How is biometric data stored?
You probably use biometrics data every day without realising that it’s your unique genetic makeup that is enabling you to access your phone, clock-in for work, or authorise a financial payment. If you are a smartphone user – and there are an estimated 2.87 billion of these worldwide – it’s likely that you use your fingerprint or face to access your device. But have you ever stopped to question who holds your biometric data and how?
What is biometric authentication?
Simply defined, biometric authentication is the use of unique characteristics of a person’s body or behaviour to verify identity against an existing biometric template. It can be used to control access to technology, buildings or services. The types of characteristics that can be used for identification can be broadly categorised into physical characteristics including fingerprints, eye scans and face recognition, and behavioural characteristics including voice recognition, keystroke patterns and engagement patterns. Biometric identification systems work on either a recognition or authentication basis. Fingerprint authentication is the most popular method, although facial and voice recognition are becoming more common in certain sectors such as crime prevention and travel.
Biometric technology offers a very high level of detection and security. This is because a fingerprint, iris scan or voice cannot easily be duplicated or falsified. Using a biometric means of authentication is less time consuming, dependable (you can’t forget your finger), user friendly and requires almost no training. Biometrics can be used to automate processes such as recording employee hours, which are prone to falsification and error.
When it comes to fingerprints, skin falls into two types – smooth skin which covers most of the body and friction ridge skin. Friction ridge skin extends from the fingertips to the wrist and from the tips of the toes to the heel. Each area of friction ridge skin is unique to that person. So, fingerprints are undoubtedly and irrefutably unique to the individual. They are even unique to the finger, thumb or area of palm print of the person.
Can you fake it?
You may well ask, however, if it is possible to use the fingerprint of someone who is deceased, create a false face or imitate someone’s voice. The simple answer should be no, because modern biometric scanners have liveness detection built into them. Liveness detection is any technique used to detect a spoof attempt by determining whether the source of a biometric sample is a live human being or a fake representation. This is accomplished through algorithms that analyse data collected from biometric sensors to determine whether the source is live or reproduced. Do all cheaper biometric readers work on this basis? No, and is there a possibility that a very determined hacker could circumvent the liveness detection? Yes, but the technology is far more difficult to find away around than a pin code or simple lock and key. For most commercial environments, it’s giving you the right level of security and control.
Capturing biometric fingerprint data
When storing, processing and using biometric data for authentication, the first stage is the capture of a person’s fingerprint. Once a piece of biometric data is captured it cannot be amended. Unlike a password, you can’t forget your fingerprint or voice.
Once this data has been captured, it is then analysed and converted into a biometric template. This is a binary mathematical representation of the original fingerprint based on an analysis of the minutiae – usually endings and bifurcations of ridges. This template cannot be backwards engineered into a picture of a fingerprint.
Storing biometric data
A hardware-based recognition system is where the data is stored on a specific piece of hardware and works with the device to recognise the data, without storing the data on the device itself. This offers a fast response during user authentication as the biometric templates are stored locally and the recognition system does not require any external response.
A portable token system uses a fob or a smart card to store biometric data. This means that your fingerprint, once captured, is stored within the token. The benefits of storing biometric data on a portable token is that it doesn’t need to be transferred over a network for verification purposes, and so this reduces the risks that can come with network-related vulnerabilities. When using this method, the user will need to present their card or fob and then their biometric data as a two-step authentication process.
Biometric data can also be stored on an end-user’s device. This is most common on smartphones that use touch ID fingerprint sensors, such as Apple’s iPhone. On-device storage can be used to store biometric data through a chip that holds the data separately to the device’s network. Many of the new biometric bank cards which have been trialled in the last few years work using this system. When storing the data on the authentication device itself, the organisation implementing the biometric verification process doesn’t have control over it.
A biometric server is another way to store data, although it is more susceptible to cyber-attack. As data is held on an external server it allows for multi-location verification. To reduce the risk of data being breached, it must be encrypted when being transferred over the network. The issue with encryption is deciding where encryption keys will be stored and who will be trusted with access. With the implementation of GDPR, there are increased responsibilities of managing and storing data with the potential for penalties should the data become compromised. One major flaw with this method is that should a hack take place, all of the user’s biometric data could be leaked at once. This happened to Equifax, British Airways and Uber.
Distributed data storage is a further method which stores the biometric templates on a server and a device. By storing the data this way, it makes it harder for a cybercriminal to access the data, as they would need to get into both points. This method offers security and privacy without sacrificing usability or scalability. However, it is really only suitable for companies looking to maintain complete control over the data and willing to accept the risks and liabilities associated with storing end users’ biometric data themselves.
Almas Industries – The Way Security Should Be
We take security very seriously at Almas. We design, test and build our own biometric fingerprint scanners and we are rather proud of them! Our biometric templates are stored in a binary format and encrypted within a database. Our Optima Box runs a Linux distribution called Fedora Heisenberg which has a MariaDB installed. MariaDB has a plugin for MySQL and is blocked by the firewall so that no other connections than the Optima Box can access data. Our system effectively has three levels of security preventing fingerprint data from being access by anything other than the biometric reader for the purposes of verification.
We never store pictures of fingerprints. That also includes images of scans taken with our facial access control readers designed to strengthen security in and around your site.
Secure Your Business’ Future Today with Almas Industries
The commercial landscape is in a state of constant flux, and so are the security challenges that come with it, with evolving technology comes evolving threat with legacy systems. There’s no time like the present to reassess and fortify your security measures.
Here are three reasons why you should reach out to us now:
1. Stay Ahead with Innovative Solutions: In a world where threats are becoming increasingly sophisticated, settling for outdated security systems is not an option. Our cutting-edge biometric and CCTV solutions ensure that you’re not just keeping up but staying ahead.
2. Tailored for You: Generic solutions often lead to vulnerabilities. We offer a bespoke approach to security, designed to meet the unique needs and challenges of your commercial business.
3. 24/7 Exceptional Customer Service: Security is a round-the-clock concern, and so is our customer service. From installation to regular maintenance checks, our support teams are always at your disposal to ensure seamless operation. Our installation and feedback scores from our customers are consistently high.
Take the first step towards unparalleled commercial security by contacting Almas Industries. Secure your assets, safeguard your future—because your peace of mind is our business. Contact us today for more information on access control systems or any of our security solutions, 03335677799 (UK) or 016833368 (IRE) Or send us an email: [email protected]
