GIST v0.7 ― B
“back channel” to “byte”

B

- back channel n.

OASIS SAML 2.0 (2005)

Back channel refers to direct communications between two system entities without “redirecting” messages through another system entity such as an HTTP client (e.g. a user agent). See also front channel.

- back door n.

RFC 2828 (2000)

(I) A hardware or software mechanism that (a) provides access to a system and its resources by other than the usual procedure, (b) was deliberately left in place by the system’s designers or maintainers, and (c) usually is not publicly known. (See: trap door.)

(C) For example, a way to access a computer other than through a normal login. Such access paths do not necessarily have malicious intent; e.g., operating systems sometimes are shipped by the manufacturer with privileged accounts intended for use by field service technicians or the vendor’s maintenance programmers. (See: trap door.)

- back up vb.

RFC 2828 (2000)

(I) To store data for the purpose of creating a backup copy. (See: archive.)

- backup n. & adj.

ISO/IEC 2382-8:1998 & 08.07.05

backup procedure

A procedure to provide for data restoration in case of a failure or a disaster. Example: Making backup files.

backup file

A file made for possible later data restoration. Example: Copy of a file preserved at an alternate site.

RFC 2828 (2000)

(I) 1. A reserve copy of data that is stored separately from the original, for use if the original becomes lost or damaged. (See: archive.) 2. Alternate means to permit performance of system functions despite a disaster to system resources. (See: contingency plan.)

NIST IR 7298 (2006)

SP 800-34; CNSSI-4009

A copy of files and programs made to facilitate recovery if necessary.

- backward recovery n.

ISO/IEC 2382-8:1998

The data reconstitution of an earlier version of data by using a later version and data recorded in a journal.

- bacterium n.

ISO/IEC 2382-8:1998

bacterium, chain letter

A program that propagates itself by electronic mail to everyone in each recipient’s distribution list.

- bad sectoring n.

ISO/IEC 2382-8:1998

A technique for copy protection in which bad sectors are intentionally written on a disk.

- bag n.

OASIS XACML 2.0 (2005)

An unordered collection of values, in which there may be duplicate values.

- baggage n.

RFC 2828 (2000)

(D) ISDs SHOULD NOT use this term to describe a data element except when stated as SET™ baggage with the following meaning:

(O) SET usage: An “opaque encrypted tuple, which is included in a SET message but appended as external data to the PKCS encapsulated data. This avoids superencryption of the previously encrypted tuple, but guarantees linkage with the PKCS portion of the message.” [SET2]

- bandwidth n.

RFC 2828 (2000)

(I) Commonly used to mean the capacity of a communication channel to pass data through the channel in a given amount of time. Usually expressed in bits per second.

- bank identification number (BIN) n.

RFC 2828 (2000)

(N) The digits of a credit card number that identify the issuing bank. (See: primary account number.)

(O) SET usage: The first six digits of a primary account number.

- baseline controls n.

SC 27 SD 6 (2000)

ISO/IEC PDTR 13335-1 (11/2001)

A minimum set of safeguards established for a system or organization.

NIST IR 7298 (2006)

SP 800-16

baseline security

The minimum security controls required for safeguarding an IT system based on its identified needs for confidentiality, integrity and/or availability protection.

- baseline security n.

See: baseline controls.

- baselining n.

NIST IR 7298 (2006)

SP 800-61

Monitoring resources to determine typical utilization patterns so that significant deviations can be detected.

- Basic Encoding Rules (BER) n.

RFC 2828 (2000)

(I) A standard for representing ASN.1 data types as strings of octets. [X690] (See: Distinguished Encoding Rules.)

- bastion host n.

RFC 2828 (2000)

(I) A strongly protected computer that is in a network protected by a firewall (or is part of a firewall) and is the only host (or one of only a few hosts) in the network that can be directly accessed from networks on the other side of the firewall.

(C) Filtering routers in a firewall typically restrict traffic from the outside network to reaching just one host, the bastion host, which usually is part of the firewall. Since only this one host can be directly attacked, only this one host needs to be very strongly protected, so security can be maintained more easily and less expensively. However, to allow legitimate internal and external users to access application resources through the firewall, higher layer protocols and services need to be relayed and forwarded by the bastion host. Some services (e.g., DNS and SMTP) have forwarding built in; other services (e.g., TELNET and FTP) require a proxy server on the bastion host.

NIST IR 7298 (2006)

SP 800-41

A bastion host is typically a firewall implemented on top of an operating system that has been specially configured and hardened to be resistant to attack.

- BCA n.

See: brand certification authority.

- BCI n.

See: brand CRL identifier.

- behavioral biometric, - behavioural biometric n.

See: (secondary definition under) biometric characteristic.

- behavioral outcome n.

NIST IR 7298 (2006)

SP 800-16

What an individual who has completed the specific training module is expected to be able to accomplish in terms of IT security-related job performance.

- Bell-LaPadula Model n.

RFC 2828 (2000)

(N) A formal, mathematical, state-transition model of security policy for multilevel-secure computer systems. [Bell]

(C) The model separates computer system elements into a set of subjects and a set of objects. To determine whether or not a subject is authorized for a particular access mode on an object, the clearance of the subject is compared to the classification of the object. The model defines the notion of a secure state, in which the only permitted access modes of subjects to objects are in accordance with a specified security policy. It is proven that each state transition preserves security by moving from secure state to secure state, thereby proving that the system is secure.

confinement property (also called *-property, pronounced star property): A subject has write access to an object only if classification of the object dominates the clearance of the subject.
simple security propertyA subject has read access to an object only if the clearance of the subject dominates the classification of the object.
tranquillity property The classification of an object does not change while the object is being processed by the system.

