Campus ID News
Card, mobile credential, payment and security
biometric template

Biometrics 101 (part II): Storing and matching biometric templates

CampusIDNews Staff   ||   Mar 01, 2004  ||   , ,

In the February issue of SecureIDNews, part one of our series on biometric technology concepts was presented. In this second part review, key concepts are described building upon those presented prior.

As you may recall, biometrics are numeric representations of physical characteristics that enable identification or verification of the individual possessing the characteristic. Biometrics can be physical or behavioral. Physical biometrics focus on an individual's physical attributes such as fingerprints, hand geometry, and iris or retinal patterns. Behavioral biometrics measure an individual's actions such as the manner of walking (referred to as gate) or the way he or she types at a keyboard.

There are two key stages to a biometric system: enrollment and presentment. At enrollment, the individual presents the item or action to be measured to the measuring device or scanner. The device conducts the scan and the software generates a numeric representation of the image based on set algorithms. Using a fingerprint as an example, the person places the finger on the scanner. The scanner takes one or more readings of the fingerprint pattern and applies the system's specific algorithmic settings to it. A numeric string is created based upon the specific fingerprint pattern and this number is stored as the biometric template.

At presentment, the previously enrolled individual presents the item (e.g. the finger) again. This time the purpose is not to enroll the individual into the system but rather to verify that the person is who they claim to be or identify the person from a pool of individuals. Continuing the previous example of the fingerprint scan, the individual places the finger on the scanner and the same algorithm is applied to the scanned print. The resulting numeric template is compared to the enrolled template and, if they match, access is granted.

Storage of the template

A key concept of, and major difference between, biometric systems involves the storage of the enrolled template. To function, the enrolled biometric template must be available for comparison against the newly presented fingerprint and resultant template. But where will the system store the enrolled template? While there are many possible points of storage, the real question boils down to this: "should the template be kept on the system or in the possession of the individual?"

Commonly the terms "storage on reader, panel, or system" is used when the enrolled template is housed on the system and "storage on card" when the template is kept in the possession of the individual (e.g. on a smart card).

While this might seem like an insignificant difference, it is at the root of many of the anti-biometric privacy opposition arguments. If the template is in the possession of the system it is, by default, outside of the absolute control of the individual. This has been a cause for significant concern among privacy advocates. If the template is housed only on a card that remains in the possession of the individual, this concern is alleviated.

Matching of the templates

For a biometric system to function, a presented template must be compared to an enrolled template or a database of enrolled templates. Just as the location of the template's storage is an important differentiator of biometric systems, so too is the location for this comparison or matching process.

A biometric match can be conducted in the same two basic areas as template storage: on the system or on the card. The key here again is the location of the individual's biometric template. If the match operation is performed on the system (e.g. at the reader, at the panel) it is, by definition outside of the absolute control of the individual. Thus, many systems are designed to perform the match operation on the card itself, using the processing capability of the smart card. In this scenario, the actual enrolled biometric never leaves the card and thus is at a lesser risk for compromise.

The most secure and most privacy-protecting architecture includes storage of the enrolled biometric template on the card as well as matching of the enrolled and presented biometrics on the card.

Perception is reality …

As nearly every biometric industry representative will attest, it is impossible to ‘reverse engineer' the actual physical or behavioral characteristic from a biometric template. Using our fingerprint example, the scanned finger is mathematically summarized into a series of digits based on certain key points in that fingerprint image. Someone possessing the string of digits could not recreate the fingerprint even if they had access to the formulas used as only bits and pieces of the finger are incorporated.

It is analogous to describing a person's physical appearance. The man is 6 feet tall, he has brown eyes, and black hair. He has a birthmark on his right ear and small scar above his left eye. While this description can be used to identify a person (at least to a point), it would in no way enable an accurate recreation of the person or his likeness.

Thus, the need for storage and matching of the biometric on the card for reasons of privacy protection is likely overemphasized. It can be, however, the best architecture for certain applications and environments. And if the people perceive that there is a risk, this perception is difficult to counter. It seems that both in biometric measurement and in the public view of biometric technology, perception is reality.

Subscribe to our weekly newsletter


May 26, 23 / ,

Penn State adds mobile ordering to campus app

Penn State has added a mobile ordering feature to its comprehensive campus mobile app, Penn State Go. The Penn State Eats Mobile function is available for use by students on the flagship University Park campus, as well as across the university's Commonwealth Campuses.
May 26, 23 / ,

NAU leverages delivery robots to support late-night dining

Northern Arizona is leveraging Starship delivery robots and the mobile ordering app in a clever way to prop up late night dining, and putting a twist on the ghost kitchen concept. The university has launched its Hole in the Wall dining window that now serves either pickup or robot delivery for students by offering a number of dining concepts all from a single, concession-style window.
May 25, 23 / ,

HID's Technology Partner Program helps companies develop mobile solutions

Trusted identity solutions provider, HID Global, has announced its HID Origo Technology Partner Program, the company’s first program dedicated to partners with a focus on mobile technologies. The Origo Technology Partner Program is designed to help technology partners by providing the ideal platform for organizations to design, test, and market products that integrate with HID Origo via APIs and SDKs.
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Join us, @NACCUorg, and @TouchNet to explore how campus card programs can successfully navigate the sales and procurement process. Join the webinar on June 6, 2 pm EDT.

Webinar: Learn how the University of Arizona uses campus cards, mobile ordering, kiosks, lockers, and robots to revolutionize campus dining. April 7, 2-2:30 EDT. Register Now at

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2023 CampusIDNews. All rights reserved.