics have a physiological component, and, to a lesser degree, physical biometric characteristics have a behavioral element.
Some researchers (see,for example [1]), have coined the term behaviometrics for behavioral biometrics such as typing rhythm or mouse gestures where the analysis can be done continuously without interrupting or interfering with user activities.
ISSUES AND CONCERNS
As with many interesting and powerful developments of technology, there are concerns about biometrics. The biggest concern is the fact that once a fingerprint or other biometric source has been compromised it is compromised for life, because users can never change their fingerprints. Theoretically, a stolen biometric can haunt a victim for decades.
Concerns about Identity theft through biometrics have not been resolved. If a person's credit card number is stolen, for example, it can cause them great difficulty since this information can be used in situations where the security system requires only "single-factor" authentication; IE, just knowing the credit card number and its expiration date can sometimes be enough to use a stolen credit card successfully. "Two-factor" security solutions requires something you know plus something you have; for example, a debit card and a personal Identification Number(PIN) or a biometric. Some argue that if a person's biometric data is stolen it might allow someone else to access personal information or financial accounts, in which case the damage could be irreversible. But this argument ignores a key operational factor intrinsic to all biometrics-based security solutions; biometric solutions are based on matching, at the point of transaction, the information obtained by the scan of a "live" biometric sample to a prestored, static "match template" created when the user originally enrolled in the security system. Most of the commercially-available biometric systems address the issues of ensuring that the static enrollment sample has not been tampered with (IE, using hash codes and encryption), so the problem is effectively limited to cases where the scanned "live" biometric data is hacked. Even then, most competently-designed solutions contain anti-hacking routines. For example, the scanned "live" image is virtually never the same from scan-to-scan owing to the inherent plasticity of biometrics; ironically, a "replay" attack using the stored biometric is easily detected because it is too perfect a match.
