Implementing Biometrics based Systems: Identifying Selection Criteria

Following up from last week’s article, researchers from the Biometrics Research Laboratory, BRL, at Namibia Biometric Systems recommends that it is a good idea to establish what criteria make sense to use in selecting a biometric solution. There are quite a large number of biometric technologies and applications out there, so the first step has to be to establish what characteristics of the environment and the potential biometric solutions are of interest and useful in determining what to select.

At BRL we believe that it’s important to be familiar with the people who’ll be using the biometric solution. At the very least, you must ask and have answers to the following questions before implementing:

Ethnic Background – It is important to understand the ethnic background of who will be the users of the biometric system. For example, will the users be members of the general public with a mix of ethnic and education levels and a variety of attitudes? This will be vital in selecting which biometric system will be suitable for the ethnic background.

Employee Education – It is important to understand the technical background of the users. For example, will the users be employees in a high-tech firm or not? The higher the technological background of the users, the more likely that the users will be aware of biometric system and hence require more specialised training. It is vital to provide educational material suitable for the users.

Frequency of Use – It is important to understand that some biometric systems are more suitable for high frequency of usage than others. Therefore it is important to ask whether the biometric system will be used several times a day or just a couple of times each year?

User characteristics – It is important to understand who will be using the biometric system. For example, will the users be in a hurry and possibly be a little bit impatient (biometric controlled entry into a public restroom comes to mind just now)?

Researchers from the BRL show that it is vital to understand about who will be the users of the biometric system. The research further shows that most government and private organisations implementing biometric based solution under mine these criteria. For example, researchers at BRL believe that health care is an area where convenient reliable access to information isn’t just nice to have but it’s an absolute requirement with lives hanging in the balance. In addition, it happens to be a place where access control to extremely sensitive information is required by law and the expectation of patients, so biometric access controls are often considered for these environments.


More information on the implementation of biometrics based solutions can be requested from

Implementing Biometrics based Systems: Common Mistakes

Fraudsters have had years to mastered and fine tune their fraudulent methods on conventional means of identification such as passwords, secret codes and Personal Identification Numbers (PINs) which can easily be compromised, shared, observed, stolen or forgotten. Therefore, both governments and commercial sectors have turned to more secure Biometrics based solutions which automatically recognize an individual using distinguishing behavioural patterns such as gait, signature, keyboard typing, lip movement, hand-grip or physiological traits such as face, voice, iris, fingerprint and hand geometry. As a result, countries worldwide have opened tenders for Biometric based projects. This has led to a vast majority of industrialists to enter the market with very limited experts. Research analysts at Biometric Research Laboratory (BRL) have outlined the most common pitfalls when implementing biometrics based solutions. BRL is the research group at Namibia Biometric Systems (NBS) which conducts applied research in the implementation of Biometrics based solutions for both governments and commercial applications. Some of the common pitfalls highlighted by researchers at BRL are outlined below:

Consultation – Sufficient time for consultations with technical experts before, during and after implementation is critical to the success of the project. Generally, governments and commercial companies are not prepared for the complexities of implementing biometrics based solutions and either are not aware or lack the understanding of why consultation with a local specialist is critical. Consultation is also essential for successful project plan.

Project Management – Research conducted at BRL show that generally governments and commercial companies don’t have the technical expertise in-house to properly manage or oversee the implementation of the technology and lack essential the project management skills and resources. As a result, the project management team fails to realistically identify possible sources of risk, to consider any mitigating factors and provide appropriate responses. This can lead to the project being poorly managed, risking the safety of the biometrics data, risking the project completion timeframe and provide the vendors of the technology a central role in the implementation of the technology without proper oversight. The issue of identity management and protecting people’s identities is one of the core responsibilities that companies have when implementing biometrics based solution.

Tenders – Governments and private companies tend to place significant trust on tender winning companies which have very different priorities. These conflicting priorities can have dangerous implications for the implementation of the project. In additions, governments and private companies tend to lack the knowledge and understanding of the technology and therefore don’t have the skills and experts to eliminate tendering companies with limited or no experience with the technology.

More information on the implementation of biometrics based solutions can be requested at

Common Mistakes when Implementation Biometrics Based Systems

In today’s modern society biometric identification is integral to improved security and information management in both private and government applications to reduce risk and improve business efficiencies.

The 1st step in implementing a biometrics solution is been able to select a suitable biometric system meeting predefined criterions. It is important to understand not just the differences between the biometric systems, but also which factors are the most importance for a particular environment and target population. There are quite a large number of biometric technologies and applications out there. For example, usability may be more important than uniqueness for clocking into an engineering plant, whereas uniqueness is likely to be the main consideration in a corrections facility. The factors to consider are:

Universality – How common is the biometric characteristics? Every individual accessing the application should possess the trait. For example, signature biometrics might not be suitable for illiterate users who may not be able to sign. Similarly, a biometric system may not be able to acquire meaningful biometric data from a subset of individuals resulting in a failure to enroll (FTE) error. For example, a fingerprint system may fail operate on some individuals due to the poor quality of their fingerprints.

Uniqueness – It is desirable that the given trait is sufficiently different across individuals comprising the population. It is critical to understand how similar a biometric characteristic is to that of others and therefore how likely it is to be mistaken for another? One of the most common biometric questions is that of uniqueness, how unique is a human face, human fingerprints or DNA? Such a measure is important for biometric system vulnerabilities, especially as a measure of the strength of cryptosystems and for privacy measures.

