Glossary of Terms
A | B | C | D | E | F | G | H | I | J | K | L | M | O | P | Q | R | S | T | U | V | W | X | Y | Z
Acquisition device
The hardware used to acquire biometric samples. The following acquisition
devices are associated with each biometric technology.
Active imposter acceptance
Acceptance of a biometric sample submitted by someone attempting
to gain illegal entry to a biometric system.
AFIS
Automated Fingerprint Identification System. A system originally
developed for use by law enforcement agencies, which compares a
single fingerprint with a database of fingerprint images. Subsequent
developments have seen its use in commercial applications, where
a client or customer has their finger image compared with existing
personal data by placing a finger on a scanner, or by the scanning
of inked paper impressions.
Algorithm
A sequence of instructions that tells a system how to solve a problem.
Used by biometric systems, for example, to tell whether a sample
and a template are a match. Cryptographic algorithms are used to
encrypt sensitive data files, to encrypt and decrypt messages, and
to digitally sign documents.
API
Application Program Interface. A computer code which is a set of
instructions or services used to standardize an application. Any
system compatible with the API can then be added or interchanged
by the application developer.
ASIC Application Specific Integrated
Circuit
An integrated circuit developed for specific applications to improve
performance.
Asynchronous multimodality
Systems that require that a user verify through more than one biometric
in sequence. Asynchronous multimodal
solutions are comprised of one, two, or three distinct authentication
processes. A typical user interaction will consist of a verification
on finger scan, then face if finger is successful.
Audit trail
In computer/network systems - a record of events (protocols, written
documents, and other evidence) which can be used to trace the activities
and usage of a system. Such material is crucial when tracking down
successful attacks/attackers, determining how the attacks happened,
and being able to use this evidence in a court of law.
Authentication
The process of establishing the validity of the user attempting
to gain access to a system. Primary authentication methods are:
* Access passwords (something the user knows) * Access tokens (something
the user owns) * Biometrics * Geography (a workstation, for example)
BioAPI
BioAPI V1.0, developed by the BioAPI consortium, and released in
March 2000. Designed to produce a standard biometric API aiding
developers and consumers.
Biometric (noun)
One of various technologies that
utilize behavioral or physiological characteristics to determine
or verify identity. “Finger-scan is a commonly used biometric.”
Plural form also acceptable: “Retina-scan and iris-scan are eye-based
biometrics."
Biometrics (noun)
Field relating to biometric identification. EG: “What is the future
of biometrics?”
Biometric (adjective)
Of or pertaining to technologies that utilize behavioral or physiological
characteristics to determine or verify identity. EG: “Do you plan
to use biometric identification or older types of identification?”
Biometric sample
The identifiable, unprocessed image or recording of a physiological
or behavioral characteristic, acquired during submission, used to
generate biometric templates. Also referred to as biometric data.
Biometric system
The integrated biometric hardware and software used to conduct biometric
identification or verification.
Buffer overflow
Most common cause of current security vulnerabilities. A buffer
overflow occurs when more data is put into a temporary data storage
area (buffer) than the buffer can hold. Because buffers can only
hold a finite amount of data, the extra information can overflow
into adjacent buffers, corrupting or overwriting the data in them.
Programming errors are the one of the most frequent causes of buffer
overflow problems. In attacks which exploit buffer vulnerabilities,
extra data is sent to the buffer with code designed to trigger specific
actions, and which can damage files, change data, or disclose confidential
information. Buffer overflow attacks may have arisen from poor use
of the C programming language.
Contact/Contactless
In regard to chip cards: whether the card is read by direct contact
with a reader or has a transmitter/receiver system which allows
it to be read using radio frequency technology (up to a certain
distance).
Crossover error rate (CER)
A comparison metric for different biometric devices and technologies;
the error rate at which FAR equals FRR. The lower the CER, the more
accurate and reliable the biometric device.
Data vaulting
The process of sending data off site, where it can be protected
from hardware failures, theft, and other threats. Several companies
now offer Web backup services that compress, encrypt, and periodically
transmit a customer's data to a remote vault. In most cases, the
vaults have auxiliary power supplies, powerful computers, and manned
security. Also referred to as a remote backup service (RBS).
Decision
The result of the comparison between the score and the threshold.
The decisions a biometric system can make include match, non-match,
and inconclusive, although varying degrees of strong matches and
non-matches are possible. Either/or multimodality describes systems
that offer multiple biometric technologies, but only require verification
through a single technology.
Digital certificate
In the PKI environment, the data, equivalent to an identity card,
issued to a user by a CA (Certificate authority), which he/she uses
during business transactions to prove his/her identity.
Digital signature
The number derived by performing cryptographic operations on the
text to be signed. This operation, or hash function (also called
hash algorithm), is performed on the binary code of the text. The
result is known as the message digest, and always has a fixed length.
A signature algorithm is applied to the message digest, resulting
in the digital signature.
DSA
Digital Signature Algorithm.
Presented in 1991 by the NIST and patented in 1993. A publicly available
one-way algorithm used to generate or verify digital signatures
of a text to be signed (not to encrypt/decrypt information). As
input, DSA needs 1. The message digest of the message to be signed
2. The signer's private key 3. A random number Its output is a pair
of numbers (often referred to as r and s) which together, make up
the digital signature.To verify a digital signature, DSA needs as
input 1. The message digest of the text to be verified 2. The signer's
public key 3. The value s from the signature DSA then makes a computation,
the output of which is called v, for example. If v = r, then the
signature verifies.
