Biometrics involves using unique human characteristics, both physical and behavioural, for the digital identification of individuals to access systems, devices, or information.
To carry out this identification process, a person’s biometric traits, such as their face or voice, are compared with those previously stored in the system. These biometric traits are captured through sensors (like cameras, microphones, fingerprint scanners, etc.) and converted into what we refer to as biometric templates.
What is a biometric template?
A biometric template, also known as a biometric pattern, is a representation of biometric data that is stored for future comparison. It’s important to note that it isn’t the biometric data itself, but rather an abstract numerical representation of that data.
The capture of biometric data occurs during a process known as biometric enrolment, which can also be carried out during a digital onboarding process. In this case, the identity of the person registering their biometrics in the system is also validated through their identity document. However, it’s not always necessary to combine biometric enrolment with identity validation solutions.
One example of biometrics that generates biometric patterns is facial recognition. This uses computer-generated filters to convert captured facial images (biometric data) into numerical expressions that can be compared to assess their similarity. These filters are usually built using deep learning techniques, which process the data using artificial neural networks, specifically convolutional networks.
The facial recognition process involves detecting faces, aligning them, extracting features via convolutional networks, and comparing them to either identify or verify an individual’s identity.
At this point, to better understand the algorithms behind the creation of biometric templates, it’s helpful to briefly explain how artificial neural networks work:
Artificial Neural Networks
Convolutional Neural Networks (CNNs)
Convolutional neural networks are specialised in processing images, text, or video, and are designed to leverage spatial information, making them ideal for face recognition.
Convolution is a mathematical operation that combines two functions to produce a third, allowing for the identification of relationships or similarities between two signals. In the context of images, since pixels near one another tend to share similar characteristics, a convolutional neural network can analyse and understand this through covariance calculations.
With this brief introduction in mind, let’s look at how convolutional neural networks work in creating a biometric template by exploring the stages of the process.
How is a biometric template created?
Once biometric data is captured through a sensor – for facial recognition, this would be photos of a person’s face taken with a camera – the following steps occur in creating the biometric template:
1. Face Detection: The system first identifies one or more faces in an image or video. Simple filters are used to detect basic features, such as edges and textures, to locate potential faces.
2. Pre-processing and Face Alignment: After detecting the face, it is adjusted to ensure it’s in a standard position, for example, centring the eyes and aligning the mouth. This ensures that all faces are treated uniformly by the algorithm. The image is also normalised in terms of size and contrast, and filters are applied to reduce noise, improving image quality.
3. Feature Extraction: This is where convolutional neural networks come into play. These networks analyse the face image layer by layer, extracting important patterns and features such as the shape of the eyes, nose, mouth, and skin texture. Different layers of the convolutional neural network capture varying levels of detail (convolution layer, activation layer, and pooling layer).
- Convolution Stage: Filters are applied to detect features like edges, textures, and patterns.
- Pooling Stage: The dimensionality of the feature maps is reduced, decreasing the number of parameters and thus lowering computational costs.
- Activation Stage (ReLU): Non-linearity is introduced, typically using ReLU (Rectified Linear Unit) functions that remove negative values in the feature maps and help the network learn more complex relationships between pixels.
Throughout training, the model learns and extracts unique features from the face using vector transformation weights. The network is trained with thousands of labelled biometric images, adjusting the weights through backpropagation to minimise error.
- Flattening: The extracted features are transformed into a long, one-dimensional vector. This vector contains the most relevant and summarised information from the biometric image and prepares the data for classification in fully connected layers. At this stage, what we have is a feature vector, a compressed numerical representation of the biometric image, containing all the key information the network has learned during the convolution and pooling stages. However, this is not yet the final biometric template and is not ready for use directly.
Once the vector is flattened, we need to interpret these features and assign them to a class or perform a final operation to define the biometric template.
This is where the fully connected layers come into play.
5. Fully Connected Layers: These layers process the information for classification or comparison. The flattened vector feeds into a fully connected network, where each node is connected to every node in the next layer. Typically, there are more than one fully connected layer, with each layer allowing the network to find more complex combinations of the features. This helps the network refine and focus the patterns to arrive at a final result.
6. Classification and Biometric Template Creation: The last layer of the convolutional neural network is the output layer, which assigns a probability value to each possible class (for example, different individuals or biometric patterns).
The resulting biometric template is a unique representation derived from the input image, which can be used for future comparisons (such as in biometric verification). The extracted features are turned into a set of numbers (a vector) that mathematically represent the face. This vector is unique to each face, much like a facial “fingerprint.”
- Facial Recognition: Comparison and Verification: Finally, the feature vector of the captured face can be compared with the vectors of other faces stored in a database. If the similarity between the vectors exceeds a predefined threshold, the faces are considered a match.
Classification in a CNN
Classification in a CNN for facial recognition typically occurs in two main scenarios:
- During Network Training: Classifying faces into predefined categories or adjusting weights through backpropagation, allowing the network to learn how to distinguish between different identities.
- During Verification: Using the trained model to identify a person within a database of known faces (1:N) or verify if two facial images belong to the same person (1:1).
The key difference between the training and verification phases in a convolutional network for facial recognition is that in training, we are teaching the network to generate useful features, whereas in verification, we are using those learned features to directly compare faces. Training is an iterative learning process, while verification is a one-time inference process.
