- Introduction
- Sensor System Biometric Performance
- Government Grade Mass Market References
- Consistent Use of Time Robust Fingerprint Features
- Real Life Conditions Robustness
- One-Touch Enrollment
- Interoperability
- Standardization
- Small Sensors: Why They By Nature Cannot Serve in Security Focused Contexts
- Summary
- Frequently asked questions
Why security-sensitive environments require large, standards-based fingerprint sensors.
Introduction
Fingerprint systems are daily used by hundreds of millions of people around the globe. The total market can be separated in two distinct groups:
- Convenience Focused Markets
These markets are dominated by smartphones, notebooks and payment smartcard markets in which the biometric system is offered in combination with pin-code or password fallbacks. These systems have been architected for added convenience not for security. The value propositions offered is low and the cards and their biometric systems have been designed for minimized cost. Fingerprint sensor sizes in these markets vary from 20 – 90 mm². - Security and Safety Centric Markets
By nature, trusted “keys” to a security sensitive physical or digital “house” must reliably over the lifetime of the device serve all users of the “house”. The true test of a mass market biometric access system is about how well it copes with the most challenging users and environmental conditions.
This article will look at fingerprint sensor requirements in security sensitive markets, the APPSCARD markets.
Sensor System Biometric Performance
Biometric user verification is not a binary process like comparing a password entered with a stored reference. It is an algorithmic process to determine the likelihood that two samples originate from the same person. Therefore, every biometric system has inevitable and non-zero error rates.
A fresh biometric sample generates biometric probe data which is compared with previously stored biometric reference data. If the algorithm concludes that the two data sets are similar enough, the user is granted access. The false acceptance rate (FAR) is the probability that an impostor is granted access by chance. The false rejection rate (FRR) is the probability that the legitimate user is rejected, because the system failed to recognize the similarity of his or her biometric data. FAR and FRR are interdependent opposite forces. Tightening the acceptance threshold to lower FAR will automatically result in an increased FRR.
A highly reliable biometric system can achieve e.g. FAR 0.01% and FRR 1% or FAR 0.001% and FRR 2%. While the FAR can easily be configured in algorithm parameters, FRR depends on various factors, such a user population, training, ergonomic design and environmental conditions. Therefore, error rates claimed by vendors are not always credible. It is easy to achieve certain error rates in the lab under controlled conditions but behavior and results of a product in the field can look dramatically different.
Error rates published by vendors’ marketing are typically not credible. Trustworthy numbers are published in scientific research by leading universities and standardization bodies. These studies show unanimously that the sensor characteristics have a significant effect on the biometric performance.
The main determinants of fingerprint sensor system performance in terms of error rates are:
- Sensor size
- Sensor resolution
- Image quality
- Algorithm
Government Grade Mass Market References
For additional real life security and convenience performance APPSCARD has added 10% extra size (230 mm² vs 210 mm²) to the FAP10 standard. Sensors with key specifications identical to the APPSCARD sensors are daily in use by millions of people in world security sensitive governmental and corporate applications.
Such references do not exist for small sized sensor based systems.
Consistent Use of Time Robust Fingerprint Features
In order to compensate for smaller sizes, some sensor manufacturers have adapted their algorithms to look for smaller features in the human fingerprint.
Small sensors have to register a users fingerprint with 12-20 touches. Otherwise there may be no overlap with biometric probe data from a current sample. They typically need to rely on a proprietary pattern matcher, because there are not enough minutiae in a small area for a successful verification. Microfeatures may change over time, like e.g. sweat pores can open and close depending on environmental conditions. Minutiae have been proven reliable and constant over the lifetime, but they require a large enough sensor to be verified reliably.
Real Life Conditions Robustness
Real-life challenges like dirt, grease, minor cuts and injuries or changing environmental conditions can lead to significantly higher error rates for systems with small sized sensors. A highly reliable system will require added sensing area providing a level of tolerance against those scenarios, that cannot be fulfilled with a convenience product.
One-Touch Enrollment
A quality critical step in a security sensitive biometric application context is the enrollment of the users biometric at card issuance. This process must be monitored by a skilled and trusted enrollment officer and must include the user placing the fingerprint in one touch at the full active area of the sensor. The process is repeated a total of three times per finger.
Interoperability
Interoperability is an important aspect of standardization. ISO standardizes architectures, physical characteristics and logical interfaces as well as data formats. Compliance with those standards enables that products from different vendors work together without problems.
In a Biometric-System-on-Card, the fingerprint image, biometric reference data and biometric probe data never leave the card. Therefore, one could argue that the use of proprietary solutions is just fine and interoperability less of a concern. At a first glance, this seems to make sense. Anyhow, using standardized interface and data formats in a BSoC has several advantages.
Firstly, the technology can easily be evaluated with best practice methodology for its performance and true error rates. This is difficult for a system that claims error rates under the assumption of learning and enrollment updates during usage. A many-to-many comparison with a large database is impossible then, because the sequence of comparisons would influence the outcome.
Secondly, an application may have a need for importing and exporting of minutiae templates. This may sound like a contradiction to BSoC architecture but imagine e.g. a national ID card or driver license being issued to the user. De-duplication is important in this case to ensure that no person can register twice or have two passports with different credentials.
Finally, dependency from a single source remains a risk when using proprietary technology. Standardized technology simplifies migration and allows for transparent competition. The buyer of a standardized solution will only continue business if he or she is satisfied with the product, not because being dependent and technically has no choice.