DSS
Digital Signature Standard. Developed by FIPS (U.S. Federal Information
Processing Standard). Adopted the DSA in the early 1990s.
Encryption
The scrambling of data so that it becomes difficult to unscramble
or decipher. Scrambled data is called ciphertext, as opposed to
unscrambled data, which is called plaintext. Unscrambling ciphertext
is called decryption. Data encryption
is done by the use of an algorithm and a key. The key is used by
the algorithm to scramble and unscramble the data. The algorithm
can be public (for scrutinization and analysis by the cryptographic
community), but the key must be kept private. Encryption does not
make unauthorized decryption impossible, but merely difficult. Time,
and the power (ever increasing) of computers are the factors involved
in the feasibility of decryption.
Enrollment
The initial process of collecting biometric data from a user and
then storing it in a template for later comparison.
Feature extraction
The automated process of locating
and encoding distinctive characteristics from a biometric sample
in order to generate a template.
False-acceptance rate (FAR)
The percentage of imposters incorrectly matched to a valid user's
biometric.
False-rejection rate (FRR)
The percentage of incorrectly rejected valid users.
Identification
The process by which the biometric system identifies a person by
performing a one-to-many (1:n) search against the entire enrolled
population.
Identification (1:N, one-to-many,
recognition)
The process of determining a person’s identity by performing matches
against multiple biometric templates. Identification systems are
designed to determine identity based solely on biometric information.
There are two types of identification systems: positive identification
and negative identification. Positive identification systems are
designed to find a match for a user’s biometric information in a
database of biometric information.
Matching
The comparison of biometric templates to determine their degree
of similarity or correlation. A match attempt results in a score
that, in most systems, is compared against a threshold. If the score
exceeds the threshold, the result is a match; if the score falls
below the threshold, the result is a non-match.
Minutiae Points
Local ridge characteristics that occur at either a ridge bifurcation
or a ridge ending.
Privacy-Protective
A privacy-protective system is one used to protect or limit access
to personal information, or which provide a means for an individual
to establish a trusted identity.
Privacy-Sympathetic
A privacy-sympathetic system is one that limits access to and usage
of personal data and in which decisions regarding design issues
such as storage and transmission of biometric data are informed,
if not driven, by privacy concerns.
Privacy-Neutral
A privacy-neutral system is one in which privacy is not an issue,
or in which the potential privacy impact is slight. Privacy-neutral
systems are difficult to misuse from a privacy perspective, but
do not have the capability to protect personal privacy.
Privacy-Invasive
A privacy-invasive system facilitates or enables the usage of personal
data in a fashion inconsistent with generally accepted privacy principles.
Score
A number indicating the degree of similarity or correlation of a
biometric match. Traditional authentication methods – passwords,
PINs, keys, and tokens - are binary, offering only a strict yes/no
response. This is not the case with most biometric systems. Nearly
all biometric systems are based on matching algorithms that generate
a score subsequent to a match attempt. This score represents the
degree of correlation between the verification template and the
enrollment template. There is no standard scale used for biometric
scoring: for some vendors a scale of 1-100 might be used, others
might use a scale of –1 to 1; some vendors may use a logarithmic
scale and others a linear scale. Regardless of the scale employed,
this verification score is compared to the system’s threshold to
determine how successful a verification attempt has been.
Single Error Rates
Error rates state the likelihood of an error (false match, false
non-match, or failure to enroll) for a single comparison of two
biometric templates or for a single enrollment attempt. This can
be thought of as a "single" error rate.
Synchronous multimodality
The use of multiple biometric technologies in a single authentication
process. For example, biometric systems exist which use face and
voice simultaneously, reducing the likelihood of fraud and reducing
the time needed to verify.
Submission
The process whereby a user provides behavioral or physiological
data in the form of biometric samples to a biometric system. A submission
may require looking in the direction of a camera or placing a finger
on a platen. Depending on the biometric system, a user may have
to remove eyeglasses, remain still for a number of seconds, or recite
a pass phrase in order to provide a biometric sample.
Template
A mathematical representation of biometric data. A template can
vary in size from 9 bytes for hand geometry to several thousand
bytes for facial recognition. Threshold - A predefined number, often
controlled by a biometric system administrator, which establishes
the degree of correlation necessary for a comparison to be deemed
a match.
Verification (1:1,
matching, authentication)
The process of establishing the validity of a claimed identity by
comparing a verification template to an enrollment template. Verification
requires that an identity be claimed, after which the individual’s
enrollment template is located and compared with the verification
template. Verification answers the question, “Am I who I claim to
be?” Some verification systems perform very limited searches against
multiple enrollee records. For example, a user with three enrolled
finger-scan templates may be able to place any of the three fingers
to verify, and the system performs 1:1 matches against the user’s
enrolled templates until a match is found. One-to-few. There is
a middle ground between identification and verification referred
to as one-to-few (1:few). This type of application involves identification
of a user from a very small database of enrollees. While there is
no exact number that differentiates a 1:N from a 1:few system, any
system involving a search of more than 500 records is likely to
be classified as 1:N. A typical use of a 1:few system would be access
control to sensitive rooms at a 50-employee company, where users
place their finger on a device and are located from a small database.
This glossary is sourced from Findbiometrics.com
