10/29/2008

Glossary of Security and Biometric System Terms

biometricsbar1707
biometricsbar1707
Access Control
Access control is a function of security management that ensures only authorized users have access to resources they are entitled to.

Advanced Encryption Standard (AES)
Also known as Rijndael, is a block cipher adopted as an encryption standard by the US government. It is expected to be used worldwide and analyzed extensively, as was the case with its predecessor, the Data Encryption Standard (DES). AES was adopted by National Institute of Standards and Technology (NIST) as US FIPS PUB 197 in November 2001 after a 5-year standardization process. The National Security Agency (NSA) reviewed all the AES finalists, including Rijndael, and stated that all of them were secure enough for US Government non-classified data. In June 2003, the US Government announced that AES may be used for classified information.

AFIS
Automated Fingerprint Identification System - A highly specialized biometric system that compares a single finger image with a database of finger images. AFIS is predominantly used for law enforcement, but is also being put to use in civil applications. For law enforcement, finger images are collected from crime scenes, known as latents, or are taken from criminal suspects when they are arrested. In civilian applications, finger images may be captured by placing a finger on a scanner or by electronically scanning inked impressions on paper.

Algorithm
A limited set of well-defined instructions to solve a task, which leads reliably from a given starting point to a corresponding identifiable end point. It can also be described as a systematic procedure for carrying out a calculation or solving a problem in a limited number of stages. Many algorithms can be implemented as computer programs. In biometric systems, specific algorithms are used, for example, to indicate how a smart card determines whether the input fingerprint matches the template stored on the card or in the database.

ANSI 378
Refers to interoperability standard for fingerprint templates developed by the American National Standards Institute (ANSI). The US governmental requires the use of ANSI 378 templates for Homeland Security Directive (HSPD-12) and Personal Identity Verification (PIV). The US Federal requirements for ANSI 378 are designed to ensure that all employees and contractors are able to use their badges for identification and access to all government facilities.

API
Application Program Interface - A set of services or instructions used to standardize an application. An API is computer code used by an application developer. Any biometric system that is compatible with the API can be added or interchanged by the application developer. APIs are often described by the degree to which they are high level or low level. High level means that the interface is close to the application and low level means that the interface is close to the device.

ASIC
Application Specific Integrated Circuit - An integrated circuit (silicon chip) that is specially produced for a biometric system to improve performance.

Asymmetric Encryption System
The asymmetric system uses a two-part key, such as RSA and El Gamal. Each recipient has a private key that is kept secret and a public key that is published for everyone.
The sender looks up or is sent the recipient's public key and uses it to encrypt the message. The recipient uses the private key to decrypt the message and never publishes or transmits the private key to anyone. Thus, the private key is never in transit and remains invulnerable. This system is sometimes referred to as using public
keys.

Authentication
The process of validating that a user, computer, service or process is who or what it claims to be. The presentation of a username and password is the most common means of authentication used today.
Any systematic method of confirming the identity of an individual. Some methods are more secure than others. Simple authentication methods include user name and password, while more secure methods include token-based one-time passwords. The most secure authentication methods include layered or "multi-factor biometric procedures. This is independent of authorization.
  • 1-Factor Authentication
The classic fingerprint-without-card technology is simple and in many cases what serves our customers’ basic needs best. The fingerprint reader solution replaces codes or passwords.
  • 2-Factor Authentication
Precise Biometrics also offers products with 2-factor authentication, combining smart card and fingerprint. With this solution the fingerprint is stored on the smart card. Using templates on a card offers vast scalability, higher security and fast matching times. Using the correct access keys can only access the fingerprint data.
  • 3-Factor Authentication
A product with 3-factor authentication, combines smart card, fingerprint and PIN code.
  • Multi-Factor Authentication
More than one method

Authorization
The administration of person-specific rights, privileges, or access to data or corporate resources.

