472008 1 BBiioommeettrriicc TTeecchhnnoollooggyy AApp.docx

4/7/2008 1
BBiioommeettrriicc TTeecchhnnoollooggyy
AApppplliiccaattiioonn MMaannuuaall
VVoolluummee 22:: AAppppllyyiinngg
BBiioommeettrriiccss [[DDrraafftt VVeerrssiioonn]]
CCoommppiilleedd aanndd PPuubblliisshheedd bbyy::
NNaattiioonnaall BBiioommeettrriicc SSeeccuurriittyy
PPrroojjeecctt
WWiinntteerr 22000088
4/7/2008 2
Biometric Technology Application Manual (BTAM)
VOLUME 2: Applying Biometrics
About the National Biometric Security Project
...................................................... 3
Abstract 4
FORWARD.............................................................................
................................ 8

Section 9 – Biometrics
Applications..................................................................... 9
Section 10 – System Requirements and Selection
................................................ 23
Section 11 – System Engineering, Integration, and
Implementation.................... 64
Section 12 – Operations and Management
........................................................... 79
Section 13 – Maintenance, Services, and Warranties
........................................... 85
Section 14 –
Training..................................................................................
.......... 88
Case Studies
Case Study A – India: Ration Card Program
....................................................... 97
Case Study B – State of Illinois: Driver
Licensing............................................ 103
Case Study E – University of Georgia: Student ID/Access
Control.................. 115
Case Study F – St. Vincent Hospital: Desktop Computer Access
..................... 118
Case Study G – Beaumont Hospital: Medical Records Security
........................ 122
Case Study H – Pinellas County Sheriff’s Office: Arrestee
Identification......... 127
Case Study I – U.A.E.: Iris Expellees Tracking and Border
Control System... 133
Appendix A – Biometric Selection/Application Checklist
................................. 138
Appendix B – Miscellaneous

Resources............................................................. 139
Appendix C – Biometric Publications
................................................................ 146
Appendix D – Education/Training Resources
.................................................... 170
Bibliography and References
.............................................................................. 173
Acknowledgements..................................................................
........................... 176
4/7/2008 3
About the National Biometric Security Project
The National Biometric Security Project (NBSP) is a tax
exempt, nonprofit 501(c)(3)
organization incorporated and headquartered in Washington,
DC. Its mission is to
enhance the practice and effectiveness of identity assurance in
government and the
private sector, through the application of biometrics, for the
purpose of deterring and
detecting terrorist and criminal attacks on the national
infrastructure. NBSP was formed
in the immediate aftermath of 9/11 and has been consistently
supported by the Congress
to enhance government-wide use of biometrics and improve the
capability of the
industrial base.

To reflect its expanded biometric application services, NBSP
recently re-established its
Test, Research and Data Center under the new name Biometric
Services International,
LLC (BSI). Located in Morgantown, West Virginia, BSI is a
wholly owned, non-profit
subsidiary of NBSP and is the only laboratory, exclusively
focused on biometrics, to
achieve the coveted ISO/IEC 17025:2005 accreditation for
testing. BSI’s biometric
application services have been expanded to address biometric
deployment considerations
such as requirements definition, articulation of program goals
and objectives,
vulnerability assessments, application impact studies, life-cycle
cost analyses and privacy
impact assessments just to name a few. NBSP BSI adds
dimension to its biometric
application services with robust Testing, Training and Research
capabilities.
BSI adds dimension to its biometric application services with
robust Testing, Training
and Research capabilities. Performance Testing assures that
biometric products under
consideration for an application will meet manufacturers’
claims and meet or exceed
published biometric performance metrics. Conformance Testing
evaluates a biometric
product’s conformance to applicable, published ISO/IEC
standards. Products that pass
the performance and the applicable conformance tests become
part of BSI’s “Qualified
Products List”, which provides potential users with an
independent source of evaluation.
Custom Testing includes, for example, vulnerability
assessments, comparative testing,

algorithm testing, sensor testing, product development tests, and
interoperability testing.
Our Introduction to Biometrics Course, Biometric Operations
Course and Biometric
Technical Training Course provide a unique three-course
curriculum. Additionally, all
students are eligible for Continuing Education Units (CEU)
upon completion of any BSI
training course. BSI conducts research into the social impacts
of biometrics, including
detailed analyses of U.S. and international privacy laws and
their effect on the use of
biometrics. A semi-annual update of all published and emerging
biometric standards is
also available as a resource to anyone interested in learning
more about standards
progress.
NBSP’s permanent staff is efficiently supplemented, as
required, by external
organizations contracted to perform substantive research and
technical work, highly
specialized and experienced consultants, and research
organizations focused on
biometrics or identity matters. These include West Virginia
University and other
academic institutions associated with the Center for
Identification Research (CITeR), as
well as other reputable U.S. and international sources.
4/7/2008 4

Abstract
About the Biometric Technology Application Manual (BTAM)
Published by the National Biometric Security Project (NBSP),
the Biometric Technology
Application Manual (BTAM) is a comprehensive reference
manual on biometric
technology applications. This reference book, in two volumes,
has been compiled for
biometric technology users and for those who are evaluating
biometrics as an enabling
technology within an integrated system or program for security
and identification
assurance. The BTAM is intended to be a rational and practical
tool for those who
specify, buy, integrate, operate, and manage biometric
technology-based systems.
The experienced biometric practitioner will see much that is
familiar in the BTAM. The
publication is not intended to provide all new (never before
published) scientific
information. Rather, it is a compilation of published and
experience-based information
designed to inform the rapidly growing community of new
users, integrators, and
designers, and assist them in their search for practical
application solutions. Hopefully, it
will prove to be the standard desktop reference on the subject of
biometrics for all levels
of interest and experience.
Generally, this manual has been compiled and is intended for

individuals and
organizations that have responsibility for protection of the civil
infrastructure and related
applications. These include, but are not limited to:
• Civil infrastructure agencies
• Other government agencies
• Private sector organizations and businesses
• Academic institutions
• International organizations, businesses, groups, and
governments
• Consultants and practitioners in biometrics
• Security and identity management administrators
There is a significant volume of valuable work on the subject of
biometrics by many
authors. The BTAM was not published to replace that body of
work, but rather to
compile some of the best of that content in an organized and
focused product with
emphasis on the user. Equally important, the objective of the
BTAM is to help solve the
issue of short shelf-life of biometrics publications in a rapidly
evolving technology base
by including a process for regular updating of each volume.
In researching and compiling the BTAM, the authors relied
heavily on secondary
research from published, public sources. For a list of the
reference materials, authors,
publications, and other sources used and referenced in this
compilation, please see
appropriate footnotes as well as the Bibliography.

4/7/2008 5
Purpose and Objectives
The BTAM is intended to assist the reader in:
• Comparing how various biometric technologies perform and
have performed in
real-world applications (both successfully and unsuccessfully),
and why.
• Providing a means to evaluate various biometric solutions
based on specific
application parameters and requirements.
• Determining where, when, and why a biometric-based solution
is a good fit, or
not.
• Supporting technology evaluation by defining the questions to
ask, identifying
other considerations that may exist, and understanding the
issues generated by the
need for interoperability.
• Answering such questions as: How do I write a requirement?

How do I evaluate
various systems? How do I integrate/apply the technology?
How do I use the
technology? What is the best technology for my application?
Summary Volume 1 – Biometrics Basics
Although the overriding purpose and objectives of the two-
volume set are similar,
Volume 1 was developed to be more of a primer on biometrics
as it presents and defines
biometrics on a fundamental level, including:
• Fundamentals of Biometrics An entire Section of Volume 1
provides an
introduction to biometrics so the reader has a basic foundation
and generic
understanding of the science behind the technology. Beginning
with the origins
of biometrics, and taking the reader through explanations of the
terminology,
elements, and performance criteria, this Section provides a solid
foundation for
those who are just learning about these technologies.
• Types of Biometric Technologies. Some biometric
technologies (or modalities)
are better known than others, but this Section presents
information about how 11
different technologies work. Presented both in text and easy
reference matrix

format, it is an important Section intended to help readers
understand why one
technology might fit their needs more than another.
• Biometric System Design. This Section presents guidance and
insight as to how
system requirements should be defined and the appropriate
performance
specifications documented. Issues such as technical
requirements, operational
capabilities, performance expectations, architectural aspects,
and other related
concepts are presented in this Section.
4/7/2008 6
• Biometrics Standards and Best Practices provides an overview
on biometrics
standards development. The development and adoption of
standards is important
for the biometrics industry to become mainstream and more
fully integrated into
our critical infrastructure. This Section provides the reader
with information as
to the current state of standards development, enabling insight
into the various
types of biometric technologies and their vendors – where they
are in terms of
complying with industry-approved standards – and explaining
why biometrics

standards are critical to integrating full-solution systems.
• Testing and Evaluation. Insight regarding testing protocols
and system
evaluation is presented in this Section. Issues such as
understanding system
performance, scalability, and usability, standards compliance,
performance
measurement and comparison, and evaluations are discussed,
providing the
reader with a very practical guide for evaluating various
biometric solutions.
• Biometric Social and Cultural Implications. This Section
presents
considerations on three key societal issues: legality, privacy,
and user acceptance.
An appreciation for these issues is critical to successfully
implementing a
biometric-based security and identification management
solution. From the
legal perspective, an understanding of U.S. law and how it
applies to the
application is just as important as understanding the laws of
foreign countries,
particularly if the application will cross international lines.
Privacy is a central
and current issue in the deployment of biometrics. Users and
detractors are
rightly concerned about “big brother” and identity theft, and
need to be certain
their personal information is adequately protected within the

systems that purport
to safeguard it from external sources. Lastly, user acceptance is
an often
overlooked, but extremely important factor in the success or
failure of a
biometric system. If users do not accept and understand the
system, they will not
use it. User education and the development of a work-around
for those who
cannot or will not use a biometric are imperative for success.
• Trends and Implications. The final Section of Volume 1
presents some key
trends and implications for biometrics in general, and sets the
stage for follow-on
information and additional detail in Volume 2.
Disclaimer
The National Biometric Security Project (NBSP) and the
Biometric Technology
Application Manual (BTAM) do not and cannot provide any
legal advice nor is the
BTAM a substitute for professional engineering design support.
The information in this
publication is for general information purposes only. None of
the information contained
in this manual, Volume 1 or Volume 2, is intended to be or
should be relied upon as
specific or definitive to the design of a particular program, or
system, or process, or legal
policy. The reader should obtain the advice of a suitably
qualified engineer, attorney, or

