Biometric Security Template Storage
Every biometric authentication device and
application performs 4 major functions: image capture, feature
extraction, template creation and storage, and comparison. The
template that is created and stored is not the biometric data
itself (e.g., the fingerprint image) but instead the results from
some kind of analysis and summary of the biometric data. This
might be an analysis of the locations of minutia contained in
fingerprints or a mathematical summary of the patterns in an iris
image. These templates contain the unique characteristics of a
user's biometric information, and they are the master copies that each
future data acquisition would be compared to.
Biometric device vendors are careful to create systems where
the encoding of the biometric data is one-way. That is,
presenting the same biometric pattern can result in the same
summary template, but the template cannot be used to reconstruct
the biometric pattern. Nevertheless, proper storage and security
of the template is important for the reliability and robustness
of the system, and for users' trust.
The acceptance of biometric security devices by the general
public is dependent on perceptions of how securely the biometric
information template is stored. Privacy concerns have been
raised because a biometric information template by itself is a
unique identifier of a person. Although the template cannot be
decoded back to the biometric data, it could be used to track the
activities of an individual. If there is a database anywhere
that ties the user to the unique biometric template, it could be
used perform tracking functions.
Currently, there are 4 major locations for storing the
template: in a token or smart card, in a central database on a
server, on a workstation, or directly on the sensing device.
Each of the locations have their own advantages and
- Portable Token: To store the template on a
portable token such as a smart card has a number of advantages.
The biometric data is not centrally stored, does not traverse the
network, and the user carries the information from location to
location. Users may have a feeling that they control their
personal identification data. One drawback is that the cost of
the biometric implementation is higher because devices are needed
to read the smart cards and the biometric data. For proper usage
the smart card must be read and a fresh biometric scan must be
done before a user is authenticated.
- Central Database: To store the templates in a
central repository on a server overcomes the problem of users
authenticating from multiple locations. There is the potential
for "sniffing" the biometric data off the network and replaying
the authentication session, unless encryption is used. Even when
encryption is used, the question becomes where would the
encryption keys be stored and who would have access to them.
Therefore, the idea that information such as fingerprint data
being stored centrally is not welcomed by privacy-conscious
- Individual Workstation: To store the templates
on individual workstations seems to be a reasonable middle ground
between storage in central database and storage on sensing
devices. On one hand, a computer tower is physically more
difficult to steal than a small sensing device. On another hand,
to store data distributively does create less privacy concerns
and prevent a focal point of attack for malicious hackers. With
workstation storage, however, the user cannot authenticate from
multiple locations. Another issue is that workstation security may be lacking, such
that the biometric data could be found on the hard drive.
- Sensing Device: To store the templates on the
sensing device itself provides for quick responses during future
authentication. However, it does not lend itself to situations
where the user will need to authenticate at multiple locations.
For example, a bank's ATM machines could not use this method
since customers won't always use the same machine. Another
example is when a biometric system is implemented for a computer
lab. Here it cannot be assumed that each user is going to be working
with the same machine and the same sensing device. Small sensing devices
may also be easily stolen.
- BioPassword: BioPassword's personal edition
encrypts and stores the template on the local machine.
- U.are.U Personal (Digital Persona): For U.are.U
Personal, the templates are stored locally on workstation.
Digital Persona is taking a new approach with its Windows NT
authentication service by using Microsoft interface, the MSV1_0
SubAuthentication DLL. They will be able to store templates
directly into the NT SAM (Security Account Manager) database,
eliminating the need for external databases and providing for
tight integration with Windows NT 4.0.
- Sony Puppy: In the case of the Sony Puppy, the
biometric template is used to activate a cryptographic device and
unlock the public-key pair it contains. The biometric data is
handled on the Puppy itself and is never used for remote
authentication. Instead, the Puppy uses its internally stored
public-key pair for remote authentication and other security
functions. This arrangement provides another benefit over typical
biometric applications: biometric privacy. The templates reside
on the Puppy itself and are never transmitted anywhere else. They
don't reside on a server where they might be harvested and reused
for some unanticipated application. There is no risk of the
fingerprint readings being sniffed and collected by unknown
agents during an authentication operation because the readings
never leave the Puppy.
- SecureSuite: For a standalone installation,
SecureSuite stores the templates on the local machine. In the
latest version, SecureSuite 3.5, the software stores user
account data, including the templates, in a proprietary database.
This means that if SecureSuite Server is installed on a Win2K
server, part of each user's profile data is stored in the Active
Directory, and part is stored in SecureSuite's proprietary
This page is part of a project on
Usability and Acceptability of Biometric Security Devices.