Campus ID News
Card, mobile credential, payment and security
biometric template

Biometrics 101 (part II): Storing and matching biometric templates

CampusIDNews Staff   ||   Mar 01, 2004  ||   , ,

In the February issue of SecureIDNews, part one of our series on biometric technology concepts was presented. In this second part review, key concepts are described building upon those presented prior.

As you may recall, biometrics are numeric representations of physical characteristics that enable identification or verification of the individual possessing the characteristic. Biometrics can be physical or behavioral. Physical biometrics focus on an individual's physical attributes such as fingerprints, hand geometry, and iris or retinal patterns. Behavioral biometrics measure an individual's actions such as the manner of walking (referred to as gate) or the way he or she types at a keyboard.

There are two key stages to a biometric system: enrollment and presentment. At enrollment, the individual presents the item or action to be measured to the measuring device or scanner. The device conducts the scan and the software generates a numeric representation of the image based on set algorithms. Using a fingerprint as an example, the person places the finger on the scanner. The scanner takes one or more readings of the fingerprint pattern and applies the system's specific algorithmic settings to it. A numeric string is created based upon the specific fingerprint pattern and this number is stored as the biometric template.

At presentment, the previously enrolled individual presents the item (e.g. the finger) again. This time the purpose is not to enroll the individual into the system but rather to verify that the person is who they claim to be or identify the person from a pool of individuals. Continuing the previous example of the fingerprint scan, the individual places the finger on the scanner and the same algorithm is applied to the scanned print. The resulting numeric template is compared to the enrolled template and, if they match, access is granted.

Storage of the template

A key concept of, and major difference between, biometric systems involves the storage of the enrolled template. To function, the enrolled biometric template must be available for comparison against the newly presented fingerprint and resultant template. But where will the system store the enrolled template? While there are many possible points of storage, the real question boils down to this: "should the template be kept on the system or in the possession of the individual?"

Commonly the terms "storage on reader, panel, or system" is used when the enrolled template is housed on the system and "storage on card" when the template is kept in the possession of the individual (e.g. on a smart card).

While this might seem like an insignificant difference, it is at the root of many of the anti-biometric privacy opposition arguments. If the template is in the possession of the system it is, by default, outside of the absolute control of the individual. This has been a cause for significant concern among privacy advocates. If the template is housed only on a card that remains in the possession of the individual, this concern is alleviated.

Matching of the templates

For a biometric system to function, a presented template must be compared to an enrolled template or a database of enrolled templates. Just as the location of the template's storage is an important differentiator of biometric systems, so too is the location for this comparison or matching process.

A biometric match can be conducted in the same two basic areas as template storage: on the system or on the card. The key here again is the location of the individual's biometric template. If the match operation is performed on the system (e.g. at the reader, at the panel) it is, by definition outside of the absolute control of the individual. Thus, many systems are designed to perform the match operation on the card itself, using the processing capability of the smart card. In this scenario, the actual enrolled biometric never leaves the card and thus is at a lesser risk for compromise.

The most secure and most privacy-protecting architecture includes storage of the enrolled biometric template on the card as well as matching of the enrolled and presented biometrics on the card.

Perception is reality …

As nearly every biometric industry representative will attest, it is impossible to ‘reverse engineer' the actual physical or behavioral characteristic from a biometric template. Using our fingerprint example, the scanned finger is mathematically summarized into a series of digits based on certain key points in that fingerprint image. Someone possessing the string of digits could not recreate the fingerprint even if they had access to the formulas used as only bits and pieces of the finger are incorporated.

It is analogous to describing a person's physical appearance. The man is 6 feet tall, he has brown eyes, and black hair. He has a birthmark on his right ear and small scar above his left eye. While this description can be used to identify a person (at least to a point), it would in no way enable an accurate recreation of the person or his likeness.

Thus, the need for storage and matching of the biometric on the card for reasons of privacy protection is likely overemphasized. It can be, however, the best architecture for certain applications and environments. And if the people perceive that there is a risk, this perception is difficult to counter. It seems that both in biometric measurement and in the public view of biometric technology, perception is reality.

Subscribe to our weekly newsletter


Sheridan College onecard banner
Sep 21, 23 / ,

Interview: Sheridan College onecard manager details hugely successful mobile credential rollout

At the start of the fall term in 2022, the Sheridan College onecard office rolled out its new Mobile onecard. The Canadian institution serves 27,000 students across its three campuses in Ontario, so launching a project of this magnitude required careful planning and a well-orchestrated marketing effort to ensure success. CampusIDNews spoke with Aesha Brown, […]
University of Minnesota Twin Cities mascot
Sep 21, 23 /

Treasure hunt sends students in search of mascot’s lost campus card

At the University of Minnesota Twin Cities, the mission is to find Goldy’s U Card. On each of the institution’s three campuses, one of the mascot’s U Cards is hidden. Each undergraduate student that finds a card will receive a $100 reward. Finding the cards will not be easy. To help in the hunt, three […]
UX Tech event logo
Sep 19, 23 / ,

ColorID’s UX Tech event explores campus ID impact on user experience

We all want great user experiences for our cardholders and our system administrators, and advancements in technology are making this more possible than ever before. New credential and reader technologies are transforming the campus ID and with it the campus. The event is hosted and sponsored by UC Irvine, and will take place at the […]
CIDN logo reversed
The only publication dedicated to the use of campus cards, mobile credentials, identity and security technology in the education market. CampusIDNews – formerly CR80News – has served more than 6,500 subscribers for more than two decades.

Join us, @NACCUorg, and @TouchNet to explore how campus card programs can successfully navigate the sales and procurement process. Join the webinar on June 6, 2 pm EDT.

Webinar: Learn how the University of Arizona uses campus cards, mobile ordering, kiosks, lockers, and robots to revolutionize campus dining. April 7, 2-2:30 EDT. Register Now at

Load More...
CampusIDNews is published by AVISIAN Publishing
315 E. Georgia St.
Tallahassee, FL 32301[email protected]
Use our contact form to submit tips, corrections, or questions to our team.
©2023 CampusIDNews. All rights reserved.