4/7/2008 7
experienced practitioner before taking any action in the
application and use of any of the
information contained in this publication.
Updates and Errata
NBSP intends to regularly update the BTAM with new and
revised material from all
relevant sources. NBSP is also very interested in the comments
and feedback of its
readers. Readers are encouraged to share their thoughts and
impressions on the BTAM –
either Volume 1 or Volume 2 – as well as any suggestions for
content corrections, typos,
or errors of omission. Please send feedback to:
National Biometric Security Project
Attention: BTAM Editor
601 Thirteenth Street, NW, Suite 390 South
Washington, DC 20005
[email protected]
Every effort has been made to contact copyright holders for
content and images used in
this manual. The publisher apologizes in advance for any
unintentional omissions and
will insert appropriate acknowledgements in subsequent editions
of this publication when

so advised.
4/7/2008 8
FORWARD
This Volume 2 of the BTAM continues the mission to provide a
complete set of reference
tools that are readily available to the biometric community
regardless of the reader’s
specialty or level of activity in the technology. Here, we
examine “best practices” and
even “not so best” practices, recognizing therein that the
deployment and operation of
biometrics systems is still a work in progress.
Lessons learned in earlier deployment of new security
technology apply to biometrics as
well. One of the primary principles involves the “rising
expectations” syndrome treated
partially in Volume 1. This relates to the fact that some
prospective users of biometrics
will expect, even demand, that the technology perform to a level
of accuracy or reliability
that was impossible to achieve with the identity management
systems it replaced. While
this degree of confidence in new technology is admirable, it
may not be realistic given the
unlimited capability of the human mind to thwart even the best
technical design by
deliberate or accidental misuse. Statements such as “biometrics
are not perfect” or “not
yet ready for prime time” or even that they can be “easily

spoofed” are strong indicators
that the person quoted does not truly understand the practical
realities of the technology
deployment process, the vulnerabilities introduced by improper
human intervention or
use, the inevitable evolution of technical countermeasures
arising from wider deployment
and improved practice, and the serious and incurable
deficiencies that exist in all identity
management techniques that do not employ biometrics. A
strong dose of reasoned and
practical understanding will do much to help the user/operator
and practitioner more
effectively exploit the capabilities of biometric technology.
Hopefully, this Volume 2 of
the BTAM will assist in reaching that level of understanding.
Finally, the reader is strongly encouraged to help make the
BTAM a living and current
tool by recommending changes and improvements in any area.
All such
recommendations will be carefully reviewed by NBSP Editors,
and by an independent
review Board constituted as required to address controversial
proposals for change.
4/7/2008 9
Section 9 – Biometrics Applications
A biometric device can be applied in virtually any scenario in
which one might otherwise
use keys, identification cards, security cards, personal

identification numbers (PINs), or
passwords to gain access to a physical facility, a virtual domain
(information system), or
a process, or to determine eligibility for a privilege. The real
value of biometrics is the
potential for use in applications where keys, ID cards, and
passwords would be of no
value whatsoever: the “negative identification” applications.
The application of
biometric technologies is increasing over a wide array of
industries as organizations and
individuals look for higher levels of security and identity
assurance. Advances in
biometric devices have made the technology more affordable
and less intimidating for
applications where high security, which was a compelling
reason initially, is not the
primary objective. More routine applications, such as access to
school dining halls, are
now joining the traditional high security applications such as
access to military resources
and nuclear power plants. In addition, with the advent of
credible identification systems
(the one-to-many process of comparing a submitted biometric
sample against all of the
biometric templates on file to determine whether it matches any
of the templates), the
breadth of applications which can be achieved has expanded
greatly. Today we are not
limited to applications where a claimant must provide a claim of
identity such as a user
name, PIN, or password to facilitate the recognition process.
Thus a new class of
applications such as refugee processing/control, watch lists,
benefits eligibility
determination, duplicate checks, repudiation prevention,

forensic identification, and
others not yet conceived or applied are available.
9.1. OVERVIEW OF APPLICATIONS
We have provided a classification of applications below.
However, in the process, we
have concluded that such categorizations are largely arbitrary,
and in the evolving field of
biometrics, subject to debate, dispute, and revision. We do not
hold our classifications
out as the model, or the only logical way to classify
applications. Indeed, Volume 1 of
this manual pointed out Dr. James Wayman’s classification
system as a useful way to
analyze and better understand the functioning of biometric
systems. Recall that
applications were categorized as overt or covert systems,
voluntary or involuntary
systems, attended or non-attended systems, standard or non-
standard operating
environments, public or private systems, physical security and
access control, cyber and
computer/network security, and identification.
Nonetheless, it is easier and perhaps more meaningful to
persons new to the science to
have some sort of organized structure with which to get an
overview of the field – and so
a classification system has been developed that covers most of
what is being fielded
today. It is important to point out that this classification is
categorized by functional
application, and is not organized on the basis of whom or what
entity initiates them. It
seems that categorizing applications as Federal, State, Local

and Municipal government;
Commercial, Private, or Transportation Sectors; Financial
Sector; Manufacturing Sector;
Healthcare Sector; Schools and Education; etc. was not
particularly useful for persons
interested in exploring how biometrics can help them. It is
certainly true that all of these
4/7/2008 10
entities and sectors provide the settings in which biometrics
may and must be applied.
But it serves no useful purpose beyond identifying the policy,
funding, and contractual
hoops and wickets that implementers must pass through on their
journey to implementing
a biometric system. The important issue is how one
functionally applies biometrics to
solve a problem, or improve an existing operation that requires
positive human
identification.
Further clouding the issue of biometric classification is the
opportunity to implement
multiple, different functional applications within the same
“biometric system”. For
example, a biometric implementation in a facility may be
categorized as a Physical
Access Control application if biometric readers are located at or
near the perimeter of the
facility. It may also be an integrated system which uses the
same server(s) for logical
(virtual), access to work stations or partitioned and controlled
segments of proprietary

digital information. In a corrections environment as well,
where the most important
objective is to positively identify inmates before movement or
release, an integrated
system could be used to physically control access to spaces,
cellblocks, etc. Likewise in
a Drivers License application, applicants may have their
biometric feature compared to
the entire existing database of drivers in a 1:N search to
determine their eligibility for the
benefit of license issuance before they can be enrolled. That is
a combination of a watch
list and a benefits eligibility determination. Further, once
issued a biometrically enabled
license, when the driver uses it as a proof of age for buying
tobacco or alcohol it becomes
a Point Of Sale (POS) authenticator and may be used in a 1:1
application. The point is
that trying to categorize a biometric system as a single, simple
application is not always
practical or realistic.
4/7/2008 11
A Functional Classification of applications
(with generic examples)
Table 9-1
Application
Type
Sub-Type Examples

Access Control Physical Access Control • National (border
control)
• Area (campus control)
• Facility
• Room
• Container
Logical (Virtual) Access Control • Distributed information sys.
• Local Area Network (LAN)
• Stand-alone systems
• Other computer-based sys.
• Records
- Medical (HIPAA)
- Human resources
- Educational
Identity
Management
Watch Lists
Corrections/Law Enforcement
Emergency/Disaster Response
Benefits Eligibility and Fraud Mitigation • Driver licensing

• Social Security benefits
• Welfare benefits
• Refugees
Non-repudiation • Classified documents
• Contracts
• Credit card fraud
• Check cashing
Forensics
Transactions Credit cards
Point of Sale (POS)
Other Credentialing systems
• PIV
• TWIC
Time and attendance
• Collecting employee time
• Preparing payroll
4/7/2008 12
Following are selected examples of biometric technologies in
use today. This section is

not meant to be all-inclusive, but rather to present various
biometric technologies in
different usage applications. These examples are further
supplemented by more detailed
examples in the Case Studies section of this volume.
9.1.1. Access Control - Physical Access Control
Yeager Airport in Charleston, West Virginia, is using hand
geometry, specifically
Recognition Systems’ HandReaders®, to control access to the
control tower and sensitive
equipment. The control tower is accessed (on average) every
five minutes around the
clock with hand readers that are networked to the airport's
central security system
computer. Yeager Airport's tower previously required 24-hour
police protection for
access control. This cost the airport $1,200 per day. The hand
readers have eliminated
the need for guards, saving the airport a substantial sum on
access control. No change.
San Francisco International Airport, the nation’s fifth busiest,
uses hand geometry readers
to verify TSA employees identities to ensure only authorized
individuals access sensitive
and secured areas. These hand readers are in addition to those
previously employed at
SFO. Since 1991, San Francisco International Airport has
employed biometric hand
geometry readers to secure its air operations area (AOA),
allowing access to authorized
individuals only.
Additionally, in January 2006, a live test of e-passports, that

