Card, mobile credential, payment and security
In the February issue of SecureIDNews, part one of our series on biometric technology concepts was presented. In this second part review, key concepts are described building upon those presented prior.
As you may recall, biometrics are numeric representations of physical characteristics that enable identification or verification of the individual possessing the characteristic. Biometrics can be physical or behavioral. Physical biometrics focus on an individual's physical attributes such as fingerprints, hand geometry, and iris or retinal patterns. Behavioral biometrics measure an individual's actions such as the manner of walking (referred to as gate) or the way he or she types at a keyboard.
There are two key stages to a biometric system: enrollment and presentment. At enrollment, the individual presents the item or action to be measured to the measuring device or scanner. The device conducts the scan and the software generates a numeric representation of the image based on set algorithms. Using a fingerprint as an example, the person places the finger on the scanner. The scanner takes one or more readings of the fingerprint pattern and applies the system's specific algorithmic settings to it. A numeric string is created based upon the specific fingerprint pattern and this number is stored as the biometric template.
At presentment, the previously enrolled individual presents the item (e.g. the finger) again. This time the purpose is not to enroll the individual into the system but rather to verify that the person is who they claim to be or identify the person from a pool of individuals. Continuing the previous example of the fingerprint scan, the individual places the finger on the scanner and the same algorithm is applied to the scanned print. The resulting numeric template is compared to the enrolled template and, if they match, access is granted.
A key concept of, and major difference between, biometric systems involves the storage of the enrolled template. To function, the enrolled biometric template must be available for comparison against the newly presented fingerprint and resultant template. But where will the system store the enrolled template? While there are many possible points of storage, the real question boils down to this: "should the template be kept on the system or in the possession of the individual?"
Commonly the terms "storage on reader, panel, or system" is used when the enrolled template is housed on the system and "storage on card" when the template is kept in the possession of the individual (e.g. on a smart card).
While this might seem like an insignificant difference, it is at the root of many of the anti-biometric privacy opposition arguments. If the template is in the possession of the system it is, by default, outside of the absolute control of the individual. This has been a cause for significant concern among privacy advocates. If the template is housed only on a card that remains in the possession of the individual, this concern is alleviated.
For a biometric system to function, a presented template must be compared to an enrolled template or a database of enrolled templates. Just as the location of the template's storage is an important differentiator of biometric systems, so too is the location for this comparison or matching process.
A biometric match can be conducted in the same two basic areas as template storage: on the system or on the card. The key here again is the location of the individual's biometric template. If the match operation is performed on the system (e.g. at the reader, at the panel) it is, by definition outside of the absolute control of the individual. Thus, many systems are designed to perform the match operation on the card itself, using the processing capability of the smart card. In this scenario, the actual enrolled biometric never leaves the card and thus is at a lesser risk for compromise.
The most secure and most privacy-protecting architecture includes storage of the enrolled biometric template on the card as well as matching of the enrolled and presented biometrics on the card.
As nearly every biometric industry representative will attest, it is impossible to ‘reverse engineer' the actual physical or behavioral characteristic from a biometric template. Using our fingerprint example, the scanned finger is mathematically summarized into a series of digits based on certain key points in that fingerprint image. Someone possessing the string of digits could not recreate the fingerprint even if they had access to the formulas used as only bits and pieces of the finger are incorporated.
It is analogous to describing a person's physical appearance. The man is 6 feet tall, he has brown eyes, and black hair. He has a birthmark on his right ear and small scar above his left eye. While this description can be used to identify a person (at least to a point), it would in no way enable an accurate recreation of the person or his likeness.
Thus, the need for storage and matching of the biometric on the card for reasons of privacy protection is likely overemphasized. It can be, however, the best architecture for certain applications and environments. And if the people perceive that there is a risk, this perception is difficult to counter. It seems that both in biometric measurement and in the public view of biometric technology, perception is reality.
