john Gill technology header image

An Introduction to Biometrics

Basic Biometric Concepts

What are biometrics?

A biometric is a physical or behavioural feature or attribute that can be measured. It can be used as a means of proving that you are who you claim to be, or as a means of proving without revealing your identity that you have a certain right.

Physiological biometrics are based on measurements and data derived from direct measurement of a part of the human body:

Behavioural characteristics are based on an action taken by a person. Behavioural biometrics, in turn, are based on measurements and data derived from an action, and indirectly measure characteristics of the human body:

Other biometrics include: DNA; Keystroke recognition; Ear recognition; Odour recognition and Gait recognition.

What is a biometric system?

A biometric system is essentially a pattern recognition system that operates by acquiring biometric data from an individual, extracting a feature set from the acquired data, and comparing this feature set against the template set in the database.

Biometric systems relying on a single technology (uni/monomodal) are deployed, with various levels of success, in many different application contexts (airports, passports, physical and logical access control, etc.). However, by combining more than one modality (multimodal), enhanced performance reliability and even increased user acceptance could be achieved. Combining less reliable technologies in sequence could strengthen the overall system performance and combining them in parallel could increase the flexibility of the system by providing alternative modes for the verification/identification process.

Biometric characteristics are said to be ‘distinctive’. The distinctiveness of a biometric varies by the technique used to measure it and the process through which two similar biometrics are declared as matching. Thus, no biometric feature sampling process is exactly repeatable. Biometric characteristics can be considered as a bridge between an identity record and the individual this record belongs to. In this way it establishes a ‘trusted’ method to strongly link the stored identity with the physical person it represents. This type of biometric identity verification is desirable and needed on many occasions.

The key difference of biometrics to other digital identifiers, such as passwords, PINs or credit cards is that biometrics cannot be lost or forgotten; since biometric measurements are part of the body, they will always be present when needed. Moreover, the process of identification is automated or semi-automated. In some cases this automation mimics something humans do in everyday life (face or voice recognition), but for most technologies automation is necessary because humans alone would not be able to distinguish different individuals (iris recognition, hand patterns).

Biometric identification works in four stages:

Firstly, individuals are enrolled, i.e. a record associating the identifying features with the individual is created. For example, an iris scan is performed and the result is labelled “John Miller”.

Secondly, a record of that scan is stored somewhere. There are two options for storage: the records can be stored in a central database, or in a decentralised way, for example on smart cards, (this link takes you to "Identification and Authentication Using Smart Cards" report).

Thirdly, when identification is required, a new sample of the feature is acquired (eg. a new iris scan performed).

Finally, the newly acquired record is compared to the stored record. If they match, the individual has been identified.

Features of biometric identification

Biometric identification is a statistical process. Variations in conditions between enrolment and acquisition as well as bodily changes (temporary or permanent), mean that there is never a 100% match. For a password or a PIN, the answer given is either exactly the same as the one that has been stored, or it is not – the smallest deviation is a reason for refusal; for a biometric, there is no clear line between a match and a non-match. Whether a match exists depends therefore not only on the two data sets to be compared, but also on what margin of error is deemed tolerable. A 90% probability of a match may or may not be considered acceptable, depending on the implementation of the biometric in question and the application security requirements.

As a consequence of this statistical nature, biometric systems are never 100% accurate. There are two kinds of possible errors: false matches, and false non-matches. A false match occurs when an acquired template is erroneously matched to a template stored from enrolment, although the two templates are from two different persons. A false non-match occurs when an acquired template is not judged to match the template stored from enrolment, although both are from the same person. These error rates vary from one biometric technology to another, and they depend very much on the setting of the threshold above which a “match” is calculated: a 99% threshold will have more false non matches and fewer false matches than a 98% threshold, and so on.

Any biometric application must therefore provide a fallback procedure to deal with these errors. Fallback procedures are equally necessary to deal with people who have difficulties to provide a sample of any given biometric. This can be permanently, e.g. for sight-impaired people using an iris recognition system; or it may be temporarily, e.g. for an individual with a bandaged face using a face recognition system. The percentage of the population giving rise to a variety of such problems may be small but significant. Therefore, fallback procedures will need sufficiently flexible human involvement to handle the variety of potential problems.