Security of biometric templates
The complexity of the mathematical operations involved in generating a biometric template is a key part of its security. Due to the way modern neural networks function, we can infer that there is a high level of privacy even from the initial step of extracting biometric vectors from a face.
Additionally, it’s important to remember that a biometric template is a mathematical representation of the user’s face, allowing for later identification without storing the original images. This means there is no need to keep photos or images of individuals, debunking the myth that companies offering these technologies must store user photos. Storing images might be allowed only if necessary and legally permitted, but it’s not a requirement for facial recognition-based identity verification.
Several features enhance both security and privacy:
- The biometric template is irreversible. It is not possible to reconstruct the user’s facial image from the template.
- The biometric template is cancellable. It can be revoked, meaning it can no longer be used for future authentications.
- The biometric template is unlinkable. On its own, it cannot be traced back to the original user.
These measures help ensure compliance with GDPR and the various guidelines and recommendations from Spain’s AEPD (Data Protection Agency).
Are biometric templates reversible?
If you’ve been following the process of biometric template creation, you’ll notice that the image passes through multiple layers where complex mathematical functions are applied.
Modern biometric templates, including those used in facial recognition, are designed to be irreversible or extremely difficult to reverse. This means, in theory, the original facial image cannot be reconstructed from the biometric template.
Several techniques are used to prevent reversal:
- One-way transformations: Mathematical functions are applied that are easy to compute in one direction but extremely difficult to reverse.
- Dimensionality reduction: The template contains much less information than the original image.
- Quantisation: Values are rounded or approximated, losing precise details.
Moreover, there are established formats and standards for creating biometric templates, ensuring interoperability and security in biometric recognition systems. The two main internationally recognised standards are developed by ISO/IEC and ANSI.
All of this is expertly explained by our colleague Ángela Barriga, Head of the Intelligent Systems Department at Mobbeel, during her masterful talk at the Biometric Identification: Legal and Technological Challenges and Opportunities event.
ISO / ANSI Biometric Standards
There are standards (ISO / ANSI) that outline various aspects of biometrics, from defining the structure of a biometric vector to detailing the entire process flow from capturing a user’s face to the final stages.
Standards such as ISO/IEC 19794 and ANSI ensure that biometric data can be exchanged reliably and securely, regardless of the system or provider. These formats also help prevent biometric templates from being tied to a single proprietary system, promoting wider adoption and strengthening global biometric security.
ISO/IEC 24745:2022
This standard describes how biometric data should be handled once it is in a system. Such data must remain confidential and should not be accessible to unauthorised individuals.
ISO 24745:2022 focuses on protecting biometric data and addresses key security concepts mentioned earlier:
- Confidentiality: Biometric data must remain confidential, preventing unauthorised access and ensuring that only authorised persons or systems can access the information. Users always retain rights over their own data.
- Unlinkability: This means that once biometric data is extracted, it cannot be used to identify a person solely from the biometric vector.
- Irreversibility: ISO 24745:2022 stresses that biometric data must be processed so that it is impossible to reconstruct the original biometric features from stored or processed data. Even if encrypted or transformed biometric data is compromised, the original template cannot be extracted. Modern techniques prevent this, and even if reconstruction were theoretically possible, it would be nearly impossible to recreate the complete face from a biometric template.
Other biometric standards
The ISO/IEC 19794 series is an international standard that defines data interchange formats for biometrics. Some relevant standards in this series for biometric templates include:
- ISO/IEC 19794-1:2006 – General Data Format: Specifies the common requirements for different biometric modalities (fingerprints, face, iris, etc.) and the metadata needed to interpret those data.
- ISO/IEC 19794-5:2011 – Facial Recognition: Defines image formats and the representation of facial templates for use in facial recognition systems.
- CBEFF (Common Biometric Exchange Formats Framework): Provides a framework for biometric data exchange, defining how the data and associated headers should be structured to enable interoperability between different systems.
Facial biometrics registration for future authentication processes
To streamline future authentication processes once a user has successfully registered their identity (such as by scanning their ID via OCR/NFC, submitting a selfie with liveness detection, and comparing it biometrically to the ID photo), facial biometrics can be registered so that users can subsequently authenticate simply by presenting their face.
After completing the registration process, the captured facial images are used to generate the biometric template.
Storing this biometric template allows for future biometric authentication by simply presenting a selfie with liveness detection, eliminating the need to repeat the full registration process with ID scanning, which can be more time-consuming.
Conclusion
There’s a common misconception that stealing someone’s biometric template allows you to impersonate them, much like finding someone’s ID card and using it to assume their identity. Nothing could be further from the truth!
Trying to reconstruct a person’s original face from a set of numbers is not only highly complex, but even if attempted, you would never achieve an exact recreation of the face. It would be much easier to commit identity theft by using other means, like stealing a person’s photo from their social media or capturing their face in public.
After all, who doesn’t have a photo of themselves on the internet these days?
Contact us if you want to use cutting-edge AI technology to prevent spoofing and verify your user with biometrics.
I am a Computer Engineer who loves Marketing, Communication and companies’ internationalization, tasks I’m developing as CMO at Mobbeel. I am loads of things, some good, many bad… I’m perfectly imperfect.
GUIDE
Identify your users through their face
In this analogue-digital duality, one of the processes that remains essential for ensuring security is identity verification through facial recognition. The face, being the mirror of the soul, provides a unique defence against fraud, adding reliability to the identification process.