In functional terms the current uses of biometrics can be categorised under the following headings: verification, identification and screening. Another potential use of biometrics, though not yet in a mature state of development, is biometric encryption.
Verification is a test to ensure whether person X is really who he or she claims to be. Two types of verification can be envisaged: with centralised storage or distributed storage.
Verification with centralised storage If a centralised database exists where all biometric data and the associated identities are stored, the biometric sample of the claimed identity is retrieved from the database. This is then compared to the live sample provided by person X, resulting in a match or a non-match. Two types of error are possible for verification: a false match and a false. The matching can be done locally on the device temporarily storing the acquired sample or remotely by the hardware that stores the sample acquired during enrolment. False rejects will cause unnecessary inconvenience to innocent individuals whereas false matches are more insidious as they allow a fraudulent individual to pass, but the mistake goes unnoticed by the system.
Verification with distributed storage If the biometric data is stored in a memory device that is carried by the individual, for example a smart card or a chip integrated into an identity document, person X will provide a live biometric sample and this will be compared to the biometric data stored on the memory device. This can be done either by the verification system which retrieves person X’s biometric data from the memory device and compares them to the live sample, or by the memory device itself, if it is sufficiently sophisticated to perform the verification. The identity details are either stored on the memory device or written on the accompanying documents e.g. in the case of a passport, identity information might be printed next to the chip. If the verification process succeeds, then person X is confirmed to be the valid bearer of the identification documents. As before, false acceptance and false rejection errors are possible. In addition, there is the possibility that the documentation or the memory device are fraudulent or have been tampered with.
Identification is used to discover the identity of an individual when the identity is unknown. Contrary to verification, for the process of identification a central database is necessary that holds records for all people known to the system; without a database of records, the process of identification is not possible. When person X comes to be identified, he provides a live biometric sample, e.g. a fingerprint is taken or the iris is scanned. The data is processed and the resulting biometric template is compared against all the entries in the database to find a match. The system then returns as a response either the match it has found, or that there is no match against the enrolled population. Identification may result in one of two types of error described previously: i.e. a false match or a false reject. Since the system checks against a database of enrolled templates or full images, the maintenance of the integrity of the database is essential in protecting individuals from identity theft.