Explanatory Dictionary of Biometrics

The foundation of biometrics is rooted in science and technology, where precise definitions of technical terms are crucial. Definitions to support these detailed discussions of biometrics are defined by the International Standards Organization (ISO) and similar groups, but these can be difficult to comprehend from outside the field.

Therefore, the Biometrics Institute offers this Explanatory Dictionary of Biometrics as a glossary of biometrics terms to build upon the existing definitions. This dictionary uses a unique table format that provides clear explanations of the terms, context, and highlights the differences in how the terms are used both in different parts of the biometric field and in public discussion. The purpose of this dictionary is to demystify the words used by the biometrics community and establish a common understanding.

The Biometrics Institute encourages informed conversation within the community of experts on biometrics, with people whose work intersects with biometrics, and with the wider public. The Biometrics Institute provides this Explanatory Dictionary of Biometrics to foster that conversation.

Example Terms

Some biometrics terms have single meanings and are easier to understand than terms which can be interpreted in multiple ways. To make it easier for reader, we provide each term with an icon illustrating the clarity of the term (i.e. how ambiguous the term can be for an uninformed reader):

✅  Single definition (or always clear from context); and a typical English reader should infer useful meaning aligned with biometric usage.

⚠  Multiple definitions usually clear from context; or a typical English reader may infer a meaning not well aligned with biometric usage.

🚫  Multiple confusable definitions; or a typical English reader is likely to infer different meaning from the biometrics usage.

A few terms stop at this point, where they merely redirect the reader to another entry in this dictionary.

Biometrics usage

Outline of the meaning – or meanings – assigned to the term in question when used in biometrics.
Where multiple meanings are given:

  • Each meaning is numbered so that the examples can be aligned with the meanings; and
  • An indication about interpreting in context is provided where possible.
Context and wider usage

Information that may be helpful in interpreting the term, or which may be relevant if the term is used with an audience without familiarity with biometrics. Aspects that should be included where relevant:

  • Where a normal English meaning for the term is misaligned with biometric usage;
  • Where biometric usage interacts with an allied field (e.g., AI, or digital identity); or
  • Where additional information may help the reader to understand the term as used in biometrics.
Examples

Examples are given to illustrate usage, with the term in bold in each case.
Where multiple meanings are possible for the term, at least one example for each meaning is given, numbered to align with the definitions.

Definitions in technical use

Where there are definitions of the term in technical contexts, a brief outline of those, their alignments with the definitions given, and the sources for each is provided here.

Complete definitions from technical sources such as NIST and ISO are not provided – the source should be consulted directly if necessary.

See also

Where other terms in this dictionary may be of relevance to the reader in interpreting this definition, they are listed here with their name and a brief explanation of the reason or context in which they may be helpful.

*Please use the form at the bottom of this page to suggest amendments to an existing term, or to suggest a new entry*

Biometrics Dictionary Table of Contents

Algorithm ✅

Biometrics usage

Algorithm is used to mean either:

  1. A combination of computing software which takes as input biometric data and outputs attributes and/or identity information.
  2. An individual component of such software that performs one specific step (such as extracting relevant features of a fingerprint).

In many contexts this distinction is unimportant; where it is material, we recommend making the desired meaning clear.

Context and wider usage

In common English usage, algorithm means a process or set of rules to be followed in calculations or other problem-solving operations, especially by a computer, to produce a desired result. Usually, the word is taken to mean ‘inclusive of systems that use artificial intelligence’ although some writers distinguish the two into separate categories.

Examples

  1. They tested the performance of the iris recognition algorithm in poor lighting.
    The algorithm provided a list of potential matches to the face seen in the camera footage.
    The algorithm was used to estimate the age of each customer.
  2. Performance was improved by swapping out the feature extraction algorithm while leaving the others unchanged.

Definitions in technical use

ISO does not define algorithm but uses the word consistent with meaning #1.
NIST offers a definition similar to the ordinary English usage.

Table of Contents

Authentication 🚫

Biometrics usage

Authentication answers one of the questions:

  1. Is this person who they claim to be?
  2. Is this document (which is intended for biometric use) valid?

Given these different definitions and the overlap between authentication and verification, it is impossible to interpret precisely what is intended when either term is used without further context.

