Adoption of biometrics across the globe in recent years has been overwhelming. Biometrics is changing the way people are identified and authenticated, however, widespread adoption of this technology has also made a lot of people speculate and build conspiracy theories as it has been used extensively in forensics for personal identification. Not putting enough efforts in educating people that how this technology helps with personal identification and why it requires biometric data, is also a reason of misconceptions about it. Understanding biometrics can be quite a challenge without understanding the technical terms used in it. Nuance of meanings in some terms can make it more challenging and lead to confusion. Bayometric.com has developed a fully cross-referenced glossary of words commonly used in biometrics and its underlying technology. This all-in-one approach should help you understand common user-end as well as technical terms with ease.
An algorithm is a self-contained sequence of actions to be performed. It precisely defines sequence of operations to perform calculations, data processing tasks and automated reasoning tasks. In simpler words: An algorithm is a set of steps to accomplish a task. A computer program can be viewed as an elaborate algorithm. In mathematics and computer science, an algorithm usually means a small procedure that solves a recurrent problem. Algorithms are extensively used in computing and mathematics. They are essential to the way computers process data. Many computer programs contain algorithms that detail the specific instructions a computer should perform (in a specific order) to carry out a specified task, such as calculating employees’ paychecks or printing students’ report cards.
An application programming interface (API) is a set of routines, protocols, and tools for building software applications. An API expresses a software component in terms of its operations, inputs, outputs, and underlying types. An API defines functionalities that are independent of their respective implementations, which allows definitions and implementations to vary without compromising each other. A good API makes it easier to develop a program by providing all the building blocks. For security and sanity reasons, API writers define how their API should be communicated by other programs. APIs save a lot of coding efforts and make programs securer, more presentable and user friendly. Most operating environments, such as MS-Windows, provide APIs, allowing programmers to write applications consistent with the operating environment. Today, APIs are also specified by websites. For example, Amazon or eBay APIs allow developers to use the existing retail infrastructure to create specialized web stores. Third-party software developers also use Web APIs to create software solutions for end-users.
Authentication is the process of establishing confidence in a claimed identity by a person or entity. It might involve confirming the identity of a person by validating their identity documents, verifying the authenticity of a website with a digital certificate, determining the age of an artifact by carbon dating, or ensuring that a product is what its packaging and labeling claim to be. In other words, authentication often involves verifying the validity of at least one form of identification. While the terms may sometimes be used interchangeably, identification and authentication are two different processes. Identification is an act of stating a claim of identity made by a person or thing, while authentication is the process of confirming that identity.
Common examples of authentication:
- Showing or asking for a photo ID to confirm identity. (e.g. presenting driving licence to a traffic police officer)
- Logging into a computer, email and social media accounts.
- Unlocking phones or computers with PINs, passwords or biometrics (e.g. fingerprints).
- Withdrawing Money from an ATM.
Automated Biometric Identification Systems is a system that can automatically match one or many unknown biometric identifiers against a database of known and unknown biometric identifiers. They are used for large-scale fingerprint recognition, face recognition, iris recognition, and text-based name matching and identity resolution. ABIS performs one-to-many search or one-to-one match against large stores of biometrics and other identity data. It does so by deploying biometric and text data and matching algorithms across a cluster of multiple computing nodes. Automated biometric identification systems are primarily used by law enforcement agencies for criminal identification initiatives, the most important of which include identifying a person suspected of committing a crime or linking a suspect to other unsolved crimes.
Automated Fingerprint Identification Systems is a system that can automatically match one or many unknown fingerprints against a database of known and unknown fingerprints. They are used for large-scale fingerprint recognition and identity resolution. AFIS performs one-to-many search or one-to-one match against large stores of fingerprint and other identity data. It does so by deploying fingerprint and text data and matching algorithms across a cluster of multiple computing nodes. Automated fingerprint identification systems are primarily used by law enforcement agencies for criminal identification initiatives, the most important of which include identifying a person suspected of committing a crime or linking a suspect to other unsolved crimes.