contain contactless chips
with biographic and biometric information and the readers that
are capable of reading
these e-passports began at Terminal G at SFO. This test was a
collaborative effort
between the United States, Australia, New Zealand, and
Singapore that ran through April
2006. The test was successful. A total of 1,398 e-passports
were interrogated and the
systems’ performance pointed to significant progress in
readability since the government
first started testing e-passports in 2004. The U.S. Department
of Homeland Security used
the results of that test to determine which inlays (chips) to use
in the e-passports issued to
U.S. citizens.
University of Georgia: see Case Studies section
Rotterdam Seaport has included biometric access control as part
of a modernization
program. The seaport, the central hub for European commerce,
handles more than 300
million tons of freight each year, accounting for 40% of all
European cargo. Not
surprisingly, more than 40% of all European Union trucking
companies originate in The
Netherlands. In 1999, a hand geometry system was deployed to
control truck driver
access to the port. It has proven effective in expediting the
movement of cargo from
marine vessels to the trucks, verifying the identities of “known”
or trusted drivers and
providing a detailed electronic audit trail for cargo. Drivers
access the system’s hand
recognition reader via their vehicle windows before they pass

through the facility control
gate. Their identities are verified if their live hand geometry
matches the enrollment
template stored on a radio frequency-activated smart card. The
system serves more than
6,000 truck drivers and has successfully completed millions of
transactions.
4/7/2008 13
A nuclear power plant in Japan has adopted a facial recognition
system known as Face
VACS (Cognitec Systems) to replace an older, manual system of
access control. The
advanced functionality allows employees to access high security
areas in nuclear power
plants faster, at lower cost, and with greater accuracy. At the
access point, the face of
every person is captured by a video camera, the facial features
are extracted and
translated into a mathematical representation on a template.
That template is then
compared in a 1:1 verification application with the enrolled
template registered to the
person the entrant claims to be. No change.
9.1.2. Logical (Virtual) Access Control
City of Glendale, California: See Case Studies section

HealthTransaction Network(R) is creating the first-ever
nationwide health care provider
network to connect health care providers and consumers using
an electronic transaction
network system that quickly, securely and efficiently facilitates
and processes
transactions between the parties. The Network includes a shared
processing
infrastructure, consumer cards and a new electronic transaction
terminal device located at
participating provider sites.
The cards incorporate biometric technologies to ensure patient
identification (e.g.,
fingerprint and signature verification), and may also be used as
a stored value card. The
types of services that will be available to consumers that
subscribe to the Network
include preventive, wellness and routine services such as
physicals, dental cleanings, eye
exams mammograms and x-rays. As of this writing two health
systems in Western New
York have signed on as the Network's first provider
participants. TLC Health Network
and Brooks Memorial Hospital will install Network transaction
terminals at their many
locations and will offer routine medical services beginning in
the second quarter of 2008.
HealthTransaction Network has plans to expand their electronic
health care network in
the northeast and ultimately throughout the United States.
St. Vincent Hospital: See Case Studies section
The U.S. Office of Legislative Council, which is the legislative
drafting service of the
U.S. House of Representatives, has deployed the SAF2000

enterprise biometric
authentication software (by SAFLINK Corporation) on its
computers. SAF2000 supports
authentication through iris recognition, finger image
identification, speaker verification,
and facial recognition. It offers an event log for recording
enrollment, changes to user
profiles, workstation updates, and account deletions. The
system supports multiple
databases and director service protocols for secure storage of
user profiles, and offers
encrypted biometric algorithms designed to use the maximum
number of available bits
from the operating system. The biometric-based system was
deployed to help protect the
4/7/2008 14
files and working documents the Office of Legislative Council
is working on for the U.S.
House of Representatives. No change.
9.1.3. Identification
UAE and Dubai: See Case Studies section
State of Illinois: See Case Studies section
The Port of Palm Beach, the 4th busiest container port in
Florida and the 8th busiest in
the continental U.S., has implemented a biometrically based
visitor management
program. The system logs entry and exit of 200-300 truck

drivers as they bring goods in
and out of the port, and others visiting the port each day with
fingerprints and
photographs using Cross Match Technologies' VisTrak(TM) and
MV 100(TM) digital
fingerprinting systems. The port uses a hand-held fingerprint
and photograph capture
system, with built in PDA, to log and transmit the data to a
central database wirelessly. It
also captures biometric and biographic information from
visitors and checks it against a
banned visitor list. The system enables the port to have an
accurate audit trail of visitors,
including fingerprints, photos, time and date of arrival and
departure, demographic
information, company, purpose and more, and provides visitors
with temporary badges.
The State of Florida has a rule allowing visitors to enter the
port a maximum of five times
within a 90-day period. The fingerprinting system automatically
keeps track of frequency
and flags any violators. No change.
Lancaster County, PA: See Case Studies section
Sarasota County Florida demonstrates the capabilities of a 1:N
iris recognition system
that can identify individuals in a large population without prior
claim of identity. While
this specific example features a corrections-law enforcement
application, it demonstrates
biometric use outside typical standard access control or
information security applications.

Typical of many county jails, the maximum security Sarasota
County Detention Center in
Sarasota, Florida, is the processing agent for more than 19,000
arrestees each year. The
facility processes criminals for every police station in the
county and provides a
temporary holding place for people arrested for everything from
open alcohol containers
to homicide. Once they reach the jail, inmates are segregated
according to the severity of
the charges and are transported to the appropriate facilities.
The facility itself is capable
of housing 750 inmates.
Under the old system, arrestees were escorted to the booking
area where they gave their
name and other personal information and were fingerprinted and
photographed. Though
the ID system was computerized, the fingerprints were taken
manually, and physically
filed away. When inmates were released on work detail or on
parole, prison personnel
relied on the inmate's ID badge and his or her personal
knowledge, such as a Social
4/7/2008 15
Security number or birthday, for identification. Comparing
fingerprints was inefficient
because positively matching inked fingerprints required calling
in a forensic specialist.
With the new biometric system, arrestees are enrolled using iris
recognition technology at

a central enrollment station. The active database of persons
currently incarcerated at the
detention center is automatically searched in real time (1–2
seconds), and as processing
continues, the archived database of former inmates or arrestees
is searched off-line. The
technology has the capacity and capability to search a 50-year
history in seconds
(although iris records have only been available for the past
several years). Once an
enrollment is in place, the system confirms the identity of all
inmates who leave the
facility, whether for court appearances, work crews, or at the
time of their release.
As a result, in the first year of operation alone, the detention
center detected seven escape
attempts, most cases being inmates trading IDs to assume the
identity of an inmate
legally scheduled for release. In one case, Sarasota discovered
an arrestee attempting to
pretend to be his identical twin brother on commitment. He had
been an inmate at the
detention center sometime earlier in the year and was enrolled
in the iris recognition
system. After he was released, he went on a crime spree but
was subsequently arrested
on a minor charge. Realizing that there were warrants for his
arrest on some very serious
crimes, he attempted to pass himself off as his law-abiding
brother. The system’s
automatic archival search identified him out of several thousand
former inmates under his
true identity and he was prosecuted accordingly.
Such a recognition system also helps resolve disputes when

released inmates are arrested
for a violation of their parole. When individuals are brought in
on warrants, they often
claim there has been a case of mistaken identity. Names and
Social Security numbers are
sometimes jumbled on warrants, which further confuses the
issue. The iris recognition
system tracks the true identity of the individual, in one case
establishing that police had
indeed detained the wrong person.
9.1.4. Benefits Eligibility and Fraud Mitigation
After the Afgan war, the United Nations High Commissioner for
Refugees (UNHCR)
used a biometric recognition system capable of high speed
search of large databases (up
to 1.5 million) to recognize returning refugees in Peshawar,
Pakistan. The staff of the
Takhta Baig Voluntary Repatriation Centre (VRC) performed a
check on Afghan
refugees who wished to return to their homeland. These
refugees were entitled to a one-
time assistance package, provided they had not been processed
through the program
before. The anonymous enrollment process in the iris
recognition biometric system
ensured that returnees were making their first visit to the VRC
and that they are therefore
legitimately entitled to the aid, by performing a near-
instantaneous exhaustive search of
the enrolled database. No PINs were required in the recognition
system and the process
was essentially a one-time procedure. Additionally, the system
maintained the privacy of
the Afghan refugees, as the only data recorded was the digitized

template record.
India Ration Card Program: See Case Studies section
4/7/2008 16
9.1.5. Commercial Transactions
A retail solutions manufacturer is using hand geometry to track
the time and attendance
for 400 hourly employees at its facility in Austin, Texas. The
readers eliminate the need
for an employee to carry a badge, thus eliminating the problem
of lost or forgotten
badges. Biometric time clocks also eliminate “buddy
punching,” the practice of
employees clocking in and out for each other. They provide
more accurate information
about who is working at any given moment and help companies
eliminate mistakes or
intentional fraud. Additionally, not requiring hourly employees
to manually fill in their
time card each pay period results in cumulative cost savings.
Before installing the
biometric solution, hourly employees completed paper
timesheets, signing in and out
each day. At the end of the pay period, employees had to
complete paperwork and give it
to their team leaders for verification prior to entering it into the
payroll system. This
process took about 15 minutes per worker—time that could be
better spent on the
manufacturing process.