Therefore, if reading the term without clarification it should be interpreted mindful of the background given above and the potential meanings.

When using the term in writing, it is strongly recommended that clear guidance is given so the reader knows what is intended.

Context and wider usage

In common English usage, authentication means ‘the proving of someone or something to be valid or genuine’ across a wide range of disciplines, types of processes for so proving, and things to be authenticated. Domain-specific uses have attempted to tighten this – unfortunately, these are inconsistent.

‘Confirm identity of previously registered person’
In IT usage authentication has come to mean more specifically ‘confirmation of the identity of a previously registered user or device’. Many uses of the term in digital identity are aligned with this general IT usage – i.e. ‘confirmation that the original creator of a digital identity is the one using it right now’.

‘Confirm genuine documents (esp. when used to establish digital identity)’
However, the process of document authentication – checking that, for example, a passport is genuine – also uses the word, and is associated with the creation of a digital identity, not its later use.

Authentication/verification overlap
Further, the term verification or identity verification is often used to mean one or both of these processes, sometimes supported by assigning authentication and verification to specific meanings for a particular scenario.

Examples

  1. Changes of postal address require biometric authentication or a visit to a branch office.
  2. Authentication of the passport is required before checking that the face image within it matches the face of the presenter.

Definitions in technical use

FIDO defines to mean, in their context, ‘confirm identity of previously registered person’.
ISO defines similarly to the usual English definition and deprecates the (widespread) use of the term as synonyms for other processes including biometric verification.
NIST defines as ‘confirm identity of previously registered person’, and notes in SP800-175b similar challenges with multiple uses of the term with slightly different contexts.

See also

Contrast with remarks at Verification on definition challenges.
1:1 / 1:N Verification (1:1) and identification (1:n) explanatory graphics

Table of Contents

Bias 🚫

Biometrics usage

Bias is sometimes used to describe an aspect of biometrics systems in which they show inconsistent performance across different groups of people (usually demographically based).

The usual English definition of ‘bias’ does not really convey this meaning, and the term is generally only used outside the biometrics industry.

Within the industry, such outcomes are commonly – and more accurately – termed ‘demographic differentials.’ However, this is a technical term unsuitable for a general audience.

Context and wider usage

The term in English has several meanings. In this context most readers would infer ‘inclination or prejudice for or against a person or group, especially in a way considered to be unfair’.

Notes

  1. Illustrations of the meaning of the ‘inconsistent performance’ alluded to include:
    • A voice biometric system might more frequently make mistakes with the voices of older people than of younger people; or
    • A face recognition system might find it easier to distinguish Caucasian faces than East Asian faces.
  2. Such performance differences have parallels in lived human experience: for instance, most humans are poor at recognising the faces of unknown people from different racial groups to their own.

These differences usually arise due to training and data differences: a system trained exclusively to recognise the faces of infants would be unlikely to perform well on the elderly. Again, this echoes lived human experience.

Examples

The immigration gates showed bias against older black women. (Note likely meant ‘the system does not as reliably match older black women to their passport images as it does for other groups, and so many could not use the gates’.)

The digital onboarding system showed bias allowing more fraud against young East Asian men. (Note likely meant ‘the system mistakenly matches East Asian men more frequently than other groups’.)

The crowd surveillance system showed bias against young white men. (Note may mean ‘young white men were over-represented in the watch-list of potential offenders’ – a procedural, rather than technological, issue; or ‘young white men in the crowd were mismatched to the watch-list more frequently than other groups’.)

Definitions in technical use

ISO, together with OASIS, defined BIAS or ‘Biometric Identity Assurance Services’ in ISO 30108. It is an API mechanism for different parts of some biometric systems to communicate.
NIST offers only definitions relating to the statistical concept of bias.

Note that these unrelated definitions of bias largely reflect the poor alignment of the term with the underlying concept it is sometimes used to describe, usually by stakeholders outside the biometric industry.