The U.S. Integrated Automated Fingerprint Identification System holds all fingerprint sets collected in the country, and is managed by the FBI. Many states also have their own AFIS. AFISs have capabilities such as latent searching, electronic image storage, and electronic exchange of fingerprints and responses. European Dactyloscopy (EuroDac) is the European Union (EU) fingerprint database for identifying asylum seekers and irregular border-crossers. Many other countries around the world have their own versions of Automated Fingerprint Identification System.
Behavioural modalities are repetitive patterns during human activities, which can be used to uniquely identify a person. Signature, Gait, Voice, Typing Rhythm are some of the behavioral modalities that are considered to be unique in an individual. For example: Gait, Gait is a distinct characteristic in humans, which is dependent of several physical, anatomical, and motor functions. Being dependent on several factors, gait becomes a unique behavioral modality, which can be used for personal identification. Field of study in which behavioral modalities are used for personal identification is called Behavioral Biometrics.
Some behavioural modalities can be useful in personal identification in a certain situation where other biometrics fail, for example: in a moving crowd gait analysis can be useful for identification of a person, or keystroke dynamics can be used to identify someone where other modalities becomes inapplicable. Behavioral biometrics modalities have higher variations as they also depend on the external factors such as fatigue, mood, etc. This causes higher FAR and FRR as compared to solutions based on a physiological biometrics.
A Biometric Engine is the core program of a biometric system that controls other hardware and components of the system. The biometric engine controls the enrollment, capture, extraction, comparison and matching of biometric data from a user. It is based on a set of algorithms that facilitate the steps in the recognition process, as well as the intermediary processes like image enhancement, determining quality and the extraction of distinguishing features. Different software or firmware might run the different hardware of the biometric system, but there is a core system connecting them all. When connected together by a biometric engine, they form a biometric system.
Biometric Enrollment consists of user enrollment by presenting his or her physiological or behavioral characteristics on a biometric recognition system like a fingerprint scanner, iris scanner, palm vein scanner or retina scanner. Scanned biometric characteristic is taken through the biometric algorithm and the system generates a biometric template. This template is unique to the individual and is saved in a biometric database. Identity data of the enrolling person like Name, Date of Birth, Address, Social Security Number, etc. is associated with the biometric template of the person and the enrollment process completes. Different biometric systems have their own way of user enrollment but all works on the same principle of extracting biometric features and generating the biometric template that can be associated with the user identity data.
A biometric sample is the data obtained by a biometric system’s capture device, for example a facial image, voice recording or a fingerprint scan. Capture device may use different techniques to capture the biometrics characteristics of a user. Biometric samples may be collected for purposes like user enrollment, user verification, system performance evaluation and testing. A successful biometric sample collection may require single or multiple attempts depending on multiple environmental factors and user behavior. Users of biometric identification systems sometimes refer to an “attempt” when talking about gathering a sample. In this context, “attempt” just refers to the submission of a single set of biometric sample to a biometric system for identification or verification. For security reasons, some biometric systems will not permit more than one attempt to identify or verify an individual. Others are more forgiving.
Spoofing, in general, is a fraudulent or malicious practice in which communication is sent from an unknown source disguised as a source known to the receiver. Biometric Spoofing is an act of imitating biometric characteristics of an authorized user to deceive a biometric system and gain unauthorized access. Biometric spoofing is done for malicious activities like spying, illegal financial benefits, terrorism, etc. Presenting a photograph of an authorized user to a facial recognition system, moulding fingerprints on silicone to present them on a fingerprint scanner, etc. are some of the examples of biometric spoofing attempts. Biometric spoofing attempts are addressed by biometric systems by different liveness detection methodologies.
A Biometric Systems is a system consisting software and hardware that can read biometric characteristic of a person and process this data to generate a biometric template, which can be used to establish the person’s identity or verify it. Some biometric systems have ability to work independently while others require a portable scanner to be connected to a software application on a PC or a smartphone to form a complete biometric system. Fingerprint Recognition Systems, Iris Recognition Systems, Palm Vein Biometric Systems, Facial Recognition System, Voice Recognition System, etc. are some of the examples of biometric systems. Modern biometric systems come with ability to connect with and exchange data over a network or the internet. They also come equipped with anti-spoofing and liveness detection techniques.