- BEM n.

See: Biometric Evaluation Methodology.

- BER n.

See: Basic Encoding Rules.

- between-the-lines entry n.

ISO/IEC 2382-8:1998

Access obtained through active wiretapping by an unauthorized user to a momentarily inactive transmission channel connected to a legitimate user system resource.

- beyond A1 n.

RFC 2828 (2000)

(O) 1. Formally, a level of security assurance that is beyond the highest level of criteria specified by the TCSEC. 2. Informally, a level of trust so high that it cannot be provided or verified by currently available assurance methods, and particularly not by currently available formal methods.

- bifurcation n.

iAfB-ICSA 1999

A branch made by more than one finger image ridge.

- big-endian n.

SC 27 SD 6 (2002)

ISO/IEC 10118-1: 2000

A method of storage of multi-byte numbers with the most significant bytes at the lowest memory addresses.

- BIN n.

See: bank identification number.

- bind n.

RFC 2828 (2000)

(I) To inseparably associate by applying some mechanism, such as when a CA uses a digital signature to bind together a subject and a public key in a public-key certificate.

- binding n.

OASIS SAML 2.0 (2005)

binding, protocol binding

Generically, a specification of the mapping of some given protocol’s messages, and perhaps message exchange patterns, onto another protocol, in a concrete fashion. For example, the mapping of the SAML <AuthnRequest> message onto HTTP is one example of a binding. The mapping of that same SAML message onto SOAP is another binding. In the SAML context, each binding is given a name in the pattern “SAML xxx binding”.

NIST IR 7298 (2006)

SP 800-32

Process of associating two related elements of information.

SP 800-21 [2ndEd]

An acknowledgement by a trusted third party that associates an entity’s identity with its public key. This may take place through:

a certification authority’s generation of a public key certificate,
a security officer’s verification of an entity’s credentials and placement of the entity’s public key and identifier in a secure database, or
an analogous method.

- binning n.

iAfB-ICSA 1999

1. Binning is the process of classifying biometric data. This allows a database of biometric data to be pre-sorted in order to speed up the process of matching captured biometric data with comparison data. This term is particularly used in conjunction with Automated Fingerprint Identification Systems.

2. A specialised technique used by some AFIS vendors. Binning is the process of classifying finger images according to finger image patterns. This predominantly takes place in law enforcement applications. Here finger Searches can be made against particular bins, thus speeding up the response time and accuracy of the AFIS search.

The process of classifying the biometric data from fingerprints according to finger image characteristics such as arches, loops and whorls. Images are held in smaller, separate databases (or bins) accordingly, thus speeding up the response time and accuracy of the AFIS search. This is a specialised technique used by some AFIS vendors, predominantly in law enforcement applications, and (hence) the term is particularly used in conjunction with these systems. Compare: filtering.

- biometric adj. & n.

ISO/IEC 2382-8:1998

(adj.) Pertaining to the use of specific attributes that reflect unique personal characteristics, such as a fingerprint, an eye blood-vessel print, or a voice print, to validate the identity of a person.

JTC 1/SC 37 (2006⇒2008)

(adj.) Of or having to do with biometrics

Note: The use of biometric as a noun, to mean for example biometric characteristic or biometric modality , is deprecated.

Incorrect usage #1: ICAO resolved that face is the biometric most suited to the practicalities of travel documents.
Correct usage #1: ICAO resolved that face recognition is the biometric modality most suited to the practicalities of travel documents.
Incorrect usage #2: My face biometric was encoded in my passport. The biometric recorded in my passport is a facial image.
Correct usage #2: My facial biometric characteristics were encoded in my passport. The biometric characteristic recorded in my passport is a facial image.

Usage note: [IBG] uses biometric as a noun to mean biometric characteristic and also to mean biometric technology.

- biometric application n.

iAfB-ICSA 1999 and BEM 2002

The use to which a biometric system is put.

- biometric application decision n.

JTC 1/SC 37 (2006⇒2008)

Conclusion based on the application decision policy after consideration of one or more matching decisions, comparison scores and possibly other non-biometric data. Decision to perform an action at the application level based on the results of a biometric process.

Note1: Biometric application decisions can be made on the basis of complex policies, allowing for variable numbers of positive matching decisions involving both biometric and non-biometric data.

Note 2: A biometric verification application could allow a positive biometric application decision even if there are one or more non-matches against enrolled biometric references.

Example: A biometric application decision could be “accept claim”.

- biometric applicant (n.)

JTC 1/SC 37 (2008)

Individual seeking to be enrolled in a biometric enrolment database.

Note: Biometric applicant may or may not already be enrolled.

See also: applicant.

- biometric authentication n.

RFC 2828 (2000)

(I) A method of generating authentication information for a person by digitizing measurements of a physical characteristic, such as a fingerprint, a hand shape, a retina pattern, a speech pattern (voiceprint), or handwriting.

But there is more to authentication than generating the authentication information! A better definition might be —

An authentication process using authentication information generated by digitizing measurements of a biometric characteristic.

JTC 1/SC 37 (2006⇒2008)

authentication

Note 1: Use of this term as a synonym for “biometric verification or biometric identification” is deprecated; the term biometric recognition is preferred.

Note 2: This term has been used in biometrics as a synonym primarily for: biometric verification application, biometric verification function, but also as a synonym for biometric identification application and biometric identification function.

- biometric capture device n.

iAfB-ICSA 1999

biometric device

The part of a biometric system containing the sensor that captures a biometric sample from an individual.

JTC 1/SC 37 (2006⇒2008)

Device that collects a signal from a biometric characteristic and converts it to a captured biometric sample.