Manufacturing costs are directly affected by the productivity of
employees. With its 400
workers spread across four buildings at the Austin facility, the
company needed a more
efficient method of collecting time and attendance records and
readying the information
for payroll.
The biometric handreader system easily implemented the rules
for labor collection and
supported rules that allow the company to allocate time for 15
minutes in the morning
and afternoon for breaks that could be charged directly to
overhead, not to a product.
This enables tracking of labor efficiency accurately and
developing efficiency reports for
accounting. The system can compare the amount of labor used
to manufacture a product
against the forecasted costs, providing management with up-to-
the-minute data on their
manufacturing process. This information helps the company
plan its hiring, track
overtime usage, and determine the output per person in each
area.
The final benefit of the handreader-based system is that it works
over the company’s
existing Ethernet network, which eliminated the expense of
having to install new wire.
No change.
The following tables provide partial listings of selected usage
examples in various
application groups.

4/7/2008 17
Driver License Programs
Table 9-2
4/7/2008 18
State Benefit Programs
Table 9-3
4/7/2008 19
Law Enforcement
Table 9-4
4/7/2008 20

Schools
Table 9-5
4/7/2008 21
Government Operations
Table 9-6
4/7/2008 22
Casinos
Table 9-7
4/7/2008 23
Section 10 – System Requirements and Selection

If the need for positive identification is, or will be, a part of an
organization’s normal
operations, then the basic requirement to define, design, and
build a biometric component
or subsystem for integration into that operation may be
established. Section 10 focuses
on development of a detailed requirements statement as a
prelude to design of the
subsystem, as well as the primary issues that should be
considered in that design process.
Section 11 and those that follow address the implementation
process and long-term
management of the biometric component.
The BTAM is intended to provide guidelines for the design and
build process, but will
obviously not, in itself, provide adequate training or resources
to prepare an untrained
person to be a qualified practitioner/ designer, electrical
engineer or systems integrator.
Sections 10 and 11 are intended to help a qualified engineer,
security systems designer, or
technology practitioner include biometrics in program design
and implementation.
10.1. DEFINING SECURITY NEEDS and PROGRAM
OBJECTIVES
Operational/Program Requirements
When evaluating the use of biometric technology to meet
operational needs for positive
identification, it is first necessary to determine which functions
are most appropriate for a
particular operational need. It is important to look closely at

what operating goals the
technology is designed to achieve or what problem(s) the
technology is supposed to
solve, and then determine who will be using it, what interface
the system will have with
other components, what the interoperability requirements are,
and what the anticipated
scope and lifespan of the system are. Examples of basic
operational/program
requirements, as described in previous sections, are:
• Security program component;
• Eligibility program component;
• Administrative (work force management) program component;
• Hybrid Application (designed for more than one
function/application).
Risk/Vulnerability Assessment
Fundamental to defining one’s security needs and program
objectives is performing a
comprehensive risk and vulnerability assessment. A good
starting point is to describe the
“current operational concept” as discussed in BTAM Volume 1,
Section 4. When
describing how the current security system/practices/procedures
are structured, it is
useful to ask why the current system is the way it is. What
asset is being protected?
People? Classified information? Customer personal
information? Company proprietary
information? High value resources? Hazardous or toxic
materials? Other?

If eligibility validation is the primary application or part of a
hybrid operating
requirement; similar threat issues must be considered. These
include: nature and volume
4/7/2008 24
of fraudulent attempts; denial of service issues; process
vulnerabilities in the current
operation and so on.
It is also necessary to consider what or who threatens these
assets and eligibility
programs. Is the operation subject to terrorist threat,
competitors seeking knowledge of
intellectual property, recipes, simple theft from outsiders,
employee theft, fraudulent
claims from authorized persons or non-authorized, etc.?
Another useful tool in a risk/vulnerability assessment is a
consequence evaluation. What
are the consequences if an employee steals something? What
are the consequences if
someone sabotages a manufacturing process, or steals a batch of
material that will be sold
for subsequent construction? What are the consequences if an
explosive device is
introduced into the work operation? What is the impact if
someone hacks into the
network and gleans proprietary information?
The answers to these questions, condensed in a clear Risk
Assessment Summary, will
help determine whether biometrics are only part of a solution,

or are of critical
importance to that solution. Coupled with scope issues (e.g.,
how many biometric
readers will be necessary, how many persons will be enrolled in
a biometric system),
these answers will also provide insight into the performance
characteristics of a biometric
system and how much it may cost to integrate biometrics into an
overall security or
eligibility program. The Risk Summary will also be helpful in
doing periodic re-
evaluations of risks and threats to be sure that system
performance is consistent with
changing situations and conditions, as well as calculating a
cost/benefit ratio.
10.2. SYSTEM DESIGN CONSIDERATIONS
A. Design Goals
Seldom is a “biometric system” designed as a stand-alone
objective. Normally, if one is
using biometric tools, one is designing or updating a specified
security or risk
management, or eligibility system with biometric aspects or
enhancements. Whether the
intent is for a physical access control system in which only
biometric devices are used to
determine authority to enter a protected space, or one is
designing a system using cards,
keys, cipher codes, armed guards, mantraps, and some
biometrics, biometrics remain a
component of the larger system. Likewise, a welfare benefits
program that uses
biometrics to verify authorized beneficiaries from those

attempting fraud is still a benefits
system, not a “biometric system.”
B. Design Considerations
Regardless of the specific application to which one is applying
biometric technologies,
the design approach should consider the implications of at least
the following issues:
4/7/2008 25
1. Functional
2. Operational
3. Legal
4. Environmental
5. Social
6. Business and Economic
At this stage of analysis, none of these is more important than
any other. In each specific
case, however, it will often develop that one or another of these
becomes the driving
force affecting the ultimate system design. The following
discusses the key aspects of
these six issues.
B.1. Functional Issues
This aspect of system design asks a basic question regarding the
overall purpose or
purposes of the system, a question often best answered by the

journalistic questions:
who, what, when, where, and why. Who is going to be using the
system for what purpose
at what time/day and at what location? What are the application
considerations?
B.1.a. Physical Security Systems
At the simplest level, as noted above, one does not design a
biometric security system,
but a security system with biometric components principally
designed to improve access
control by enhancing the assurance of identity of and
convenience for the persons
requesting entry. In access control applications, the biometric
device augments or
replaces more traditional door control devices such as a cipher
keypad or proximity card
reader. Electrically, the function of the biometric device is
identical to other control
devices: Upon presentation of an approved credential, the
device activates or causes the
activation of a relay that releases the door strike.
Referring to the following figure, in some system architectures,
the biometric device
itself energizes the door strike (see Figure 10-1) while, in other
designs, the biometric
device sends a captured biometric template to a central
processor. If the template
matches that of an enrolled person, the central processor
activates or energizes the strike
relay. A third variation is one in which an identity verification
takes place at a remote
door control mechanism. An option for integrating biometrics
into existing access

control systems is for the biometric device to communicate with
an access control panel,
using the same communications protocol as non-biometric
devices, such as card readers
or keypads.
4/7/2008 26
Fig.10-C
Fig. 10-B
Fig. 10-A
Secure Access
Security Control
Secure Access
Secure Access
Figure 10-1
4/7/2008 27
Which of these basic design approaches is most appropriate
depends upon the overall

system design and architecture, reliability and performance
expectations, and budget and
legacy system constraints.
Examples of System Requirement statements that are typical of
physical access control
functional issues include:
* I need to move 450 employees into my facility through three
portals between the
hours of 0730 and 0830 each weekday morning. 80% of those
employees use
Portal A, 15% use Portal B, and 5% use Portal C.
• Given the size of my workforce, and the ongoing cost and
operational disruption
of maintaining our current card-based security system, I want to
eliminate cards.
* Given the potential for a 30% expansion of the facility and
employee population, I
want to be able to upgrade any biometric solution as
circumstances dictate in the
future. This could include designation of additional secure
areas within my
facilities with higher security requirements demanding different
types of
biometric systems.
• I have to protect my critical resources whose loss would
adversely affect my

ability to provide needed equipment to the U.S. Federal
Government for national
security, so I cannot afford to have employees delayed getting
to their work at a
greater rate than currently experienced with our card system
(8%).
Design Implications of Physical Access Control Systems
In physical access control systems, the biometric device
typically replaces a lock set,
cipher lock, card reader, human controller or some other device
controlling one or more
doors. Architecturally, the primary security system design
remains mostly unchanged
with just the symbols designating a biometric device being
inserted for the previous
access control technology. There are issues that need to be
resolved before the design
can be completed, however. Some questions include:
• Will the biometric device of choice operate in a stand-alone
mode in which all
users are enrolled at the device. In this instance:
o Does the device control the door via a relay or does it send a
signal to a
separate door control mechanism?
o Does the device record each entry for subsequent
downloading?
o Does the device have a mechanism for backing up the
enrollment database?

