“BIOMETRICS RECOGNITION TECHNIQUES”

Presentation on theme: "“BIOMETRICS RECOGNITION TECHNIQUES”"— Presentation transcript:

1 “BIOMETRICS RECOGNITION TECHNIQUES”
Created by: Rahul Pareek

2 Overview Introduction Categories Characteristics Working Principle
Biometric Modalities Fingerprint Recognition Face Recognition Voice Recognition Iris Recognition Signature Verification Biometric devices Advantages and Disadvantages Queries??

3 BIOMETRICS “ Biometrics is the identification or verification of human identity through the measurement of repeatable physiological and behavioral characteristics”

4 Categories of BIOMETRICS
Biometrics can be sorted into two classes: •Physiological Examples-face ,fingerprints ,hand geometry and iris Recognition ,DNA. •Behavioral Examples-signature and voice.

5 Basic characteristics of BIOMETRIC Technologies
Universality: Every person should have the characteristic. People who are mute or without a fingerprint will need to be accommodated in some way. Uniqueness: Generally, no two people have identical characteristics. However, identical twins are hard to distinguish Permanence: The characteristics should not vary with time. A person's face, for example, may change with age. Acceptability: The general public must accept the sample collection routines. Nonintrusive methods are more acceptable. Performance: The method must deliver accurate results under varied environmental circumstances.

6

7 Working principle Biometric devices consist of a reader or scanning device software that converts the gathered information into digital form, and a database that stores the biometric data with comparison with existing records. 這邊分類是以資料溝通的觀點來看 一個process含有program counter和address space 2. Message passing是用於在不同process間互相溝通的方式, 其中每個process都有它自己的記憶體空間 3. Process 間的溝通有好幾種, 包括 同步式及非同步式 同步式,sender和receiver會等待資料傳輸完才會繼續處理,好處是這樣程式可以簡化,因為有synchronized point,另外一個好處是就無需buffer,因為sender必須等到receiver收完才會繼續跑,缺點就是會需要等 非同步式,sender和receiver就不會等待資料傳輸完才會繼續處理,好處這樣就可以加快運算的速度 同步可以架構於非同步式之上,做法就是讓sender等待receiver傳送一個acknowledge的訊息 非同步需要考慮的是當buffer滿時的處理,是要將sender做暫停傳送資料,則要小心會有deadlock的情況,如果是將buffer的資料移掉,那訊息就不一樣,就會不可靠 -把資料將一個process的memory區塊移到另一個process的記憶體區塊 There are several types in parallel computing modes: SIMD (single instruction on multiple data) MIMD: different instruction on different data SPMD: Single program on multiple data. Message passing is belonging to MIMD/SPMD because it can use to be process multiple data by 1 program/single instruction. Data is sent by one process and received by another MPI is just a library specification of Message Processing. Non language/compiler spec Non special implementation or a product For everyone – developer, end users, library writers

8 Enrollment Mode: Verification Mode:
A sample of the biometric trait is captured, processed by a computer, and stored for later comparison. Verification Mode: In this mode biometric system authenticates a person’s claimed identity from their previously enrolled pattern.

9 Biometric Modalities Fingerprint Recognition:
For fingerprint Recognition look at: Friction ridges. Core. Crossover. Delta. Island. Ridge Ending. Pore..