Note 1: A signal can be generated by the biometric characteristic or generated elsewhere and affected by the biometric characteristic, for example, face illuminated by incident light.

Note 2: A device can be any piece of hardware (and supporting software and firmware).

Note 3: A biometric capture device may comprise components such an illumination source, one or more biometric sensors, etc.

- biometric capture process n.

iAfB-ICSA 1999

capture

The method of taking a biometric sample from the end user.

live capture

The process of capturing a biometric sample by an interaction between an end user and a biometric system.

BEM 2002

capture

The process of taking a biometric sample via a sensor from a user.

NIST IR 7298 (2006)

FIPS 201

capture

The method of taking a biometric sample from an end user.

This is taken verbatim from iAfB-ICSA 1999 (above).

JTC 1/SC 37 (2006⇒2008)

Process of collecting or attempting to collect a signal signals from a biometric characteristic and converting it them to a captured biometric sample.

Note 1 : A signal can be generated by the biometric characteristic or generated elsewhere and affected by the biometric characteristic. For example, face illuminated by incident light.

Note 2: Each signal collected could stem from a different presentation.

Note 3: The biometric capture process may involve a single biometric capture device. In other systems the capture may be distributed over time and space in such a way that there is no single definable biometric capture device.

SCA ISCTAG (2007)

capture

The method of taking a biometric sample from an end user.

This is taken verbatim from iAfB-ICSA 1999 (above).

- biometric capture subject n.

JTC 1/SC 37 (2006⇒2008)

Individual who is the subject of a biometric capture process.

Note: The subject remains a biometric capture subject only during the biometric capture process.

- biometric capture subsystem n.

JTC 1/SC 37 (2006⇒2008) - 3.2.4.3.2

Components Biometric capture device(s) and sub-processes required to execute a biometric capture process.

Note: A biometric capture subsystem can consist of only a single biometric capture device.

Example: In some systems, converting a signal from a biometric characteristic to a biometric sample may include multiple components such as a camera, photographic paper, printer, digital scanner, ink and paper.

- biometric characteristic n.

While JTC 1/SC 37 deprecates biometric as a synonym for biometric characteristic, many glossaries still use it with that sense.

iAfB-ICSA 1999

biometric

A measurable, physical characteristic or personal behavioural trait used to recognise the identity, or verify the claimed identity, of an enrolee.

Related definitions:

behavioural biometric – A biometric which is characterised by a behavioural trait that is learnt and acquired over time rather than a physiological characteristic. However, physiological elements may influence the monitored behaviour.
physical biometric, physiological biometric – A biometric which is characterised by a physical characteristic rather than a behavioural trait. However, behavioural elements may influence the biometric sample captured.

BEM 2002

biometric

A measurable physical characteristic or personal behavioural trait used to recognise the identity of an enrolee or verify the claimed identity.

Related definitions:

behavioural biometric – A biometric which is characterised by a behavioural trait that is learned and acquired over time, e.g. a signature.
physical biometric, physiological biometric – A biometric which is characterised by a physical characteristic.

NIST IR 7298 (2006)

SP 800-32

biometric

A physical or behavioral characteristic of a human being.

FIPS 201

A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an applicant. Facial images, fingerprints, and handwriting samples are all examples of biometrics.

JTC 1/SC 37 (2006⇒2008)

biometric characteristic; biometric (deprecated).

Biological and behavioural characteristic of an individual that can be detected and from which distinguishing, repeatable biometric features can be extracted for the purpose of automated recognition of individuals.

Note 1: Biological and behavioural characteristics are physical properties of body parts, physiological and behavioural processes created by the body and combinations of any of these.

Note 2: Distinguishing does not necessarily imply individualization.

Example: Examples of biometric characteristics are: Galton ridge structure, face topography, facial skin texture, hand topography, finger topography, iris structure, vein structure of the hand, ridge structure of the palm, retinal pattern, handwritten signature dynamics, etc.

SCA ISCTAG (2007)

biometric

A measurable, physical characteristic or personal behavioral trait used to recognize the identity, or verify the claimed identity, of an individual. Facial images, fingerprints, and iris scan samples are all examples of biometrics.

A measurable physiological or behavioral trait of a living person, especially one that can be used in to determine or to verify the identity of a person in criminal forensics or access control. Also called: biometric trait.

Biometric characteristics are categorized as follows:

biological biometric characteristic (also called physical biometric characteristic, physiological biometric characteristic , static biometric characteristic): A biometric characteristic based on data derived from measurement of a part of a person’s anatomy.
behavioral biometric characteristic (also called dynamic biometric characteristic): A biometric characteristic based on data derived from measurements of an action performed by a person and, distinctively, incorporating time as a metric – i.e., the measured action has a beginning, middle, and end.

Biological biometric characteristics	Behavioral biometric characteristics
Common: Fingerprint or Galton ridge structure Face topography, face topology or face structure Iris structure or iris pattern Hand topography, hand topology or hand geometry Vein structure or vein-tree – pattern of blood vessels in the palm, the back of hand or a finger	Common: Voice recognition – sometimes called speaker verification, not to be confused with speech recognition Signature dynamics Typing rhythm or keystroke dynamics
Uncommon: Retina structure – well established, but not widely used – pattern of blood vessels Palm print – forensic use only DNA Ear shape Odour – human scent Finger geometry – shape and structure of finger or fingers Nailbed – ridges in fingernails	Uncommon: Gait – manner of walking

[IBG] notes that the biological/behavioral distinction is slightly artificial; this is also implied in the JTC 1/SC 27 definition. A person’s behavioral biometric characteristics are derived in part from biology: their voice depends on the shape of the vocal chords, their signature on the dexterity of hands and fingers. Some biological biometric characteristics – face, for example – might be changed by the person’s behavior. A person’s behaviour can also effect the biometric capture process: the manner in which a user presents a finger or looks at a camera will have an effect on the captured biometric sample and on other biometric data derived from this.

