什么是生物识别技术?

来源:广东良马律师事务所

文章摘要
生物识别是衡量和统计分析人独特的身体和行为特征。该技术主要用于识别和控制访问,或用于识别受监视的个人。生物识别认证的基本前提是,每个人可以通过其内在的身体或行为特征被准确地识别。

生物识别是衡量和统计分析人独特的身体和行为特征。该技术主要用于识别和控制访问,或用于识别受监视的个人。生物识别认证的基本前提是,每个人可以通过其内在的身体或行为特征被准确地识别。
Biometrics is the measurement and statistical analysis of people's unique physical and behavioral characteristics. The technology is mainly used for identification and access control, or for identifying individuals who are under surveillance. The basic premise of biometric authentication is that every person can be accurately identified by his or her intrinsic physical or behavioral traits.
示例包括但不限于指纹、手掌静脉、面部识别、DNA、手掌印、手掌型、虹膜识别、视网膜和异味/香味。行为特征与一个人的行为模式有关,包括但不限于打字节奏、步态和声音。
Examples include, but are not limited to fingerprint, palm veins, face recognition, DNA, palm print, hand geometry, iris recognition, retina and odour/scent. Behavioral characteristics are related to the pattern of behavior of a person, including but not limited to typing rhythm, gait, and voice.
生物识别是如何运行的?
How biometrics work?
用生物识别来验证身份在公司、公共安全系统、电子消费和销售点中应用越来越普遍。除了安全性之外,生物识别验证背后的驱动力曾是便捷性,因为生物识别不需要记住密码或安全令牌。某些生物识别方法(如测量某人的步态)可以在不与被验证者直接接触的情况下进行。
Authentication by biometric verification is becoming increasingly common in corporate and public security systems, consumer electronics and point-of-sale applications. In addition to security, the driving force behind biometric verification has been convenience, as there are no passwords to remember or security tokens to carry. Some biometric methods, such as measuring a person's gait, can operate with no direct contact with the person being authenticated.
问题和考虑
Issues and concerns
人的尊严
Human dignity
生物识别曾被认为有助于国家权力的发展(用 Foucauldian的话来说,就是纪律和生命的力量)。通过将人类主体转化为生物特征参数的集合,生物识别技术会使人失去人性,侵犯人类身体的完整性,并最终侵犯人的尊严。
Biometrics have been considered also instrumental to the development of state authority (to put it in Foucauldian terms, of discipline and biopower). By turning the human subject into a collection of biometric parameters, biometrics would dehumanize the person, infringe bodily integrity, and, ultimately, offend human dignity.
隐私和歧视
Privacy and discrimination
生物识别注册期间获得的数据有可能在注册方未同意的情况下使用。例如,大多数生物特征可能揭露生理和/或病理性的医疗状况(例如,一些指纹模式与染色体疾病有关,虹膜模式可以揭露遗传特性,手静脉模式可能揭露血管疾病,大多数行为生物识别可以揭露神经系统疾病,等等)。此外,第二代生物识别技术,特别是利用行为和电生理学的生物识别(例如,基于心电图、脑电图、肌电图),也可用于检测情绪。
It is possible that data obtained during biometric enrollment may be used in ways for which the enrolled individual has not consented. For example, most biometric features could disclose physiological and/or pathological medical conditions (e.g., some fingerprint patterns are related to chromosomal diseases, iris patterns could reveal genetic sex, hand vein patterns could reveal vascular diseases, most behavioral biometrics could reveal neurological diseases, etc.). Moreover, second generation biometrics, notably behavioral and electro-physiologic biometrics (e.g., based on electrocardiography, electroencephalography, electromyography), could be also used for emotion detection.
隐私方面担忧分为三类:
超预想的功能范围:身份验证比预想的更进一步,例如查找肿瘤。
超预想的应用程序范围:当主体不愿被识别时,身份验证过程正确地识别出主体。
隐蔽识别:在不寻求标识或身份认证的情况下识别主体,如在人群中识别主体的脸。
There are three categories of privacy concerns:
Unintended functional scope: The authentication goes further than authentication, such as finding a tumor.
Unintended application scope: The authentication process correctly identifies the subject when the subject did not wish to be identified.
Covert identification:The subject is identified without seeking identification or authentication, i.e. a subject's face is identified in a crowd.
对安全物品主人的危险
Danger to owners of secured items
当盗贼无法获得处于安全状态的财物时,他可能会跟踪和袭击财物的主人以获得财物。如果使用生物识别设备保护某一物品,对物品主人造成的损害可能是无法弥补的,而且成本可能比受保护的物品本身还高。例如,2005年,马来西亚的盗车贼在试图偷车时,切断了一名梅赛德斯-奔驰S级车主的手指。
When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. For example, in 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the car.
表示攻击
Presentation attacks
在生物识别系统的情境中,表示攻击可能称为"欺骗攻击"。
根据最近的 ISO/IEC 30107 标准,表示攻击被定义为"向生物识别采集子系统表示,目的是干扰生物识别系统的运行"。这些攻击可以是模拟攻击,也可以是混淆攻击。模拟攻击试图通过伪装成其他人来接近,混淆攻击可能会试图逃避人脸检测和人脸识别系统。
最近有提出了几种方法来应对表示攻击,自动检测表示攻击被称为"表示攻击检测"(PAD)。
In the context of biometric systems, presentation attacks may also be called "spoofing attacks".
As per the recent ISO/IEC 30107 standard, presentation attacks are defined as "presentation to the biometric capture subsystem with the goal of interfering with the operation of the biometric system". These attacks can be either impersonation or obfuscation attacks. Impersonation attacks try to gain access by pretending to be someone else. Obfuscation attacks may, for example, try to evade face detection and face recognition systems.
Recently several methods have been proposed to counteract presentation attacks. Automated detection of a presentation attack is called a "presentation attack detection" (PAD).
生物识别数据的国际共享
International sharing of biometric data
许多国家,其中包括美国,正计划与其他国家共享生物识别数据。
Many countries, including the United States, are planning to share biometric data with other nations.
应用生物识别技术的国家
Countries applying biometrics
使用生物识别技术的国家包括澳大利亚、巴西、加拿大、塞浦路斯、希腊、中国、冈比亚、德国、印度、伊拉克、爱尔兰、以色列、意大利、马来西亚、荷兰、新西兰、尼日利亚、挪威、巴基斯坦、南非、沙特阿拉伯、坦桑尼亚、乌克兰、美国阿拉伯联合酋长国、英国、美国和委内瑞拉。
Countries using biometrics include Australia, Brazil, Canada, Cyprus, Greece, China, Gambia, Germany, India, Iraq, Ireland, Israel, Italy, Malaysia, Netherlands, New Zealand, Nigeria, Norway, Pakistan, South Africa, Saudi Arabia, Tanzania, Ukraine, United Arab Emirates, United Kingdom, United States and Venezuela.

技术驱动法律,专业成就未来