A second point worth mentioning is that the biological data themselves, the so-called samples, need not actually be stored in the biometric identification systems (however, sometimes the original samples are stored outside the biometric identification system database, for example DNA in criminal investigations.) Iris pictures, fingerprints and faces are converted via mathematical algorithms and stored into fixed format files so-called templates. The use of biometric algorithms facilitates the statistically constant matching of the features extracted during acquisition. Whilst the algorithms are different for each technology, this procedure is usually non-reversible, i.e. it is not possible from a template to recreate the sample which was its source. Another advantage of the use of algorithms to create templates is that a new and different template can be produced if the previously produced template has been stolen, even though the biometric characteristics of the body themselves are not revocable - your fingerprint remains your fingerprint, even if someone else has obtained a copy of it.

Biometric application types

In functional terms the current uses of biometrics can be categorised under the following headings:

Verification (1-to-1 matching)
Verification is a test to ensure whether person X is really who he or she claims to be. Two types of verification can be envisaged: with centralised storage or distributed storage.

  • Verification with centralised storage
    If a centralised database [1] exists (produced once at enrolment and updated with each additional user) where all biometric data and the associated identities are stored, the biometric sample of the claimed identity is retrieved from the database. This is then compared to the live sample provided by person X, resulting in a match or a non-match. Two types of error are possible for verification: (i) a false match (person X is not who he claims to be but the system erroneously accepts him, i.e. acceptance of an impostor; also known as false positive) and (ii) a false reject (person X is who he claims to be but the system fails to make the match, i.e. rejection of a legitimate person; also known as false negative). The matching can be done locally on the device temporarily storing the acquired sample or remotely by the hardware that stores the sample acquired during enrolment. False rejects will cause unnecessary inconvenience to innocent individuals whereas false matches are more insidious as they allow a fraudulent individual to pass, but the mistake goes unnoticed by the system.
  • Verification with distributed storage
    If the biometric data is stored in a memory device [2] that is carried by the individual, for example a smart card or a chip integrated into an identity document, person X will provide a live biometric sample and this will be compared to the biometric data stored on the memory device. This can be done either by the verification system which retrieves person X’s biometric data from the memory device and compares them to the live sample, or by the memory device itself, if it is sufficiently sophisticated to perform the verification [3]. The identity details are either stored on the memory device or written on the accompanying documents e.g. in the case of a passport, identity information might be printed next to the chip. If the verification process succeeds, then person X is confirmed to be the valid bearer of the identification documents. As before, false acceptance and false rejection errors are possible. In addition, there is the possibility that the documentation or the memory device are fraudulent or have been tampered with.

Identification (1-to-many matching)
Identification is used to discover the identity of an individual when the identity is unknown (the user makes no claim of identity). Contrary to verification, for the process of identification a central database is necessary that holds records for all people known to the system; without a database of records, the process of identification is not possible.

When person X comes to be identified, he provides a live biometric sample, e.g. a fingerprint is taken or the iris is scanned. The data is processed and the resulting biometric template is compared against all the entries in the database to find a match (or a list of possible matches). The system then returns as a response either the match (or list of possible matches) it has found, or that there is no match against the enrolled population. Identification may result in one of two types of error described previously: i.e. a false match or a false reject. Since the system checks against a database of enrolled templates or full images, the maintenance of the integrity of the database is essential in protecting individuals from identity theft.

The third type of process is screening, which makes use of a database or watch-list. A watch-list contains data of individuals to be apprehended or excluded. A record on the watch-list may contain only biometric data for a wanted individual or may also have identity information, depending on what is known. Everyone who passes the screening process provides a biometric sample, which is checked for matches against the watch-list. The key feature of a watch-list is that people are not on the whole identified; they will only be identified if they appear on the list. If there is no match, the person passes through and their biometric sample should in principle be discarded. In the case of a match, a human operator decides on further action. Screening can take place overtly, for example at border control or covertly, such as scanning a crowd with the use of security cameras.

Biometric applications: what are they used for?

In practical terms, biometrics will be used mainly for four purposes:

Traditionally, the most widespread use of biometrics has been in law enforcement. Fingerprints have been used since the 19th century.

Physical access control based on biometrics has so far been mostly limited to private companies’ premises, i.e. small-scale applications. However, there are a number of trials underway or recently completed, many of which are at airports, which have tested biometrics access with large numbers of customers, rather than employees. Most importantly, on the government side the integration of biometrics into passports and visas will for the first time create truly large-scale physical access control applications.