Automatic ID / Auto ID
An umbrella term for any biometric system or other security technology that uses automatic means to check identity. This applies to both one-to-one verification and one-to-many identification.

Behavioral Biometric
A biometric which is characterized by a behavioral trait that is learned and acquired over time rather than a physiological characteristic.

Bifurcation
A branch made by more than one finger image ridge.

Benchmarking
The process of comparing measured performance against a standard, openly available, reference.

Biometrics
The automatic recognition of persons based on unique combinations of measurable physical or behavioral characteristics. Examples include fingerprints, iris scanning, face and voice recognition, or hand geometry. All of these biometric techniques are differentiated by speed, durability, reliability, and cost effectiveness. Fingerprints are generally considered the most practical biometric identifier in use today.

Biometric Authentication Mode
The way biometric data (e.g. fingerprints) is used for authentication. The mode chosen for a biometric installation depends on the specific needs of a site, where either convenience or security may be emphasized. BioCert fingerprint devices may use either of two biometric authentication modes, identification or verification.

Biometric Data
The extracted information taken from the biometric sample and used either to build a reference template or to compare against a previously created reference template.

Biometric Engine
The software element of the biometric system which processes biometric data during the stages of enrolment and capture, extraction, comparison and matching.

Biometric Information
The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g. patterns).

Biometric Sample
Raw data representing a biometric characteristic of an end-user as captured by a biometric system (for example the image of a fingerprint).

Biometric System
An automated system capable of a) capturing a biometric sample from an end user; b) extracting biometric data from that sample; c) comparing the biometric data with that contained in one or more reference templates; d) deciding how well they match; and e) indicating whether or not an identification or verification of identity has been achieved.

Biometric Template
Biometric templates are representations of a fingerprint or other biometric using series of numbers and letters. Templates are created using sophisticated algorithms, a mathematical process.

Capacitance
A finger image capture technique that senses an electrical charge, from the contact of ridges, when a finger is placed on the surface of a sensor.

Capture
The method of taking a biometric sample from the end user.

CCD
Charge-Coupled Device - A CCD is a semiconductor device that records images electronically.

Certification
The process of testing a biometric system to ensure that it meets certain performance criteria. Systems that meet the testing criteria are said to have passed and are certified by the testing organization.

Cipher
The core algorithm used to encrypt data. A cipher transforms regular data (plaintext) into a coded set of data (ciphertext) that is not reversible without a key. For example, AES and DES are examples of secret key block ciphers. The complete encryption algorithm is the cipher plus the technique used to apply the cipher to the message, which can be a very intricate series of steps.

Claim of Identity
When a biometric sample is submitted to a biometric system to verify a claimed identity.

Claimant
A person submitting a biometric sample for verification or identification whilst claiming a legitimate or false identity.

Closed-Set Identification
When an unidentified end-user is known to be enrolled in the biometric system.

Comparison
The process of comparing a biometric sample with a previously stored reference template or templates.

Contactless Card
Smart cards or memory cards which communicate by a radio signal. The range is normally up to 10 cm from the reader.

Crossover Error Rate
Synonym for Equal Error Rate.

Cryptography
The discipline that embodies the principles, means, and methods for the transformation of data in order to hide their semantic content, prevent their unauthorized use, or prevent their undetected modification.

Database
Any storage of biometric templates and related end user information. Even if only one biometric template or record is stored, the database will simply be a database of one. Generally speaking, however, a database will contain a number of biometric records.

D Prime
A statistical measure of how well a biometric system can discriminate between different individuals. The larger the D Prime value, the better a biometric system is at discriminating between individuals.

Digital Signature
The encryption of a message digest with a private key.

Discriminant Training
A means of refining the extraction algorithm so that biometric data from different individuals are as distinct as possible.

DPI
Dots Per Inch - A measurement of resolution for finger image biometrics.

Dual Interface Card
Dual interface cards have contact and contact less interfaces for data and transmission in both directions.