Characteristic	Capure device	Sample	Feature(s) extracted
fingerprint	desktop peripheral, PCMCIA card, mouse, chip or reader embedded in keyboard	fingerprint image (optical, silicon, ultrasound, or touchless)	location and direction of ridge endings and bifurcations on fingerprint, minutiae
voice recognition	microphone, telephone	voice recording	frequency, cadence, and duration of vocal pattern
face topography	video camera, PC camera, single-image camera	facial image (optical or thermal)	relative position and shape of nose, position of cheekbones
iris structure	infrared-enabled video camera, PC camera	black-and-white iris image	furrows and striations in iris
retina structure	proprietary desktop or wall-mountable unit	retina image	blood vessel patterns on retina
hand topography	proprietary wall-mounted unit	3-D image of top and sides of hand	height and width of bones and joints in hands and fingers
signature dynamics	signature tablet, motion-sensitive stylus	image of signature and record of related dynamics measurements	speed, stroke order, pressure, and appearance of signature
typing rhythm	keyboard or keypad	recording of characters typed and record of related dynamics measurements	keyed sequence, duration between characters

- biometric claim n.

iAfB-ICSA 1999

claim of identity

When a biometric sample is submitted to a biometric system to verify a claimed identity.

In biometric verification, a claim of identity is made before the submission of a biometric sample to verify that claim. (In biometric identification, no claim of identity is made!) (See: biometric authentication.)

JTC 1/SC 37 (2006⇒2008)

Assertion Claim that an individual biometric capture subject is or is not the source of a specified or unspecified biometric reference in a biometric enrolment database.

Note 1: A biometric claim came be made by any user of the biometric system.

Note 2: The phrase claim of identity is often used to label this concept.

Note 3: Claims may be: positive – i.e., that the individual/source biometric capture subject is enrolled; negative – i.e., that the individual/source biometric capture subject is not enrolled, specific – i.e., that the individual/source biometric capture subject is or is not enrolled as a specified biometric enrollee; or non-specific – i.e., that the individual/source biometric capture subject is or is not among the set or subset of biometric enrollees.

Note 4: Biometric claims can be made in the 1st, 2nd or 3rd person. are not necessarily made by the biometric capture subject.

Note 5: The biometric reference could be on a database, card or distributed throughout a network.

Note 6: The biometric claim must fall within the biometric system boundary.

- biometric data n.

iAfB-ICSA 1999

The information extracted from the biometric sample and used either to build a reference template (template data) or to compare against a previously created reference template (comparison data). [≡ biometric feature.]

BEM 2002

Extracted information taken from a biometric sample and used either to build a reference template or enrolment, or to compare against a previously created reference template. [≡ biometric feature.]

IBG

The identifiable, unprocessed image or recording of a physiological or behavioral characteristic, acquired during submission, used to generate biometric templates. [≡ biometric sample.]

NIST IR 7298 (2006)

FIPS 201

biometric information

The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g. patterns).

JTC 1/SC 37 (2006⇒2008)

Biometric sample or aggregation of biometric samples at any stage of processing, biometric reference, biometric feature or biometric property.

Note: Biometric data need not be attributable to a specific individual, i.e. Universal Background Models.

SCA ISCTAG (2007)

biometric data

Data encoding a feature or features used in biometric verification. [≡ biometric feature.]

biometric information

The stored electronic information pertaining to a biometric. This information can be in terms of raw or compressed pixels or in terms of some characteristic (e.g., patterns).

- Biometric Data Block (BDB) n.

JTC 1/SC 37 (2006⇒2008)

Block of data with a defined format that contains one or more biometric samples or biometric templates.

Note: Definition according to CBEFF.

- biometric data record n.

JTC 1/SC 37 (2008)

Data record containing biometric data.

- biometric data subject n.

JTC 1/SC 37 (2006⇒2008)

Individual whose individualized biometric data is within the biometric system.

Note: The intent of the word individualized is to distinguish biometric data subjects from those whose aggregated data was used in the creation of the biometric recognition algorithm. Examples of individuals contributing biometric data who are not biometric data subjects include those who contributed to a Universal Background Model in speaker recognition systems, or who contributed to the creation of an eigenface basis set in a facial recognition system.

- biometric database n.

JTC 1/SC 37 (2008)

Database of biometric data record(s).

- biometric device n.

See: biometric capture device.

- biometric engine n.

iAfB-ICSA 1999

The software element of the biometric system which processes biometric data during the stages of enrolment and capture, extraction, comparison and matching.

- biometric enrolee, - biometric enrollee n.

See: enrolee.

- biometric enrollment data record, - biometric enrolment data record n.

JTC 1/SC 37 (2008)

biometric enrolment data record

Data record, created upon enrolment, associated with a attributed to the biometric data subject and including biometric reference(s) and typically non-biometric data.

Note 1: An enrolment data record may include non-biometric data.

Note 2: The attribution need not be explicit in the data record.

- biometric enrollment database, - biometric enrolment database n.

JTC 1/SC 37 (2008)

Database of biometric enrolment data record(s).

Note: A biometric enrolment data record contains a biometric reference(s). A database of biometric data not usable as biometric references is a biometric database, but not a biometric enrolment database.

- biometric evaluation methodology (BEM) n.