Logical access control (in particular online identity), is forecast to be a fast growing use of biometrics. With more and more transactions such as e-banking, e-commerce and e-government taking place online, biometrics offer a promising way of establishing secure identities especially when face-to-face contact between the participants in the transaction is not possible. This is particularly important for high-value financial transactions and for the transmission of confidential data (for example tax returns). Logical access control will also include access to entitlements offline, such as social security pay-outs.

Finally, convenience applications include all uses of biometrics where individuals voluntarily participate because they find it advantageous to do so. This would include ambient intelligence applications such as personally-adjusted home lighting or e-toys, but also participation in biometric applications offered by private organisations, such as shops, sports clubs or other, where participation is not mandatory.

Biometric Technologies

Biometric systems: main technological issues

Generally speaking there are two phases in a biometric system: a learning phase (enrolment) and a recognition phase (identification/verification).

Enrolment, which is the very first step of any biometric system, consists of collecting the biometric sample through one or more acquisition cycles, processing the biometric data in order to obtain the reference template and finally storing it for subsequent usage. The efficiency, accuracy and usability of a biometric system depend directly on the enrolment process, since the result of the enrolment should be an accurate, usable reference template embedding the person’s identity. There are many issues related to enrolment. These were investigated by an extensive trial, involving more than 10,000 users, which was carried out in the UK (2004). Some of the issues relate to the technology used, some to the format of the templates used and some to the possibility of storage in a central database vs. smart cards or tokens. In addition, during the life cycle of a biometric system it is sometimes necessary to re-enrol considering the natural but also the unexpected/accidental evolution of biometric traits (e.g. face, voice ageing, eye disease, hand injury, etc.).

There are six basic steps of a generic biometric system (with the last two steps only being used during the recognition phase):

  • Sample acquisition: first the collection of the biometric data must be done using the appropriate sensor; for example an image capture in the case of iris recognition or a saliva sample for DNA
  • Feature extraction: this step performs the transformation from sample into template. In general, the template is numeric data. (This step can be omitted if full images are used)
  • Quality verification: this step establishes a reference image or template by repeating the two first operations as many times as needed so as to ensure that the system has captured and recognised the data correctly
  • Storage of reference template: this step registers the reference template. Several storage mediums are possible and the choice depends on the requirements of the application
  • Matching: this step compares the real-time input data from an individual against the reference template(s) or image(s)
  • Decision: this step uses the result of the matching step to declare a result, in accordance with application-dependent criteria (e.g. decision threshold). E.g. for a verification task the result would say whether the user claiming an identity should be authenticated.

Storage and protection of the template

Biometric systems have to scan, store/retrieve a template and match. It is important to note that depending on the design of the system, the match can be performed in different locations: on the processor that is used to acquire the biometric sample data, on a local PC or on a remote server, or on a portable medium such as a smart card (equipped with a sufficiently powerful processor). In addition, the reference template may be stored on the same three media leaving us with five different combinations and resulting in five different levels of ‘trust’. Moreover, there can be three different modes of protection that may be used for the template: no protection, data encryption, or digital signature. In total we have at most fifteen possible configurations.

There are advantages and disadvantages deriving from the use of each combination; the choice of combination is clearly application-dependent (based on risk and requirements analysis).

Key Performance Metrics

There are almost as many performance metrics as there are biometrics. Unfortunately there is no single metric that indicates how well a system will perform. Analysis of multiple metrics is necessary to determine the strengths and weaknesses of each technology and vendor under consideration for a given application. It should also be noted that the processes unique to various applications have a great effect on performance metrics. Testing which generates system performance metrics is most valuable when it emulates real-world application environments.

Key performance metrics include the following:

  • False Match Rate (FMR) - The probability that a given user’s verification template will be incorrectly judged to be a match for a different user’s enrollment template. Also referred to as false acceptance rate, terminology that does not always apply to 1:N systems.
  • False Non-Match Rate (FNMR) - The probability that a user’s verification template will be incorrectly judged to not match that same user’s enrollment template. Also referred to as false rejection rate, terminology that does not apply to 1:N systems. In a 1:1 system, FNMR is the probability that User 1 will not verify against his or her own template. In a 1:N system FNMR is the probability that a user whose enrollment template is located in a database will not be matched in a search.
  • Failure to Enroll (FTE) Rate - The probability that a given user will be unable to enroll in a biometric system due to insufficiently distinctive biometric sample(s).