Biometric Taxonomy is a method of classification using gathered biometric data. It can also be the classification of biometric data according to their use in a given system such as:
- Cooperative versus Non-cooperative User
- Overt vs. Covert Biometric System
- Habituated vs. Non-habituated user
- Supervised vs. unsupervised User
- Standard Environment vs. Non-standard Environment
A Biometric Template is the digital representation of a biometric sample collected by a biometric system for the purpose of user identification or authentication. Biometric system generates a biometric template by taking collected biometric sample through a pre-defined algorithm in the system. This digital reference of biometric characteristics is saved in a biometric database for verification or running a match in future. Most standard biometric systems also make use of cryptography to encrypt biometric templates from potential attempts of hacking or data breaches. In an encrypted format, biometric template is not of any use unless someone has its decryption key.
Correlation based method uses overall information provided in a biometric sample. In this method, small regions of the fingerprint images are superimposed and the correlation between corresponding pixels is computed for different alignments. Fingerprint matching is particularly benefitted by correlation based method. For example: A correlation based fingerprint recognition algorithm can make use of pixel values of images. This algorithm directly uses the gray-scale information of the fingerprints. The correlation-based fingerprint algorithm selects template, pixel values of template is correlate with pixel values of all N number of images in existing database and looks for the maximum value in correlated data which is greater than some threshold value. Correlation-based techniques are a promising approach to fingerprint matching for the new generation of high resolution and touch-less fingerprint sensors, since they can match ridge shapes, breaks, etc. However, a major drawback of these techniques is the high computational effort required. The correlation-based fingerprint verification system is capable of dealing with low quality images from which no minutiae can be extracted.
The Crossover Error Rate or CER is the value of FAR and FRR when the sensitivity is configured so that FAR and FRR are equal. The Crossover Error Rate is well suited to perform a quantitative comparison of different biometric solutions, applications or devices. Authentication algorithms need to simultaneously minimize permeability to intruders and maximize the comfort level, therefore they have to be both demanding and permissive. This contradiction is the base for the optimization problem in authentication algorithms, and the measure of success for the overall precision of an algorithm and its usability is the CER, the value obtained at the threshold that provides the same false-acceptance rate and false-rejection rate.
DNA Recognition is the method of identification of individuals on the basis of their unique DNA characteristics. DNA recognition makes use of a forensic technique called DNA Profiling also known as DNA Fingerprinting, DNA Testing or DNA Typing. Despite the 99.9% similarity in human DNA sequence among all human beings, .1% difference makes it enough to identify an individual by his or her DNA profiling. Despite being based on a biological characteristic, personal identification with DNA profiling significantly differ from other methods of identification as it requires a tangible physical sample, unlike other methods of biometric identification, which make use of imaging or recording of biometric identifiers. It is also quite different from traditional identification methods which recognize people on the basis of possessions or knowledge. To recognize an individual by DNA profiling, his or her samples are taken through one of the different DNA analysis methods and DNA profile is produced. These results are either used to establish identity or compared with other samples to find a match.
Equal Error Rate (EER) is a biometric performance measure used to predetermine the threshold values for its False Match Rate (FMR) and its False Non-Match Rate (FNMR). Plotting FMR and FNMR on a graph gets us a point where two curves generated by FMR and FNMR intersect each other. That point is the EER. That means EER is the point where false match and false non-match rates are minimal and optimal. Lower EER value is considered good for a biometric system. ERR value indicates that the proportion of false acceptances is equal to the proportion of false rejections. The lower the equal error rate value, the higher the accuracy of the biometric system.
Facial Recognition is a method of identification of individuals on the basis of their unique facial characteristics. Facial Recognition makes use of technology for the measurement of different facial characteristics and generates a unique digital reference that can be used to establish identity of an individual and verify it in the future. Set of hardware and software used for the purpose is called Facial Recognition System. Facial recognition system can identify people by processing their digital images if their facial recognition identity has been pre-established. The system takes advantage of digital images or still frames from a video source, which are taken through the facial recognition algorithm. This algorithm extracts data out of facial characteristics like position and shape of eyes, nose, cheekbones and jaw. It can also measure distance between these characteristics and mapped data can be used for identifying people in crowd like airport terminals, railway stations, etc. Facial recognition system can capture multiple images in a second, compare them and produce results.
