What is Biometric Authentication?
For time and attendance systems to be accurate, every individual signing into the system must be uniquely identified. This is because these systems must feature robust security, with every action, event and data access precisely permitted and recorded against the correct user.
In the past, traditional authentication methods have relied on pins, passwords or tokens. Today, biometric data offers a more secure and user-friendly approach by leveraging unique attributes the user inherently possesses.
So, what is biometric authentication? This article explores the technical aspects with a focus on visual biometrics, specifically facial and fingerprint recognition.
What is Biometric Authentication?
Biometric authentication is the process of verifying an individual’s identity using personal attributes which are unique to them. These attributes can be broadly categorised into two types, namely, physical and behavioural. Physical traits include fingerprints, facial structure and iris patterns. Behavioural characteristics include typing patterns, gait or voice recognition.
Among the various biometric modalities, visual biometric systems, such as fingerprint and facial recognition, are widely adopted due to their balance of accuracy, speed and practicality.
A biometric authentication system comprises several components, each playing a crucial role in the identification and verification process. A capture device is a hardware component that collects the biometric trait.
Examples include fingerprint scanners and facial recognition cameras. All the raw data captured is processed to identify unique features, such as ridge endings in fingerprints or distances between facial landmarks.
Subsequently, the extracted features are converted into a mathematical representation (a template) and stored securely. A matching algorithm and decision engine will then attempt to authenticate the user by comparing the live sample with stored templates using algorithms to decide whether to grant access. This matching process will take place almost instantly.
In commercial applications, such as time and attendance systems, biometric data is often utilised for both access control and workforce management, where real-time recognition and logging are essential.
Technical Overview of Fingerprint Recognition
How the Scanning Works
Fingerprint authentication devices capture an image of a user’s fingertip and extract unique features for comparison against stored templates. When selecting a device, various sensors are available to choose from.
Fingerprint readers with optical sensors use light to capture a visual image of the fingerprint surface. A light source illuminates the finger, and a Charge-Coupled Device (CCD) or Complementary Metal-Oxide-Semiconductor (CMOS) sensor records the pattern of ridges and valleys.
CMOS has become more common due to cost and integration advantages, especially in embedded or compact devices. Overall, these readers are cost-effective and widely used, but are more vulnerable to spoofing and may struggle with wet or dirty fingers.
Capacitive fingerprint readers measure electrical signals generated by the ridges and valleys of a finger.
They use an array of tiny capacitors to detect the variation in capacitance caused by skin contact. Because they require a conductive material and analyse deeper skin layers, they offer improved security and are less susceptible to image-based spoofing than optical sensors.
Ultrasonic fingerprint readers emit high-frequency sound waves that penetrate the outer skin layer and return detailed 3D data from subsurface structures. This method captures highly accurate fingerprint data, even when the surface is wet, dirty or oily. Ultrasonic readers offer the highest spoof resistance and perform well in harsh environments; however, they are generally more expensive and complex.
As is typical in hardware, each sensor type has its trade-offs. Optical sensors are economical and simple, whereas capacitive sensors are more secure and compact. Ultrasonic sensors deliver premium accuracy and robustness, making them well-suited for high-security applications, but at a higher cost.
As part of the image processing post-capture, noise reduction and contrast enhancement techniques will be used to improve the image clarity, enabling ridge and valley detection algorithms to identify patterns more easily.
Minutiae extraction algorithms detect unique features such as ridge endings and bifurcations. These features are converted into a mathematical representation and stored in a database as the fingerprint template.
Fingerprint Matching and Authentication
Minutiae-based matching compares the spatial distribution of minutiae points between a user-presented image and stored templates. The algorithms used to achieve this are at the core of fingerprint recognition systems. The general process is detailed below.
A ridge ending is where a ridge abruptly stops, while a bifurcation is where a single ridge splits into two. These two minutiae types are critical because they are stable, unique to each person, and resilient to minor variations during scanning.
Typically, once a captured image is enhanced, binarisation will transform the image into a black and white representation, making ridges distinct. Thinning then reduces the ridges to a single-pixel width, creating a skeletal outline that aids in accurate detection.
After detection, post-processing removes false minutiae caused by noise or imperfections, ensuring only valid features remain. Each minutia is then converted into a representation detailing its location, orientation and whether it’s a ridge ending or a bifurcation.
These extracted minutiae points, along with their attributes, form a unique “template” of the fingerprint. During fingerprint matching, this template is compared against a stored template in a database to determine if a match is found. The uniqueness of a fingerprint lies not just in the presence of these minutiae but in their relative positions, orientations, and spatial relationships. The templates are stored as encrypted sets in secure systems, ensuring privacy.
With the advancement of computing power, more processing can now occur on a device, which improves speed and privacy, or it can take place on a server. Server-based processing is more typical in large-scale systems; however, this may change with the advancement of edge-based computing, leading to a hybrid approach.
A server will likely still be required for centralised services, such as management, enrolment, and services associated with data integrity, security, and compliance.
Fingerprint Devices in Practice
Fingerprint devices used in access control and attendance systems are designed for durability and accuracy. Technical considerations include:
- Security
- Durability, speed and scalability
- Sensor resolution (measured in DPI)
- Environmental protection, such as waterproofing and anti-dust enclosures
- Microcontroller integration and Software Development Kit (SDK)
To compare the accuracy of fingerprint devices, error metrics can be used. False Acceptance Rate (FAR) is the rate of incorrectly accepting unauthorised users. The False Rejection Rate (FRR) refers to the percentage of legitimate users who are incorrectly rejected. Equal Error Rate (EER) is the point where FAR and FRR intersect, which is used to assess system accuracy.