All three metrics must be evaluated when deploying a biometric system: reliance on one or two metrics without the third can be highly misleading. The three metrics are strongly related, such that adjustment of matching or enrollment thresholds to increase security or convenience may impact each error rate. Decreasing the FMR, or making the system less susceptible to imposters, results in an increased likelihood that legitimate users will be rejected (false non-match rate). Decreasing the FTE by allowing a higher percentage of subject to enroll successfully leads to higher FNMR, as users with low-quality biometric samples have an increased presence in the system. These metrics also change when system thresholds are adjusted.

The above information was taken from the International Biometric Groups report "Key Performance Metrics: FMR, FNMR, FTE".

Direct and Indirect Medical Implications

Biometrics may raise public concerns regarding possible damage to the human body as well as ethical concerns derived from the use of physiological data. Two types of medical implications have been raised: direct medical implications and indirect medical implications. The former refer to the potential risks of damage associated with the use of biometric devices, and the latter relate to the ethical risk of biometric data being used to reveal private medical information.

Direct medical implications
Interaction with a biometric sensor holds two potential health risks. If the system uses a contact sensor there is a risk (real or perceived) of the sensor being contaminated. The real risk may be minimal, especially when compared to similar everyday actions (touching doorknobs, railings) but the perceived risk may have a negative impact on public acceptance. Regular cleaning (e.g. through periodic irradiation with UV light) can minimise concerns and improve sensor performance. The second risk relates to technologies that use radiation to assist acquisition (e.g. retinal scanning which use infrared light). There is a fear that this radiation could be damaging to the eyes. Retinal scanning could cause thermal injury on the back of the eye, but it is a biometric technique that is not currently in use. Data from iris recognition equipment manufacturers show no evidence that iris systems could pose a risk. It would be reasonable however to validate this claim in independent laboratories.

Indirect medical implications
These are more controversial as they refer to fears about the possibility of biometric data revealing sensitive health information, leading to ethical concerns. Iridologists allege that the iris exposes potential health problems, but these claims are scientifically not proven and thus the only risk may be one of public fear. Retinal scanning could have serious implications as it may enable detection of a subject’s vascular dysfunction. There are also concerns that in the future, face recognition may be used to detect expressions and thus emotional conditions.


Privacy-invasive or privacy-protective?
The manner and purposes for which personal data is collected, retained, used, and made accessible can be characterized as follows:

  • Privacy-Protective - a privacy-protective system is one used to protect or limit access to personal information, or which provides a means for an individual to establish a trusted identity.
  • Privacy-Sympathetic - a privacy-sympathetic system is one that limits access to and usage of personal data and in which decisions regarding design issues such as storage and transmission of biometric data are informed, if not driven, by privacy concerns.
  • Privacy-Neutral - a privacy-neutral system is one in which privacy is not an issue, or in which the potential privacy impact is slight. Privacy-neutral systems are difficult to misuse from a privacy perspective, but do not have the capability to protect personal privacy.
  • Privacy-Invasive - a privacy-invasive system facilitates or enables the usage of personal data in a fashion inconsistent with generally accepted privacy principles. Privacy-invasive systems would include those that use personal data for purposes broader than originally intended, those that facilitate linkage of personal data without an individual’s consent, and those within which personal data is subject to compromise.

Commonly expressed fears regarding biometrics and privacy

The basic classifications of privacy are personal and informational:

  • Personal Privacy. For some people, the use of biometrics is seen as inherently offensive. Being required to verify one’s identity through a finger-scan or voice-scan can be seen as intrusive, impersonal, or mistrustful. These objections to biometrics are based on personal privacy.
  • Informational Privacy. A more common objection to biometrics is based on informational privacy; how biometric data might be misused, tracked, linked, and otherwise abused. Potential privacy-invasive misuses of biometrics are as follows:
    • Unnecessary or unauthorized collection – gathering biometric information without the user’s permission or knowledge, or gathering biometric data without explicitly defined purposes
    • Unauthorized use – using biometric information for purposes other than those for which it was originally acquired
    • Unauthorized disclosure – sharing or transmitting biometric information without the user’s explicit permission
    • Unique identifier – using biometric information to track a user across various databases, to link different identities, and to amalgamate personal data for the purposes of surveillance or social control
    • Improper storage – storing biometric information in logical proximity to personal data such as name, address, social security number
    • Improper transmission – transmitting biometric information in logical proximity to personal data such as name, address, social security number
    • Forensic usage – using biometric information to facilitate investigative searches, which may be categorized as unreasonable search and seizure
    • Function creep – gradually using biometric data for a variety of purposes beyond its original intention and scope