Table of Contents

Biometrics ⚠

Biometrics usage

Used to mean:

  1. The recognition (and/or sometimes classification) of humans using distinctive characteristics such as the shape of the face, the sound of the voice, the veins of their hand, consistently measurable behaviours, etc.
  2. The distinctive human characteristics that are (or may in future be) used for such recognition or classification processes.
  3. Any external (often digital) representation of these human characteristics.

In casual use the term is usually intended to also imply ‘using computers.’ However, usually humans can be involved either in support of, or in replacement of, computers to perform these tasks.

Because of the possible variations it is helpful for writers to be clear about the broad parameters intended – especially whether it is about processing vs data; and, for processing, identification vs classification and performed by machine vs human.

Context and wider usage

Biometrics literally means ‘body measurements’ of any type (including for example, temperature used for medical diagnosis), but is increasingly used in the narrower sense of ‘measurements that can be used to identify and/or classify people’. This notwithstanding, the term is still in use to mean a range of different processes that involve body measurements such as physical performance in certain tasks or conditions (for example, “Sensors … will monitor brain signals and other medical data … [amassing] a huge biometric … database.”).

Some characteristics measured for biometrics are physiological; some are behavioural; but most of the time a combination of physiology and behaviour contributes to the process.

The inclusion of classification alongside identification is inconsistent: some include it, and some do not; where included, it may include a range of attributes – from characteristics like racial groupings to bodily attributes like age to mental attributes like mood or sentiment.

Examples

  1. The decision to use biometrics for mobile device unlocking was based on convenience and security.
  2. She was uneasy about presenting biometrics like her fingerprints for fear of them being copied.
  3. He didn’t like the idea of the agency holding his biometrics.

Definitions in technical use

ISO provides a precise definition for biometrics which largely aligns with ‘use of data for identification’ aside from requirements that computing is involved (i.e. human-only is out of scope), and that recognition is required (i.e. classification is out of scope).

NIST offers a few definitions. One (from SP800-63-3) aligns with the ‘use of data for identification’ meaning above but, like the ISO definition, excludes purely human processes and classification uses. Another (from SP800-12 Rev. 1) defines biometrics as the plural of biometric, as in a ‘specific type of data from a person that can be used to recognise them’.

Table of Contents

Classification ✅

Biometrics usage

The process of using distinctive human characteristics such as the shape of the face, the sound of the voice, consistently measurable behaviours, etc., to determine attributes of people. These attributes are wide ranging and may include characteristics like racial groupings or age to mental attributes like mood or sentiment.

The term is usually intended to also imply ‘using computers.’ Humans can support, or replace, computers to perform these tasks in most cases, although this is relatively unusual in large-scale uses of classification.

Context and wider usage

The usual English meaning ‘the action or process of arranging a group of people into classes or categories according to shared qualities or characteristics’ is well aligned with use in biometrics.

Examples

The store used biometric classification to determine the approximate age of its customers as they entered.

Definitions in technical use

Both ISO and NIST include only identity-related functions within biometrics and therefore offer no definition.

See also

Compare with Identification and Verification which are the other two main uses of biometrics.

Table of Contents

Identification 🚫

Biometrics usage

Also known as 1:N and One-to-Many.

Identification is a biometric database search: a person is looked up in the database by their biometric (such as their face, fingerprint, or the pattern of their iris).

Biometric identification answer the questions: ‘Is this person in the database? If so, which entries do they match?’

In some biometric systems the identification process is entirely automated and the results of any database search are not subject to human adjudication. However, in many systems a human adjudicator is required to review the output, especially when a list of potential candidate matches is routinely produced by the system.

Given public understanding of identification is much broader than the usual biometrics interpretation, use of the term can be confusing for non-specialist readers. Arguably a term such as ‘biometric database search’ might be better. A clarifying comment when first used is recommended if the term must be used with such an audience.

Context and wider usage

In English, ‘identification’ has several meanings somewhat aligned with biometric technology: for instance, ‘the act of identifying’, ‘the state of being identified’, and ‘evidence of identity’.