10 Data locality No data loss -> replcaition Bandwidth: what we have is only limited bandwidth, It’s impossible to copy 1TB data over network. It takes too much time to transfer and process. About transferring, what can we do to improve it? About processing, could we consider any method to give a tag and calculate from that point? Data intensive: facebook, LHC Masternodes need to know data location: hadoop namenode keep data location(資料在那一個datanode)在memory中 Data loss: 一般的grid會用SAN(Storage Area Network), SAN會提供backup的方式,讓資料遺失的可能性減到最低 hadoop會將每個block分散並複製到各個datanode 何謂SAN: SAN技術廣泛的運用在企業裡，用以提供高速的、可管理的、具容錯能力的、富彈性的儲存服務。譬如作為資料儲存、備份、系統備援等。SAN不是單一設備或是某種協定，它是一種服務架構，結合多種硬體(如：光纖、HBA卡、高速交換機、伺服器、磁碟陣列等)與軟體(管理軟體、 initator與target軟體、驅動程式等)的技術。採用SAN的架構，可以將各個單一的儲存設備連結起來，提供整合性的管理與應用。SAN最大的用途不僅在於做為資料的儲存，而是在於其容錯與災難備援的能力。這也是企業採用SAN的主要原因，一方面可以將所有的儲存資源妥善的管理，另一方面可以提供不中斷的營運服務，在遇到天災(水火意外)、人禍(電腦病毒)時，可以在最短的時間內，最有效的復原，從而避免損失。 SAN的優點有： + 儲存設備的分享，具有經濟效益。透過網路架構，所有的用戶端不必直接連接到特定的儲存設備上就可以使用期資源。 + 有效的管理。透過管理軟體，可以更有效的管理儲存的資料與制定備援計劃。 + 容錯能力，降低風險。SAN提供多種容錯功能，從最簡單的mirror到進階的snapshot，在在可以減低資料遺失或是企業服務中斷的風險。 在SAN採取的是Client/Server架構，其中提供儲存能力的一端稱之為Target，而要求資源的一端稱為Initator。Target與 Initator之間，透過高速的網路連結，這通常是光纖。而提供連接的介面我們稱之為HBA(Host Bus Adapter)，建構網路的方式則是光纖交換機。這些林林種種的設備，講求的是高速與穩定，但是相對的代表的就是高貴。然而隨著技術的演進，SAN亦有支援IP的介面出現，可以運用現有的Ethernet來達成，譬如SAN/IP與iSCSI技術 Synchronization: when processing data, we may encounter synchronization problem. What about dead lock? 當一些task分別處理資料時，就得考慮是否同步的問題了

11 LOOP, ARCH AND WHORL Heartbeat detection: device/process會定期向master回報狀況,如果時間之內沒有回傳heartbeat,就會開始展開swtichover,讓其他node可以繼續執行

12 Minutiae Uses ridge endings ,bifurcations on a person’s finger to plot points know as Minutiae. The number and locations of the minutiae vary from finger to finger in any particular person, and from person to person for any particular finger. Finger Image Finger Image + Minutiae Minutiae

13 User interface: 是一組application/Client可以存取的API/Command line所組合而成的, 通常都要登入這部機器就可以使用grid環境中的storage space及computing power

14 Face Recognition Facial features. Face geometry.
It involves recognizing people by there: Facial features. Face geometry. Principle: Analysis of unique shape, pattern and positioning of facial features.