Failure to Enroll Rate is one of the several performance metrics used to evaluate performance of a biometric system. Failure to Enroll Rate is defined as inability to store a new reference template. Main reason is a failing feature extraction. Often this is the only reason for Failure to Enrol. The probability of a Failure to Enrol event is called Failure to Enrol Rate (FTE or FER). If enrolment and recognition use the same building blocks, one may use different quality thresholds for enrolment and recognition. Usually, a higher threshold is chosen for enrolment since this increases performance during all subsequent recognition attempts. As a consequence, often FTE is larger than FTA (Failure to Acquire) Rate.
The FAR (False Acceptance Rate) is the probability of cases for which a biometric system fallaciously authorizes an unauthorized person. It happens when a biometric system, solution or application inaccurately matches a biometric input with a stored template, fallaciously returning a match and granting access to an unauthorized person. It is one of the commonly used metrics in biometric recognition systems for assessing the performance of the system. False acceptance is an undesirable result from a biometric system. It is expressed as the percentage of instances where system will authorize an unauthorized person. For example, if FAR = 0.1% that means that in 1 out of 1000 cases, a biometric system, solution of application have probability to grant access to an unauthorized individual. In systems where the level of security is high, the existence of false positives is a serious problem; for these systems FAR = 0 is will be a desirable scenario, i.e. there should be no false positives.
The FRR (False Rejection Rate) is the probability of cases for which a biometric system fallaciously denies access to an authorized person. It happens when a biometric system, solution or application fails to match the biometric input with a stored template, fallaciously returning a no-match and denying access to an authorized person. The False Rejection Rate (FRR) is one of the important metrics along with FAR and commonly used to for assessing the performance of a biometric systems, solutions and applications. Like FAR, it is also expressed as percentage of probability, in which a system will fallaciously deny access to an authorized person. For example, if FRR = 0.01%, it means that 1 out of 10000 cases, a biometric system, solution of application have probability to deny access to an authorized individual.
Fingerprint Recognition is a method of identification of individuals on the basis of their unique dermal ridge patterns on fingertips, which are commonly known as fingerprints. Fingerprint Recognition makes use of technology for the measurement of different characteristics of ridge pattern and generates a unique digital reference that can be used to establish identity of an individual and verify it in the future. Set of hardware and software used for the purpose is called Fingerprint Recognition System. Fingerprint recognition system can identify people by processing their fingerprints if their identity with fingerprints has been pre-established.
Finger-vein Recognition is a method of identification of individuals on the basis of their unique vein pattern beneath the skin of finger. Finger-vein Recognition makes use of technology to mathematically map the vein pattern and generates a unique digital reference that can be used to establish identity of an individual and verify it in the future. Set of hardware and software used for the purpose is called Finger-vein Recognition System. It captures finger-vein pattern by a special setup that makes use of near-infrared LED light and a monochrome CCD (charge-coupled-device) camera. Near infrared LED light is absorbed by blood hemoglobin and makes finger veins appear as pattern of dark lines. The camera captures the image and Vein ID system extracts finger vein pattern. Finger-vein recognition system can identify people by scanning and processing their finger-vein pattern if their identity has been pre-established in the system.
Hand Geometry Recognition is a method of identification of individuals on the basis of their unique hand geometry. Hand Geometry Recognition makes use of technology to map the geometry of an individual’s hand and generates a unique digital reference that can be used to establish identity of the individual and verify him or her in the future. Hand geometry for identification is used for applications like attendance, access control, etc. A hand geometry reader is used for the measurement of hand from various dimensions and this data is stored for identification of a person. Hand geometry recognition, however, is not considered as secure as other high precision recognition methods like fingerprint recognition or iris pattern recognition.
Identification is the process of mapping a known quantity to an unknown entity so that it can be identified in future with the associated known quantity. The known quantity is called an identifier (or ID) and the unknown entity is what requires identification. This identifier should be good enough to uniquely identify the unknown entity. For example, on discovery of a new element, its properties are recorded and a name is given to the unknown element for future reference. It is very important for the identifier to be unique so as to make the unknown entity uniquely identifiable.
