Identification, Verification, Authentication, Authorization
By 360 Biometrics
People who are not in the field of security or biometrics often do not understand the difference between identification, verification, authentication and authorization systems. These systems differ considerably and depending on the system you need, there could be a huge price difference.
Biometric Identification System
Identification means you don’t know anything about the person and you are trying to identify them, e.g., you go to a party, someone comes up and says, “hi”. What do you do? You look at the person’s face, and try to recognize them. The same process happens in the biometric identification solution.
Let’s say, you have pictures of all the users in the database. Now, someone comes up to you and says “Hi”, what you will do? You will take a picture of this person and feed it to your biometric system. The biometric system will compare this picture with all the pictures that are in database and returns the information of that person, whose photograph is the closest match. This is also called 1:N matching, where the biometric system is comparing 1 picture with all the pictures in the database.
In this example, we have used the face recognition technology to identify a person, but we can use fingerprint, iris, voice or any other biometric technology.
Biometric Verification System
Verification means verifying a person’s identity.
When a person walks up to you and says, “Hi, I am John” and shows you his ID card. You look at the person’s face, look at the picture, and try to match them. If they match, then it means that the person is verified, if it doesn’t, then you know that the person is not John but someone else. The same process happens in the biometric verification system.
A person walks up to you, and says, “Hi, I am John”. As before, you will take the picture of John, and feed it to your biometric system. This time you will inform the system that this person claims to be “John”. The biometric system will then pull up John’s file; try to match John’s face with the picture associated with the file. If the picture matches, then it will return a positive response indicating that the person is “John”, else, a negative response, indicating that the person is not John. This is system is also called 1:1 matching as only one comparison takes place.
Please note that the verification is not based on only photo IDs. You could also use pass code, userid-password or any information that only that user and the person who is verifying the identity, will know.
Biometric Authentication System
Authentication mean verifying the user is actually who he says he is (or who she says she is). It is the same as Verification.
Biometric Authorization System
Authorization means whether the user has an authority or permission to access something. This something could be a computer, secured location, etc
A good example of authorization is going to a movie theater to watch a movie. Before entering the premise, you are asked to show the movie ticket. If you have the movie ticket, then they let you pass through, else you are denied. Please note the person who is checking the ticket does know who you are, he/she will allow you only if you have a valid ticket. The point is that no identification or verification has taken place. It is assumed that the person who is carrying the movie ticket is the person to whom the movie ticket belongs.
Let’s look at another example. Let’s say, you sit at a front desk, and your boss hands you file with people’s name, and says, “Please let only these people walk in through the door.” A person walks up to you and says, “Hi, this John and I need to go through the door”. What will you do? You will first verify the person’s identity, and then check if his name is on the list. If you find his name on the list, then it means that he has the permission to go through the door. If his name is not on the list, then you will say, “I am sorry, you don’t have the permission to go through the door.” This is a secured form of authorization. Please note that in this case verification takes place before authorization.
Let’s consider fingerprint-based computer login system. A person wanting to access the computer system will place the finger on the fingerprint scanner. The biometric system will capture the fingerprints and compare it with the fingerprints of the people who have access to the system. If a match is found, then give the person is given access to the computer system, else the access is denied. In this example, verification is followed by authorization. Placing the finger on the fingerprint scanner means verifying that it is the same person who is asking the access to the system. Authorization happens when the computer returns a yes or a no response to the user’s request for accessing the system
Such systems could be are 1:N or 1:1. If the authorization is done using only the fingerprints, then the matching will have to be done with all the fingerprints in the database, hence the system will be of type 1:N. However, if a person is asked to submit a unique identifier (such as, user-id) along with the fingerprints, then only one matching takes place, that is with the fingerprints associated with the unique identifier. Such a system is of type 1:1.
Why a Price Difference?
Let’s say you have 1 million users in the database and you want to use a biometric system to identify a user. This means that the system has to make 1 million matches before it can produce results. A typical biometric algorithm can match 20K fingerprints in 1 second. So for 1 million users, it would take about 50 seconds to do the matching. This may not be an acceptable performance. In order to improve the performance, you will need multiple servers, running in parallel, to do the matching. Hence such systems cost more.
Now, if you are doing verification instead of identification, then the number of users does not matter, as the matching will always be 1:1.
