Biometric Authentication

Biometric authentication is a user identity verification process that uses a biologically unique identifier to authenticate the user. Identifiers can be a fingerprint, hand contour, voice, iris, retina, face, etc.

Biometric authentication typically requires an initial enrollment phase during which reference biometric data is registered. Once a reference is established, the authentication process involves comparing the presented biometric data to the reference data. If there is a match, then authentication will succeed, else it will fail.

Biometric authentication is generally acknowledged as providing a high-level of protection because it is hard to steal or transfer biological material or features from one user to another. Because implementing biometric authentication typically requires additional hardware sensors, the cost of biometric authentication was historically prohibitively expensive for many use-cases. But in recent years those costs have gone down, making biometric authentication possible for many more applications.

Frequently Asked Questions
Is Fingerprint authentication more secured the Iris recognition?

The security of biometric authentication systems is determined by many different factors, including the design and implementation of the enabling hardware and software of the sensor and also the host system, the False Rejection Rate (FRR) and False Acceptance Rate (FAR) of the implemented technology, how easy it is to forge a biometric print, etc. It is therefore hard to generalize whether fingerprint authentication is more or less secured than iris recognition without reference to specific implementations.

What is the difference between a mobile phone fingerprint reader and an external fingerprint scanner? Which one is more secured?

Fingerprint readers use different technologies to collect and process biometric data. Assuming readers use the same technology, then there is no difference between a phone fingerprint reader and an external reader, beyond the fact that one is integrated with the phone and the other is pluggable into any host device that supports it (i.e. plugged into a PC via its USB interface). Security is determined by many different factors related to the actual design and implementation of the hardware and software of both the sensor and host system.

What is a secure Enclave?

A secure enclave is a trusted execution environment, typically separated physically or logically from the regular execution environment (often referred to as a rich execution environment). Secure enclaves are used to securely store sensitive data and execute sensitive software code. In biometric authentication, a secure enclave is sometimes used to securely store the reference biometric data and to execute logic associated with the handling of biometric data and comparing it to reference data. Biometric data is considered highly sensitive because if it is compromised, there is no way to refresh it (like you would a compromised password). It is therefore desirable to implement biometric authentication using a secure enclave.

What other forms of biometric are there besides fingerprint?

There are many other forms of biometrics besides fingerprint. Commonly used one include hand contour, voice, iris, retina, and face.