• If enrollment is centralized and new enrollments are
distributed through a
network:
o Does the data flow into the primary security system or
directly to a
proprietary door control?
4/7/2008 28
o If biometric matching is performed at a central server, what
happens when
the network crashes?
• Should biometric enrollment data be stored on a card carried
by the employee,
such that the need for storing biometric data in a door reader or
central biometric
database can be avoided?
• What are the power requirements and where are the power
sources?
• What alarm reporting and response provisions does the system
offer?
• Will the biometric be used in conjunction with a physical

token/credential?
B.1.b. Logical Access Systems
The use of biometrics to control access to logical systems is
not new, but not nearly as
mature as for physical access control. Most implementations
are at the workstation level
in which the biometric control is integrated into the physical
case and electronics of the
workstation, whether a “desktop” system or a “laptop.” Other
systems use a plug-in
biometric device, typically a fingerprint peripheral connected to
a USB port or by
embedding the fingerprint sensor directly in a laptop housing.
Some time ago, a
manufacturer marketed a plug-in, table-top device using iris
recognition as the biometric
of choice. Either integrated or USB plug-ins should be
sufficient for most applications,
but it is suspected that the plug-in devices would not be able to
satisfy the higher levels of
government secure computing protocols. Testing of the built-in
or integrated devices by
a Common Criteria Testing Laboratory (CCTL) would be
required to verify the
acceptability of these devices for high security computing.
In virtually all cases, the biometric device authenticates the
person touching (or looking
at) it, and enables operation of the workstation. The computing
system and anyone at a
remote terminal communicating with the “secured” workstation
assumes (and this is a
very profound assumption to be aware of) that the keystrokes

generated or the files
accessed following authentication are the actions of the
authenticated person. Some
computing systems include a keystroke recognition sub-routine
that portends to verify the
user as he/she types by measuring typing rhythm and style as a
form of behavioral
biometric, once access is granted to the keyboard. In principle,
this approach would
establish continuing authentication of the user, but this implies
a consistent matching
accuracy level for keystroke dynamics yet to be independently
validated. Another
approach to continuous presence monitoring would be to use a
constant video assessment
confirming the presence of one person at the keyboard and that
the person’s face or eye is
recognized by a facial or iris recognition biometric,
respectively.
B.1.c. Authentication Systems
4/7/2008 29
Authentication systems can also verify or recognize the identity
of an individual for some
useful purpose other than granting access to a physical or
virtual asset. These include
three main uses:
• Communications

• Authorizations
• Non-repudiation
Communications
Biometric systems can be used in communications as part of the
data encryption process
(a matter beyond the scope of this manual) and to authenticate
users. As noted above, it
is one thing to successfully activate the biometric device by an
enrolled user, but quite
another to ensure that the originally authenticated person is still
operating the keyboard
and not an unauthorized person sending or receiving sensitive
data. Biometric
identification alone, in this context, might not be sufficient for
a truly secure system. At
the same time, non-biometric subsystems, including encryption
products such as public
key infrastructure1 (PKI) are not a complete substitute for
biometrics in identity
validation of the actual user.
Authorizations
The number of specific uses of biometrics for an authorization
function is extensive.
Some examples currently using biometrics include processing
and distribution of welfare
benefits, issuing and examination of drivers licenses, access to
medical records (under
HIPAA), and validation of various government and private
industry identification cards
and credentials. It is important to note the difference between
“authentication” and
“authorization”. The role of biometrics is to support the latter
by performing the former.

Non-Repudiation
In the areas of classified document production and control,
financial transactions, and
legal contracts, it is important to be able to affirm that a certain
person did, in fact sign
for or generate a particular document or transaction, thus
providing a strong basis for
non-repudiation, barring the individual from denying they
signed the contract, published
the document, removed it from secure storage, or participated in
the transaction.
Design Implications of Authentication Systems
There are many different applications where biometrics may be
used for authentication
systems, each with their own peculiar design requirements that
amply illustrate the
guiding principle of design following function: much depends
upon the specific purpose
or application. Consequently, the primary implication is that
the designer needs to
understand very well the purposes for which the technology will
be applied and to select
the technology best suited for that application, being sensitive
to the context of the
1 A PKI (public key infrastructure) enables users of a basically
unsecure public network such as the Internet
to securely and privately exchange data and money through the
use of a public and a private cryptographic
key pair that is obtained and shared through a trusted authority.
The public key infrastructure provides for a
digital certificate that can identify an individual or an
organization and directory services that can store and,

when necessary, revoke the certificates
4/7/2008 30
application and the impact of its use. From past experiences,
for example, the
participation rate in an essential welfare program was much
lower than expected when a
new biometric system was adopted. On analysis, it was
determined that the use of a
fingerprint system had deterred many eligible participants who
feared the data would be
sent to law enforcement officials. In this case, a decision was
made to use a hand
geometry device instead. Participation immediately and
dramatically increased. On the
positive argument supporting reduced participation, the
biometric-based system reduced
the number of double- and triple-dippers, thereby eliminating
duplicate or triplicate
applications from a single person.
B.1.d. Other Functional Issues
To ensure most aspects of system design are addressed, it is
worthwhile to return to the
basic questions regarding the overall design and purpose of the
system mentioned earlier:
who, what, when, where, and why. Who is going to be using the
system for what purpose
at what time/day and at what location?
A brief description of the ultimate system to be installed,
addressing and including the

answers to those questions is fundamental to developing a clear
view of what remaining
functional requirements one’s biometric system/component must
perform.
Who? (Community Involved)
It is critical to identify who will be involved with the system,
both as users and operators.
How knowledgeable will these people be? Which leads to: How
much training and
supervision needs to be planned and implemented? The
demographics of the user
population can affect many areas. For example, cultural issues
and even how well a
given modality might work.
How many?
How many people will be using the system? The answer to this
question will affect
which technologies should be used or considered. If only a few
people are going to use
the system, then almost any biometric—all other issues being
equal—will do. On the
other hand, if there will be a very large number of users, then
there will be a number of
subsequent issues (see “Throughput”).
Age?
Age of the user population may be an important consideration
depending on the type of
biometric equipment that will be used. Age can impact the
incidence of Failure to Enroll
as well as cause training issues. The ability of some biometrics
to function well is

sometimes a function of the age of the subject. For example,
the skin on the hands of
older people tends to become very smooth and fine, making it
very difficult for some
fingerprint sensors to acquire a well-defined image of the
fingerprint ridge pattern, thus
making it difficult to enroll the subject into the system.
Arthritis can also cause problems
for those using hand geometry readers. If this is a major
concern, other biometric
technologies that feature easier enrollment and use (such as
facial or iris recognition
systems) may be an appropriate alternative. Other technologies
may require users,
4/7/2008 31
relatively speaking, to pay greater attention to detail and
process (such as some
fingerprint and hand geometry systems) that involve precision
in both finger or hand
placement and the entry of a PIN, a requirement that may overly
tax persons with
declining physical and mental acuity.
Race and Gender?
As with age, race and gender may affect a person’s ability to
enroll in some biometric
systems. Some technologies are sensitive to features or
characteristics that are more
prevalent in one racial group than another. One example occurs
in iris recognition in
which very dark irises or those occluded (covered) by the eyelid
may be difficult to enroll

and authenticate. While these issues can usually be resolved,
they should be considered.
Similarly, in some populations, there is some evidence that
Asian females have
fingerprints that are very fine in their definition and may be
difficult to acquire in some
low-resolution fingerprint sensors.
In all cases in defining Who, the issue is not whether the user
group includes some
persons who may challenge the system, but whether the group
includes a majority of
users who may challenge the system. It is important to
understand that even if a majority
of a user group can use a system, a significant minority with
usage difficulties can bring
the entire system down. An industrial plant may be assumed to
provide shelter and work
for a wide range of ages and races, as well as an even split on
gender. On the other hand,
a nursing home may compromise a number of users who will,
unfortunately, challenge
certain technologies, suggesting that, in such instances, some
other biometric technology
should be considered. If workplace protocol requires staff to
always wear protective
clothing, such as latex gloves, then fingerprint technology
might not be an appropriate
choice for routine authentication.
What?
What is the proposed technological solution of which the
biometric device(s) are
expected to be a part, and what is the problem the solution is
designed to address?
Additional “what” questions include:

Technology
In what sort of technical environment will the biometric devices
be employed? Will the
biometric be the technical highlight of the system—such as in a
benefits distribution
center—or will it be overshadowed by a significant application
of other technologies for
identification, security, and other purposes?
The level of training is most likely to be a function of the
technical aptitude and
experience of the operators and users, coupled with the
complexity of the biometric
technology. Adequate training for biometric use must be
provided regardless of the
overall complexity of the system, i.e. do not short-change
biometric training simply
because it may be a relatively minor component of the total
system.
4/7/2008 32
Process
In general, what is the system doing? Is it counting votes,
distributing benefits, providing
public vehicular law enforcement, processing information, or
performing some other
definable function?
Specifically, to what use will the biometric device be put in the
context of the operating

system? Will it open doors? Will it allow access to
information technology and/or
activate software applications? Will it permit access to or
activation of a machine?
Even more specifically, what will the process be for the
following biometric-related
functions:
Enrollment
How will users be enrolled? In one large group? Individually
as users are registered into
the larger process? Will the enrollment function be distributed
to geographic locations
close to the users? Will the user’s self-enroll or will the
enrollment process be attended
by a trusted agent? How much time can be dedicated to pre-
enrollment instruction on the
enrollment process and the subsequent everyday use of the
technology? How much time
can be dedicated per person for the actual enrollment process?
What is the expected
allowable Failure to Enroll rate for this technology and this
population? What work-
arounds are to be provided for those who cannot be enrolled for
one reason or another?
How does this work-around satisfy security requirements on a
par with the biometrically
based solution? Just the logistics of enrollment can be
daunting. It is important to
determine of enrollment will be supervised, self-enrollment,
remote enrollment, etc.
User Training

What amount of user training will be provided? What is the
purpose or intent of the
training? How often is this training to be offered?
Anticipated Problems
In addition to enrollment failures, what other problems or
anomalies might be
encountered while using the biometric technology?
Termination of a User
What are the rules for how a user’s access privilege is to be
removed from the system?
How does this process ensure a permanent removal and prevent
the terminated user from
subsequently gaining access?
When?
What are the periods of operation and how often is the
biometric to be employed? At
what week(s) of the month or day(s) of the week shall enrolled
persons be required to use
the system? Is the use of the biometric component only
required during periods of
elevated threat levels? At what time of day do permissions
begin and end? The answers
to these questions relate to identifying biometric technologies
that are appropriate to the
internal or external environment they must tolerate, an
approximation of the level of use
required, and what sort of interaction with the control system is
required.