BEM 2002

A document (and methodology!) that “specifically addresses biometric technology evaluations under the Common Criteria (CC), and is for the benefit of IT Security Evaluation Facilities (ITSEFs) in the international CC Recognition Arrangement community. It has been produced by the Biometric Evaluation Methodology Working Group (BEM WG) and originates from earlier work documented in Biometric Technology Security Evaluation under the Common Criteria, Version 1.2, September 2001 (CSE, Canada) [PDF].”

See: Common Criteria – Common Methodology for Information Technology Security Evaluation – Biometric Evaluation Methodology Supplement (2002) [PDF] externalLink

- biometric feature n.

BEM 2002

A representation from a biometric sample extracted by the extraction system.

JTC 1/SC 37 (2006⇒2008)

Output of a completed biometric feature extraction process. Numbers or labels extracted from biometric samples and used for comparison.

Note 1: Biometric features are the output of a completed biometric feature extraction process.

Note 1: Note 2: The use of this term should be consistent with its use by the pattern recognition and mathematics communities.

Note 2: An uncompleted biometric feature extraction process might be an error message or a NULL vector.

Note 3: A biometric feature set can also be considered a processed biometric sample.

- biometric feature extraction n.

iAfB-ICSA 1999

extraction

feature extraction

The process of converting a captured biometric sample into biometric data so that it can be compared to a reference template.

IBG

feature extraction

The automated process of locating and encoding distinctive characteristics from a biometric sample in order to generate a template. The feature extraction process may include various degrees of image or sample processing in order to locate a sufficient amount of accurate data. For example, voice-scan technologies can filter out certain frequencies and patterns, and finger-scan technologies can thin the ridges present in a fingerprint image to the width of a single pixel. Furthermore, if the sample provided is inadequate to perform feature extraction, the biometric system will generally instruct the user to provide another sample, often with some type of advice or feedback. The manner in which biometric systems extract features is a closely guarded secret, and varies from vendor to vendor.

JTC 1/SC 37 (2006⇒2008)

biometric feature extraction process

Algorithm Process applied to a biometric sample with the intent of isolating and outputting repeatable and distinctive numbers or labels which can be compared to those extracted from other biometric samples

Note 1: Filters applied to biometric samples are not themselves biometric features, however the output of the filter applied to these samples may be. Therefore, for example, eigenfaces are not biometric features.

Note 2: Repeatable implies low variation between outputs generated from biometric samples of the same individual biometric data subject.

Note 3: Distinctive implies high variation between outputs generated from biometric samples of different individuals biometric data subjects.

Note 4: Biometric feature extraction may generate an error message or a NULL vector.

- biometric identification n.

iAfB-ICSA 1999

identification n., identify vb.

The one-to-many process of comparing a submitted biometric sample against all of the biometric reference templates on file to determine whether it matches any of the templates and, if so, the identity of the enrolee whose template was matched. The biometric system using the one-to-many approach is seeking to find an identity amongst a database rather than verify a claimed identity. Contrast with verification .

Note: It is the biometric features derived from the sample, not the sample itself, that is directly compared with the biometric template.

BEM 2002

identification

The process of using a submitted biometric sample for comparison against a template to match a user to a known enrolee. (Normally used only in one-to-many systems.)

IBG

The process of determining a person’s identity by performing matches against multiple biometric templates [a 1:N or one-to-many matching].

JTC 1/SC 37 (2006⇒2008)

biometric identification (biometric system function)

Biometric system function that performs a one-to-many search to obtain a candidate list. Process of identifying.

Example: BioAPI_IdentifyMatch.

Note: A biometric identification function may be used to verify a claim of enrolment in an enrolment database without a specified biometric reference identifier. The term “identifying”, in the above definition, refers to identify (biometrics).

Biometric “identification” effectively combines identification and authentication in a seamless, single-step process: when a match is found the process has determined (“claimed”) and implicitly verified the user’s identity. Even though the term biometric identification is preferred in the biometrics industry it should perhaps be deprecated in the context of access control as it overlooks the crucial authentication step. An unambiguous alternative is sadly lacking, however.

- biometric identification device n.

iAfB-ICSA 1999

The preferred term is biometric system.

- Biometric Identification Record (BIR) n.

BEM 2002

A BIR includes the reference template and other data associated with the user.

- biometric identification system n.

BEM 2002

identification system

Identification systems, where the user makes no explicit claim to identity, may be compared to verification systems. Without a claimed identity, the biometric system does a one-to-many process of comparison against all enrolees in its database.

IBG

identification system

Identification systems are designed to determine identity based solely on biometric information.

There are two types of identification systems:

A positive identification system is designed to find a match for a user’ s biometric information in a database of biometric information. Positive identification answers the “Who am I?”, although the response is not necessarily a name – it could be an employee ID or another unique identifier. A typical positive identification system would be a prison release program where users do not enter an ID number or use a card, but simply look at a iris capture device and are identified from an inmate database.
A negative identification system searches a database in the same fashion, comparing one template against many, but is designed to ensure that a person is not present in a database. This prevents people from enrolling twice in a system, and is often used in large-scale public benefits programs in which users enroll multiple times to gain benefits under different names.

Not all identification systems are based on determining a username or ID. Some systems are designed determine if a user is a member of a particular category. For instance, an airport may have a database of known terrorists with no knowledge of their actual identities. In this case the system would return a match, but no knowledge of the person’s identity is involved.

JTC 1/SC 37 (2006⇒2008)

biometric identification application system

System which contains an open-set or closed-set identification application that aims to perform biometric identification.

- biometric imposter n.

JTC 1/SC 37 (2006⇒2008)

Biometric capture subject who attempts to be incorrectly recognized by generating a false match or by bypassing a positive claim biometric system.

Notes:

A biometric impostor can bypass a biometric system through any form of social engineering (bribery, for example).
A genuine user, wrongly recognized as someone else, is not a biometric impostor.