Encryption
Making information unreadable/difficult to read for unauthorized persons.
The act of converting biometric data into a code so that people will be unable to read it. A key or a password is used to decrypt (decode) the encrypted biometric data.
A method of taking information that is readable and making it unreadable. Encryption uses a set of mathematical rules or algorithms to transform clear text into an unreadable format. Encryption is an effective way of safeguarding important and confidential information.

End User
A person who interacts with a biometric system to enrol or have his/her identity checked.

Enrollee
A person who has a biometric reference template on file.

Enrollment / Enrolling
The process of collecting biometric samples from a person and the subsequent preparation and storage of biometric reference templates representing that person's identity.

Enrollment Time
The time period a person must spend to have his/her biometric reference template successfully created.

Equal Error Rate
The error rate occurring when the decision threshold of a system is set so that the proportion of false rejections will be approximately equal to the proportion of false acceptances.

Extraction
The process of converting a captured biometric sample into biometric data so that it can be compared to a reference template.

Failure to Acquire
Failure of a biometric system to capture and extract biometric data (comparison data).

Failure to Acquire Rate
The frequency of a failure to acquire.

Failure to Enroll
Failure of the biometric system to form a proper enrolment template for an end-user. The failure may be due to failure to capture the biometric sample or failure to extract template data (of sufficient quality).

Failure to Enroll Rate
The proportion of the population of end-users failing to complete enrolment

False Acceptance Rate
FAR - When a biometric system incorrectly identifies an individual or incorrectly verifies an impostor against a claimed identity. Measures how frequently unauthorized persons are accepted by the system due to erroneous matching. Potentially serious.

False Match Rate
Alternative to False Acceptance Rate. Used to avoid confusion in applications that reject the claimant if their biometric data matches that of an enrollee. In such applications, the concepts of acceptance and rejection are reversed, thus reversing the meaning of False Acceptance and False Rejection.

False Non-Match Rate
Alternative to False Rejection Rate. Used to avoid confusion in applications that reject the claimant if their biometric data matches that of an enrollee. In such applications, the concepts of acceptance and rejection are reversed, thus reversing the meaning of False Acceptance and false Rejection.

False Rejection Rate
FRR - When a biometric system fails to identify an enrollee or fails to verify the legitimate claimed identity of an enrollee. Measures how frequently registered users are rejected by the system. This usually amounts to nothing more than inconvenience, since it requires users to try again.

Filtering
The process of classifying biometric data according to information that is unrelated to the biometric data itself. This may involve filtering by age, hair color or other distinguishing factors, and including this information in an end users database record. This term is particularly used in conjunction with Automated Fingerprint Identification Systems.

Finger Geometry
A physical biometric that analyses the shape and dimensions of one or more fingers.

Finger Image
A physical biometric which looks at the patterns found in the tip of the finger.

Finger Scanning
The process of finger image capture.

Fingerprint Template
A description of all the detected minutiae in a fingerprint pattern. The template contains each minutia's x/y coordinate, slope, and type, thus summarizing the characteristics of the fingerprint for purposes of matching the fingerprint against candidates.

FIPS 201
Federal Information Processing Standards 201 creates the framework from the smart card security for PIV IDs.
The US General Services Administration’s (GSA) Approved Products List (APL), is an important requirement in the procurement process for the US Federal Government Homeland Security Presidential Directive 12 (HSPD-12). By fall this year all US Government agencies must initiate the deployment of smart card based ID cards, the so-called PIV (Personal Identity Verification) Cards.

GSA APL
In order to eliminate the need for every agency to test and certify products to implement into HSPD-12, The General Services Administration (GSA) was asked to create an Approved Products List (APL). The GSA APL will serve as the buying guide for all of the US Federal Government Agencies. As agencies begin to implement their HSPD-12 and PIV solutions they will use the GSA APL to provide assurance that the products they are purchasing meet guidelines and technical specifications.