4/7/2008 33
Time/Day
The time of day of expected use will determine whether
consideration must be made for
the effects of ambient light or other environmental factors
related to time. Many
biometric systems are basically imaging devices that can and
will be adversely affected
by sunlight or bright overhead light shining on the image
collection device. This is also
related to the more general issue of environmental conditions in
which the device may be
installed outdoors. The day(s) of the week the device will be
used also has an influence
on the determination of appropriate technologies. A system in
which the device is used
only one or two days a week can be more fragile or less
demanding than an application in
which the device is expected to function every day, 24 hours a
day.
Excluded Period(s)/Location(s)
Often, access control systems will be programmable to enable
the exclusion of otherwise
enrolled persons as a function of the time of day and/or the day
of the week, month, or
year. Such system may exclude persons on holidays, evenings,
and/or weekends. For
example, certain employees may have access on Monday
through Friday from 8:00 a.m.
to 5:00 p.m., but should not be in the facility during the

weekend.
The system should be configured or configurable to not only
pass identification codes to
the processor – whether centralized or localized – where the
final pass/reject decision will
be made, but also time and date information.
Where?
Environment: The system description should give the designer
a meaningful sense of the
climate and weather conditions for the more challenging venues
where the system will be
employed. It should also indicate whether the device(s) are to
be mounted outdoors or
indoors as each of these factors affects the choice of
technology. There are, of course,
other environmental factors besides weather , including the
degree of ruggedization
required (i.e., shock and vibration) and sources of interference
(background noise, etc.).
Scope: Scope is essentially a very straightforward, but
necessary, issue, the answer to
which defines the size and impact of the installed system.
Where, specifically, will the
system be deployed and how extensively? In one city at one
location or multiple cities
and/or multiple locations? What is the total expected
enrollment capacity? Is the system
scalable across multiple locations and can it grow as additional
users are added? The
answers determine the capacities and communications
requirements for the devices.
Some products are good for small standalone applications, but

falter in large, distributed
systems. Other products are not effectively used unless they
have thousands of enrolled
templates and operate in complex communications
environments.
Why?
The answer to this question was addressed partially in
applications issues above, but is
worthy of a revisit to ensure that all purposes intended for the
system as a whole are
included in their varied form(s).
4/7/2008 34
• To prevent welfare fraud
• To prevent unauthorized entry to a facility(ies) or area(s)
• To ensure only authorized drivers are on the streets
• To ensure known or suspected terrorists do not pass a border
control point without
further screening
• To ensure only ticketed persons board the aircraft
… and so on.
This is a key question looking for an essential answer. Until
the designer knows this
answer, it is not possible to determine whether a given design
approach is correct or “off
the mark.” With this in hand, it is possible to evaluate a given

design and determine
whether that design will satisfy its primary function in an
optimum manner.
B.2. Operational Issues
There are, in this category, four main operational
considerations:
a. Performance
b. Reliability
c. Facility
d. Training.
B.2.a. Performance
Performance includes several measures (metrics) of biometric
systems. The end-user
needs to understand these metrics, be able to determine what
they need to be given the
organizations security policies, and articulate them to the
designer.
B.2.a.1 Accuracy.
The most commonly quoted performance rates in entry/access
control applications
(physical or virtual), are False Accept and False Reject. In
these applications they equate
to False Match Rate (FMR) and False Non-Match Rate (FNMR)
and can be used
interchangeably.

False Accept Rate (FAR)
A False Accept occurs in an entry/access control application,
when the biometric sample
from an unauthorized person erroneously (or falsely) matches
the template of an enrolled
and authorized person, and the biometric system falsely accepts
his premise that he is
authorized. Obviously, this is the most critical error, and
precisely the error that
biometrics are intended to prevent. Acceptance of an imposter,
either by deliberate
attempt or accidental occurrence is a critical failure of the
biometric and should be a very
rare incident, and almost never repeatable.
In modern biometric access control systems, it is rare (but
possible) that the right
combination of ambient light, humidity, temperature, feature or
image position, etc., can
4/7/2008 35
combine to send an image to the processor that resembles an
enrolled template closely
enough to produce a False Accept. Normally, however, that
event and combination of
factors is virtually impossible to recreate closely enough to
make it repeatable. For this
reason, those who would attempt to by-pass a biometric system
do not rely on False
Accepts for access but a more deliberate attack, such as
“spoofing”. It is difficult, if not
impossible, to accurately measure the number of False Accepts
in an operational setting

(because, of course, the successful imposter is unlikely to report
it), but it is possible to
estimate the statistical probability of False Accepts during a
pre-operations scenario test
or technology test.
False Reject Rate (FRR)
A False Rejection Rate (FRR) is the measure of the likelihood
that a biometric security
system will not match the template of an authorized user and
thus falsely rejects an
entry/access attempt. A system’s FRR typically is stated as the
ratio of the number of
false rejections divided by the number of identification
attempts.
False Rejects are an administrative and operational nuisance in
physical or virtual access
control applications, and do not directly cause or represent a
security hazard. False
Rejections contribute to weakened security, however, if the rate
of False Rejects is so
high that regular users start trying to find ways to circumvent
the control—like leaving
the door propped open. High FRRs also weaken security if the
users’ objections
influence the security manager to move an adjustable threshold
to reduce the incidence of
False Rejects, thus increasing the likelihood of a False Accept.
The objective of the designer and the security manager is to
select and use biometric
devices that minimize False Accepts to an optimum level
without increasing False
Rejects to an unacceptable level.2

False Accept and False Reject rates are more fully discussed in
Volume 1 of the
Biometric Technology Application Manual.
B.2.a.2 Spoof Resistance
While managers often worry about the FAR, they often do so
more than they should. For
example, presume that the statistical probability of an imposter
being able to randomly
match the biometric of a legitimate identity purely by
coincidence is 1 in 100 (1% FAR).
Looked at from the other perspective, an imposter would have a
99% chance of being
thwarted - not very attractive odds. Thus a biometric system
acts as an effective deterrent
to all but the most sophisticated and determined. As biometrics
become more and more
sophisticated, the likelihood of hostile forces successfully
exploiting a device’s implicit
2 FAR and FRR are inversely related. That is, an adjustment in
the sensitivity of the device that decreases
the probability of a False Accept increases the probability of a
False Reject. However, the relationship is
not necessarily linear (that a 5% increase in one factor results in
a 5% decrease in the other), but it is a
performance factor that needs to be understood.
4/7/2008 36

FAR is very low. Managers should focus on direct attacks on
the system, such as the
device’s vulnerability to spoofing.
There is a real and significant difference between a False
Accept and an effective spoof.
A true False Accept occurs when, during the matching process,
the characteristic or
feature that has just been presented and which is a faithful
representation of that
unauthorized person’s real biometric characteristics so closely
resembles an enrolled
person’s template that the system declares a match. It is an
honest mistake properly
anticipated by the device’s computed FAR. It is a statistic that
tells the technology buyer
what the chances are of the door being opened by a casual
passerby (i.e., a zero effort
attack). As noted above, such events can happen but are not
likely to be routinely
repeated, even seconds apart. A one-time accident/error does
not constitute a useful tool
for those with bad intentions.
Spoofing, on the other hand, is a systematic and concerted
attempt to fashion some sort of
disguise, artifact, or fake biometric (a mask, a fake finger, a
rubber hand, etc.) in a willful
attempt to circumvent the biometric safeguards. It relates to the
FAR in the sense that
both events result, if the spoof is successful, in the device being
sufficiently convinced of
the similarity between the presented object and the enrolled
template that it declares a
match and allows entry to an unauthorized person. What the
security manager really

wants to know is to what extreme would a person have to go to
purposefully fool or spoof
the technology and thereby routinely gain unauthorized (and
even repeatable) access.
Theoretically, any system can be spoofed, provided enough
time, labor, and money is
contributed to the attack method. The security manager wants
to know how much time,
labor, and money is required to compromise the technology. If
there were a convenient
way to characterize this “spoofability” into a simple number
like a FAR or FRR, it would
readily become a key factor in product selection. At this time,
we have no such magic
bullet, but work is underway to produce a useful estimator of
“spoofability”. It should
also be noted that the biometric industry fully recognizes the
exposure to spoofing
techniques and senor manufacturers are continually developing
sophisticated counter
measures that would render many of the less sophisticated
spoofing attacks ineffective.
B.2.a.3 Throughput rate
Throughput is the number of people who can be successfully
processed and permitted to
proceed beyond the biometric checkpoint in a given period of
time (e.g., six people per
minute). Throughput and False Rejects will often battle for the
lead in user irritation in
operating biometric systems and are a major source of system
failure. A biometric
screening device that works without errors of any type, but only

allows 1 or 2 individuals
to pass the checkpoint per hour (or even per minute) would not
be accepted and installed
in most applications. Consider also a user-sign-on application
for a company with 10,000
employees who are logging on to their server system in the
morning as they report to
work. The system must be able to handle thousands of access
requests that come in
around the same time, otherwise there will be significant delays
and False Rejects due to
inability to process.
4/7/2008 37
Ultimately, however, throughput, like False Reject Rates, is an
administrative or
management issue. A low throughput rate or high reject rate is
not, in and of itself, a
security breech. It is an institutional nuisance that, in the worst
case, motivates people to
try to find ways to circumvent the irritant, such as propping the
controlled door open all
day, a practice that would allow unauthorized persons into the
protected space. The
“correct” value for throughput is subjectively established as a
rate at least equal to one
more person per unit of time than the minimum rate that
management finds acceptable.
The best achievable throughput is one in which there is no
discernable delay in the
movement of people passing a biometric checkpoint regardless
of the number of people

attempting simultaneous entry. A couple of factors will also
impact throughput. These
include population and flow pattern.
Population Size
A major factor affecting the assessment of throughput is the
total number of people who
must pass a biometric checkpoint in a specified period of time
in a single file. If there are
five doors into a facility and 1,500 people need to enter the
facility, then each checkpoint
device needs to process at least 300 people in the unit of time
available for personnel
entry. If that limit is 30 minutes, then the throughput needs to
be at least 10 people per
minute per portal. This example assumes that all 1,500 people
will spontaneously
distribute themselves so that exactly 300 arrive at each of the
five separate doors at the
same time – not a likely scenario. Therefore, when developing
requirements that will
guide the design of a biometric system, it’s important to observe
and know the real-world
flow pattern. For example, if only one of the doors is directly
facing the primary parking
lot and the other four are administrative doors allowing access
from other interior spaces,
then a primary door with a 10 person per minute throughput will
only get 1/3 of the
workforce into the facility in the allotted time. A system
designer must either find a
biometric device that processes 50 people per minute, or
provide perhaps five biometric
devices servicing that one primary door.
Surge vs. Even Flow

