1. What is the difference between identification and verification?
2. What are minutiae?
3. What is a biometric key?
4. What is the size of a fingerprint template?
5. How may burns, scalds and cuts on fingers affect accurate fingerprint reading?
6. What about people with rough hands?
7. What about people with dry or wet hands?
8. How many minutiae are necessary for a comparison?
9. What do I need to know about biometrics?

• Introduction to biometrics
  
• Study group on biometric technologies
  
• Permanent working group
  
• Centre for Biometric Competence
  
• Further details

1. What's the difference between identification and verification?
Verification authenticates an individual by comparing ONE SPECIFIC fingerprint stored in the database, while identification means comparing ALL the fingerprints stored in the database. This is why verification is also called one-by-one identification process. Before fingerprint verification takes place, the user’s code has to be inputted. Verification is, of course, much faster than identification.

2. What are minutiae?
Minutiae are unique points of a fingerprint that unequivocally identify it. They can be, for instance, information relating to where furrows end or bifurcate, or where they are Y-shaped. Even monozygotic twins have different minutiae.

3. What is a biometric key?
A biometric key is a set of information about an individual’s specific physical feature. A good biometric key must be unique in each individual. Good biometric keys are, for instance:

• face image
• iris image
• fingerprint image

Differently from “traditional keys” (e.g.: door keys, computer passwords etc.) used to identify people, a biometric key cannot be given or lent to anyone.

4. What is the size of a fingerprint template?
The size of a fingerprint template is 300 bytes on average and cannot exceed 1 KB, depending on the fingerprint image

5. How may burns, scalds and cuts on fingers affect accurate fingerprint reading?
Medical tests show that damaged skin heals rapidly and that the same fingerprint pattern as before is thus restored. However, if deep scars are left as a consequence of a bad injury, a new reference fingerprint image needs to be enrolled.

6. What about people with rough hands?
Fingerprint images of people having rough hands due to their jobs (e.g. construction workers) may not be excellent. This problem is usually solved through repeated verifications or by adjusting iGuard’s security level. Another way to reduce false rejection rates is to use more than one reference image per finger, thus increasing reliability of the recognition process.

7. What about people with dry or wet hands?
Dry fingers, which are typical of people with dry skin, very often leave a very light and uneven image, thus reducing identification. While other optical sensors are often coated with silicon (which wear out rather easily), iGuard uses DFX software technology (developed by Veridicom) to reduce this problem. For the verification process to be further improved, users can rub their noses or foreheads with their fingers to increase finger pressure, or they can use some hand cream to minimize this problem. Wet fingers, on the contrary, are typical of people with sweaty hands or may be the effect of putting too much hand cream. They usually leave fingerprints with squashed ridges and appear as smeared in the image, or they may even leave a completely black image. Hand washing and less finger pressure can reduce this problem.

8. How many minutiae are necessary for a comparison?
A complete fingerprint consists of 100 minutiae. The Veridicon sensor used in iGuard can recognise between 20 and 30. Please notice, however, that European courts accept fingerprints with 12 positive matches as unambiguous identification.

9. What do I need to know about biometrics?
Introduction to biometrics. Since the tragic events of September 11th in the US and, more recently, in the EU, there has been an increased demand for security measures. The use of biometric features – such as fingerprints, iris recognition, face and hand geometry – to identify or authenticate an individual is, under appropriate conditions, the only tool which can confirm an individual’s identity, based on unique and non-reproducible features. In many countries exposed to the risk of terrorist attacks, including the USA and the countries of the EU, the integration of biometric features in passports is being discussed. Identification processes would thus become more reliable. Within this context, initiatives have been promoted in Italy too, where biometric passports and residence permits – still at the experimental stage – will be introduced. The remarkable potentials offered by biometric technologies to authenticate identities have brought about a widespread interest in these technologies which is not only limited to investigation and prevention. The problems originating from the rapid digitalisation of information and the widespread use of networks are of crucial importance in terms of security in data access and online services. The first problem any public or private organisation faces when dealing with identification is to be sure that, whomever accesses confidential or sensitive sources of information, is really who they state they are. The most common measures adopted today are based on password login and are sometimes unable to guarantee an appropriate security level. With the exception of AFIS applications, biometric technologies used in the Italian public administration were, up to few years ago, limited to devices controlling access to sensitive areas, e.g. military sites. However, public services are now increasingly interested in biometric technologies to gain control over access to critical computer applications or sensitive data from employees or users of online services. An example of this is E-POLL, the electronic voting experiment carried out in Italy under the EU fifth Framework Programme for Research and Development using a smart card with an embedded fingerprint reader authenticating the identity of a citizen and voter. The combined use of biometric data and smart card makes it possible to assert the legal ownership of a specific card on the basis of “stronger” features than a normal PIN code. Furthermore, smart cards containing users' biometric data allow a more simple management of privacy issues. Therefore, the combined use of the two devices mentioned above lends itself both to contexts where authentication is of critical importance (e.g. digital signatures) and to a general control of physical and logical access of employees (e.g. multi-service smart card for the Italian Ministry of Defence).

Study group on biometric technologies. Considering the importance biometric technologies can have in e-government and, more generally, in the relations between citizens and institutions, the CNIPA (National Centre for Information Technology in Public Administration) has decided to carry out an in-depth analysis of technical and regulatory aspects of biometrics and its fields of application, with particular attention to e-government. The CNIPA set up a study group on biometric technologies in July 2003 which concluded their activities in November 2003 and delivered a report containing:

• an analysis on the state of biometrics carried out through consultations with market analysts, academics, suppliers and other representatives of public administration being interested in the issue;
• proposals for the production of guidelines, events, workshops; the setting up of study groups, and the carrying-out of experiments providing the Public Administration with evaluation tools and information in the field of biometrics.

Centre for Biometric Competence. Given the confidential nature of some activities, the CNIPA also set up a Centre for Biometric Competence to support the Italian public administration in the information, experimentation activities and in the use of biometric technologies. It consists of members of the permanent working group and is supported by experts in the field of research (Mario Savastano) and representatives of public administrations who already experienced the use of biometric technologies (Stefano Petecchia). The Centre for Biometric Competence was in charge of watching the development of biometric technologies, especially in the PAC and PAL sectors as well as systematising support to public administrations by ensuring:

• pooling of technological and organisational know-how and expertise;
  
• enhanced expertise and assistance to public administrations;
  
• harmonisation with international projects having similar objectives.

For further information, please write to biometria@cnipa.it, available for

• public administrations
  
• research and university institutes
  
• suppliers of biometric solutions

Public documents delivered by GdS, CdC, GdL:

• Brief remarks on biometric technologies within an ICT context (PDF - 400 KB)
  
• Guidelines on biometric technologies (PDF - 95 KB)

Other useful links:

• Working Party on Information Security and Privacy. BIOMETRIC-BASED TECHNOLOGIES (PDF - 435 KB in English)
  
• Gruppo per la tutela dei dati personali, Documento di lavoro sulla biometria (white paper) (Group for the protection of personal data, white paper on biometrics) (PDF - 53 KB) (in Italian)
  
• CBEFF Common Biometric Exchange File Format/a> (PDF - 273 KB in English)
  
ISO/IEC 7816-11- Identification cards -- Integrated circuit cards -- Part 11: Personal verfication through biometric methods (PDF - 13.525 KB)

• Introduction to biometric systems, Prof. Dario Maio, DEIS, University of Bologna (in Italian)