- biometric information n.

See: biometric data.

- Biometric Information Record (BIR) n.

JTC 1/SC 37 (2006⇒2008)

Data structure containing one or more BDBs together with information identifying the BDB formats, and possibly further information such as whether the BDB is encrypted.

Note: Definition according to CBEFF.

- biometric instance n.

JTC 1/SC 37 (2008)

Biometric sample or biometric feature set.

Note: This term is used in ISO/IEC 19794 biometric data interchange format standards for labelling a sub-record in a biometric data record.

- biometric match comparison trial n.

JTC 1/SC 37 (2008)

(previously referred to as genuine trial)

Comparison of a biometric sample and a biometric reference from the same biometric data subject and the same biometric characteristic as part of a performance test.

Note: Biometric match comparison trials do not fully model the case where a biometric capture subject is trying not to be recognized.

Compare: biometric non-match comparison trial.

- biometric model n.

JTC 1/SC 37 (2006⇒2008)

Stored function (dependent on the individual biometric data subject ) generated from a biometric feature(s).

Note 1: Comparison applies the function to the biometric features of a recognition biometric sample to give a comparison score.

Note 2: The function may be determined through training.

Note 3: A biometric model may involve intermediate processing similar to biometric feature extraction.

Example: Examples for the stored function could be a hidden Markov model externalLink

, Gaussian mixture model externalLink

or Artificial Neural Networks.

- biometric non-match comparison trial n.

JTC 1/SC 37 (2008)

(previously referred to as impostor trial)

Comparison of a biometric sample and a biometric reference from different biometric data subjects as part of a performance test.

Note 1: If a comparison decision of “match” for a probe biometric sample and a biometric reference from different biometric characteristics of the same biometric data subject is considered to be a false match then the biometric non-match comparison trials would also include such comparisons.

Note 2: Biometric non-match comparison trials do not fully model biometric impostor trials.

Note 3: A biometric non-match comparison trial need not contain all possible comparisons of biometric samples and biometric references from different biometric capture subject characteristics.

Compare: biometric match comparison trial.

- biometric probe n.

JTC 1/SC 37 (2008)

Biometric data input to an algorithm for comparison to a biometric reference(s).

Note: The term “comparison” refers to comparison in the biometric sense.

- biometric property n.

JTC 1/SC 37 (2006⇒2008)

Descriptive attributes of the biometric data subject estimated or derived from the biometric sample.

Example: Fingerprints can be classified by the biometric properties of ridge-flow, i.e. arch, whorl, and loop types; in the case of facial recognition, this could be estimates of age or gender.

- biometric recognition n.

See: biometrics.

- biometric reference n.

JTC 1/SC 37 (2006⇒2008)

One or more stored biometric samples, biometric templates or biometric models attributed to a biometric data subject and used for comparison.

Example: Face image on a passport; fingerprint minutiae template on a National ID card; Gaussian mixture model externalLink

, for speaker recognition, in a database.

Note: A biometric reference may be created with implicit or explicit use of auxiliary data, such as Universal Background Models.

SCA ISCTAG (2007)

biometric reference data

Data stored on the card for the purpose of comparison with the biometric verification data.

- biometric reference adaptation n.

JTC 1/SC 37 (2006⇒2008)

Automatic incremental updating of a biometric reference to mitigate performance degradation.

Note: For example, degradation may be from minor changes in the biometric characteristic, channel or sensor.

- biometric reference identifier n.

JTC 1/SC 37 (2006⇒2008)

Pointer to a biometric reference in the biometric enrolment database.

- biometric sample n.

Also called: sample.

iAfB-ICSA 1999

Raw data representing a biometric characteristic of an end-user as captured by a biometric system (for example the image of a fingerprint).

Even though the AfB-ICSA definition is very clear, many of their other definitions use biometric sample where biometric feature (set) should have been used.

BEM 2002

A biometric measure presented by the user and captured by the data collection system.

JTC 1/SC 37 (2006⇒2008)

Analog or digital representation of biometric characteristics prior to biometric feature extraction process and obtained from a biometric capture device or biometric capture subsystem.

Note: A biometric capture device is a biometric capture subsystem with a single component.

- biometric search n.

JTC 1/SC 37 (2008) – 3.2.4.1.2

Examine a biometric enrolment database against a probe biometric sample to return either a candidate list or a comparison decision that the probe biometric sample does or does not match with one or more biometric reference(s).

Note 1: Output of the candidate list or the comparison decision implies implementation of a policy.

Note 2: The biometric enrolment database need not contain multiple biometric data subjects.

- biometric system n.

iAfB-ICSA 1999

An automated system capable of:

capturing a biometric sample from an end user;
extracting biometric data from that sample;
comparing the biometric data with that contained in one or more reference templates;
deciding how well they match; and
indicating whether or not an identification or verification of identity has been achieved.

BEM 2002

An automated system capable of: capturing a biometric sample from an end user; extracting biometric data from the sample; comparing the biometric data with one or more reference templates; deciding on how well they match; and indicating whether or not an identification or verification of identity has been achieved.

Note that in CC evaluation terms, a biometric system may be a product or may be (part of) a system for evaluation.

IBG

The integrated biometric hardware and software used to conduct biometric identification or verification (see: (secondary definitions under) biometric authentication).

NIST IR 7298 (2006)

FIPS 201

An automated system capable of:

capturing a biometric sample from an end user;
extracting biometric data from that sample;
comparing the biometric data with that contained in one or more reference templates;
deciding how well they match; and
indicating whether or not an identification or verification of identity has been achieved.

This is taken verbatim from iAfB-ICSA 1999 (above).