Standardization
The US standardization body NIST and the FBI have specified and published minimum requirements of fingerprint sensors for use in governmental applications. The purpose of such standardization is to ensure that systems may be successfully implemented in their targeted contexts:
| Category | Minimum area | Use case |
|---|---|---|
| FAP 10 | 210 mm² | Single finger scan, allowed sensor category for government; Robust for one-to-few comparison |
| FAP 20 | 310 mm² | Single finger scan, AADHAAR, mainstream government; Designed for one-to-many comparisons |
| FAP 30 | 516 mm² | Single finger scan, high end government; Designed for larger database comparisons |
The core requirements for a FAP 10 sensor certified for US government use are summarized in the following table.
| Parameter | Requirement |
|---|---|
| Capture size | ≥ 12.8 mm wide by ≥ 16.5 mm high |
| True optical or native resolution | ≥ 500 ppi in columns and rows |
| Resolution scale | 490 to 510 ppi in both directions |
| Image type | 8 bits per pixel, 256 gray levels |
In addition there are other requirements like geometric accuracy and pixel uniformity to pass and other profiles for larger sensors, some of which are listed in the table above.
Governments insist on sensors that have an active area of more than 210 mm² and a resolution of minimum 500 ppi. Fingerprint science and NIST studies confirm that smaller sensors will not allow sufficient discriminative power.
Small Sensors: Why They By Nature Cannot Serve in Security Focused Contexts
In convenience focused markets commercial products are using small fingerprint sensors with an active area of typically 9×9 mm² down to as low as 4×4 mm². The two main drivers behind this has been cost and space.
The dominant sensor technology is silicon capacitive fingerprint sensors, and their cost is directly proportional to the number of dies that fit into a silicon wafer. The smaller the area, the lower the cost.
Another aspect is the nature of convenience applications. Biometric smartphones and payment cards use biometric user verification as a convenience feature rather than for security. Every time you boot up your smartphone, you need to enter the PIN. Biometrics is only allowed for unlocking the screen from sleep mode. A biometric payment card can endorse transactions and eliminates the inconvenience of entering the PIN. Cardholder verification by PIN is always possible in case of failure or even bypassing biometrics. It is therefore perfectly acceptable, if also when a significant part of the verifications fail, because the card will always revert to PIN entry allowing the user to complete the transaction.
The percentile of users with lower quality fingerprints will have higher error rates, find the feature inconvenient, and simply not use it. Again, that is acceptable because many cardholders still can benefit from the convenience.
It is obvious physics that if there is no overlap between two biometric sample fingerprints, there is no match. The industry has developed dedicated methods to exploit biometrics with low cost and little available space. The sensor needs to be touched 12-20 times in different positions during enrollment. All the images are recorded, processed and sometimes stitched together. During verification, a proprietary pattern matcher searches a tiny slice of the fingerprint in the gallery of all reference templates. The smallest sensors require in addition constant automated enrollment updates to prevent degrading of already suboptimal error rates over time.
As an example, Microsoft requires fingerprint sensors for Windows Hello have a resolution of 320ppi and there is no minimum size. Again, this is only for logging in to your notebook and can always be bypassed with password. For notebook manufacturers, it is more important that the sensor is cheap and fits into a key or small button.
By laws of nature smaller sized sensors should not be used in security sensitive markets.
A government grade sensor in combination with a certified algorithm, good ergonomic design, and a quality enrollment process can enable the real-life error rates and reliability that is required in security centric applications.
In order to make safe decisions security sensitive decision makers will look at biometric systems market references and existing standards as defined by NIST/FBI and ISO. They will find that market references alligns with the standards. Thereafter they will conduct pilots within their own organisation.
Summary
A Biometric System-on-Card in any sensitive security application must rely on a government grade sensor. It enables provable true error rates required for reliable operation to protect valuable physical and digital assets.
The combination of a high-end sensor and algorithm allow the necessary tolerance to cope with real-life challenges in the field. The number of disqualified users having to apply a less secure and less convenient authentication method is reduced to a minimum. When implemented with multiple fingerprints and face recognition fallbacks along with face to face enrollment processes the system may be implemented for almost entire user populations. Adhering to inter-industry standards enables interoperability. It establishes trust and gives the customer peace-of-mind betting on the right technology.
Bibliography
The following is recommended reading.
- ISO/IEC 17839-2, Information technology – Biometric System-on-Card -parts 2: physical characteristics, 2024
- NIST special publication 500-290 edition 3, Data format for the Interchange of Fingerprint, Facial & Other Biometric Information, 2015
NIST.SP.500-290e3.pdf - PIV spec, Image Quality Specifications for Single Finger Capture Devices, 2006
https://fbibiospecs.fbi.gov/file-repository/specifications/pivspec.pdf/view - NISTIR 7950, Examination of the Impact of Fingerprint Spatial Area Loss on Matcher Performance in Various Mobile Identification Scenarios, 2014
NIST.IR.7950.pdf - ISO/IEC 39794-2: Information technology — Extensible biometric data interchange formats — part 2: Finger minutiae data, 2023
- Roddy, Stosz: Fingerprint Features — Statistical Analysis and System Performance Estimates, 1999
- Bourjot, Perrier, Mainguet: Comparison of fingerprint authenticaton algorithms for small imaging sensors, 2017
- Fernandez-Saavedra, Sanchez-Reillo, Alonso-Morena, Mueller: Evaluation Methodology for Analyzing Environment Influence in Biometrics, 2015
iet-bmt.2015.0018 - IDTestingLab: Madrid2 public report, 2018
Madrid2_PublicReport_v2.0_final.pdf - Nagpal, Kumar, Pandey, Vij, Vaishali: Minutiae vs. Correlation: Analysis of Fingerprint Recognition Methods in Biometric Security System, 2019
