T2 Biometric Configuration
T2 Biometric Configuration
Overview
The T2 device contains a capacitive fingerprint sensor and a camera that can be used for face identification (which we have termed Faceprint).
Both technologies store the biometric data in templates, which are numeric representations of the structure of the finger or face.
The Device and Access Manager web portal offers several settings to configure the use and behaviour of biometrics in the system, including tuning the system to better fit your own site’s requirements.
Enabling or disabling biometrics
Biometrics at each T2 device can be enabled or disabled from the main Terminal settings screen – just click the relevant icon to enable or disable fingerprint or faceprint. The image below shows fingerprint and proximity reader enabled, with faceprint disabled.
Both fingerprint and faceprint can be configured to work automatically, and clock users in or out as soon as they either touch the fingerprint sensor or are spotted by the camera. This is often referred to as Toggle clocking, and allows contactless clocking in the case of faceprint.
Using this setting will not affect the accuracy of the biometric technologies, but obviously increases the risk of clockings going through with an incorrect direction – for example, if a user forgot to clock in when they arrived at work, then their clocking when leaving will be incorrectly assigned as In. In the case of faceprint, it also increases the risk of the unit unwittingly spotting users walking past the unit.
Use the Auto-detect clocking direction option under either Fingerprint settings or Faceprint settings to turn this feature on or off.
Fingerprint configuration
Security level
We provide a setting to control the behaviour of the fingerprint matching algorithm, which decides whether a finger is an acceptable match to a user. The Security level setting can be adjusted from Low to High.
A low security level will make it easier for a user to get their finger accepted, but with the trade-off of lower accuracy, making it more likely that fingers will be incorrectly identified as another user, causing clockings to go through as the wrong person.
Conversely, a high security level will reduce the chance of a user being incorrectly identified, but at the cost of making it trickier for users to get their fingers accepted.
See the Accuracy and performance section for details on the effects of different values chosen here.
Troubleshooting
If a particular user is having trouble clocking using their fingerprints, re-enrolling is the best course of action. Try using other fingers when enrolling, and make sure you can successfully test the enrolments.
If after re-enrolling they are still unable to clock, they may need to use either faceprint or proximity card instead – a small proportion of the population just don’t have enough detail in their fingerprints to identify them.
Faceprint configuration
The faceprint identification offers more configuration options, due to the variability in performance of cameras in different lighting conditions, different distances to faces, changing backgrounds, etc.
Waking the device
The first block of settings concern waking the device with a face – Auto wake settings. Use wake on movement to get the device to leave the screensaver and go to the home screen when it detects movement in front of it. 0 will disable waking on movement, otherwise increasing the value will require greater movement to wake the device.
Require a face for auto wake will require a face to be detected in the camera view for the device to wake up automatically – a useful option if the device is located in a busy place and is constantly waking up. Use Detection range to adjust how close the face must be for the device to wake up.
If you don’t want the device to wake up automatically at all, and instead require a touch of the screen to dismiss the screen saver, leave both Wake on movement and Require a face for auto wake disabled.
Face identification
The face identification can be configured, both to control when a face is detected, and the security settings.
Use Detection range to choose how far away a face must be to be identified. Selecting Far will mean faces can be picked up while far away from the reader, while Close will require them to be much closer. Detecting faces far away may make the T2 seem more responsive, but at the cost of increasing the risk of accidental clockings. This setting will increase the amount of data captured, which may also help in difficult lighting conditions, but at the cost of increasing processing requirements – face matches may take longer to process than when a closer setting is chosen.
Use Security level to control the balance between ease of use and high accuracy – see the description above under Fingerprint configuration. See the Accuracy and performance section for details on the effects of different values chosen here.
Troubleshooting
If you find the device is failing to spot faces when they are presented, try increasing the value of Detection range to increase the amount of data available from the camera. If users are normally toggle clocking, try selecting Clock in or Clock out explicitly when testing this – you will see a box drawn around the face when it has been successfully located.
If you are experiencing issues with one user being identified as another, try selecting a higher security level. You can also try re-enrolling one or both affected employees. If the issue continues, consider using fingerprint or proximity cards for these employees.
Face liveness
The T2 includes a system to reduce the chances of “fooling” the face recognition by using photos of other users. Turn this on using the Liveness check option in the portal.
When it is enabled, users will be required to enrol both their normal “forwards” face, but also to look both left and right and capture data about their gaze directions. When subsequently clocking, they will be prompted randomly to look either left or right, and they must do so before the clocking will be accepted.
The level selected will affect how stringent the liveness check is. Weak will require the turning of the head, but is quick and easy to do – at the trade off of being easier to fool. On the other hand, Strong requires much more distinct head turns, which provides more robust detection of real faces, but takes longer and is a trickier process for the user to master.
Troubleshooting
Liveness checks will always result in users taking longer to clock – this may be a particular concern at busy terminals.
If you are finding users are failing to enrol or clock successfully when liveness is enabled, try guiding them through the process in person. They need to turn their head when prompted and hold it in position once turned. It can be tricky to get right the first time, but once they get used to the process they should be OK.