Technical Overview of Facial Recognition
The Scanning
Facial recognition systems detect and verify a person’s identity based on the geometry and features of the face. Various cameras can be used to capture images, including 2D, 3D, and infrared.
2D cameras, the most common and affordable type, capture flat images using standard digital technology. They map nodal points on the face to create a numerical code for identification. While simple to integrate and widely available, 2D systems are susceptible to spoofing with photos or videos. They are affected by lighting changes and head angles, often necessitating the use of additional liveness detection methods.
For enhanced security and accuracy, 3D cameras analyse the geometric structure of a face by capturing depth data. They achieve this using specialised sensors, such as structured light, stereo cameras, or Time-of-Flight (ToF) technology, which generate a 3D model of the face.
This depth information makes them significantly more resistant to spoofing, improves accuracy in varied lighting and allows for recognition from different angles. 3D cameras are more expensive than 2D cameras and require greater computational resources.
Infrared (IR) cameras operate by capturing images using infrared radiation, which is invisible to the human eye. This can include Near-Infrared (NIR) for pattern projection or thermal infrared for detecting heat signatures from blood vessels. IR cameras excel in low-light or complete darkness and offer robust liveness detection, especially thermal IR, which is very difficult to spoof with static images.
While they provide consistent performance regardless of ambient light and can capture images discreetly, IR cameras require specialised hardware and can be more complex to integrate than standard 2D systems. Many advanced facial recognition systems often combine visible light (RGB) with infrared capabilities to leverage the strengths of both.
Preprocessing and Feature Detection
Facial detection algorithms identify the region of interest within an image or video frame, thereby detecting the face and recording its location within the image. Landmark detection algorithms then pinpoint facial features, such as eye centres, the nose tip, and mouth corners. Pre-processing involves enhancing clarity through alignment, brightness and contrast adjustment.
Once detected, a template needs to be generated so that future detections can be compared against. To achieve this, feature vectors are generated using methods like Eigenfaces, Fisherfaces, or deep learning models such as FaceNet or DeepFace. The system converts a face image into a fixed-length vector of numerical features.
Matching and Authentication
To match a captured image against the template, similarity scores between the input and stored feature vectors are calculated using algorithms such as Euclidean Distance and Cosine Similarity. A threshold score determines if a match is valid.
To determine the authenticity of the captured image and ensure the system is not being spoofed, various liveness detection techniques are employed. This includes:
- Texture analysis, which checks for surface inconsistencies.
- Challenge-response tests, which require a user to perform actions like blinking.
- Depth verification using 3D imaging to ensure a real face.
Facial Recognition Devices in Practice
Compared to fingerprint recognition, there are some technical differences to consider. The use of a high-resolution camera and edge processing is more crucial to ensure speedy and accurate image processing. Furthermore, because facial recognition is contactless, the positioning of the camera and its zoom capabilities are crucial.
Fingerprint vs Facial Recognition
When facial recognition is used as a contactless clocking-in machine , it is more hygienic and does not require controlled placement for a read to occur. Instead, guidance must be offered to mitigate sensitivities to lighting and angles, although modern technology solutions exist to address many of these issues. The cost and security depend on the chosen system, its size and the environment.
When selecting the most suitable visual biometric system, it is crucial to seek expert advice. Both capture devices mentioned can contribute to a highly secure visual biometric access system, but they vary in their suitability for different operating environments. They can also differ in their security effectiveness.
Standards, Protocols, and Security Considerations
Integration, security and privacy are standard features of modern systems. Organisations have a legal and moral duty to protect both internal and external customers, and it is advantageous to interoperate with other enterprise systems.
Examples of measures deployed to aid these features include:
- Data standards such as ISO/IEC 19794-2:2011 biometric data interchange formats
- Security standards like the FIDO Alliance standards for biometric authentication security
- Encryption and hashing to protect data at rest and in transit
- Strong security practices like least privilege, liveness detection and strong countermeasures
The Future of Visual Biometric Devices
What is biometric authentication in the future like? Advances in biometric authentication are continually improving system performance and security.
- AI-powered recognition is delivered from advances in machine learning models, which refine accuracy over time.
- Edge computing enables real-time matching on devices without relying on servers, thereby increasing speed and enhancing privacy.
- Multi-modal systems can be used for enhanced security. For example, combining facial and fingerprint recognition.
- Embedded systems are making biometric tech accessible in more compact and mobile devices.
- Cloud services will continue to support best-in-class standardised scalability and security.
Biometric authentication, primarily through fingerprint and facial recognition, is becoming an increasingly essential component of modern access control and timekeeping systems. Understanding the technical mechanisms, from sensor technology and image processing to template matching and device integration, enables effective evaluation and deployment of these systems.
As hardware and AI continue to evolve, biometric devices will become even more accurate, secure, and versatile across a range of applications. This contributes to the effectiveness of time and attendance systems in modern businesses by providing automation and a single source of truth for attendance data.
Zoë Mouter is the joint owner and director of Egress Systems, a leading provider of time and attendance solutions. With two decades of experience in the workforce management sector, Zoë collaborates with HR, payroll, and IT experts to deliver tailored solutions across a diverse range of industries, including logistics, manufacturing, retail, hospitality, education, charities, waste management, and healthcare.
Before founding Egress Systems, Zoë honed her skills over 10 years as an IT professional at global data and technology companies Experian and Egg. During this time, she worked with multinational clients such as MBNA, Morgan Stanley, and Argos, specialising in the credit card processing sector.
Zoë holds a first-class degree in English Language and Literature from Liverpool University, alongside a Masters in Viking Studies and a TEFLA certification (Teaching English as a Foreign Language to Adults). While her focus has shifted from Viking history to Nordic walking, she enjoys expressing her creativity through ceramics, often crafting unique tea and coffee pots on her pottery wheel.