Skip to main content

Hitachi ID certification

Product Sites

Biometric Authentication

Biometric authentication is a process of establishing the identity of a user by measuring some aspect of that user's physical self. It is one of three basic approaches to authentication -- the others being use of a secret (something the user knows) or a device (i.e., something the user has).

Examples of biometrics include:

  • Finger prints -- i.e., image of the ridges on the skin of a finger.
  • Hand print -- same as finger print, but whole hand.
  • Finger vein scan -- i.e., image of hemoglobin flowing through blood veins inside a finger.
  • Hand vein scan -- same as finger vein, but whole hand.
  • Voice print -- i.e., measuring characteristics of the spoken voice.
  • Face recognition -- i.e., comparing images of faces.
  • Typing cadence -- i.e., comparing the pattern of key-press duration and inter-key time interval.
  • Iris and retina images -- i.e., images of features of the human eye.

Biometrics are generally considered to be very convenient to use -- users do not leave their fingers at home or forget how to use them, for example.

Biometrics are often thought of as quite secure, but there are weaknesses:

  • Recordings may be replayed into scanners. For example, a finger print sample may be acquired using a gummy substance, lifted from a glass or other surface, and offered to a scanner. A voice print may be surreptitiously recorded and replayed later. A photograph of a user's face may be presented to a face scanner, etc.
  • Biometrics are not revocable. If a user's biometric has been compromised, he cannot "take it back."
  • Users may fear that parts of their bodies may be physically amputated in order to attack a system that trusts them.

When considering a biometric system, organizations normally take into account:

  • False accept rate (FAR) -- the frequency with which the biometric system will incorrectly accept the wrong person as a claimed identity.
  • False reject rate (FRR) -- the frequency with which the biometric system will incorrectly reject the right person.
  • Inability to register -- the proportion of users who cannot enroll for whatever reason (smooth skin on fingers, degenerative eye disease, unable to speak, amputee, etc.).

Typical values for each of the above three rates are on the order of from 0.1% to 2%.

Return to Identity Management Concepts

page top page top