Biometrics 101 -  

Getting started with biometrics can be a daunting task. There are 

so many aspects to consider when choosing a biometric modality. 

Our goal with this ebook is to make that process easier by giving 

you a 101 crash course into biometrics.  

 

Below, we will walk you through what to consider when choosing 

a biometric modality and explain pros and cons of palm-vein, face 

recognition, fingerprint, iris and voice. Finally we end with some 

thoughts around privacy and sanitation. Hope you enjoy thing 

quick guide. If you have any thoughts or question let us know.    

K E Y O . C O 2 

 

 

 

 

 

 

What Makes a Good Biometric? Broadly speaking, a biometric is any measurable biological factor. 

Images, hair length, shoe size, voice pitch. However, any biometric 

that is useful for precise identification must have the following 

four qualities: 

 

   

K E Y O . C O 3 

 

Easy to collect -  

The biometric data should be easily captured 

from users without extensive training needed or 

highly specific conditions. 

 

Distinctively - 

The trait must be highly unique within 

significant populations of people. Non-distinctive 

traits lower key efficacy around identification 

speed and accuracy.  

Permanent - 

The constant nature of a trait is important. The 

more a trait changes over time, the less accurate 

it will be as a long-term identifier.  

Universal - 

Any person should possess the trait. 

 

K E Y O . C O 4 

 

  

 

 

 

 

Choosing the optimal biometric - Fingerprints, iris patterns, face patterns, heart beat, voice, 

vein patterns, behavior - these are some of the more popular 

biometrics on the market today. They are utilized for a diverse 

range of purposes including identity verification, customer 

convenience, security, anti-fraud, anti-theft, humanitarian 

response, and surveillance.  

 

Any biometric solution on the market that fulfills the four 

qualities listed above should then be compared using the 

following secondary qualities: 

 

   

K E Y O . C O 5 

 

Cost -  

The cost associated with implementing a given 

technology, related to production and shipping 

costs as well as competition in the market. 

 

Acceptability - 

How likely people are to use and trust a 

biometric technology or the user experience tied 

to it.  

Resilience - 

Quality of light, temperature, weather, or other 

environmental concerns such as the presence of 

oil or dirt should not significantly affect the 

reliability of a biometric technology.  

Safety - 

Use of a biometric technology should be safe, 

non-invasive, and hygenic. Any technology 

should provide safeguards respecting physical 

K E Y O . C O 6 

 

safety as well as personal information security. 

Legality - 

The biometric technology should comply with all 

legal restrictions and standards in the relevant 

areas of operation. 

Speed - 

The biometric technology should function 

quickly to reduce unnecessary friction at the 

point of interaction. 

 

You’ll find a helpful matrix with both sets of qualities at the end of 

this document. We hope it helps you categorize the solutions you 

are exploring. Of course these comparisons depend heavily on the 

intended use case for the technology. Palm-vein technology 

requires close proximity and so couldn’t be used for surveillance, 

for example. Similarly, facial recognition is less acceptable in 

cultures where covering the face is common practice. 

 

Now let’s dive deeper some of the biometrics modalities: 

 

K E Y O . C O 7 

 

Palm-Vein -  

Palm-vein technology is a relative newcomer to the 

biometric scene. Developed in 2011, palm-vein uses near infrared 

light to create a unique image of the blood flowing through the 

vein structure of a user’s palm.  

 

Palm-vein is nowhere close to as established as fingerprint or iris 

scans. Palm-vein has been used for years throughout Japan on the 

basis of its security, primarily by banks and at ATMs (though also 

occasionally by public libraries). The technology also expedites 

security in airports. 

 

Keyo is the only company currently building a consumer-focused 

network around palm-vein technology. We're replacing keys, 

cards, tokens, fobs, and tickets with a simple palm scan, as well as 

offering software that makes it easy to integrate palm-vein into 

existing systems. 

 

 

  

How does it work?  

K E Y O . C O 8 

 

Palm-vein technology utilizes near-infrared light and the 

hemoglobin in blood to map the internal vein structure of the 

palm. Hemoglobin bonds with oxygen molecules as blood flows 

through the lungs, distributing that oxygen to the tissues of the 

body as it continues to circulate. Deoxygenated hemoglobin, 

which is on its way back to the lungs, absorbs light in the near 

infrared range at roughly 760nm. Palm-vein technology measures 

those deoxygenated blood flow patterns, registering 

approximately 5 million distinct points of reference. 