Enrolling and clocking is much easier on Weak than Strong – consider using lower values unless you have observed issues with the system being attacked using images of users.
Face liveness is designed to work with static photo attacks, it can not prevent users using either 3D face masks, or video streams. If you have concerns about users going to these lengths, consider using fingerprint.
Accuracy and performance
Terminology
Configuring biometric performance is a trade-off between two values, the False Accept Rate (FAR) and the False Reject Rate (FRR).
The FAR measures the number of false accepts you can expect – the probability of an unknown user being identified as a known user, or of one user being identified as another.
An FAR of 0.01% means that 0.01% (or 1 in 10,000) of identifications could be expected to return the wrong user.
The FRR measures the number of false rejects you can expect – the probability of a known user presenting their finger or face to the T2 but the system failing to identify them.
The FRR is generally expected to be significantly higher than the FAR, because it is much lower impact – if a user has their own finger rejected, they can try again. But if a finger was identified as the wrong person, some incorrect data will have been stored in the system.
We can’t give statistics for FRR, as it will vary so much according to enrolment quality, lighting, environmental conditions, etc. But we do have figures supplied by our biometrics partner for FAR, which can help inform choice of security level.
Fingerprint
Our fingerprint security levels are chosen to allow the FAR to be set at acceptable values on large datasets. The table below shows approximate FAR values for given security levels and user counts.
Note that our provider was unable to measure any false accepts beyond 0.0001% FAR, these values returned no false accepts in their testing.
Note also that numbers are provided to the nearest power of 10 – the underlying thresholds used means that a higher security level, or a smaller database, will always provide better FAR numbers even if the percentages in the table look the same
Security level | FAR - 100 users | FAR - 1000 users | FAR - 10000 users |
1 | 0.1% | > 0.1% | 1% |
2 | 0.01% | 0.1% | 0.1% |
3 | 0.001% | 0.01% | 0.01% |
4 | 0.0001% | 0.001% | 0.001% |
5 | < 0.0001% | < 0.0001% | < 0.0001% |
FAR of 0.1% means one false accept per 1,000 uses. FAR of 0.0001% means one false accept per 1,000,000 uses.
Faceprint
The below table is calculated the same way as the fingerprint table above. For face identification, we only have data available from the larger 10000 user database. Smaller databases will return better FAR scores than larger ones.
Note that our provider was unable to measure any false accepts beyond 0.01% - these values returned no false accepts in their test dataset.
Security level | FAR - 10000 users |
1 | 1% |
2 | 0.5% |
3 | 0.25% |
4 | 0.1% |
5 | < 0.01% |
Choosing a security level
While we can’t give precise numbers, we know that the FRR will rise as the FAR falls. So the higher the security level you choose, the more of your users will be getting rejected when they attempt to clock. This may be in the form of being rejected once then accepted the next time, or it may be that some users are unable to clock at all.
For most systems, you should choose a value that prevents incorrect clockings being recorded, while causing the minimum disruption to your users. As the tables above show, this could mean choosing lower security levels for sites with fewer enrolled users and higher levels for sites with many enrolled users.
If misidentifications are totally unacceptable, then select a high security level regardless of site size, but be aware that it may take users longer to clock.
Alternatively, you may decide that resolving a few erroneous clockings is an acceptable trade off for having all of your users identified first-time when they try, reducing queuing at the device.
Choosing fingerprint or face
Security
As the Accuracy section above, demonstrates, fingerprint identification provides a more secure solution than faceprint – there is simply more data in a fingerprint to uniquely identify a user.
Fingerprint readers are also better able to distinguish a “real” user from an attempt to impersonate a user. While we have provided liveness detection for face, it will still be harder to fake another user’s fingerprints than their face.
Speed
Which technology is faster will vary by use case. The template extraction and identification process itself takes almost the same amount of time for fingerprint and faceprint, so the way the device is used will make the difference.
In good lighting conditions, and with liveness disabled, it’s likely to be faster to use faceprint to clock. The act of presenting the finger and getting the positioning right is likely to take longer than detecting the face.
However, if face liveness is turned on, face clocking will take longer the fingerprint due to the extra steps required.
Ease of use
As above, in good conditions and with liveness disabled, faceprint clocking is going to be easier to use without training.
If liveness is turned on, or lighting conditions aren’t good, it may become more awkward to use faceprint successfully.
Fingerprint clocking is more invariant with conditions – it may require a little practice to get the finger positioning right initially, but apart from that it will always be the same, making it a very straightforward process.
However, if users can be expected to be wearing gloves, or carrying things, then fingerprint may be more awkward.
If contactless clocking is important, then obviously that can’t be achieved with fingerprint – either faceprint or proximity cards will be required.
Biometric data protection
Fingerprints and faceprints are stored as templates, essentially a numeric representation of the image that was captured. It is not possible to reconstruct the original image from the template. We never store the original image or transmit it anywhere from the T2.
The extracted templates are stored in an encrypted database on the device, then transmitted over a secure encrypted connection to the web portal, where they are stored in another encrypted database for distribution to your other T2s.
For more details, see the document T2 – Biometric FAQs.