15 Central manager: 一個condor pool通常只會有一個 central manager, central manager須要負責收集information(condor_collector)及協調resource和resource request(condor_negotiator). 這兩件事則用兩個不同的daemon去達成, 所以可以用兩部分開的機器來跑這兩個獨立的daemon, 只不過通常都由同一部機器負責執行這兩個daemon, central manager扮演很重要的角色, 只要這部central manager當機, 就沒有daemon負責做協調resource和resource request(又稱之為matchmaking),所以這部機器需要是一部很可靠的機器, 可以長時間執行不會當機的,或者需要用可以快速完成reboot的機器,另外這部負責擔任central manager的機器也需要和所有的node都有良好的 connection, 因為所有的更新資訊都會送到central manager. Execution machine: 所有的機器,包括central manager都是可以成為可以執行job的execution machine的,要成為一個execution machine不需要很好的等級,很好的配備, 唯一要注意的地方是disk空間, 因為一旦有job出現error會有dump一堆訊息時,會先dump到execution machine的local 硬碟, 之後才會將這些dump訊息送回submit machine, 假如disk空間不夠的話,condor回直接限制dump的訊息大小.一般而言,如果機器等級愈好,比如CPU跑更快,RAM更大, SWAP space更大等等的, 就可以滿足更大的resource request, 但是如果user job都沒有特別需求時,那麼所有condor pool的機器都可以提供服務 Submit machine: 所有的機器,包括central manager都是可以成為可以送出job的submit machine的,要成為一個submit machine需要比execution machine的要求要高,首先,因為user都會從這部機器submit許多job到遠端機器來執行,這時除了在遠端會執行job之外,在submit machine也會有另外一個process會負責submit machine和remote machine的溝通,所以當有很多job送出時.這部submit machine就必須要有很大的memory和SWAP space, 除此之外,submit machine也會存放很多 checkpoint的檔案,所以假如您的job需要很多記憶體,也送出很多這樣的job,那麼就須要很多硬碟空間來存放這些checkpoint檔,所以disk空間也是需要很大,checkpoint檔是程式執行狀況的snapshot, 如果程式因為某種原因無法正常執行,那麼就可以利用這些 checkpoint檔在之後重新執行, This program runs on the machine where a given request was submitted and acts as the resource manager for the request. Jobs that are linked for Condor's standard universe, which perform remote system calls, do so via the condor_shadow. Any system call performed on the remote execute machine is sent over the network, back to the condor_shadow which actually performs the system call (such as file I/O) on the submit machine, and the result is sent back over the network to the remote job. In addition, the shadow is responsible for making decisions about the request (such as where checkpoint files should be stored, how certain files should be accessed, etc). Checkpoint server: 同樣地,在condor pool中,其中一部可以被設成checkpoint server,但condor cluster的設定並不是一定要的,用來存放所有checkpoint的檔案,這部機器需要大量的disk space,因為會存放所有jobs的checkpoint檔,也須要和每個節點都有良好的網路連接才能送回checkpoint檔案