 

Vein structure is unique to each individual and remains 

highly stable throughout the lifespan. Like with fingerprint whorls, 

patterns are determined by environmental factors in-utero and so 

are unique between twins. Since it is internal, palm-vein 

signatures are less susceptible to surface injury or contamination 

than are other biometrics such as fingerprint or palmprint. It is 

also virtually impossible to spoof using a flat image or a 3D model, 

unlike facial recognition, iris, or print, which are frequently 

“tricked” with copied biometrics. 

 

 

Upsides -   

Use of the Keyo terminal is very fast, it involves a .2 second, 

contactless scan of a palm, a motion that is both easy and 

K E Y O . C O 9 

 

acceptable in diverse cultures and contexts. The technology is 

relatively more accurate than other similar biometric technologies. 

The following table compares several biometric on their False 

Acceptance Rate (FAR) and False Rejection Rate (FRR). These 

indicators define the security level of a biometric system (FAR) and 

the usability of a biometric system (FRR). 

 

 

 

 

 

K E Y O . C O 10 

 

 

 

 

FAR = false acceptance rate: The probability that 

the system incorrectly matches the input pattern 

to a non-matching template in the database. It 

measures the percentage of invalid inputs which 

are incorrectly accepted.  

FRR = false rejection rate: The probability that the 

system fails to detect a match between the input 

pattern and a matching template in the 

database. It measures the percentage of valid 

inputs which are incorrectly rejected.  

In the case of Keyo, the probability of an 

unauthorized person falsely gaining access (FAR 

case) is about 0.00001%. And the probability of an 

authorized person being incorrectly denied 

access is about 0.01% (valid for 1:1 verification)  

 

 

 

K E Y O . C O 11 

 

 

Downsides -  

As indicated above, palm-vein technology is limited by 

proximity. The angle of the scan must also fall within a certain 

range, and the scanner must capture the entire palm. Therefore, 

the user must be near the terminal, presenting her palm forward.  

 

When applied to a user-focused, consent-driven network, 

however, these technological limitations should make palm-vein 

significantly more acceptable than competing biometrics. The 

motion provides a moment of friction commensurate with what 

users would wish during a transaction, and it also requires a 

measure of consent. A user must choose to scan, versus passive 

identification that is possible with biometrics external to the body. 

 

 

   

K E Y O . C O 12 

 

Facial Recognition -   

There’s something inherently appealing about Facial 

Recognition as a biometric. It’s the one humans typically use to 

identify each other, so there’s a strong convenience factor. There’s 

a long-standing tradition of registering the face as a biometric 

(think drivers licences and mugshots). Faces are also tied more 

closely to identity than say a hand or an eye. A retinal pattern may 

be unique, but it doesn’t speak to who we are and how we see 

ourselves in the same way a face can. 

 

How does it work?  

Newer facial recognition technology uses 3D scanners to 

register an image, making it viable under diverse lighting 

conditions and from various angles. Images work best if registered 

under ideal conditions initially. For secure systems a liveness test 

might also require subtle movements in the face like blinking. 

Though the technology is advancing quickly, facial recognition is 

still significantly behind the competition in terms of accuracy. It 

has the highest false acceptance rate (FAR) of any of the options 

we’ll be covering here, at 1.3%, and also the highest false rejection 

rate (FRR) at 2.3%. Liveness tests typically increase the FRR beyond 

that baseline. 

K E Y O . C O 13 

 

 

Upsides -   

Facial recognition is familiar, acceptable, even broadly 

appealing on its surface. With a large enough scanner and good 

lighting conditions during registration, the high-end options 

provide significant security, especially in conjunction with other 

forms of verification.  

 

Downsides -   

By far the most damning critiques of facial recognition 

technology center not around security but possible infringements 

on privacy and consent.  

Certain information can be inferred from facial scans which 

people may be less than fully comfortable sharing without explicit 

consent. A recent Stanford University study found that a deep 

neural network could learn to accurately detect sexual orientation 

from 2D facial images. The computer program was 91% accurate 

for men and 83% accurate for women, given five images. The 

authors of the study saw a “threat to the privacy and safety of gay 

men and women” exposed by their findings. A 2016 study found 

that a deep neural network could learn to identify individuals with 

criminal records with 89.5% accuracy given only facial images. The 

K E Y O . C O 14 

 

face can also potentially reveal certain medical information we 

may not be comfortable casually associating with identity, such as 

certain neurological or chromosomal diseases. With so much 

camera technology already in place around the world, critics fear 

facial information could be too easily accessible without an 

individual’s consent. 