JTC 1/SC 37 (2006⇒2008)

System for the purpose of the automated recognition of individuals based on their behavioural and biological characteristics.

SCA ISCTAG (2007)

An automated system capable of the following:

Capturing a biometric sample from an end user
Extracting biometric data from that sample
Comparing the extracted biometric data with data contained in one or more references
Deciding how well they match
Indicating whether or not an identification or verification of identity has been achieved

This is taken almost verbatim from iAfB-ICSA 1999 (above).

The components of a generalized biometric system, following JTC 1/SC 37 (2008). Terms not in italic link to entries in this glossary.

- biometric system operator n.

JTC 1/SC 37 (2006⇒2008)

Person(s) who executes policies and procedures in the administration of a biometric system.

- biometric system owner n.

JTC 1/SC 37 (2006⇒2008)

Person(s) with overall accountability for the acquisition, implementation and operation of the biometric system.

- biometric taxonomy n.

iAfB-ICSA 1999

A method of classifying biometrics. For example, San Jose State University’s (SJSU) biometric taxonomy uses partitions to classify the role of biometrics within a given biometric application. Thus an application may be classified as:

cooperative vs. non-cooperative user
overt vs. covert biometric system
habituated vs. non-habituated user
supervised vs. unsupervised user
standard environment vs. non standard environment

Cooperative refers to a willing end user participating in a biometric application. Overt refers to an undisguised and candid use of a biometric system. Habituated means that an end user is familiar with the workings of the biometric system and application. Supervised means that trained personnel guide an end user through the biometric application. Standard environment refers to unchanging and non-volatile surroundings and climate.

- biometric technology n.

iAfB-ICSA 1999

A classification of a biometric system by the type of biometric.

IBG — biometric

One of various technologies that utilize behavioral or physiological characteristics to determine or verify identity. “Finger-scan is a commonly used biometric.” Plural form also acceptable: “Retina-scan and iris-scan are eye-based biometrics.”

- biometric template n.

iAfB-ICSA 1999

template, reference template

Data which represents the biometric measurement of an enrolee used by a biometric system for comparison against subsequently submitted biometric samples.

It is the biometric features derived from the sample, not the sample itself, that is directly compared with the biometric template. Also, biometric measurement must imply the process of feature extraction that derives the biometric data used to create the template.

BEM 2002

template

A user’s stored reference measure based on biometric feature(s) extracted from biometric sample(s).

NIST IR 7298 (2006)

FIPS 201

A characteristic of biometric information (e.g. minutiae or patterns).

FIPS 201

template

A biometric image data record.

JTC 1/SC 37 (2006⇒2008)

biometric template
reference biometric feature set

Set of stored biometric features comparable directly to biometric features of a recognition biometric sample.

Note 1: A biometric reference consisting of an image, or other captured biometric sample, in its original, enhanced or compressed form, is not a biometric template.

Note 2: The biometric features are not considered to be a biometric template unless they are stored for reference.

SCA ISCTAG (2007)

biometric template

The formatted digital record used to store an individual’s biometric attributes. This record typically is a translation of the individual’s biometric attributes and is created using a specific algorithm.

template

Biometric data after it has been processed from its original representation (using a biometric feature extraction algorithm) into a form that can be used for automated matching purposes (using a biometric matching algorithm). Biometric data stored in a template format cannot be reconstructed into the original output image.

- biometric trait n.

A synonym for a biometric characteristic.

- biometric verification n.

iAfB-ICSA 1999

verification

The process of comparing a submitted biometric sample against the biometric reference template of a single enrolee whose identity is being claimed, to determine whether it matches the enrolee’s template. Contrast with identification.

Note: It is the biometric data derived from the sample, not the sample itself, that is directly compared with the (reference) template.

Related definitions:

authentication – The preferred biometric term is verification.
one-to-one – Synonym for verification.

BEM 2002

verification

The process of using a submitted biometric sample for comparison against a template to match a user to a known enrolee. (Normally used only in one-to-one systems, where the user may also have to specify a user name and/or password or PIN.

IBG

The process of establishing the validity of a claimed identity by comparing a verification template to an enrollment template [a 1:1 or one-to-one matching]. Verification requires that an identity be claimed, after which the individual’s enrollment template is located and compared with the verification template. Verification answers the question, ‘Am I who I claim to be?’ Some verification systems perform very limited searches against multiple enrollee records. For example, a user with three enrolled finger-scan templates may be able to place any of the three fingers to verify, and the system performs 1:1 matches against the user’s enrolled templates until a match is found.

JTC 1/SC 37 (2006⇒2008)

biometric verification (biometric system function); authentication (deprecated), positive identification (deprecated)

Biometric system function that performs a one-to-one comparison. Process of verifying.

Example: BioAPI_VerifyMatch

Note: A biometric identification application can use an exhaustive series of verification function calls. The term “verifying”, in the above definition, refers to verify (biometrics).

SCA ISCTAG (2007)

The process of verifying, using a one-to-one comparison, the biometric verification data against biometric reference data.

In the context of access control, biometric verification is pure authentication – it explicitly verifies a claimed identity.

- biometric verification system n.

BEM 2002

verification system

Verification systems, where the user explicitly claims an identity, may be compared to identification systems. [???]

JTC 1/SC 37 (2006⇒2008)

biometric verification system

System that performs biometric verification.

biometric verification (biometric application)

Application that shows true or false a claim about the similarity of biometric reference(s) and recognition biometric sample(s) by making a comparison(s).

Example: Establishing the truth of any of the claims “I am enrolled as subject X”, “I am enrolled in the database as an administrator”, “I am not enrolled in the database”, may be considered verification.