Permanence – It is desirable that the biometric trait of an individual is sufficiently invariant over a period of time with respect to the matching algorithm. Therefore it is vital to understand to the extent to which the trait remains unchanged over a lifetime. For example, signature biometrics might low permanence, as the handwritten signature tends to vary along time and vulnerability to direct attacks using forgeries.

Collectability –It is desirable that the biometric trait can easily be captured using suitable devices that do not cause undue inconvenience to the individual. For example, face recognition might be convenient for recognizing suspected criminal from a distance by the authorities while retina scan would be inconvenient for the policy. It is important to further understand if the biometric technology will operate indoors where lighting, temperature and other variables are controlled, or outdoors where things are more variable.

Performance – It is desirable that the associated technology is robust in terms of speed. Different biometric technologies can perform human verification at different speeds. In addition, a biometrics system operating in verification mode is significantly faster than a similar system operating in identification mode. See previous articles for reference.

Acceptability – Individuals in the target population that will utilize the application should be willing to present their biometric trait to the system. It’s important to be familiar with the target population who’ll be using the biometric solution. For example, are they members of the general public with a mix of ethnic and education levels and a variety of attitudes?

Circumvention – How likely it is that a person could find a way around the technology and therefore achieving unauthorised access? This requires a good understanding of the False accept and false reject rate which was introduced in the previous articles.

More information on the implementation of biometrics based solutions can be requested from

Accuracy in Biometric Systems

Although biometric technology is characterised by providing strong user authentication, there is very little informative discussion of accuracy in the biometric industry. There is also very little understanding of what accuracy means in a real-world environment as opposed to a laboratory environment. Most vendor statements on accuracy bear little relevance to real-world performance of biometric systems. That is, most commercial and government organisations generally employee biometric systems without any knowledge and understanding of the real-world accuracy of the systems.

The lack of discussion and understanding of real-world performance on biometric technology is due to the fact that biometric companies primarily concerned themselves with performance in highly controlled environments. That is, biometric companies often assess their technology’s accuracy by using static or artificially generated templates, images and data, not by processing live data. When biometric companies perform tests using actual users, the test environments do not generally replicate operation with untrained or poorly motivated subjects, as are often found in real-world deployments. The sample population used during the testing phase tend to be very general and has very little similarities to the target population and environment.

The basic algorithm testing is a necessary step in the development of any technology and most biometric technologies have proven their theoretical capabilities in a closed controlled environment. However, it is necessary to evaluate and assess the capabilities of biometrics as a solution to problems in individual and institutional authentication, not as just a developmental technology. In order for companies to be comfortable in deploying biometrics technology, statements on biometric accuracy must reflect operation in real-world environments. The key performance metrics in biometrics such as false match rate, false nonmatch rate, and failure-to-enroll rate must be well understood and explained. No single metric indicates how well a biometric system or device performs, the analysis of all three metrics is necessary to assess the performance of a specific technology. In addition, biometric system performance is affected by a variety of external factors. These performance metrics must be assessed in the context of their usage and deployment environment. Assessing accuracy without understanding the reasons behind a company’s biometric deployment or the rationale for an individual’s biometric usage is largely fruitless.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) made astonishing discoveries that majority of institutions employing biometric technologies in third world countries have limited knowledge or don’t know how accurate the biometric technology their institution is deploying. Most technology companies employee highly skilled individuals to market their products. However, most commercial and governmental organisations have limited skills and knowledge to accurately make an independent assessment of the technology in relation to their needs.

More information on the implementation of biometrics based solutions can be requested from

Importance of Biometrics

The main aim of Biometrics is to solve the limitations of the old traditional access controls to humans. The extent to which biometrics solve the limitations of the old traditional access control can be impacted by how biometrics is implemented, the biometrics algorithms, the algorithm implementer. These are some of the important factors which must not be undermined. More traditional means of access control include token-based identification systems, such as a driver’s license or passport, and knowledge-based identification systems, such as a password or personal identification number. In particular, traditional methods have the following limitations:

Weak passwords are easy to guess (by non legitimate user) and difficult passwords may be hard to remember (by a legitimate user). This could lead to a security breach where personal or business secrets are stolen by an outsider.

Sharing credentials is generally common with colleagues although this is forbidden by policy. A computer user shares his or her password with a colleague who requires access — even though, in most organizations (and in many security-related laws and regulations), this is forbidden by policy.

User convenience may not be possible using traditional security techniques. For example, users maintaining different passwords for different applications may find it challenging to recollect the password associated with a specific application.

Lost key cards can easily be obtained by non legitimate users. Often they have the name of the organization on them, so it’s like finding a key with an address on it, permitting the person who found it a free after-hours tour of the organisation.

Sophisticated Criminals have acquired great expertise in circumventing the old identification systems. This has resulted in a global rise of identity fraud and theft and the use of sophisticated means to evade detection.

It is vital to realise that the above limitations may apply to biometric solution if it is not implemented with strict guidelines and if it does not adhere to international standards.

By using biometrics it is possible to establish an identity based on `who you are’, rather than by `what you possess’ (e.g., an ID card) or `what you remember’ (e.g., a password). Biometrics is based on Physiological and Behavioural characteristics. Physiological characteristics include fingerprints, hand geometry, facial image, retina and iris. The behavioural characteristics are actions carried out by a person in a characteristic way and include signature, voice pattern, keystroke sequences and gait (the body movement while walking).

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) recommend that it is vital to understand biometrics implementation guidelines and international standards prior to implementation. Biometrics should not be treated like a black box. This ensures that the limitations of traditional security methods are eliminated.

More information on the implementation of biometrics based solutions can be requested from