Iris Recognition is a method of personal identification on the basis of unique iris pattern from one or both of the irises of an individual’s eyes. These unique patterns are mathematically mapped and stored by iris recognition system and can be used to establish identity of a person. Iris is the colored part forming a ring around the central circular part of the eye. Iris is considered to be the ideal part of human body for biometric identification because iris, being an internal organ, is protected from damages, unlike fingerprints, which can wear in certain cases. Iris stays protected behind transparent cornea and is easily visible by a distance. Iris recognition system captures an image or a short video of the eye and runs it through the iris recognition algorithm, resulting unique pattern data is stored in database and can be associated with identity data of a person. An iris recognition system can identify people by scanning and processing their iris pattern if identity has been pre-established.
Iris Code is a unique code generated by iris recognition system for a particular human iris. Iris code is generated following the feature extraction of iris, in which two dimensional image of iris is converted into a set of mathematical parameters. To generate iris code, extracted iris image is divided into different blocks, which are further divided into cells. One cell has a pre-defined pixel size and standard deviation of pixels value is used as a representative value of a basic cell region for calculation. Each pixel is converted to a binary value depending on pre-defined threshold. These binary values from each block are computed to result a final value which is called the iris code and is unique to an individual.
Live capture is the act or method of gathering biometric data from an individual while the individual is physically present. The term is used in conjunction with security systems that identify people based on a previous recording of one or more of their body characteristics. An advantage of live capture is that relevant action can be taken at the moment the data is gathered. For example, the police can be summoned if an intruder on a property is identified as a known criminal suspect by facial recognition equipment. In contrast, so-called dead or passive capture is used primarily to gather evidence or make comparisons of samples when the subject is not physically present.
Liveness Detection is a technique or set of techniques that enables a biometric system to accept a biometric sample when presented only by a living person. This technique is employed as a countermeasure against spoofing attacks, in which an unauthorized user can try to get through biometric security by using artificial replica of an authorized user’s biometrics. Spoof attacks may use pictures or videos of eyes or face to forge iris or facial recognition systems respectively, fingerprints embossed on silicone or other flexible material to slipover on a finger to forge a fingerprint recognition system, etc. Common Techniques that biometric systems make use of to ensure that the sample comes from a living person are: detecting blood flow in veins, detection of pores in fingerprint recognition, detection of iris movement in iris recognition systems, etc. Liveness detection is the biggest challenge to the biometric system security.
Minutiae based authentication is the authentication performed on the basis of the fine details of friction ridge characteristics that collectively form a ridge pattern. Major features of a fingerprint are called minutiae. Frictions ridges taking a particular shape form a minutia in fingerprints that collectively enable them to be mapped by a biometric system, which make minutiae based authentication possible. Ridge ending, Ridge bifurcation, Short ridge / independent ridge, Island, etc. are some of the examples of shapes friction ridges may take in a fingerprint pattern. Minutiae based fingerprint recognition system can uniquely map minutiae pattern in a fingerprint that can be used for identification and authentication of an individual.
When more than one methods of authentication are employed from two or more factors of authentication, it is called multi-factor authentication. Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification). The goal of MFA is to create a layered defence and make it more difficult for an unauthorized person to access a target such as a physical location, computing device, network or database. If one factor is compromised or broken, the attacker still has at least one more barrier to breach before successfully breaking into the target. Multi-factor authentication offers elevated level of security as user has to present evidences of his or her identity, which belong to two or more different factors.
Term “One to Many” is often used during the biometric identification, when a biometric identifier is compared against many others to find a match. Since identity of the biometric identifier is unknown, a one-to-many match has to be performed, in which the identifier is compared against many others already available in the database. This type of match is often performed in forensics with biometrics identifiers collected from a crime scene. Biometric employee identification and attendance systems also use this matching practice to find a match of employee biometrics.
