🤟 WIA Standards

👆 Biometric Authentication Simulator

Interactive demonstration of fingerprint, iris, face recognition with FAR/FRR analysis

Biometric Data

FAR/FRR Analysis

Enrollment Protocol

FIDO2 Integration

Certificates

Biometric Data Types & Processing

👆

Fingerprint

Ridge patterns, minutiae points, core/delta positions. Captured at 500-1000 DPI.

👁️

Iris

Iris texture patterns, crypts, furrows, collarette. Near-infrared imaging at 640x480.

😊

Face

3D facial geometry, landmarks (68+ points), skin texture. RGB + depth sensor.

Template Size Comparison

Fingerprint Template: ~250 bytes

Iris Template: ~512 bytes

Face Template: ~4 KB

False Accept Rate (FAR) vs False Reject Rate (FRR)

Security Threshold (affects FAR/FRR balance):

Low (Convenience) High (Security)

FAR (False Accept Rate): 0.01%

FRR (False Reject Rate): 5.00%

EER (Equal Error Rate): ~2.5%

// FAR/FRR Calculation Example
function calculateFAR(threshold, impostor_scores) {
    const false_accepts = impostor_scores.filter(s => s >= threshold);
    return false_accepts.length / impostor_scores.length;
}

function calculateFRR(threshold, genuine_scores) {
    const false_rejects = genuine_scores.filter(s => s < threshold);
    return false_rejects.length / genuine_scores.length;
}
                

Lower threshold = More convenient (lower FRR) but less secure (higher FAR). Higher threshold = More secure (lower FAR) but less convenient (higher FRR). The optimal point is the Equal Error Rate (EER).

Biometric Enrollment Protocol

1️⃣ Capture

→

2️⃣ Quality Check

→

3️⃣ Feature Extract

→

4️⃣ Template Gen

→

5️⃣ Encrypt & Store

Enrollment Steps

Step 1: Capture

Multiple samples (3-5) captured for reliability. Quality metrics: resolution, contrast, focus.

Step 2: Quality Check

NFIQ (NIST Fingerprint Image Quality) or equivalent. Reject poor quality samples.

Step 3: Feature Extraction

Extract minutiae (fingerprint), iris codes (iris), or face embeddings (face). Convert to numeric template.

Step 4: Template Generation

Combine multiple samples into robust template. Apply template protection (cancelable biometrics).

Step 5: Secure Storage

Encrypt template with AES-256. Store in secure enclave (TPM/TEE). Link to user ID.

// Enrollment Protocol Example
const enrollment = {
    capture: async () => {
        const samples = await captureBiometric({ count: 3 });
        return samples;
    },
    qualityCheck: (samples) => samples.filter(s => s.quality > 0.8),
    extractFeatures: (samples) => samples.map(extractTemplate),
    generateTemplate: (features) => combineFeatures(features),
    secureStore: (template) => encryptAndStore(template, 'AES-256')
};
                

FIDO2/WebAuthn Integration

Passwordless Authentication Flow

🌐 Client

→

🔐 WebAuthn API

→

👆 Biometric

→

🔑 Sign Challenge

→

✓ Server Verify

FIDO2 Components

1. Authenticator

Hardware (YubiKey, TPM) or platform (Touch ID, Windows Hello) authenticator with biometric sensor.

2. WebAuthn API

Browser API for registration (navigator.credentials.create) and authentication (navigator.credentials.get).

3. Relying Party

Server that verifies the signed challenge. Stores public key, never the biometric template.

// WebAuthn Registration
const credential = await navigator.credentials.create({
    publicKey: {
        challenge: new Uint8Array([/* server challenge */]),
        rp: { name: "WIA Standards", id: "wiastandards.com" },
        user: {
            id: new Uint8Array(16),
            name: "user@example.com",
            displayName: "User"
        },
        pubKeyCredParams: [{ alg: -7, type: "public-key" }],
        authenticatorSelection: {
            authenticatorAttachment: "platform",
            userVerification: "required" // Biometric required
        }
    }
});

// Send credential.response to server for verification
                

Privacy Win: Biometric data never leaves the device. Only cryptographic proof (signature) is sent to server.

Certification & Compliance

📜

ISO/IEC 19794

Biometric data interchange formats. Defines standard templates for fingerprint, iris, face.

🔒

ISO/IEC 30107

Presentation Attack Detection (PAD). Liveness detection to prevent spoofing.

🛡️

ISO/IEC 24745

Biometric template protection. Cancelable biometrics and cryptographic protection.

🌐

FIDO Alliance

FIDO2 certification for passwordless authentication. WebAuthn + CTAP protocols.

🇪🇺

GDPR Compliance

EU General Data Protection Regulation. Biometric data as special category, requires explicit consent.

🇺🇸

NIST Standards

NIST SP 800-63B for digital identity. Biometrics as authenticator assurance level (AAL).

Compliance Checklist

✅ Explicit user consent for biometric collection

✅ Secure storage with encryption (AES-256)

✅ Template protection & cancelable biometrics

✅ Liveness detection (PAD) to prevent spoofing

✅ Regular security audits & penetration testing

✅ Right to deletion & data portability

✅ Multi-factor fallback option