In general use, ‘identification’ may be from a candidate set of any size from one (for example, ‘a member of the family was brought in for identification of the body’) to a population (for example, ‘a suspect for the crime was identified’). Public interpretation of the word ‘identification’ encompasses this very broad range of possibilities.

Notes

  1. A significant consideration is the size of the database being searched:
    1. Some are quite small (for example, a database of employees permitted to enter a building, where non-matches are diverted to a reception desk);
    2. Some are quite large (for example, a face image database of prior offenders, searched to attempt to identify a face image captured at a crime scene; typically, several candidate matches are generated that are subject to human adjudication); and
    3. Some are enormous (for example, a whole-of-population database used to support border crossing).
  2. The search process may result in:
    1. No matches (for example, the presented face matches no-one in the database)
    2. One match (for example, the presented face matches this one person in the database; this usually only occurs when the database is small)
    3. A candidate list of several matches (for example, the presented face could be one of these 20 people) – usually for further consideration by a human

Note that such a search is not dependent upon a suggested identity. Contrast this with verification, which is dependent on such a suggestion.

Examples

Face images from the border crossing were used for identification of known smugglers for police review.
The building access control system used biometric identification to either allow or deny entry.

Definitions in technical use

ISO offers a similar definition to that provided above.
NIST offers a broader definition in FIPS 201-3 that also encompasses non-biometric means.

See also

Verification, one of the other uses of Biometrics.
Verification (1:1) and identification (1:n) explanatory graphics

Table of Contents

Verification ⚠

Biometrics usage

Also known as 1:1 and One-to-One.

Verification is a direct biometric comparison: a person is compared against previously stored information to confirm whether there is a match. In this way, biometric verification answers the question: ‘it this person who they claim to be?’

The ‘previously stored information’ may be in user devices (such as a face within the user’s smartphone) or in a centralised database. When in a database, verification implies comparison with a single entry in that database representing the suggested or claimed identity of the person. This is unlike identification which does not depend on such a claim.

In digital identity contexts, there is overlap between authentication and verification, and it is impossible to interpret precisely what is intended without context.

Therefore, if reading the term without clarification it should be interpreted with care. If using the term in a document, it is strongly recommended that guidance is given so the reader knows what is intended.

Context and wider usage

The usual English definition is ‘the process of establishing the truth, accuracy, or validity of something’ – while fairly general, this is somewhat aligned with use of the term in biometrics. Domain-specific uses have attempted to tighten this – unfortunately, these are inconsistent.

‘Upon registration’ vs ‘previously registered’

In some usages (for example, customer service delivery), ‘verification’ or ‘identity verification’ mean confirmation that:

  • ‘The original creator of an account or identity is the one using it right now’; or
  • ‘An attempt to create a digital identity linked to real-world identity X is being made by person X’ – i.e. the identity proofing process.

Further, the term authentication is often used to mean one or both of these processes, sometimes supported by assigning each of the two words to one of the two meanings in a particular scenario.

Notes

  1. Often verification processes are entirely automated. In some systems a human adjudicator must review the output, especially when incorrect results have significant consequences.

Biometric verification can be employed in a wide range of operating scenarios including crossing international borders using a biometric travel document, and assuring access to physical locations (such as event venues or secure facilities), digital devices (such as mobile phones and laptops), and remote services (such as online or over-the-phone transactions).

Examples

Apple’s FaceID biometric verification is performed on-device.
Creating a new digital identity requires verification of the person against their passport.

Definitions in technical use

FIDO defines identity verification in the sense of ‘confirm identity of person when registering’ whether using biometrics or not.
ISO provides a precise definition which largely aligns with that provided above.
NIST defines identity verification to align with the above but also including non-biometric means.

See also

Compare with Identification and Classification, the other main two uses of Biometrics.
Contrast with remarks at Authentication on definition challenges.
Verification (1:1) and identification (1:n) explanatory graphics

Table of Contents

Help us build and improve the dictionary

Please use this form to either suggest amendments to an existing term, or to suggest a new entry.  Please fill in as much as you can.

If you have any questions or would like more information please email carolyn@biometricsinstitute.org

Name(Required)

Lead the debate with us on the
responsible use of Biometrics