» FIPS-201 Fingerprint Readers
» FIPS-201 Contact Smart Card Readers
» FIPS-201 Contact Smart Card &
Fingerprint Combination Readers
» See All
Currently, there are 4 major locations for storing a template: in a token or smart card, in a central database on a server, on a workstation, or directly on the sensing device. Each of the locations have their own advantages and disadvantages.
To store the template on a portable token such as a smart card has a number of advantages. The biometric data is not centrally stored, does not traverse the network, and the user carries the information from location to location. Users may have a feeling that they control their personal identification data. One drawback is that the cost of the biometric implementation is higher because devices are needed to read the smart cards and the biometric data. For proper usage the smart card must be read and a fresh biometric scan must be done before a user is authenticated.
To store the templates in a central repository on a server overcomes the problem of users authenticating from multiple locations. There is the potential for "sniffing" the biometric data off the network and replaying the authentication session, unless encryption is used. Even when encryption is used, the question becomes where would the encryption keys be stored and who would have access to them. Therefore, the idea that information such as fingerprint data being stored centrally is not welcomed by privacy-conscious users.
To store the templates on individual workstations seems to be a reasonable middle ground between storage in central database and storage on sensing devices. On one hand, a computer tower is physically more difficult to steal than a small sensing device. On another hand, to store data distributively does create less privacy concerns and prevent a focal point of attack for malicious hackers. With workstation storage, however, the user cannot authenticate from multiple locations. Another issue is that workstation security may be lacking, such that the biometric data could be found on the hard drive.
To store the templates on the sensing device itself provides for quick responses during future authentication. However, it does not lend itself to situations where the user will need to authenticate at multiple locations. For example, a bank's ATM machines could not use this method since customers won't always use the same machine. Another example is when a biometric system is implemented for a computer lab. Here it cannot be assumed that each user is going to be working with the same machine and the same sensing device. Small sensing devices may also be easily stolen.