Applied Biometrics Logo

Implementing Biometrics

What are the common uses of biometrics?

Common examples of biometric use involve controlling access to physical locations (laboratories, buildings, etc.) or logical information (personal computer accounts, secure electronic documents, etc). Biometrics can also be used to determine whether or not a person is already in a database, such as for social service or national ID applications.

Return to top

Where can biometrics be used?

Biometrics can be used in environments where recognition of an individual is required. Applications vary and range from logical access to a personal computer, to physical access of a secure laboratory. They can be used in a variety of collection environments as identification systems. Biometrics are also used for accountability applications, such as recording the biometric identities of individuals boarding an aircraft, signing for a piece of equipment, or recording the chain of evidence. Of course, biometrics perform more reliably in controlled environments, such as offices and laboratories, than in uncontrolled environments, such as outdoors.

Return to top

Where/How would biometric verification be used?

Verification is used where it is necessary to confirm that an individual is enrolled in a database with the authorizations claimed. In this case, an individual would present a biometric to the system and the system would either verify or not verify that the person is who he or she claimed to be. For example, biometric verification can be used to regulate gaining physical or logical access or for accountability monitoring.

Return to top

Where/How would biometric identification be used?

Identification is used when the need arises to determine whether or not a person is in a database, absent a claim of identity. In this case, an individual would present his/her biometric to the system and the system would either provide the identity of the person or indicate that the person is not represented in the system. For example, the FBI uses identification methods in its search of fingerprints to determine whether the fingerprint indicates connection to a record of a known person. Another possible application involves using face recognition technology to identify abducted children in a public area or on the Internet.

Return to top

What are the goals of biometric standards?

Technology standards enable development of integrated, scalable and robust solutions and cut down the cost of development and maintenance of system solutions. Biometric standards have been and are currently being developed on both the national and international levels. Organizations at the national and international levels are focusing on creating a standard set of biometric data interchange definitions, developing standards to promote interoperability between various systems, creating standards for testing biometrics and for testing conformance to biometric standards. According to NIST (NISTIR 6529), standards should be technology neutral and not favor any particular vendor or modality.

Return to top

What benefits/cost savings will biometrics provide?

The usefulness of biometrics varies from application to application. To determine its true benefit, one must first develop and understand the operational requirements of the application. Biometrics can provide an automated means for identification of an individual or verification of a claimed identity. Before making a decision, one must ensure this task will meet the determined operational needs. Biometrics can potentially provide cost savings through relocating security resources or diminishing the expenses associated with password maintenance, or it could cause extra costs by highlighting problems that were previously missed. The cost benefits vary from application to application as well.

Return to top

How do I select a biometric technology?

The effectiveness of a biometric technology is dependent on the how and where it is used. Each biometric modality has its own strengths and weaknesses that should be evaluated in relation to the application before implementation. Key decision factors for selecting a biometric technology include evaluating the environment, throughput needs, population size and demographics, ergonomics, interoperability with existing systems, user considerations, etc. For instance, an access control system to a coal mine, where individuals will have very worn and dirty fingerprints, will not be a suitable environment for a fingerprint reader. The careful evaluation of the key decision factors plays a crucial role in the success of the selected technology.

Return to top

Can everyone be enrolled? If not, then what?

There are some instances when an individual may not have characteristics that are of sufficient quality to enable enrollment in a biometric system. The probability of such instances is small in most application environments, although it is important to have a contingency plan when such failures to enroll occur.

Return to top

Will biometrics solve all of the security problems?

No, biometrics should be one part of an overall security system implementation plan. A biometric system alone cannot solve a security problem.

Return to top

How fast does a biometric system work?

This will vary from application to application. It will depend on the hardware and software implemented, user training, the environmental application, and whether human involvement is required in some or all cases to make final decisions. For example, to complete a civil fingerprint background check, the average processing time is approximately 24 hours. On the other hand, implementing fingerprint verification in an airport may be completed in under a second.

Return to top

Many access control situations make use of a smart card in addition to a biometric. Why is this necessary?

There are three ways to identify someone: by what they have (a token, e.g. a smart card), by what they know (a pin or password) and by what they are (a biometric). The use of a smart card and a biometric adds a level of security to the system. It incorporates both what they “have” (the smart card) and what they “are” (the biometric). The smart card is often also used to claim an identity for the biometric system to verify. The smart card may contain information (such as cryptographic keys) that may require a biometric for use.

Return to top

What are the components of a biometric system?

A typical biometric system is comprised of five integrated components. A sensor is used to collect the data and convert the information to a digital format. Signal processing algorithms perform quality control activities and develop the biometric template. A data storage component keeps information that new biometric templates will be compared to. A matching algorithm compares the new biometric template to one or more templates kept in data storage. Finally, a decision process (either automated or human-assisted) uses the results from the matching component to make a system-level decision.

Return to top

What are the processes of a biometric system?

Biometrics systems follow four basic processes: collection, extraction, comparison, and decision. Collection involves using a sensor to capture the biometric traits and convert them to a digital format. Extraction takes the digital data and converts the distinctive features into a compact template. In the comparison step, the biometric system measures the likeness of the template to those in the database. Based on the likeness, the system decides whether or not the submitted biometric matches one of the templates in the database.

Return to top

Can biometrics be integrated into an existing system?

In general, yes, biometrics can be integrated into existing systems. Like all technologies, however, it is sometimes difficult to integrate biometrics as “retrofits” with existing systems if they weren’t designed to accept newer techniques.

Return to top

Are biometrics going to affect the time required to do things (e.g. clear airport security, access a secure building)?

Biometric systems may or may not affect the time required depending on the application and the design of both the old and new systems. It is based on the efficiency of the current process. For example: identification at a choke point, if implemented correctly, will not affect the time; DHS’ Registered Traveler (RT) program, where individuals have been processed and trusted prior to verification, will decrease the time; and the addition of a system in a location where a system did not previously exist will increase the time.

Return to top

What factors cause biometric systems to fail?

In addition to common electronics/computer and hardware failures, common biometric issues include poor-quality biometric samples, user confusion, evasion or non-cooperation, noise, inadequate or excessive lighting, dirty sensor, or subject handicaps.

Return to top

How do you know biometric technology will work as expected?

A properly designed implementation plan involves a series of evaluations, first focusing on algorithm accuracy (technology evaluation), then assessing performance in a mock environment (scenario evaluation), followed by live testing on site (operational evaluation) before full operations begin. If done properly, users will know, to a high degree of accuracy, how the system will perform.

Return to top


Rushing Man