There are two ways a given population can routinely approach a
controlled facility: in a
surge of demand (often early in the morning), or in a constant
flow throughout the day
and night. Naturally, the minimum acceptable throughput is the
one calculated on the
normal or average number of entries at times other than “rush
hour,” but a higher
standard is set by the magnitude of entry demand at peak usage
times. Therefore, it is
important to understand the load distribution over time.
B.2.a.4 Other Related {Performance} Issues
Failure to Enroll (FTE)
Failure to Enroll is a problem common to all biometric
technologies and it refers to the
fact that, for every technology there are at least a few
individuals who lack sufficient
unique, stable, measurable features to be recognized by that
technology. The problem is
compounded by the fact that many technologies impose higher
quality criteria for
enrollment samples than for authentication samples to assure
acceptable False Reject
performance. For example, a person without a voice cannot be
registered or enrolled in a
4/7/2008 38
voice recognition biometric system. Likewise, a person with no
hands cannot be enrolled

into a fingerprint-based biometric system. At a more subtle
level, fingerprints may be
difficult to enroll from the elderly or from persons in certain
racial, occupational, or
geographical populations whose fingers may be too dry, too
fine, or too smooth, thus
offering poor input data. Individuals whose fingerprints are
subject to extraordinary
occupational wear and tear (e.g., brick layers, chemical
workers, etc.) are often hard to
enroll. Persons who simply cannot be enrolled in a given
technology, however, may be
quite able to be enrolled in another. There will also be
instances where a person cannot
interact with the device properly (e.g., a blind person is unable
to focus his/her eye
properly in front of an iris recognition reader). Even in the
event a marginal quality
enrollment is achieved, such an individual will experience more
Failure to Acquire errors
and often be rejected from entry. In these cases, an appropriate
work-around or
alternative identification mechanism should be provided.
Failure to Acquire (FTA)
There is a subtle, but very important, difference between a False
Reject and a Failure to
Acquire. A false reject occurs when there are insufficient
corresponding data points in a
reasonably clear and accurate live sample of a biometric and the
enrolled template of the
same individual. This happens, most often, when an individual
has biometric features
that are, for a given biometric technology, only marginally
sufficient to be well-measured

and enrolled. For example, a person with very fine and smooth
skin may be difficult to
enroll or capture accurately by a fingerprint system. A Failure
to Acquire occurs when a
person who has been successfully enrolled, with a clear and
useful enrollment record,
cannot be recognized due to some temporary data acquisition
difficulty. This very
common error happens when the finger, for example, is moved
on the platen during
imaging or there is contamination on the platen obscuring or
blurring too much of the
current (presented) fingerprint. Another example is when a
well-enrolled voice pattern
cannot be matched when that individual attempts identification
in an environment with
disruptive background noise.
Another significant difference between False Rejects and FTA
is that, with a
good re-enrollment, user re-training and re-orientation, and
appropriate
reader device servicing and cleaning, the FTA rate may drop
significantly,
almost completely eliminating rejection errors. Little, however,
can be
achieved by using these techniques to sometimes reduce true
False Rejects.
In theory, if the sensitivity of a device is set to its “equal error
point” or
“Crossover Error Point,” (CEP) the FRR should equal the FAR.
So, if the
system is set at a CEP equal to 0.01%, yet demonstrates a FRR
of 5.00%, the
fair assumption is that FTA rate = 4.99% and FRR = 0.01%. As

re-
enrollments are made, re-training is given, and devices are
better serviced,
the remaining difference between theoretical FRR and observed
rejection
rates should be the measure of the continuing FTA rate.
B.2.b. Biometric System Reliability, Availability and
Survivability
4/7/2008 39
End users in operational environments sometimes contend that
reliability is an issue of
greater importance than performance. They argue legitimately
that reliability more often
determines the success or failure of a biometric installation than
a few percentage points
difference in FAR and FRR discussed in the foregoing section.
With equal validity, they
point out that FAR and FRR are measures of the population
behavior in a particular
application environment, and thresholds can be set by the
device administrator. Further,
performance factors are negatively affected by the improper use
of the biometric
subsystem through poor quality enrollment, inadequate user
training, environmental
interference (e.g., variation in lighting), and poor maintenance.
Reliability, in contrast, is
largely inherent in the equipment, system design, and

technology (modality), and thus
deserves as much if not more attention and care during the
design process. The overall
term for this consideration is System Availability (SA). SA is a
function of two main
values: Mean Time Between Failure (MTBF) and Mean Time To
Repair (MTTR). In
more recent literature, discussions of System Availability have
begun to include
references to System Survivability, referring to the ability of a
system to recover from an
extraordinary event (such as a power outage) and continue
functioning.
B.2.b.1 MTBF
The oldest, most familiar, and best-quantified measure of
reliability is Mean Time
Between Failures (MTBF). Through testing, failure rates of
individual sensors,
transmission means, servers, processors, human interfaces, and
other components can be
documented and validated. System MTBF is another matter,
and many biometric
vendors are seldom willing to make claims or commitments as
to the system-MTBF and
historically in the biometrics industry have not done so. In
addition, it may be nearly
impossible to quantify biometric system MTBF because of the
mix of general –purpose
equipment and components in a typical system over which the
vendor has no control.
Anecdotal research of existing systems may be the most
practical way to derive data on
which to make decisions in the design and selection process.

B.2.b.2 MTTR
MTTR refers to the mean time to repair or recover from an
outage or failure. This value
is even less frequently published, even if the manufacturer
knows what it is. Biometric
devices are normally always a part of a larger system
comprising several different,
unrelated components each with their own MTBF and MTTR.
Often, it is much easier to
swap out a defective biometric reader or device than to shut that
part of the system down.
Consequently, the effective MTTR is measured in just a few
minutes, a trivial length of
time in most circumstances. Often, there is little an end user
can do to repair the device,
requiring a return to the factory for repairs. With the
availability of express courier
services, effective MTTR becomes, at worst, 24 hours, more or
less, from the time the
device is determined to be defective and a replacement unit
ordered from the vendor.
B.2.b.3 System Availability
Provided that we know both MTBF and MTTR, we can prepare
an estimate of SA from:
4/7/2008 40
SA = MTBF / (MTBF + MTTR)
If MTBF = 1000 hours and MTTR = 10 minutes (.167 hours),
then:

SA = 1000 / (1000 + .167) = 1000/1000.167 = 99.983%
In more complex systems, management may elect to perform
periodic maintenance (M)
on the system, requiring the system to be taken out of service.
This value is expressed as
a percent of the total operational time. If, for example, the
system is to be shut down for
one hour every six months, then the value of M is 0.0002%.
This value is added to the
foregoing equation that becomes:
SAm = MTBF /((1+M) x (MTBF + MTTR))
In the foregoing case, availability becomes:
SAm = 1000 / ((1+.0002) x (1000 + 0.167)) = 1000 / (1.0002 x
1000.167) = 1000/
1000.3670334 = 99.963%
Sophisticated buyers of biometric systems will often specify a
SA of 95.0 to 99.9%. As
just demonstrated, these values may be difficult to attain and it
is important to determine
just what level of availability is being sought, simple or one
including periodic
maintenance.
B2.b.4 Survivability3
Survivability has been defined as “the capability of a system to
fulfill its mission in a
timely manner, in the presence of attacks, failures, or
accidents.” Survivability analysis
is influenced by several important principles:

• Containment. Systems should be designed to minimize
mission impact by
containing the failure geographically or logically.
• Reconstitution. System designers should consider the time,
effort, and skills
required to restore an essential mission-critical infrastructure
after a catastrophic
event.
• Diversity. Systems that are based on multiple technologies,
vendors, locations, or
modes of operation could provide a degree of immunity to
attacks, especially
those targeted at only one aspect of the system.
• Continuity. It is the business of mission-critical functions that
they must
continue in the event of a catastrophic event, not any specific
aspect of the
system’s infrastructure.
B.2.c. Facilities and Systems
3 Ellison, R.J., et al. “Survivable Network Systems, an
Emerging Discipline.” Technical Report CMU/SEI-
97-TR-013, 1997.
4/7/2008 41

Consideration needs to be given to the physical and virtual
environment into which the
biometric components will be expected to function. This will
either be done in the
context of a new or an existing system.
New System
New systems offer opportunity to prepare a well-considered
design using the most
current and cost-effective components and procedures available.
The downside to a new
system is that there is no baseline of performance for
comparison and new systems often
fail to work the first time they are activated, resulting in
considerable troubleshooting
activity before realizing success. One way to avoid unnecessary
problems is to minimize
the level of innovation throughout the system and avoid reliance
on new, unproven, or
untested equipment and technologies without a sound and
rational reason. However, if
the need for new technology is compelling, implementation can
be staged to test each
component of the technology in installation increments, or in
phased pilot tests to
determine that each subsystem is functioning properly before
moving on to another new
component or space.
Legacy System
As often as not, the addition of a new biometric component to
an access control system
will be an integration into a well-established legacy system.

