Biometric Systems of Identification and Their Relevance
Biometrics: physiological vs behavioural modalities, FAR/FRR/EER, AFIS, UIDAI Aadhaar, CrPC (Identification) Act 2022.
Last updated:
Biometric systems identify or verify individuals by measuring unique physiological traits (fingerprint, iris, DNA) or behavioural traits (voice, gait, keystroke dynamics). A usable biometric must satisfy seven properties: universality, uniqueness, permanence, collectability, performance, acceptability, and resistance to circumvention. Systems operate in two modes: verification (1:1 match against a claimed identity) and identification (1:N search across a database). In India, Aadhaar with 1.3 billion enrolments is the largest deployed multimodal biometric system, and the Criminal Procedure (Identification) Act 2022 governs law-enforcement collection of biometric measurements.
Biometric systems of identification are one of the smaller but more modern bullets of forensic science, and examiners like them because every concept compresses to a clean. The syllabus asks you to recall what counts as a biometric, what makes a trait usable as one, how the major modalities compare, how a system actually works end to end, and where biometrics sit in Indian forensic and statutory practice (Aadhaar, AFIS, the Criminal Procedure (Identification) Act 2022).
Treat this as a definition-plus-comparison topic. Memorise the seven properties of a good biometric, the physiological-versus-behavioural split, the four core performance metrics (FAR, FRR, EER, ROC), and the two India-specific statutes that frame the whole field. The voice, fingerprint and gait modalities each have their own dedicated examiners topics; this page is the umbrella that ties them together.
By the end of this topic you will be able to:
- Classify biometric modalities as physiological or behavioural and give at least three examples of each.
- Define FAR, FRR, EER, and DET curve, and explain the threshold trade-off between them.
- Distinguish verification (1:1) from identification (1:N) and give a real-world example of each.
- Describe the enrolment-to-decision pipeline common to all biometric systems, including template storage, matching, and liveness detection.
- Explain the scope of the Criminal Procedure (Identification) Act 2022 relative to the Identification of Prisoners Act 1920, and summarise the Puttaswamy judgments' effect on Aadhaar.
- Biometric
- Any measurable physiological or behavioural trait used to identify or verify an individual. Falls in the 'something you are' authentication category, distinct from 'something you know' (password) and 'something you have' (token, smart card).
- Physiological biometric
- Trait rooted in body structure: fingerprint, iris, retina, face, palm print, palm vein, hand geometry, ear shape, DNA.
- Behavioural biometric
- Trait rooted in learned action: voice, gait, signature dynamics, keystroke dynamics, mouse movement.
- Enrolment
- First-time capture of a biometric, feature extraction, and storage of the resulting template in the system database.
- Verification (1:1)
- Matching a fresh sample against ONE stored template tied to a claimed identity. Used to unlock a phone or authenticate a payment.
- Identification (1:N)
- Searching a fresh sample against EVERY template in the database to find a match. Used by AFIS to hit a chance print against the criminal record store.
- FAR / FRR / EER
- False Acceptance Rate (imposter wrongly accepted), False Rejection Rate (genuine user wrongly rejected), and Equal Error Rate (operating point where FAR = FRR). Lower EER means a better system.
- Presentation Attack Detection (PAD)
- Liveness checks that block spoofing with fake fingers, photos, iris printouts or cloned voice. Evaluated under ISO/IEC 30107.
What counts as a biometric and the seven properties
A biometric is any measurable physiological or behavioural trait that can identify or verify an individual. In authentication theory it sits in the "something you are" bucket, alongside "something you know" (password, PIN) and "something you have" (smart card, OTP token). Biometrics carry a permanent risk: if the template database leaks, you cannot reset your fingerprints the way you reset a password.
Seven properties define whether a trait is usable as a biometric.
- Universality. Every person in the target population has the trait. Fingerprint fails this for amputees; iris is closer to universal.
- Uniqueness. The trait differs sufficiently between any two people. Iris beats face geometry.
- Permanence. The trait is stable over time. Iris is permanent from about 1 year of age; face changes with ageing and weight; voice shifts with puberty and illness.
- Collectability. The trait can be captured by a sensor with reasonable cooperation. DNA is highly unique but not collectable in real time.
- Performance. Acceptable accuracy and speed under realistic conditions. Captured by FAR, FRR and throughput.
- Acceptability. Users are willing to submit the trait. Retina scanning fails because the user must press an eye to the scanner.
- Circumvention. Resistance to spoofing. Voice and 2-D face are easy to clone; iris and fingerprint with PAD remain harder.
A trait that scores well on all seven is rare. Real systems trade off, which is why multimodal biometrics have grown.
Physiological vs behavioural modalities
The primary classification divides biometrics into physiological versus behavioural. Physiological traits come from body structure and are usually more stable; behavioural traits come from learned action and tend to drift more.
Physiological: fingerprint (the global default, see fingerprint history and classification), iris, retina, face, palm print, palm vein, hand geometry, ear shape, finger vein, DNA.