One to one is a term often used during the biometric authentication of a claimed identity. When a match is performed on a biometric system to check the validity of claimed identity, it is called a one to one match. This is the process of confirming that a user is who they claim to be. In one to one match a user usually provides some kind of identification, for example a user ID or username or a card before presenting his or her biometrics. The biometric verification software takes the user ID and tries to match the new biometric identifier with the biometrics associated with this user ID. If a match is found then the user is granted access. Since the biometric software needs to verify only one record, it is called one to one match. This type of match is mostly performed for civil authentication needs.
In its traditional definition, an original equipment manufacturer (OEM) is a company whose goods are used as components in the products of another company, which then sells the finished item to users. This firm is referred to as a value-added reseller (VAR) (because by augmenting or incorporating features or services, it adds value to the original item) and works closely with the OEM, which often customizes designs based on the VAR company’s needs and specifications. For example: A hardware company that manufacture motherboards wants to include an on-board audio module into their design. In order to avoid the expense of research and development, and the extra tooling and expertise necessary to manufacture their own module, they purchase the rights to incorporate a module developed by another manufacturer which specializes in audio modules. This manufacturer of audio modules is called an OEM, as it originally manufactured them regardless how they are used in the final product.
Palm-vein Recognition is a method of identification of individuals on the basis of their unique palm-vein pattern beneath the skin of palm. Palm-vein Recognition makes use of technology to mathematically map the vein pattern and generates a unique digital reference that can be used to establish identity of an individual and verify it in the future. Set of hardware and software used for the purpose is called Palm-vein Recognition System. It captures Palm-vein pattern by a special setup that makes use of near-infrared LED light and a monochrome CCD (charge-coupled-device) camera. Near infrared LED light is absorbed by blood hemoglobin and makes palm veins appear as pattern of dark lines. The camera captures the image and recognition system extracts palm vein pattern. Palm-vein recognition system can identify people by scanning and processing their palm-vein pattern if their identity has been pre-established in the system.
Pattern based matching is a technique of comparing biometric identifiers on the basis of pattern itself rather than specific features of the patterns (as in minutiae based matching). Pattern recognition deals with identifying a pattern and confirming it again. In general, a pattern can be a fingerprint image, a handwritten cursive word, a human face, a speech signal, or a bar code. In biometric recognition systems, pattern recognition technique extracts a random pattern of human trait into a compact digital signature, which can serve as a biological identifier.
Physiological modalities are the modalities based on mapping of different physiological human characteristics like dermal ridge pattern, iris pattern, pattern formed by veins, geometry of face, etc. These biological characteristics remain unchanged throughout an individual’s life that makes them good enough for personal identification. For example: Iris patterns are so irregular and asymmetric that the numbers of possible variations in iris patterns are countless, so it makes them unique for an individual and good enough for personal identification.
Recognition is an event of understating, mapping or measuring an entity on the basis of pre-acquired knowledge or pre-programmed ability. Recognition can be performed by humans as well as machines. For example: Recognizing an old friend, recognizing a barcode or a fingerprint pattern, etc. Pre-programmed ability or pre-acquired knowledge is the main factor of a successful recognition by machines and humans respectively.
A reference template is the digital reference of a biometric sample that can be used for verification of an identity. Reference template is generated during the enrollment of an individual on a biometric system by taking biometric data through recognition algorithm. Reference template is usually stored in a secure database. Every time there is a requirement for identity verification, reference template is compared against a newly obtained template for the purpose of identity verification.
The process of establishing the truth, accuracy or validity of something is knows as verification. In identity and access management practices, verification is often performed for a claimed identity by users and entities. Verification and Authentication are closely related terms, however, some experts have difference of opinion defining them, and others consider them to be the same. Verification that an entity is who/what it claims to be using a password, biometrics such as a fingerprint, or distinctive behavior such as a gesture pattern on a touchscreen is called authentication.
Voice recognition is the process of identification of an individual using the distinct characteristics of his or her voice. Voice Recognition makes use of technology to map the voice print or spectrogram of an individual and which can be mapped by a voice recognition system to establish identity of the individual and verify him or her in the future. Voice pattern is an individual characteristic and no two persons are found to have exactly same spectrogram. Voice Recognition is considered ideal for remote identification in applications like phone banking, tele-shopping, on-call user verification, etc.