16 Voice Recognition Voice recognition is not the same as speech recognition, it is speaker recognition. Considered both physiological and behavioral. Popular and low-cost, but less accurate and sometimes lengthy enrollment. Every machine in a Condor pool can serve a variety of roles. Most machines serve more than one role simultaneously. Certain roles can only be performed by single machines in your pool. The following list describes what these roles are and what resources are required on the machine that is providing that service: Central Manager There can be only one central manager for your pool. The machine is the collector of information, and the negotiator between resources and resource requests. These two halves of the central manager's responsibility are performed by separate daemons, so it would be possible to have different machines providing those two services. However, normally they both live on the same machine. This machine plays a very important part in the Condor pool and should be reliable. If this machine crashes, no further matchmaking can be performed within the Condor system (although all current matches remain in effect until they are broken by either party involved in the match). Therefore, choose for central manager a machine that is likely to be up and running all the time, or at least one that will be rebooted quickly if something goes wrong. The central manager will ideally have a good network connection to all the machines in your pool, since they all send updates over the network to the central manager. All queries go to the central manager. Execute Any machine in your pool (including your Central Manager) can be configured for whether or not it should execute Condor jobs. Obviously, some of your machines will have to serve this function or your pool won't be very useful. Being an execute machine doesn't require many resources at all. About the only resource that might matter is disk space, since if the remote job dumps core, that file is first dumped to the local disk of the execute machine before being sent back to the submit machine for the owner of the job. However, if there isn't much disk space, Condor will simply limit the size of the core file that a remote job will drop. In general the more resources a machine has (swap space, real memory, CPU speed, etc.) the larger the resource requests it can serve. However, if there are requests that don't require many resources, any machine in your pool could serve them. Submit Any machine in your pool (including your Central Manager) can be configured for whether or not it should allow Condor jobs to be submitted. The resource requirements for a submit machine are actually much greater than the resource requirements for an execute machine. First of all, every job that you submit that is currently running on a remote machine generates another process on your submit machine. So, if you have lots of jobs running, you will need a fair amount of swap space and/or real memory. In addition all the checkpoint files from your jobs are stored on the local disk of the machine you submit from. Therefore, if your jobs have a large memory image and you submit a lot of them, you will need a lot of disk space to hold these files. This disk space requirement can be somewhat alleviated with a checkpoint server (described below), however the binaries of the jobs you submit are still stored on the submit machine. Checkpoint Server One machine in your pool can be configured as a checkpoint server. This is optional, and is not part of the standard Condor binary distribution. The checkpoint server is a centralized machine that stores all the checkpoint files for the jobs submitted in your pool. This machine should have lots of disk space and a good network connection to the rest of your pool, as the traffic can be quite heavy. *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- *-*- 3.1.2 The Condor Daemons The following list describes all the daemons and programs that could be started under Condor and what they do: condor_master This daemon is responsible for keeping all the rest of the Condor daemons running on each machine in your pool. It spawns the other daemons, and periodically checks to see if there are new binaries installed for any of them. If there are, the master will restart the affected daemons. In addition, if any daemon crashes, the master will send to the Condor Administrator of your pool and restart the daemon. The condor_master also supports various administrative commands that let you start, stop or reconfigure daemons remotely. The condor_master will run on every machine in your Condor pool, regardless of what functions each machine are performing. condor_startd This daemon represents a given resource (namely, a machine capable of running jobs) to the Condor pool. It advertises certain attributes about that resource that are used to match it with pending resource requests. The startd will run on any machine in your pool that you wish to be able to execute jobs. It is responsible for enforcing the policy that resource owners configure which determines under what conditions remote jobs will be started, suspended, resumed, vacated, or killed. When the startd is ready to execute a Condor job, it spawns the condor_starter, described below. condor_starter This program is the entity that actually spawns the remote Condor job on a given machine. It sets up the execution environment and monitors the job once it is running. When a job completes, the starter notices this, sends back any status information to the submitting machine, and exits. condor_schedd This daemon represents resource requests to the Condor pool. Any machine that you wish to allow users to submit jobs from needs to have a condor_schedd running. When users submit jobs, they go to the schedd, where they are stored in the job queue, which the schedd manages. Various tools to view and manipulate the job queue (such as condor_submit, condor_q, or condor_rm) all must connect to the schedd to do their work. If the schedd is down on a given machine, none of these commands will work. The condor_schedd advertises the number of waiting jobs in its job queue and is responsible for claiming available resources to serve those requests. Once a schedd has been matched with a given resource, the schedd spawns a condor_shadow (described below) to serve that particular request. condor_shadow This program runs on the machine where a given request was submitted and acts as the resource manager for the request. Jobs that are linked for Condor's standard universe, which perform remote system calls, do so via the condor_shadow. Any system call performed on the remote execute machine is sent over the network, back to the condor_shadow which actually performs the system call (such as file I/O) on the submit machine, and the result is sent back over the network to the remote job. In addition, the shadow is responsible for making decisions about the request (such as where checkpoint files should be stored, how certain files should be accessed, etc). condor_collector This daemon is responsible for collecting all the information about the status of a Condor pool. All other daemons periodically send ClassAd updates to the collector. These ClassAds contain all the information about the state of the daemons, the resources they represent or resource requests in the pool (such as jobs that have been submitted to a given schedd). The condor_status command can be used to query the collector for specific information about various parts of Condor. In addition, the Condor daemons themselves query the collector for important information, such as what address to use for sending commands to a remote machine. condor_negotiator This daemon is responsible for all the match-making within the Condor system. Periodically, the negotiator begins a negotiation cycle, where it queries the collector for the current state of all the resources in the pool. It contacts each schedd that has waiting resource requests in priority order, and tries to match available resources with those requests. The negotiator is responsible for enforcing user priorities in the system, where the more resources a given user has claimed, the less priority they have to acquire more resources. If a user with a better priority has jobs that are waiting to run, and resources are claimed by a user with a worse priority, the negotiator can preempt that resource and match it with the user with better priority. NOTE: A higher numerical value of the user priority in Condor translate into worse priority for that user. The best priority you can have is 0.5, the lowest numerical value, and your priority gets worse as this number grows. condor_kbdd This daemon is used on Linux and Windows. On those platforms, the condor_startd frequently cannot determine console (keyboard or mouse) activity directly from the system, and requires a separate process to do so. On Linux, the condor_kbdd connects to the X Server and periodically checks to see if there has been any activity. On Windows, the condor_kbdd runs as the logged-in user and registers with the system to receive keyboard and mouse events. When it detects console activity, the condor_kbdd sends a command to the startd. That way, the startd knows the machine owner is using the machine again and can perform whatever actions are necessary, given the policy it has been configured to enforce. condor_ckpt_server This is the checkpoint server. It services requests to store and retrieve checkpoint files. If your pool is configured to use a checkpoint server but that machine (or the server itself is down) Condor will revert to sending the checkpoint files for a given job back to the submit machine. condor_quill This daemon builds and manages a database that represents a copy of the Condor job queue. The condor_q and condor_history tools can then query the database. condor_dbmsd This daemon assists the condor_quill daemon. condor_gridmanager This daemon handles management and execution of all grid universe jobs. The condor_schedd invokes the condor_gridmanager when there are grid universe jobs in the queue, and the condor_gridmanager exits when there are no more grid universe jobs in the queue. condor_credd This daemon runs on Windows platforms to manage password storage in a secure manner. condor_had This daemon implements the high availability of a pool's central manager through monitoring the communication of necessary daemons. If the current, functioning, central manager machine stops working, then this daemon ensures that another machine takes its place, and becomes the central manager of the pool. condor_replication This daemon assists the condor_had daemon by keeping an updated copy of the pool's state. This state provides a better transition from one machine to the next, in the event that the central manager machine stops working. condor_transferer This short lived daemon is invoked by the condor_replication daemon to accomplish the task of transferring a state file before exiting. condor_procd This daemon controls and monitors process families within Condor. Its use is optional in general but it must be used if privilege separation (see Section ) or group-ID based tracking (see Section ) is enabled. condor_job_router This daemon transforms vanilla universe jobs into grid universe jobs, such that the transformed jobs are capable of running elsewhere, as appropriate. condor_lease_manager This daemon manages leases in a persistent manner. Leases are represented by ClassAds. condor_rooster This daemon wakes hibernating machines based upon configuration details. condor_shared_port This daemon listens for incoming TCP packets on behalf of Condor daemons, thereby reducing the number of required ports that must be opened when Condor is accessible through a firewall. condor_hdfs This daemon manages the configuration of a Hadoop file system as well as the invocation of a properly configured Hadoop file system.