Just as each type of biometric deployment can have a different impact on privacy, each biometric technology bears a different relation to privacy. Some technologies have almost no privacy impact, and could scarcely be used in any privacy-invasive fashion. Other technologies are much more likely to be associated with privacy-invasive usage, either due to their core operation or due to extrinsic factors.

The BioPrivacy Technology Risk Ratings assesses the privacy risks of leading biometric technologies.

The above information was taken from the International Biometric Groups report "Relationship Between Biometrics and Privacy" and from the IBG BioPrivacy Initiative™.


An indication of the current substantial growth and interest in biometrics is the emergence of biometrics industry standards and related activities:

International Standards Bodies:

ISO/IEC JTC 1 SC 37 on Biometrics
In the field of information technology, ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) have established a Joint Technical Committee 1: ISO/IEC JTC 1 on Information Technology. In June 2002, JTC 1 established a new Subcommittee 37 on Biometrics. The goal of this new JTC 1 SC is to ensure a high priority, focused, and comprehensive approach worldwide for the rapid development and approval of formal international biometric standards. These standards are necessary to support the rapid deployment of significantly better, open systems standard-based security solutions for purposes such as homeland defense and the prevention of ID theft.

SC37 consists of the following sub-groups:

WG 1 - Harmonized Biometric Vocabulary
WG 2 - Biometric Technical Interfaces
WG 3 - Biometric Data Interchange Formats
WG 4 - Biometric Functional Architecture and Related Profiles
WG 5 - Biometric Testing and Reporting
WG 6 - Cross-Jurisdictional and Societal Aspects

M1 - Biometrics
The Executive Board of INCITS (International Committee for Information Technology Standards) established Technical Committee M1, Biometrics, in November 2001 to ensure a high priority, focused, and comprehensive approach in the United States for the rapid development and approval of formal national and international generic biometric standards. The M1 program of work includes biometric standards for data interchange formats, common file formats, application program interfaces, profiles, and performance testing and reporting. The goal of M1's work is to accelerate the deployment of significantly better, standards-based security solutions for purposes, such as, homeland defense and the prevention of identity theft as well as other government and commercial applications based on biometric personal authentication.

M1 serves as the U.S. Technical Advisory Group (U.S. TAG) for the international organization ISO/IEC JTC 1/SC 37 on Biometrics, which was established in June 2002. As the U.S. TAG to SC 37, M1 is responsible for establishing U.S. positions and contributions to SC 37, as well as representing the U.S. at SC 37 meetings.

M1 consists of the following sub-groups:

M1.1: Vocabulary
M1.2: Biometric Technical Interfaces
M1.3: Biometric Data Formats
M1.4: Biometric Profiles
M1.5: Performance Testing and Reporting
M1.6: Cross Jurisdictional and Societal Issues

Published standards:

  • ANSI/INCITS 358-2002: BioAPI Specification, Version 1.1
  • ANSI INCITS 377-2004: Information Technology-Finger Pattern Based Interchange Format
  • ANSI INCITS 378-2004: Information Technology-Finger Minutiae Format for Data Interchange
  • ANSI INCITS 379-2004: Information Technology-Iris Image Interchange Format
  • ANSI INCITS 381-2004: Information Technology-Finger Image Based Interchange Format
  • ANSI/INCITS 383-2004: Application Profile - Interoperability and Data Interchange - Biometrics-Based Verification and Identification of Transportation Workers
  • ANSI INCITS 385-2004: Information Technology-Face Recognition Format for Data Interchange
  • ANSI/INCITS 394-2004: Application Profile for Interoperability, Data Interchange and Data Integrity of Biometric Based Personal Identification for Border Management
  • ANSI/NIST-ITL 1-2000: Information Systems-Data Format for the Interchange of Fingerprint, Facial, & Tattoo (SMT) Information
  • ANSI X9.84-2003: Biometric Information Management and Security for the Financial Services Industry
  • ISO/IEC 19794-4:2005: Information technology - Biometric data interchange formats - Part 4: Finger image data
  • ISO/IEC 19794-5:2005: Information technology - Biometric data interchange formats - Part 5: Face image data
  • ISO/IEC 19794-6:2005: Information technology - Biometric data interchange formats - Part 6: Iris image data
  • ISO/IEC TR 24714-1 (2008) Information technology: Biometrics: Jurisdictional and societal considerations for commercial applications. General guidance
  • ISO/IEC 7816-11:2004: Identification Cards-Integrated Circuits(s) Cards with Contact-Part 11: Personal Verification Through Biometric Methods
  • ISO/IEC FCD 19794-2: Information Technology-Biometric Data Interchange Formats-Part 2: Finger Minutiae Data
  • NISTIR 6529-A: Common Biometric Exchange Formats Framework
  • OASIS XCBF v1.1: OASIS XML Common Biometric Format, V 1.1

Standards under development:

  • BSR INCITS PN-1573-D: Information Technology-Application Profile for Point-of-Sale Biometric Verification/Identification
  • BSR INCITS PN-1602-9: Information Technology-Biometric Performance Testing and Reporting
  • INCITS PN-1603-D: Information Technology-Signature/Sign Image Based Interchange Format
  • INCITS PN-1627-S: Information Technology-Evaluating Multi-Modal Biometrics Systems: Concepts of Operation and Methods of Performance Evaluation (study project)
  • INCITS PN-1643-D: Information Technology-Hand Geometry Format for Data Interchange
  • INCITS PN-1676-D: Information Technology-Biometric Profile-Interoperability and Data Interchange-DoD Implementations
  • INCITS PN-1703-D: Information Technology- Conformance Testing Methodology for ANSI/INCITS 358-2002, BioAPI Specification
  • INCITS PN-1703-D: Information Technology- Conformance Testing Methodology for the Finger Minutiae Interchange Format
  • INCITS PN-1705-D: Information Technology- Conformance Testing Methodology for the Finger Image Data Interchange Format
  • INCITS PN-1706-D: Information Technology-Biometric Profile- Application Profile for Residential and Commercial Access Control
  • ISO/IEC 19784-3: Biometric Application Programming Interface Part 3: BioGUI
  • ISO/IEC 19785-3: Common Biometric Exchange Framework Format - Part 3: Patron Format Specification
  • ISO/IEC 19794-11: Biometric interchange formats Part 11: Signature/Sign Processed Dynamic Data
  • ISO/IEC 19795-5: Biometric Performance Testing and Reporting - Part 5: Framework for Biometric Device Performance Evaluation for Access Control
  • ISO/IEC 24741: Technical Report for a Biometric Tutorial
  • ISO/IEC AWI 18013-3: Information Technology-Motor Vehicle License-Part 3: Biometrics, Image Processing and Cryptography
  • ISO/IEC AWI 19795-3: Information Technology-Biometrics Performance Testing and Reporting-Part 3: Specific Testing Methodologies
  • ISO/IEC AWI 19795-4: Information Technology-Biometrics Performance Testing and Reporting-Part 4: Specific Test Programs
  • ISO/IEC AWI 24713-3: Biometric Profiles for Interoperability and Data Interchange-Part 3: Biometric Profile for Seafarers
  • ISO/IEC CD 19794-3: Information Technology-Biometric Data Interchange Formats-Part 3: Finger Pattern Spectral Data
  • ISO/IEC CD 24713-2: Biometric Profiles for Interoperability and Data Interchange-Part 2: Biometric Profile for Employees in a Highly Secure Environment
  • ISO/IEC FCD 19784-1: Information Technology-Biometric Application Program Interface (BioAPI) - Part 1: BioAPI Specification
  • ISO/IEC FCD 19785-1: Information Technology-Common Biometric Exchange Formats Framework (CBEFF)-Part 1: Data Element Specification
  • ISO/IEC FCD 19785-2: Information Technology-Common Biometric Exchange Formats Framework (CBEFF)-Part 2: Procedures for the Operation of the Biometrics Registration Authority
  • ISO/IEC NP 19794-9: Information Technology-Biometric Data Interchange Formats-Part 9: Vascular Biometric Image Data
  • ISO/IEC NP 19794-10: Information Technology-Biometric Data Interchange Formats-Part 10: Hand Geometry Silhouette Data
  • ISO/IEC NP 24709-2: Information Technology- Conformance Testing for BioAPI - Part 2: Test Assertions
  • ISO/IEC WD 19784-2: Information Technology-Biometric Application Program Interface (BioAPI) - Part 2: Biometric Archive Function Provider Interface
  • ISO/IEC WD 19792: Information Technology-Security Techniques-Framework for Security Evaluation and Testing of Biometric Technology
  • ISO/IEC WD 19794-1: Information Technology-Biometric data interchange formats-Part 1: Framework/Reference Model
  • ISO/IEC WD 19794-7: Information Technology-Biometric Data Interchange Formats-Part 7: Signature/Sign Behavioral Data
  • ISO/IEC WD 19794-8: Information Technology-Biometric Data Interchange Formats-Part 8: Finger Pattern Skeletal Data
  • ISO/IEC WD 19795-1: Information Technology-Biometrics Performance Testing and Reporting-Part 1: Test Principles
  • ISO/IEC WD 19795-2: Information Technology-Biometrics Performance Testing and Reporting-Part 2: Testing Methodologies
  • ISO/IEC WD 24708: Information Technology- Protocol for Interworking Between a System Supporting a Biometric Device and a Central Repository of Biometric Data
  • ISO/IEC WD2 24709-1: Information Technology- Conformance Testing for BioAPI - Part 1: Methods and Procedures
  • ISO/IEC WD 24713-1: Biometric Profiles for Interoperability and Data Interchange-Part 1: Biometric Reference Architecture
  • ISO/IEC WD 24714: Multi-part Technical Report on Cross Jurisdictional and Societal Aspects of Implementations of Biometric Technologies
  • ISO/IEC WD 24722: Multi-Modal Biometric Fusion
  • ISO/TC68/SC 2 CD 19092-1: Financial Services - Biometrics - Part 1: Security Framework
  • ISO/TC68/SC 2 CD 19092-2: Financial Services - Biometrics - Part 2: Cryptographic Requirements
  • JTC1/SC37 Standing Document 2: Standing Document on Harmonized Biometric Vocabulary