Hand Geometry
Measurement of the layout of the physical characteristics of the hand.

HSPD-12
Abbreviation for US Federal government's Homeland Security Presidential Directive, which is a set of requirements for government agencies to improve their security infrastructure.

Identification
Also known as one-to-many or 1:n comparison. Authentication mode that compares the current biometric data set against all other reference data of persons previously recorded in the system. This method does not require any accompanying information to be provided with the fingerprint. It is user-friendly but inherently slower and less secure than the verification mode.

Impostor
A person who submits a biometric sample in either an intentional or inadvertent attempt to pass him/herself off as another person who is an enrollee.

Iris Recognition
The technique of measuring the veins in the Iris to identify a person. This biometric technology is exceptionally accurate.

ISO
International Organization for Standardization.

Latent Fingerprint
Latent fingerprints are "left over" fragments usually caused by the build-up of oily residues on the optic sensor window after repeated use.

Matching
Biometric data (e.g. fingerprints) are matched to another sample to confirm a person’s identity (authentication).

Matching Method Algorithms for Fingerprint ID Systems:
  • Minutiae Based Method
Minutia based algorithms compare several minutia points (ridge ending, bifurcation, and short ridge) extracted from the original image stored in a template with those extracted from a candidate fingerprint. Similar to the pattern-based algorithm, the minutia-based algorithm must align a fingerprint image before extracting feature points. This alignment must be performed so that there is a frame of reference.
  • Pattern Matching Method
Pattern based algorithms compare the basic fingerprint patterns (arch, whorl, and loop) between a previously stored template and a candidate fingerprint. This requires that the images be aligned in the same orientation. To do this, the algorithm finds a central point in the fingerprint image and centers on that. In a pattern-based algorithm, the template contains the type, size, and orientation of patterns within the aligned fingerprint image. The candidate fingerprint image is graphically compared with the template to determine the degree to which they match.

Live Capture
The process of capturing a biometric sample by an interaction between an end user and a biometric system.

Live Scan
The term live scan is typically used in conjunction with finger image technology. Synonym for Live Capture.

Mifare
Mifare is an interface for contact less smart cards and smart card readers. It has been developed by Philips and influencing the ISO14443 Standard.

Minutiae
The unique, measurable physical characteristics scanned as input and stored for matching by biometric systems. For fingerprints, minutiae include the starting and ending points of ridges, bifurcations and ridge junctions among other features.

Multiple Biometric
A biometric system that includes more than one biometric system or biometric technology.

NIST
Abbreviation for the National Institute for Standardization of Technology, which is an agency of the US Federal Government which establishes standards and guidelines for private and public sector purposes.

One-to-a-Few
A hybrid of one-to-many identification and one-to-one verification. Typically the one-to-a-few process involves comparing a submitted biometric sample against a small number of biometric reference templates on file.

One-to-Many
Synonym for Identification.

One-to-One
Synonym for Verification.

Optical
A finger image capture technique that uses a light source, a prism and a platen to capture finger images.

Performance Criteria
Pre-determined criteria established to evaluate the performance of the biometric system under test.

Physiological Biometric
A biometric that is characterized by a physical characteristic rather than a behavioral trait.

PIN
Personal Identification Number - A security method whereby a (usually) four digit number is entered by an individual to gain access to a particular system or area.

PIV-card
Personal Identity Verification Card required to be issued to all US Federal employees and contractors under HSPD-12.

Precise Match-on-Card
The company's technology for storing and matching fingerprints on smart cards. The smart card has built-in software which matches the template saved on the card against the input biometric image. As such, the template never leaves the secure environment of the smart card, protecting both the biometric information and the user's personal privacy.

Recognition
A generic term used in the description of biometric systems (e.g. face recognition or iris recognition) relating to their fundamental function. The term recognition does not inherently imply verification, closed-set identification or open-set identification (watchlist).