17

18 Iris Recognition Iris:
It is the colored area of the eye that surrounds the pupil. It's a protected internal organ whose random texture is stable throughout life. The iris patterns are obtained through a video-based image acquisition system.

19 Iris Images

20 Signature Verification
Static/Off-line: the conventional way. Dynamic/On-line: using electronically instrumented device. Principle: The movement of the pen during the signing process rather than the static image of the signature. Many aspects of the signature in motion can be studied, such as pen pressure, the sound the pen makes.

21 Biometric devices: •Optical fingerprint scanner:

22 Biometric devices: •Personal fingerprint safes:
These safes are revolutionary locking systems storage cases that open with just the touch of your finger.

23 Advantages of Biometrics
•Biometric identification can provide extremely accurate, secured access to information; fingerprints, retinal and iris scans produce absolutely unique data sets when done properly. •Current methods like password verification have many problems (people write them down, they forget them, they make up easy-to-hack passwords) . •Automated biometric identification can be done very rapidly and uniformly, with a minimum of training. •Your identity can be verified without resort to documents that may be stolen, lost or altered.

24 Disadvantages of Biometrics
•The finger print of those people working in Chemical industries are often affected. Therefore these companies should not use the finger print mode of authentication. •It is found that with age, the voice of a person differs. Also when the person has flu or throat infection the voice changes or if there are too much noise in the environment this method may not authenticate correctly. Therefore this method of verification is not workable all the time . •For people affected with diabetes, the eyes get affected resulting in differences. •Biometrics is an expensive security solution.

25 BIOMETRICS SECURITY Security personnel look for biometric data that does not change over the course of your life; that is, they look for physical characteristics that stay constant and that are difficult to fake or change on purpose.

26 ? Queries??