Who researches?
Companies, universities, charities, public sector or any combination of these carries out research on biometrics.

What types of research?
Research on biometrics can take many forms: it can be general and in relation to particular biometrics and related applications, including testing; specific to accessible biometrics; interdisciplinary integration of biometrics with other technologies and issues including cognition, pervasive/ambient/ubiquitous computing, privacy, security, standards, National ID card; UK national support for Science and Innovation; EU sponsorship; worldwide.

Parties involved in biometric related research
Current biometric R&D and innovation in Europe (PDF) - Please go to Appendix 2, page 188:
List of institutions that undertake research and development into biometrics and biometric-related fields in the European Union, or have a significant involvement in sponsoring or driving the research agenda in Europe.

Other parties involved in biometric related research include:

Research projects in biometrics
Research projects in biometrics (Please go to Appendix 3, page 194):
List of research projects (unless otherwise stated these are, or were, EU funded), that include some elements of a biometric.

Other research projects include:

  • BIOVISION Roadmap for Biometrics in Europe to 2010 (PDF) - roadmap to successful deployments from the user and system integrator perspective (Project end date: 31st May 2003)
  • BioSec - project that will bring deployment of a European-wide approach to biometric technologies for security applications (Project end date: 30th November 2005)
  • BIOSECURE - the main objective of this Network of Excellence is to strengthen and to integrate multidisciplinary research efforts in order to investigate biometrics-based identity authentication methods, for the purpose of meeting the trust and security requirements in our progressing digital information society. (Project end date: 31st May 2007)
  • BITE - aims to prompt research and to launch a public debate on bioethics of biometric technology
  • BioTrusT - evaluation and testing of biometric technologies for e-commerce

Further information

[1] In this section we assume that the database has not been tampered with and that information has been enrolled correctly without fraud
[2] Memory devices can be anything from barcodes or magnetic strips, to contact or contactless IC chips
[3] In this case the memory device would have to be a chip with an on-board processor


The information contained in this section was collected from the following sources:



John Gill Technology Limited Footer
John Gill Technology Limited Footer