Biometric authentication/identification exploits
the fact that certain physiological or behavioral characteristics can
reliably distinguish one person from another. Biometrics includes both
the automatic collection and matching of these characteristics. The
digital representations of these characteristics are stored in an electronic
medium, and later used to confirm or discover the identity of an individual.
A typical authentication process utilizing biometric technology consists
of the following basic steps:
Capture the biometric samples.
Evaluate the quality of the captured biometric samples and recapture
Process the captured biometric samples to create a biometric code.
Match the biometric code with one or more previously enrolled templates,
to determine if a match exists. This matching can be done as verification or identification.
Verification is a process
in which a biometric code is compared with a particular, previously
enrolled biometric template, stored in a database or on an ID card,
in order to verify the correctness of the user’s claimed identity. The biometric template is retrieved
from the database using the user’s claimed identity, or is assumed
based on the user’s possession of the ID card containing the
biometric template. Verification involves a one-to-one comparison
between the biometric code and the biometric template. If the two match,
then the claim of identity is confirmed.
Identification is a process in which a biometric
code is compared with all or a subset of the biometric templates from
a database, in order to find a matching template and thus identify
the person who provided the biometric sample. Identification involves
a one-to-many comparison. Unlike verification, the user does
not provide a claimed identity, but instead is identified strictly
on the basis of the biometric code matching one of the biometric templates
in the database. The technique can be used for recognition or to confirm
that the person being identified is not known under a different name
Enrollment is the process of entering a new
biometric template and identifier into the database. It is usually
entered along with other information about the individual, which links
them to an organization, an account, a set of privileges, a social
group, etc. Enrollment can incorporate identification to make sure
that the individual is not already in the database, perhaps under another
Biometric techniques are subject to statistical error. Therefore,
biometric systems must provide robust exception handling functions.
Verification systems should be designed to minimize error costs, by
providing user-friendly exception handling functionality for false
rejection errors (i.e., when a valid user is rejected), and post-event
analysis capability in order to handle false (impostor) acceptance
situations. Identification systems should provide user-friendly interfaces
allowing human operators to quickly sort out multiple matching biometric
A multimodal system supports the use of multiple biometric
types within a single database. This could mean the layering of biometric
identifiers such that a person would need to provide two or more biometrics
in order to be positively identified or simply the storing of multiple
biometrics per person in the database for use in the event that the
user later chooses to change the biometric identifier required for
Multimodality is a characteristic of certain
biometric identification/authentication systems. A multimodal system
is one in which the database of captured biometric samples and its
accompanying software is independent of the biometric hardware. This
provides flexibility to the end user by decoupling hardware and software
decisions, allowing a greater range of solutions over time at a substantially
In applications verifying the positive claim of identity, such as access control, a deceptive user cooperates with the system in an attempt to be recognized as someone s/he is not. This is therefore called a "cooperative" application. In applications verifying a negative claim to identity (for example where one’s absence from a database allows access), the deceptive user attempts to deceive the system so as not to be identified. This is called a "non-cooperative" application. Users in cooperative applications may be asked to identify themselves in some way, perhaps with a card or a PIN, thereby limiting the database search of stored templates to that of a single claimed identity. Users in non-cooperative applications cannot be relied on to identify themselves correctly, thereby requiring the search of a large portion of the database. Cooperative, but so-called "PIN-less", verification applications also require search of the entire database.
If the user is aware that a biometric identifier
is being measured, the use is overt. If unaware, the use is covert.
Almost all conceivable access control and non-forensic applications
are overt. Forensic applications can be covert. One could argue
that this second partition dominates the first in that a deceptive
user cannot cooperate or non-cooperate unless the application is
Users presenting a biometric trait on a daily
basis can be considered habituated after short period of time. Users
who have not presented the trait recently can be considered
Access control to a secure work area is generally "habituated".
Access control to a sporting event is generally "non-habituated".
Refers to whether the use of the biometric device during operation
will be observed and guided by system management. Non-cooperative
applications will generally require supervised operation, while
cooperative operation may or may not. Nearly all systems supervise
the enrollment process, although some do not.
vs. Non-Standard Environment
If the application takes place indoors at standard
environmental conditions, it is considered a "standard environment" application.
Outdoor systems, and perhaps some unusual indoor systems, are considered "non-standard
Will the users of the system be customers of the
entity in charge of system management (public) or employees of that
entity (private)? Clearly attitudes toward usage of the devices,
which will directly affect performance, vary depending upon the
relationship between the end-users and system management owners.
Will the system be required, now or in the
future, to exchange data with other biometric systems run by other
management? For instance, some State social service agencies want
to be able to exchange biometric information with other States.
If a system is to be open, data collection, compression and format
standards are required.
National Biometrics Test Center Collected Works