Record
The template and other information about the end-user (e.g. access permissions)

Response Time
The time period for a biometric system to return a decision on identification or verification of a biometric sample.

Retina Scanning
Scanning the veins at the back of the eye (on the retina) - usually for use in an identification or verification algorithm.

Ridge
The raised markings found across the fingertip.

Ridge Ending
The point at which a finger image ridge ends.

RF
A unique type of finger image capture that uses RF signals to capture the finger image under the outer layer of the skin, to the live layer below.

ROC
Receiver Operating Curves - A graph showing how the false rejection rate and false acceptance rate vary according to the threshold.

Score
The level of similarity from comparing a biometric sample against a previously stored template.

SHA-1
SHA-1, published in 1995, is a hash algorithm designed by the NSA. The size of the output of this algorithm is 160 bits. In 2005, a theoretical method was published to find collisions in SHA-1 with effort smaller than that required for brute force on average.

Smart card
A smart card is a plastic card, which holds a processing chip – like those found in computers. The chip on the card is designed to protect the information stored on it using various security mechanisms.

Strong Passwords
A strong password is sufficiently long, random, or otherwise producible only by the user who chose it, that successfully guessing it will require too long a time. The length of time deemed to be too long will vary with the attacker, the attacker's resources, the ease with which a password can be tried, and the value of the password to the attacker. A student's password might not be worth more than a few seconds of computer time, whilst a password controlling access to a large bank's electronic money transfer system might be worth many weeks of computer time.

Template
The biometric reference pattern of a person stored for matching.
Data, which represents the biometric measurement of an enrolee, used by a biometric system for comparison against subsequently submitted biometric samples.

Template Ageing
The degree to which biometric data evolves and changes over time, and the process by which templates account for this change.

Template Size
The amount of computer memory taken up by the biometric data.

Thermal
A finger image capture technique that uses a sensor to sense heat from the finger and thus capture a finger image pattern.

Threshold / Decision Threshold
The acceptance or rejection of biometric data is dependent on the match score falling above or below the threshold. The threshold is adjustable so that the biometric system can be more or less strict, depending on the requirements of any given biometric application.

Throughput Rate
The number of end users that a biometric system can process within a stated time interval.

Tokens
A physical device that an authorized user of computer services is given to aid in authentication. Hardware tokens are often small enough to be carried in a pocket or purse. Some may store cryptographic keys, like a digital signature, or biometric data, like a fingerprint.

