This site has been archived on

Current Calls
How to Apply

[ Decisions | ETS | Evaluation | Downloads ]

Review and evaluation of Biometric Techniques for Identification and Authentication - Final Report


One of the most dangerous security threat is the impersonation, in which somebody claims to be somebody else. The security services that counter this threat are identification and authentication. Identification is the service where an identity is assigned to a specific individual, and authentication the service designed to verify a user's identity. The verifier can be identified and authenticated by what he knows (e.g. password), by what he owns (e.g. smart card) or by his human characteristics (biometrics).

The main objective of this study is to review and evaluate the biometric technologies including an appraisal of the application areas. It is difficult to make an objective and accurate evaluation on these technologies, since testing these systems involve special laboratories, test subjects and trained staff. This study is based on the available literature such as papers, technical reports, evaluative studies, manufacturers and designer claims.

In this study we examine the two categories of biometric techniques. The physiological based techniques, which measure the physiological characteristics of a person. These include: fingerprint verification, iris analysis, facial analysis, hand geometry-vein patterns, ear recognition, odor detection, DNA pattern analysis and sweat pores analysis. The behavioral based techniques, which measure the behavior of a person. These include: handwritten signature verification, keystroke analysis and speech analysis.

There are two basic concerns in these technologies: the error tolerance and the storage of the templates. The setting of the error tolerance of these systems is critical to their performance. Both errors (False Rejection and False Acceptance) should be low and they should both be quoted by the manufacturers.

The recorded biometric measurement of a user (template) can be stored in various places depending on the application and the security requirements of this application. The templates can be stored in the biometric device, in a central data base or in plastic cards. Trusted Third Party (TTP) services can provide security in transmitting and managing the templates when stored in a central database.

Reliability and acceptance of a security system depends on how the system is protected against threats and its effectiveness to identify system's abuses. There are various sources of threats that the biometric technologies face which they can fall into three main categories: physical, human and technical. We list and describe these threats in order to examine how each biometric technology addresses them.

Based on the literature, criteria are listed in this study, for evaluating the biometric methods and devices. The first set of criteria is formed to evaluate protocols, algorithms and codes implemented in the biometric systems. The second set will be used to evaluate operational, technical, financial and manufacturing aspects of these systems.

Lack of standards and independent testing are the weak points of these technologies. In this study the various standardization bodies seeking to develop standards are listed. The activities of other associations, that can be found helpful towards this effort, are also described. Various U.S. and European biometric projects have been described in order to provide knowledge and information for these technologies and their various applications.

Biometric technologies are applied in the following sectors: Pubic Services, Law Enforcement, Banking, Physical Access Control and Computer & Networks. It has been concluded that TTPs can provide confidence in these applications where the biometric templates are stored in a central data base.

These reports have been prepared for the European Commission by their authors and are placed on this web site to ensure the widest possible dissemination of the results of our work on ETS. However, please note that the European Commission does not necessarily endorse the content or conclusions of these reports. Please send any comments or suggestions to:

Dr. Despina Polemi,
E-Mail: (email removed)

Feedback and comments regarding INFOSEC,
should be addressed to:

European Commission
(c) European Communities, 2000
Last update date: 3 May 1999

Programmes CORDIS Comments About ©