This manual is not intended
to be a comprehensive tutorial on systems integration, but it is
essential to have a
comprehensive understanding of the system into which the
biometric technology will be
introduced. Most often, compromises will be required and it
will be the new, biometric
addition that is expected to bend the most.
As an example, there was an assignment to integrate an
advanced biometric technology
into a standard access control system providing protection to a
new federal building
under construction. From the documentation prepared by the
general contractor, every
element was considered and the conclusion was reached that the
biometric technology
would work, especially since the head end control software was
to be a state-of-the-art
access control system. However, the installer/integrator found
two surprises.
1. The customer expected a combination proximity
card/biometric solution and,
2. even later it was discovered, that the same customer had
exercised its bargaining
power to acquire a control system that used a proprietary code
approach.
In short order, there was a challenge to determine a way to
configure the chosen
biometric technology to work with a proximity card.
Fortunately, the manufacturer had

anticipated this possibility in applications and had included the
necessary capability to
read proximity cards. The software, however, could not read
the proximity card and
forward the appropriate information through the system. The
manufacturer was so
committed to customer service and satisfaction that its lead
software engineer spent 40-50
hours over a weekend rewriting the code to accommodate the
proximity card information
and to perform the ‘AND’ function for access control.
4/7/2008 42
Later, after the new, combined solution was demonstrated, the
customer announced its
credentials would no longer work since the code transmitted
from its cards used a
proprietary code format, instead of the format common to most
access control systems.
Fortunately, another software-adjustable feature allowed this
latest surprise to be
accommodated.
The point here is that the system designer should not depend on
the foresight and
willingness of the manufacturer (whether hardware or software)
to provide such prompt
and face-saving solutions to even one problem, let alone
several. Rather, sufficient
information must be collected from the owner regarding the
existing system (as well as
any side procurements) so as to anticipate these problems and to

engineer an appropriate
solution prior to committing the design to specification and
order.
B.2.d. Complexity of User Interface as it Impacts Training
One factor having a significant input on the selection and
performance of a particular
biometric system is the quantity and quality of training the
using agency is able to
provide to both security system operators and system users in
the proper method of
enrollment and daily use of the biometric. As discussed above,
rejection, whether it is a
False Reject or a Failure to Acquire, along with the throughput
rates, is one of the most
disconcerting negative aspects of the application of a biometric
technology, but is subject
to significant improvement through effective operator and user
training. Design of an
effective biometric system should include a discussion of the
training appropriate to the
selected biometric technology and the proposed user population.
Emphasis should be
placed on the description of operator responsibilities to ensure
that enthusiastic, well-
trained operators conduct effective enrollments and user
training to minimize poor
quality enrollments and the likelihood of Failure to Acquire
errors.
See Section 14 of this manual for further information on
training.
B.3. Legal Issues

Several legal aspects of the introduction of any security system
must be anticipated and
considered in the final design. These include privacy issues,
especially those related to
biometric systems, legislative issues and requirements, liability
questions created by
security systems, and compliance with the ADA regulations.
Privacy Rights
Probably the most contentious aspect of biometric technologies
is the question of whether
the biometric chosen for a particular application will somehow
compromise an
individual’s privacy rights.
For most biometric solutions today, the answer to the privacy
question in the United
States is that neither personal privacy compromise nor personal
injury is a likely
consequence of using a given biometric technology. This is true
not only because few
biometric technologies readily compromise personal
information or represent a health
4/7/2008 43
threat, but because manufacturers have gone the extra step to
build into their systems,
safeguards that prevent any compromise of physical safety or
privacy. It is essential,
however, that security staff be trained in the technology, its
operation, and the applicable

law, so they can explain to agency personnel and visitors the
nature of the biometric
being used and why it should not compromise privacy and/or
threaten personal health.
Some organizations may have a policy that requires a
comprehensive privacy impact
assessment (PIA) for any proposed new system. Such an
assessment should describe
how biometric data is collected, stored, shared, and protected as
well as how errors are
addressed.
Regardless of the current state of privacy laws of the United
States or other countries, the
general philosophy of NBSP and the biometric industry at large
is to take the proactive
view that a person’s biometric information is “personal”
because it is personally
identifiable information or unique to a person. Therefore, it is
recommended that
“biometric information” be treated “as if” it were entitled to
privacy protection regardless
of the applicable laws, which will vary from jurisdiction to
jurisdiction. This approach
circumvents the issue of whether or not an individual’s privacy
has been violated.
Similarly, even if the law of one jurisdiction does not treat a
person’s biometric as private
today, social standards are likely to dictate changes in privacy
laws, including new
legislation that could later mandate treating biometrics as
private personal information
entitled to privacy protection. In conclusion, it is recommended
that biometric systems
developed today be designed and engineered to safeguard
biometric information privacy

so that they are in compliance with developing privacy laws and
regulations.
Accordingly, it is recommended that companies managing
biometric identification
systems should adopt policies and procedures in proper use and
safeguarding biometric
identification. Such privacy policies should include such basic
privacy principles as:
• notice to the individual about how their biometric information
will be used,
• separation of the biometric information from other personally
identifiable
information to prevent linkage,
• restrictions on access to biometric information,
• transfer or sharing of the biometric information only with the
individual’s
consent,
• enforcement measures to ensure compliance with the
foregoing, and
• possibly, an individual’s choice to opt out of the system.
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is a federal statute requiring that medical records be
carefully protected and that
only authorized persons, having a need to know, be given access
to personal medical
information. Biometrics have been especially useful in
implementing and maintaining
compliance with HIPAA in that they can allow only authorized

persons at authorized
times and dates to gain access to biometrically controlled
healthcare information and
data. The control system can also record the date and time of
access, thereby providing
non-repudiation evidence of the accessing person’s identity.
Other regulatory
requirements such as Sarbanes-Oxley, Gramm-Leach Bliley
Bank Modernization Act,
4/7/2008 44
Fair Credit and Reporting Act (FCRA), Federal Information
Systems Security Act
(FISMA), 21 CFR Part 11 Regulations for Pharmaceutical
Electronic Record Keeping,
etc. all have similar language to HIPAA that requires that
system operators/owners take
appropriate steps to insure against unauthorized access to
sensitive data. Any of the
organizations that fall under these regulatory controls should
consider the benefits of
biometric authentication to control user access.
Liability – Duty to Care
Senior company or agency managers, as well as security
managers, have a legal “duty to
care” for the personnel and assets under their control and
supervision. Biometric access
control is an effective way to implement a security system and
demonstrates recognition
of this duty. In a number of cases, this duty can be quantified
in this equation:

I = Ploss x Asset Value
I = Insurance and Ploss = Probability of Loss]
That is, a sufficient recognition of the duty to care is more or
less equal to an appropriate
investment in insurance or security systems equal to the
probability of a loss of an asset
times the value of that asset. The goal of the security manager
or executive manager is to
minimize both the likelihood of any threat and the value of the
protected assets that might
be lost. The compromise of essential, classified national
security information or
corporate intellectual property (e.g., the formula for Coca-
Cola®), cannot normally be
covered by conventional insurance, so the difference is often
covered by one or more
layers of manned and automated security solutions.
Implied Security
In some ways, the existence of a security system is a double-
edged sword. On one side, a
security system is evidence of management’s recognition of its
duty to care. The other
side of the issue is that employees may construe the existence of
various security
products—access controls, video surveillance, entry controls—
as absolute guarantees that
they are safe from criminal attack or other illegal behaviors, and
ignore common
precautions.

ADA Compliance
The Americans with Disabilities Act (ADA) requires that most
public buildings,
regardless of ownership, comply with an extensive list of rules
governing building design
and equipment used, especially for doors and access control.
For example, although new
biometric fingerprint readers are wall mounted more or less in
the same location as
proximity card readers, they are ergonomically difficult for
wheelchair-bound individuals
to reach and use properly. To be fair, those responsible for
developing ADA standards
are not especially well-trained or experienced in modern
biometric technologies and are
lagging along with the industry in promulgating meaningful
standards outlining
appropriate expectations for system designs.
4/7/2008 45
Section 508 Compliance
Section 508, an amendment to the U.S. Workforce
Rehabilitation Act of 1973, is a
federal law mandating that all electronic and information
technology developed,
procured, maintained, or used by the federal government be
accessible to people with
disabilities. The scope of Section 508 is limited to the federal
sector, and includes
binding, enforceable standards, as well as compliance reporting
requirements and a

472008 1 BBiioommeettrriicc TTeecchhnnoollooggyy AApp.docx

472008 1 BBiioommeettrriicc TTeecchhnnoollooggyy AApp.docx

Recommended

Recommended

More Related Content

Similar to 472008 1 BBiioommeettrriicc TTeecchhnnoollooggyy AApp.docx

Similar to 472008 1 BBiioommeettrriicc TTeecchhnnoollooggyy AApp.docx (20)

More from troutmanboris

More from troutmanboris (20)

Recently uploaded

Recently uploaded (20)

472008 1 BBiioommeettrriicc TTeecchhnnoollooggyy AApp.docx