Types of Fingerprint Readers:
There are several different types of fingerprint readers that are each designed for a different task with varying functionality and reliability. They are generally divided into two segments - Optical and Capacitance which refers to the technology being used to capture the minutiae or pattern matching data and are either Touch Sensors or Swipe Sensors which refers to the method of obtaining the fingerprint data.
  • Passive capacitance
A passive capacitance sensor uses the principle outlined above to form an image of the fingerprint patterns on the dermal layer of skin. Each sensor pixel is used to measure the capacitance at that point of the array. The capacitance varies between the ridges and valleys of the fingerprint due to the fact that the volume between the dermal layer and sensing element in valleys contains an air gap. The dielectric constant of the epidermis and the area of the sensing element are known values. The measured capacitance values are then used to distinguish between fingerprint ridges and valleys.
  • Active capacitance
Active capacitance sensors use a charging cycle to apply a voltage to the skin before measurement takes place. The application of voltage charges the effective capacitor. The electric field between the finger and sensor follows the pattern of the ridges in the dermal skin layer. On the discharge cycle, the voltage across the dermal layer and sensing element is compared against a reference voltage in order to calculate the capacitance. The distance values are then calculated mathematically, using the above equations, and used to form an image of the fingerprint. Active capacitance sensors measure the ridge patterns of the dermal layer like the ultrasonic method. Again, this eliminates the need for clean, undamaged epidermal skin and a clean sensing surface.
  • Live layer capacitance scanning
This method of scanning sends an RF current through the surface of the skin or Epithelial layers of dead skin cells to the live skin cell layer. As we age, our skin becomes thinner, less resilient and the individually identifiable characteristics of our fingerprints become harder to read. This fact makes elderly individuals more susceptible to False Rejection Rate based upon the sensors inability to get a good quality print. In 1998, AuthenTec developed a unique semiconductor-based fingerprint reader that uses small RF signals to detect the fingerprint ridge and valley pattern. The RF electronic imaging mechanism called (TruePrint technology ) works by reading the fingerprint pattern from the live, highly-conductive layer of skin that lies just beneath the skin's dry outer surface layer. AuthenTec's TruePrint-based sensors are less affected by common skin surface conditions - including dry, worn, calloused, dirty or oily skin - that can impair the ability of other sensors to acquire accurate fingerprint images. That makes TruePrint sensor technology capable of acquiring everyone's fingerprint under virtually any condition.
  • Optical Scanner
Optical fingerprint imaging involves capturing a digital image of the print using visible light. This type of sensor is, in essence, a specialized digital camera. The top layer of the sensor, where the finger is placed, is known as the touch surface. Beneath this layer is a light-emitting phosphor layer which illuminates the surface of the finger. The light reflected from the finger passes through the phosphor layer to an array of solid state pixels (a charge coupled device) which captures a visual image of the fingerprint. A scratched or dirty touch surface can cause a bad image of the fingerprint. A disadvantage of this type of sensor is the fact that the imaging capabilities are affected by the quality of skin on the finger. For instance, a dirty or marked finger is difficult to image properly. Also, it is possible for an individual to erode the outer layer of skin on the fingertips to the point where the fingerprint is no longer visible. However, unlike capacitive sensors, this sensor technology is not susceptible to electrostatic discharge damage.
  • Swipe Sensors
This is a sensor whereby the finger is swiped over the sensor in one fluid motion.
  • Touch Sensors
This is a sensor whereby the finger is placed on the sensor in a static fashion.

Ultrasound
A technique for finger image capture that uses acoustic waves to measure the density of a finger image pattern.

User
The client to any biometric vendor. The user must be differentiated from the end user and is responsible for managing and implementing the biometric application rather than actually interacting with the biometric system.

Validation
The process of demonstrating that the system under consideration meets in all respects the specification of that system.

Valley
The corresponding marks found on either side of a finger image ridge.

Verification / Verify
Also known as one-to-one or 1:1 comparison. The verification procedure confirms whether the person in question is actually the person they claim to be. The person’s current biometric data are compared only with their own reference data. This authentication mode requires another unique identifier such as a User ID, PIN, or smart card. Verification is inherently faster and more secure than the identification method.

Vulnerability
Weakness in an information system, system security procedures, internal controls, or implementation that could be exploited or triggered by a threat source.

Whorl
A fingerprint pattern in which the ridges are circular or nearly circular. The pattern will contain two or more deltas.

Wiegand
Wiegand is the trade name for a technology used in card readers and sensors, particularly for access control applications. Wiegand devices were originally developed by HID Corporation.
A Wiegand card looks like a credit card. It works according to a principle similar to that used in magnetic-stripe cards, such as those used with bank automatic teller machines (ATMs). Instead of a band of ferromagnetic material, the Wiegand card contains a set of embedded wires. The wires are made of a special alloy with magnetic properties that are difficult to duplicate. This makes Wiegand cards virtually counterfeit-proof. The set of wires can contain data such as credit card numbers, bank account numbers, employee identification information, criminal records, and medical history. The card is read by passing it through, or bringing it near, a device called a Wiegand sensor.

biometricsbar1707

See also:
Why Biometrics is Important?
Fusion Biometric Handheld Device
Ringdale Terminal with Fingerprint Reader
Motorola Mobile AFIS Fingerprint Identification
Panasonic BM-ET330 Iris Recognition
biometricsbar1707
biometricsbar1707

No comments:

Post a Comment