Behavioural: voice (see voice analysis and speaker identification), gait (see track marks and gait), signature, keystroke dynamics, mouse movement.

The major modalities, briefly.
Fingerprint. Minutiae-based (ridge ends, bifurcations). Global default for civil and criminal use. Cheap sensors, decades of legal precedent, deep AFIS infrastructure.
Iris. Random pigmentation pattern of the iris muscle, captured under near-infrared light. The Daugman algorithm (1993) encodes the pattern as a 256-byte IrisCode and matches by Hamming distance. FAR of about 10 to the minus 6 makes iris the highest-confidence non-DNA modality. Part of the UIDAI Aadhaar capture stack.
Retina. Blood-vessel pattern at the back of the eye. Very high accuracy but invasive (the user must press the eye against a scanner), so rarely deployed outside high-security defence sites.
Face.2-D systems (FaceNet, DeepFace) work on selfie cameras and CCTV. 3-D systems use structured light or time-of-flight (Apple Face ID) to map depth and resist photo spoofs. Performance drops with age, lighting, occlusion and mask wear.
Palm print and palm vein. Palm print mirrors fingerprint at larger scale. Palm vein (Fujitsu PalmSecure) uses near-infrared to image subcutaneous vein pattern, contactless, common in banking.
Hand geometry. Older modality used at airport access gates in the 1990s and 2000s. Declining.
DNA. Most individuating biometric known, but slow, invasive, sample-dependent. Gold standard for evidence, not real-time access. See the DNA structure, extraction and STR profilingtopic.
Voice (speaker recognition). Captures formant structure with MFCC features and matches against a GMM or DNN model. Text-dependent versions use a fixed pass phrase; text-independent versions work on any utterance.
Gait. Walking signature from CCTV video. Useful when the face is covered.
Signature. Static (offline image) or dynamic (online pressure, speed, pen tilt). Used in banking onboarding.
Keystroke dynamics. Typing rhythm captured as dwell time (key held) and flight time (gap between keys). Used as a continuous-authentication second factor.
System architecture: enrolment, verification, identification
Every biometric system, regardless of modality, runs the same three-pipeline architecture.
- Enrolment. The sensor captures a raw sample. A feature-extraction module reduces it to a compact template (minutiae list for fingerprint, IrisCode for iris, MFCC vector for voice). The template is stored in a database alongside the user identifier. Raw samples are usually discarded for storage and privacy reasons.
- Verification (1:1). The user claims an identity (Aadhaar number, card, username). The system captures a fresh sample and compares it against ONE stored template. The match score is thresholded into accept or reject. Phone unlock is the canonical example.
- Identification (1:N). No identity claim. The system captures a fresh sample and searches every template in the database for the best match. AFIS does this when an investigating officer uploads a chance print.
Verification is fast. Identification scales poorly with N: as the database grows, coincidental matches grow with it, which is why mass-surveillance facial recognition has poor real-world precision even with an accurate matcher.
- CaptureSensor records raw biometric (fingerprint image, iris near-infrared photo, audio sample).
- Feature extractionAlgorithm reduces raw data to a compact template (minutiae list, 256-byte IrisCode, MFCC vector).
- Storage or matchingOn enrolment, template is stored. On verification or identification, template is compared against the database with a similarity score.
- DecisionScore is thresholded. Above threshold = accept (match), below = reject (no match). Threshold setting determines FAR / FRR trade-off.
Performance metrics: FAR, FRR, EER, ROC, DET
Performance metrics are the core quantitative vocabulary of biometric evaluation.
- False Acceptance Rate (FAR). Probability that an imposter is wrongly accepted. Per-comparison variant is False Match Rate (FMR).
- False Rejection Rate (FRR). Probability that a genuine user is wrongly rejected. Per-comparison variant is False Non-Match Rate (FNMR).
- Equal Error Rate (EER). Operating point where FAR equals FRR. A single scalar that ranks systems: lower EER, better matcher.
- ROC curve. Receiver Operating Characteristic. Plots True Acceptance Rate against FAR as the decision threshold sweeps.
- DET curve. Detection Error Trade-off. Plots FRR against FAR on log-log axes. Preferred over ROC because it makes small differences at low error rates readable.
The trade-off is fixed. Lowering the threshold makes the matcher more permissive (FAR rises, FRR falls); raising it does the opposite. A consumer phone tolerates higher FAR (convenience), a border-control gate tolerates higher FRR (security).

Other terms:Failure to Enrol (FTE)rate (users whose biometric cannot be captured at all, e.g., manual labourers with worn-smooth fingerprints) and Failure to Acquire (FTA)rate (attempts where the sample is too poor to process).
Spoofing, presentation-attack detection and multimodal systems
A biometric system that ignores spoofing fails on the seventh property (circumvention). The classical attacks are well documented.
- Fingerprint spoofs. Silicone, gelatin or wood-glue moulds lifted from a latent print. Early commercial sensors were defeated by silicone casts as early as 2006.