 

In the near future we can expect facial recognition 

technology to make significant strides and probably to stay 

popular, but concerns about privacy and consent should only 

continue to increase as well. 

 

 

   

K E Y O . C O 15 

 

Fingerprint -   

Of all the biometric modalities, fingerprint has the longest history 

and the most established infrastructure. Fingerprints are universal, 

unique, widely acceptable, fairly permanent (they wear and scar), 

familiar, and convenient. The biometric is usually registered as 

part of an authentication system, including in most smartphones, 

as well as part of an official identity in large government-funded 

databases such as the FBI database and India’s Aadhaar program. 

In general, modern fingerprint scanners have a FAR of 0.001% and 

a FRR of 0.1%,  

 

How does it work -    

There are a handful of different types of fingerprint scanner. 

I’m only going to touch briefly on three: capacitive, which can be 

found in 99% of smartphones, optical, and ultrasonic. Low-tech ink 

rolled images are also still widely collected, for example by local 

police departments; and I mention that here only to dismiss it as 

almost uselessly inaccurate, despite the best efforts of TV police 

dramas. While none of these types have proven immune to 

spoofing, they are often good enough for their purposes. 

 

K E Y O . C O 16 

 

Capacitive -  

 

The system works by using electrical charge to measure the 

ridges and valleys of the fingerprint to form a 3D model. Because 

of the proximity required between fingertip and sensor, capacitive 

scanners won’t work through glass or plastic. They also have 

trouble with surface grime and oil. They are relatively inexpensive. 

As previously mentioned, capacitive systems dominate the current 

market. 

 

A study by New York University and Michigan University 

recently found that generic “masterprints” could be created which 

would unlock 65% of smartphones. Still, in the absence of a 

fingerprint reader, many smartphone users might not lock their 

phones at all, for convenience.  

 

Optical -  

 

The system registers a high definition 2D image of the 

fingerprint. Unlike capacitive scanners, these can be spoofed with 

2D images, though spoofers would likely also need to circumvent 

a liveness test. Optical sensors work through glass and plastic and 

despite dirt, grime, and oil on the surface of the fingertip. 

Currently optical sensors control a negligible percentage of the 

market for consumer products like laptops and smartphones. 

K E Y O . C O 17 

 

 

Ultrasonic -  

 

The system uses soundwaves to form a 3D image of both the 

surface and subsurface of the fingertip, using technology similar 

to an ultrasound during a pregnancy. It registers the most raw 

data of the three types, making it theoretically the most accurate 

but also greatly increasing the cost. 

 

 

Upsides -   

Cheap, familiar, broadly-acceptable, and well-established. 

 

 

Downsides -   

Fingerprints are strongly associated with criminal 

background, and not all fingerprinting technologies are equally 

accurate. Older methods often require rolling and pressing to get 

a complete image, which produces unpredictable distortions and 

noise.  

A 2005 study found that even fingerprint experts employed 

by the US criminal justice system had only a 44% success rate in 

K E Y O . C O 18 

 

matching a set of fingerprints to an individual, despite having all 

ten fingers and thumbs for comparison. And because of the 

widespread use of fingerprinting by governments, providing this 

biometric can be a requirement for exercising important political 

and economic rights, for example in certain Indian states, or for 

traveling to certain countries. 

Fingerprint verification is not accurate enough by itself for 

security purposes. 

 

 

   

K E Y O . C O 19 

 

Iris -  

Iris recognition is an automated method of biometric 

identification that uses mathematical pattern-recognition 

techniques on video images of one or both of the irises of an 

individual's eyes, whose complex patterns are unique, stable, and 

can be seen from some distance. 

 

How it Works -   

Iris scanners use near infrared light to photograph the ridge 

pattern of the iris, a pattern both unique and complex enough to 

be quite secure. The technology is well-established. Iris scans can 

be spoofed by high-definition images and models, and so require 

an additional liveness test. The FAR and FRR values come in at a 

respectable 0.0001% and 0.01%  

 

Upsides -   

Iris patterns are unique and remain stable throughout life 

(with the exception of severe eye damage, intraocular lens 

implants, glaucoma, or cataracts). Once registered, verifying iris 

information is quick and easy. Iris scans can conveniently identify 

people wearing the naqab (burka) or other face veils. Production 

K E Y O . C O 20 

 

and supply chains are already established. The technology makes 

up for many of the defects of fingerprint scanning, so the two are 

often used in conjunction to increase accuracy and security. 