Note: A claim of enrolment in a database without declaring a specific biometric reference identifier may be verified by exhaustive search.

- biometrics n.

IBG

“The automated use of physiological or behavioral characteristics to determine or verify identity.”

JTC 1/SC 37 (2006⇒2008)

biometrics, biometric recognition

Automated recognition of individuals based on their behavioural and biological characteristics.

Note 1 : “Individual” is restricted in scope by SC37 to humans.

Note 2: The general meaning of biometrics encompasses counting, measuring and statistical analysis of any kind of data in the biological sciences including the relevant medical sciences.

NIST SP 800-63-1 DRAFT (2008)

Automated recognition of individuals based on their behavioral and biological characteristics. In this document, biometrics may be used to unlock authentication tokens and prevent repudiation of registration.

- BIR n.

See: Biometric Identification Record.

- bit n.

RFC 2828 (2000)

(I) The smallest unit of information storage; a contraction of the term binary digit; one of two symbols – 0 (zero) and 1 (one) – that are used to represent binary numbers.

IAEG LIAF (2008)

A binary digit: 0 or 1

NIST SP 800-63-1 DRAFT (2008)

A binary digit: 0 or 1.

- BLACK n.

RFC 2828 (2000)

(I) Designation for information system equipment or facilities that handle (and for data that contains) only ciphertext (or, depending on the context, only unclassified information), and for such data itself. This term derives from U.S. Government COMSEC terminology. (See: RED, RED/BLACK separation.)

- blended attack n.

NIST IR 7298 (2006)

SP 800-61

Malicious code that uses multiple methods to spread.

- block n.

SC 27 SD 6 (2002)

ISO/IEC FDIS 9797-2 (09/2000), ISO/IEC CD 10118-3 (11/2001)

A bit-string of length L₁, i.e., the length of the first input to the round-function.

ISO/IEC 10118-4: 1998

A string of bits of length L_ɸ, which shall be an integer multiple of 16.

ISO/IEC 9797-1: 1999

A bit-string of length n.

ISO/IEC WD 18033-1 (12/2001)

String of bits of defined length.

NIST IR 7298 (2006)

FIPS 197

Sequence of binary bits that comprise the input, output, state, and round key. The length of a sequence is the number of bits it contains. Blocks are also interpreted as arrays of bytes.

- block chaining n.

SC 27 SD 6 (2002)

ISO 8372: 1987

The encipherment of information such that each block of ciphertext is cryptographically dependent upon the preceding ciphertext block.

ISO/IEC CD 10116 (12/2001)

The encipherment of information such that each block of ciphertext is cryptographically dependent upon a preceding ciphertext block.

- block cipher n.

RFC 2828 (2000)

(I) An encryption algorithm that breaks plaintext into fixed-size segments and uses the same key to transform each plaintext segment into a fixed-size segment of ciphertext. (See: mode, stream cipher.)

(C) For example, Blowfish, DEA, IDEA, RC2, and SKIPJACK. However, a block cipher can be adapted to have a different external interface, such as that of a stream cipher, by using a mode of operation to “package” the basic algorithm.

SC 27 SD 6 (2002)

ISO/IEC WD 18033-1 (02/2001)

Symmetric encryption algorithm with the property that the encryption process operates on a block of plaintext, i.e. a string of bits of a specified length, to yield a ciphertext block.

NIST IR 7298 (2006)

SP 800-90

A symmetric key cryptographic algorithm that transforms a block of information at a time using a cryptographic key. For a block cipher algorithm, the length of the input block is the same as the length of the output block.

SP 800-67

block cipher algorithm

A family of functions and their inverses that is parameterized by a cryptographic key; the function maps bit strings of a fixed length to bit strings of the same length.

- block cipher algorithm n.

See: block cipher.

- block cipher key n.

SC 27 SD 6 (2002)

ISO/IEC 9797-1: 1999

A key that controls the operation of a block cipher.

- Blowfish n.

RFC 2828 (2000)

(N) A symmetric block cipher with variable-length key (32 to 448 bits) designed in 1993 by Bruce Schneier as an unpatented, license-free, royalty-free replacement for DES or IDEA. [Schn]

- booking n.

iAfB-ICSA 1999

The process of capturing inked finger images on paper, for subsequent processing by an AFIS.

- boot sector virus n.

NIST IR 7298 (2006)

SP 800-61

A virus that plants itself in a system’s boot sector and infects the master boot record.

- boundary protection n.

NIST IR 7298 (2006)

SP 800-53 Rev 1

Monitoring and control of communications at the external boundary between information systems completely under the management and control of the organization and information systems not completely under the management and control of the organization, and at key internal boundaries between information systems completely under the management and control of the organization, to prevent and detect malicious and other unauthorized communication, employing controlled interfaces (e.g., proxies, gateways, routers, firewalls, encrypted tunnels).

- boundary router n.

NIST IR 7298 (2006)

SP 800-41

A boundary router is located at the organization’s boundary to an external network.

- brand n.

The originals sources of these definitions may be protected by copyright. The definitions are republished here for review and commentary.
Copyleft & Creative Commons (cc) 2000–2008 Ant: This XHTML encoding and antnotations are dual-licensed under both ―
	The GNU Free Documentation License	A Creative Commons Attribution-Noncommercial-Share Alike 3.0 License
	http://homepage.mac.com/antallan/gistb.html	Last updated Thursday 11 December 2008

Ant’s HomePage ⇧ Security Matters ⇧ GIST ⇧ B

GIST v0.7 ― B “back channel” to “byte”

B

Ant’s HomePage
⇧ Security Matters
⇧ GIST
⇧ B

GIST v0.7 ― B
“back channel” to “byte”