- Face spoofs. Printed photo, video replay, 3-D mask. Deepfake video makes remote onboarding particularly vulnerable.
- Iris spoofs. High-resolution printouts behind a contact lens to reproduce corneal curvature.
- Voice spoofs. Recorded playback against text-dependent systems, voice cloning and modern TTS against text-independent systems. Generative audio synthesis has significantly increased the difficulty of voice anti-spoofing since 2022.
The countermeasure is Presentation Attack Detection (PAD)also called liveness detection. Common PAD techniques include pulse and blood-flow detection on a fingerprint or finger-vein sensor, sweat-pore micro-pattern checks on fingerprint, 3-D depth checks on face, eye-blink and head-movement challenge for face, and random-phrase challenge-response for voice. PAD evaluation is standardised under ISO/IEC 30107.
Multimodal biometrics combine two or more modalities (face plus fingerprint, fingerprint plus iris). Accuracy goes up because the joint error rate is lower than either single matcher, and spoof resistance goes up because an attacker has to defeat all modalities at once. UIDAI's Aadhaar capture stack (10 fingerprints, 2 iris, face) is the world's largest multimodal biometric system.
Forensic relevance and Indian institutional context
Biometrics matter to forensic science because they connect a person to a trace, a recording, or a record. The Indian institutional map runs along four lines.
Fingerprint and AFIS. The NCRB Central Fingerprint Bureau (Delhi) and state Finger Print Bureaux runNAFIS(National Automated Fingerprint Identification System), launched 2022. Chance prints lifted from a scene are searched 1:N against the database. See the fingerprint development, lifting and AFIS comparisontopic for the matching workflow.
Face and Automated Facial Recognition System (AFRS). NCRB floated the AFRS tender in 2019 for a national face-matching system, rolled out at airports and railway stations. State police forces (Delhi Police via Innefu Labs, Telangana Police, UP Police) run their own pilots on CCTV feeds, with mixed accuracy in low-base-rate conditions.
Voice biometrics. Used in ransom-call investigations, NIA terror cases, and disputed-recording matters. CFSL audio-forensics units run aural-spectrographic and automatic speaker recognition workflows.
Iris and gait. Iris is used at airport immigration pilots and Aadhaar eKYC. Gait identifies masked or hooded suspects from CCTV when the face is not visible (see the track marks and gaittopic).
Outputs from all of these get tendered under the Bharatiya Sakshya Adhiniyam 2023with Section 39 expert opinion and Section 63 electronic-record certification. Continuity from sensor to court depends on a clean chain of custodyfor every biometric exhibit. Digital handling of biometric devices follows the BNS 2023 cyber and BSA 2023 electronic-evidenceframe.
Aadhaar (UIDAI), the Criminal Procedure (Identification) Act 2022 and privacy
Two statutes anchor the Indian biometric landscape.
Aadhaar and UIDAI. Aadhaar is the world's largest biometric ID system with about 1.3 billion enrolments. Each resident submits 10 fingerprints, 2 iris scans and a face photo. Two authentication modes: a Yes/No 1:1 biometric check for service delivery, and eKYC for full demographic disclosure with consent. The Aadhaar Act 2016 is the enabling statute. Section 57 (private-sector use) was struck down in Puttaswamy v. Union of India (2018, Aadhaar judgment)which upheld Aadhaar for state welfare delivery but restricted private use.Puttaswamy v. Union of India (2017)recognised the Right to Privacy as a fundamental right under Article 21, the doctrinal foundation for every Indian biometric-privacy challenge since. The Aadhaar and Other Laws (Amendment) Act 2019 codified the post-2018 restrictions.
Criminal Procedure (Identification) Act 2022.Replaces the colonial-era Identification of Prisoners Act 1920. Empowers police to take measurements (fingerprints, palm prints, footprints, photographs, iris and retina scans, biological samples, behavioural attributes including signature and handwriting) from convicted, arrested or detained persons. Scope is much wider than the 1920 Act, which was limited to fingerprints and footprints. NCRB is the designated central repository. Critics (Internet Freedom Foundation, SFLC.in) argue the Act allows function creep and disproportionate collection on arrestees.
Privacy and limits. The Digital Personal Data Protection Act 2023 (DPDP Act)treats biometric data as a category requiring stronger protection. Key limits: irrevocability (you can change a password, not your fingerprint), ageing effects on face and voice, injury effects on fingerprint and palm, exclusion harm in public-distribution systems where authentication failures deny services to genuine beneficiaries, and the low-base-rate problem in mass surveillance where even a 99% accurate matcher generates a flood of false positives at city scale.
What are the seven properties of a good biometric?
What is the difference between verification and identification in a biometric system?
What do FAR, FRR and EER mean and how are they related?
What does the Criminal Procedure (Identification) Act 2022 change for Indian biometric collection?
Why is iris considered one of the most accurate biometric modalities?
Test yourself on UGC-NET Forensic Science with free, timed mocks.
Practice UGC-NET Forensic Science questionsSpotted an error in this page? Report a correction or read our editorial standards.