 

 

Downsides -   

Initial registration typically requires multiple scans, which can 

be uncomfortable or annoying. In practice, the machines can be 

annoying to adjust for different heights. Cheaper commercial 

versions can be fooled with a high-definition image. 

 

Controversy surrounding iris scanning revolves mainly 

around privacy and consent, for two main reasons. First, providing 

iris information is essentially compulsory for many people. In parts 

of India, for example, exercising voting rights or collecting a 

pension requires registration in the Aadhaar program. Law 

enforcement agencies in many countries regularly register iris 

information as a matter of protocol, without soliciting consent. 

Second, several institutions claim to have developed long-range 

iris scanners. While some laud its usefulness for law enforcement, 

with the potential to find missing persons or prevent human 

trafficking, others point to its potential for covert identification and 

police-state repression. 

 

K E Y O . C O 21 

 

   

K E Y O . C O 22 

 

Voice -  

Voice biometrics are used in a number of different ways, for 

convenient authentication, at call centers, for help desk 

automation, as part of security system, and as a police 

investigative tool. At Keyo we use it for customer support. We 

verify the identity of callers during support requests to further 

ensure we are only divulging any sensitive information to those 

who should have it. For that service we use Fujitsu’s 

Biometrics-as-a-Service (BIOaaS). 

 

 

How it works -   

It registers basic information related to a person’s physical 

vocal tract - the shape of the larynx, mouth, and nose. This 

information is conveyed by the waveforms of a person’s voice. It is 

difficult, though not impossible, to disguise, and remains constant 

regardless of language or content. Voice biometrics are used 

primarily for authentication. They are roughly as accurate as 

fingerprint technology, and even more so if the user is saying a 

preassigned phrase. 

K E Y O . C O 23 

 

 

Upsides -   

Identity can be conveniently verified over the phone. 

Emergency services such as 911 can identify voices during 

emergency situations. The addition of voice print technology can 

improve security systems.  

 

Downsides -  

Voice biometrics are incredibly easy to give without consent. 

Anyone who has ever given a recorded speak or posted a public 

video could theoretically be identified without her knowledge 

using her voice biometric. Agnitio’s VoiceID only needs 7 seconds 

of speech for identification. As with fingerprint, iris scan, and 

especially facial recognition technology, there is a need for greater 

restrictions and guidelines to protect privacy and guarantee 

consensual identification. 

 

   

K E Y O . C O 24 

 

Privacy and Consent -  When dealing with biometrics privacy, consent and accuracy 

are a big consideration. When biometric data is compromised by 

overbearing governments or malicious actors, it can be easily used 

in conjunction with existing camera networks for dangerous levels 

of citizen surveillance and invasion of privacy.  

 

External biometric identificators, such as iris, face, fingerprint 

and voice often can often be captured and collected without a 

person’s knowledge or consent. This poses serious areas of 

concern, both from a security perspective as well as privacy. Under 

Europe’s GDPR and similar legislations in the US, capturing 

biometric data from users without “informed consent” is fineable 

at tens of thousands of dollars per infraction. Unfortunately, there 

is no way to guarantee with external biometric that this will not 

happen.  

 

A truly secure and private biometric identity system should 

require explicit interaction in order for identification to take place. 

This is why after reviewing all biometric modalities Keyo chose 

palm-vein.  

 

 

 

K E Y O . C O 25 

 

Built on trust - Keyo Inc, offers a broad, user-centered, and consent-driven 

biometric identity network, grounded in the safety and security of 

palm-vein biometric technology. We are building a company that 

reflects the world in which we want to live - one that brings the 

convenience and security of biometrics without compromising 

privacy, data security, and personal freedom.  

 

 

 

Learn what we can do for you 

Schedule a demo - 

keyo.co/schedule-demo 

Visit us at - www.keyo.co  

Find us in Twitter / Linkedin / 

Instagram / Facebook - @onlykeyo   

 

K E Y O . C O 26 

 

The Perfect Biometric  

Solution Matrix - 

 

  Keyo  #2  #3  #4  #5  #6  #7  #8 

Easy to collect                  

Distinctive                  

Permanent                  

Universal                  

Cost                  

Acceptability                  

Legality                  

Resilience                  

Safety                  

Speed                  

  

K E Y O . C O 27