Biometric terms: Part 3

Biometric terms: Part 3

Welcome to the third instalment of our blogposts about the terms we use in our tests and the ones you may come across when dealing with biometry. Our aim is to make these words, terms and abbreviations understandable and defined in layman's terms, based on the respective standards. This chapter deals with an assortment of terms that you may encounter when dealing with biometry

Hacking

Hacking in the biometry context is an attack type that is directed against the IT solutions behind a biometric identification systems and done on anything within the system that is not the sensor itself. This means communication (man in the middle attacks), attacks against the database or the control software, opening a backdoor towards the device, etc.

Spoofing

Spoofing in the biometry context is an attack type that is directed against the sensor employed by a particular device. This means that the attacker tries to assume the identity of a legitimate user that is enrolled within the system and is authorised to use it by obtaining and reproducing the required biometric sample from that person then gaining access with said reproduced samples.

User cooperation

The user cooperation shows how much the user has to interact with a particular device to perform identification. If no user cooperation is required, then the device may identify the user without him or her even noticing it. A number of face and iris detection systems can perform this kind of identification. The required user cooperation rises along with the degrees of freedom a device allows, as it will require more and more precise positioning to be able to identify the user.

Degree of freedom

The degrees and restrictions of freedom show how many ways a user can position the particular sample. It can range from 0 (e.g. with a hand geometry identification device, that allows neither free movement nor free displacement of the sample) to 6 (e.g. with an iris identification device, where all three dimensions are available to turn the sample and all directions to displace it). Degrees of freedom can be reduced by position helping surfaces and device design.

Biometric feature

A biometric feature is the part of the body that can be used for identification. The most commonly used features are fingerprints, hands, irises, voice and the face, but other features are possible as well (for example, DNA is also a biometric feature, albeit it is not used in access control or any other regular identification process, for that matter).

Sample

The biometric sample is very similar, in meaning, to the biometric feature: it is the particular feature presented by a user, but it can also be anything else (see spoofing) that is presented to the device sensor with the purpose of identification. The difference between the sample and feature can further be understood along with the template, which is:

Sample presentation

Sample presentation is the process where a person positions the sample for the device to perform identification. This can range from putting a fingerprint onto the sensor to looking at the general direction of a face recognition system's camera.

Template

The template is a non-reversible code (that is, the sample cannot be reproduced from the template) generated by the device at enrolment from the presented user sample and stored subsequently. At every sample presentation, the algorithm creates a non-reversible code that is matched against the already stored template. If the two matches with sufficient certainty, the presenter of the sample is identified.

Single factor authentication

Single factor authentication is when only one method (e.g. password, PIN, RFID card, biometric feature) to identify oneself is used. This method is not considered very secure.

Multi-factor authentication

Multi-factor authentication is when 2 or more methods to identify oneself is used. It can be generally said, that the more methods, the better security. In the case of biometry, an RFID card, a password and a biometric feature represents very high security, and the biometric identification itself can consist of multiple features (e.g. fingerprint and finger vein pattern, that can be obtained with the same device) that further increase security levels.

Throughput

The throughput of a device is the amount of people it can identify and let through (if said people are authorised) an access point, without any further motion hampering device (e.g. a turnstile attached to the system). Any other device present at an access point amounts to the throughput of the whole access point. This is a very important parameter that is rarely represented accurately on device datasheets. For example, a device may state that identification time is less than one second, but that is rarely true and if so, it is usually only the algorithm matching the code of the presented sample to the template. Proper positioning and other actions (e.g. giving the user ID number) are mostly not calculated into this by the manufacturer, therefore giving a false sense of performance about the device (and possibly causing very bad surprises after deployment).