Glossary of biometric terms¶
A short reference for terminology that recurs throughout the wiki. Definitions follow common usage in NIST and ISO/IEC standards; see Standards and frameworks for the source documents.
Core matching metrics¶
- FMR — False Match Rate
- The rate at which a system accepts impostor comparisons (someone who is not the claimed identity is matched as if they were). Same idea as FAR ("False Accept Rate") in older literature; FMR is the term used by ISO/IEC 19795-1 and NIST.
- FNMR — False Non-Match Rate
- The rate at which a system rejects genuine comparisons (the real user is incorrectly told "no match"). Same idea as FRR ("False Reject Rate") in older literature.
- EER — Equal Error Rate
- The threshold-independent operating point at which FMR equals FNMR. Useful as a single comparison number, but real systems are rarely operated at the EER — production thresholds are picked from the FMR/FNMR trade-off curve.
- GAR — Genuine Accept Rate
1 − FNMRat a given threshold. Often quoted at a fixed FMR (for example, "GAR at FMR = 1/10,000").- DET / ROC curve
- Plots that visualize the FMR/FNMR (or TPR/FPR) trade-off across all decision thresholds. DET is favored in biometrics literature because it spreads out low-error regions on a normal-deviate scale.
- d-prime
- A scalar separability measure between genuine and impostor score distributions. Higher is better; mostly useful for comparing candidate systems before picking an operating point.
Templates, embeddings, and storage¶
- Template
- The compact representation a biometric system stores per enrolled identity. Modern templates are typically a fixed-length numeric vector ("embedding") rather than a raw image. See Privacy-Preserving Biometrics.
- Embedding
- A learned, fixed-dimensional vector (often 128–2048 floats) where geometric distance corresponds to identity similarity. Common losses: ArcFace, CosFace, triplet, contrastive.
- Cancelable biometric
- A template that has been irreversibly transformed (typically with a per-user or per-tenant key) so that it can be revoked and replaced if compromised — without re-enrolling the user from scratch. Contrast with classical "raw" templates.
- Template protection
- Umbrella term for techniques that prevent stored templates from being inverted back to a usable biometric sample. Includes cancelable biometrics, fuzzy commitment, fuzzy vault, homomorphic encryption, and secure-enclave-bound storage.
Liveness and attack categories¶
- PAD — Presentation Attack Detection
- Anything that detects an attempt to fool a sensor with a non-live artifact: photo, video replay, printed mask, silicone finger, recorded voice, etc. ISO/IEC 30107-3 defines how PAD performance is measured and reported.
- Liveness
- Often used as a synonym for PAD in marketing copy. Strictly, liveness is the evidence that the captured signal came from a live human; PAD is the system that decides on that evidence.
- Active vs. passive liveness
- Active asks the user to do something (turn head, blink, read a word). Passive infers liveness from one or a few normal capture frames. Both have spoof failure modes; many systems combine them.
- Injection attack
- An attack that bypasses the camera or microphone entirely — feeding a synthetic image or audio stream directly into the capture pipeline. Defenses live at the platform / device attestation layer, not just in the model.
Identity assurance and policy¶
- AAL — Authenticator Assurance Level
- NIST SP 800-63B's three-tier scale (AAL1 < AAL2 < AAL3) for how much confidence an authentication event provides. Biometrics are generally an activation factor on a hardware-bound authenticator rather than a standalone authenticator.
- MFA — Multi-Factor Authentication
- Combining factors from at least two of the three categories: something you know (memorized secret), something you have (device, key), something you are (biometric).
- Phishing-resistant MFA
- Authentication that cannot be relayed by a man-in-the-middle proxy. Typically requires cryptographic origin binding (FIDO2 / WebAuthn, PIV) plus a strong activation factor.
- Continuous re-authentication (CRA)
- Periodic, often passive, re-checking that the same human is still using a session — instead of relying on a single authentication event at sign-in. Used to extend session trust without harming user experience.
Quality and bias¶
- Image / signal quality
- A scalar (or vector of features) predicting how usable a sample is for matching, before matching is attempted. Examples: NFIQ 2 for fingerprint, FIQA for face. See Biometric Image Quality.
- Demographic differential
- A measured difference in error rates (FMR or FNMR) across demographic groups (age, sex, skin tone, language, etc.). The NIST FRVT and FATE programs publish reports on this for face and related modalities. See Bias and Fairness in Biometrics.
- Subgroup reporting
- Publishing FMR/FNMR per demographic group, not just overall. The expected practice for any modern biometric system claiming fairness.
Standards-shorthand you will see¶
| Acronym | Stands for |
|---|---|
| NIST FRVT | Face Recognition Vendor Test (NIST evaluation program) |
| NIST IREX | Iris Exchange (NIST iris evaluation program) |
| ISO/IEC 30107-3 | PAD reporting requirements |
| ISO/IEC 19795-1 | Biometric performance testing & reporting |
| ISO/IEC 19794 / 39794 | Biometric data interchange formats |
| NIST SP 800-63B | Digital identity guidelines (AAL, biometric usage) |
| FIDO2 / WebAuthn | Phishing-resistant cryptographic authentication |
For each of these, see Standards and frameworks for links and a short explanation of where they apply.