Biometric Security Template Storage

Definition

Every biometric authentication device and application performs 4 major functions: image capture, feature extraction, template creation and storage, and comparison. The template that is created and stored is not the biometric data itself (e.g., the fingerprint image) but instead the results from some kind of analysis and summary of the biometric data. This might be an analysis of the locations of minutia contained in fingerprints or a mathematical summary of the patterns in an iris image. These templates contain the unique characteristics of a user's biometric information, and they are the master copies that each future data acquisition would be compared to.

Biometric device vendors are careful to create systems where the encoding of the biometric data is one-way. That is, presenting the same biometric pattern can result in the same summary template, but the template cannot be used to reconstruct the biometric pattern. Nevertheless, proper storage and security of the template is important for the reliability and robustness of the system, and for users' trust.

The acceptance of biometric security devices by the general public is dependent on perceptions of how securely the biometric information template is stored. Privacy concerns have been raised because a biometric information template by itself is a unique identifier of a person. Although the template cannot be decoded back to the biometric data, it could be used to track the activities of an individual. If there is a database anywhere that ties the user to the unique biometric template, it could be used perform tracking functions.

Currently, there are 4 major locations for storing the template: in a token or smart card, in a central database on a server, on a workstation, or directly on the sensing device. Each of the locations have their own advantages and disadvantages:

• Portable Token: To store the template on a portable token such as a smart card has a number of advantages. The biometric data is not centrally stored, does not traverse the network, and the user carries the information from location to location. Users may have a feeling that they control their personal identification data. One drawback is that the cost of the biometric implementation is higher because devices are needed to read the smart cards and the biometric data. For proper usage the smart card must be read and a fresh biometric scan must be done before a user is authenticated.
• Central Database: To store the templates in a central repository on a server overcomes the problem of users authenticating from multiple locations. There is the potential for "sniffing" the biometric data off the network and replaying the authentication session, unless encryption is used. Even when encryption is used, the question becomes where would the encryption keys be stored and who would have access to them. Therefore, the idea that information such as fingerprint data being stored centrally is not welcomed by privacy-conscious users.
• Individual Workstation: To store the templates on individual workstations seems to be a reasonable middle ground between storage in central database and storage on sensing devices. On one hand, a computer tower is physically more difficult to steal than a small sensing device. On another hand, to store data distributively does create less privacy concerns and prevent a focal point of attack for malicious hackers. With workstation storage, however, the user cannot authenticate from multiple locations. Another issue is that workstation security may be lacking, such that the biometric data could be found on the hard drive.
• Sensing Device: To store the templates on the sensing device itself provides for quick responses during future authentication. However, it does not lend itself to situations where the user will need to authenticate at multiple locations. For example, a bank's ATM machines could not use this method since customers won't always use the same machine. Another example is when a biometric system is implemented for a computer lab. Here it cannot be assumed that each user is going to be working with the same machine and the same sensing device. Small sensing devices may also be easily stolen.

Device-Specific Discussions

• BioPassword: BioPassword's personal edition encrypts and stores the template on the local machine.
• U.are.U Personal (Digital Persona): For U.are.U Personal, the templates are stored locally on workstation. Digital Persona is taking a new approach with its Windows NT authentication service by using Microsoft interface, the MSV1_0 SubAuthentication DLL. They will be able to store templates directly into the NT SAM (Security Account Manager) database, eliminating the need for external databases and providing for tight integration with Windows NT 4.0.
• Sony Puppy: In the case of the Sony Puppy, the biometric template is used to activate a cryptographic device and unlock the public-key pair it contains. The biometric data is handled on the Puppy itself and is never used for remote authentication. Instead, the Puppy uses its internally stored public-key pair for remote authentication and other security functions. This arrangement provides another benefit over typical biometric applications: biometric privacy. The templates reside on the Puppy itself and are never transmitted anywhere else. They don't reside on a server where they might be harvested and reused for some unanticipated application. There is no risk of the fingerprint readings being sniffed and collected by unknown agents during an authentication operation because the readings never leave the Puppy.
• SecureSuite: For a standalone installation, SecureSuite stores the templates on the local machine. In the latest version, SecureSuite 3.5, the software stores user account data, including the templates, in a proprietary database. This means that if SecureSuite Server is installed on a Win2K server, part of each user's profile data is stored in the Active Directory, and part is stored in SecureSuite's proprietary database.

This page is part of a project on the Usability and Acceptability of Biometric Security Devices.