# Biometric Target

Documentation related to the Biometric Target and its behavior.\
This functionality is available only from GBDS version 5.

## Behavior

### On any enroll/update

If a transaction does not have "origin", which means there is no label referring to a source organization, the transaction will have, for exception purposes, origin of higher-level organizations.

{% hint style="info" %}
Example: A transaction registered in an environment with organization `ori_griaule` as a higher-level organization (without a parent organization), will have `ori_griaule` as origin
{% endhint %}

### In exception generation

{% hint style="info" %}
CSI means Simplified Nonconformity Cycle. It is a system used to evaluate biometric data, determining whether a biometric candidate is HIT, NO\_HIT or UNCERTAIN based on specific thresholds during enrollment or updates. A candidate is marked as HIT if its match is above the CSI threshold, NO\_HIT if it is not, and UNCERTAIN if its match is below the threshold.
{% endhint %}

{% hint style="info" %}

* Finger hit: all matches for fingers reach minimum biometric count

* Finger No Hit: all finger non-matches reach minimum biometric count

* Face hit: all matches for face

* Face No Hit: all face non-matches reach minimum biometric count
  {% endhint %}

* Each candidate will be marked as HIT, NO\_HIT, or UNCERTAIN
  * If the biometric candidate is not a match, it will be a NO\_HIT
  * If the biometric candidate is a match with a value below the CSI threshold it will be UNCERTAIN, according to enroll/update and finger/face settings
  * If the biometric candidate matches with a value above the CSI threshold, it will be a HIT, according to enroll/update and finger/face settings

* Exceptions will be marked as target BIOMETRIC, BIOMETRIC\_INCONCLUSIVE, BIOMETRIC\_MISMATCH or BIOGRAPHIC:

Enrollment

| Finger | icon to open BCC Services. | Exception           |
| ------ | -------------------------- | ------------------- |
| HIT    | HIT                        | BIOGRAPHIC          |
| HIT    | NO HIT                     | BIOMETRIC\_MISMATCH |
| NO HIT | HIT                        | BIOMETRIC\_MISMATCH |

* No finger or face hit and no finger or face no-hit:
  * with biometric uncertainty, generates an exception `BIOMETRIC`
  * with biometric certainty, generates an exception `BIOMETRIC_INCONCLUSIVE`

Update

| Finger | icon to open BCC Services. | Exception           |
| ------ | -------------------------- | ------------------- |
| NO HIT | NO HIT                     | BIOGRAPHIC          |
| HIT    | NO HIT                     | BIOMETRIC\_MISMATCH |
| NO HIT | HIT                        | BIOMETRIC\_MISMATCH |

If no finger or face is considered HIT nor NO\_HIT:

* with biometric uncertainty, generates a BIOMETRIC exception
* with biometric certainty, generates a BIOMETRIC\_INCONCLUSIVE exception

#### Next biometric

The next biometric to be evaluated will be:

* Belonging to a candidate with an exception in ANALYSIS
* With an overall decision of UNCERTAIN
* Not allocated to anyone
* From an exception where the incoming transaction or the incoming and reference transaction contain a label with at least one of the organizations from the user's permission labels
  * Can be configured from the endpoint with the parameter `origin`
    * `ENTRANT`, will be filtered only by the incoming transaction
    * `BOTH`, will be filtered by both transactions

{% hint style="info" %}
The list of organizations provided is hierarchical, which means that if an organization has children, all children will be considered to find exceptions.\
With security enabled, this list of organizations is retrieved from the user's permissions, being all permissions that start with the configured organization prefix, default "ori\_".
{% endhint %}

Finger and/or face will be returned according to the user's configured permission, default "tpca" for fingerprints and "fca" for face, or according to the request for finger or face

If the "double blind" setting is enabled, the user allocated to the biometric cannot have previously decided on the biometric

The order for next biometric is decided by priority and the order provided in the endpoint. If none is provided, by default the order is from the oldest.

GET next biometric will return the number of biometrics available to be processed, which are

* All UNCERTAIN of target BIOMETRIC with status ANALYSIS not decided by the user making the next biometric request, available to the organization the user belongs to and, if requested for finger or face, will be counted from the chosen selection

With a selected biometric, it will be allocated to the user for 5 minutes.

### Manual Unlock

Can be done using the endpoint `Unlock biometric`

### For each biometric treatment

The validations to be performed are:

* User must be provided, unless security is enabled, in which case the user is provided by the token
* Timeout is zero by default, when the treatment is final and the exception is treated as APPROVE, this value is used
* Required parameters: `enroll TGUID, exception PGUID, decision` and `index`
* Exception must exist and be in ANALYSIS and target BIOMETRIC (other types are not handled at this stage)
* The exception candidate must have an index and be classified as UNCERTAIN
* The biometric candidate must be allocated to the user or not allocated to any other user
* The user cannot have made a decision for this candidate previously
* The biometric must be allocated to the user

If everything passes, the decision is marked on the candidate and the candidate is released (deallocated)

### Double Blind

| Double Blind | Decision                                                                                                   |
| ------------ | ---------------------------------------------------------------------------------------------------------- |
| On           | The decision is final when there are enough equal decisions (configured in gbds.csi.doubleBlind.threshold) |
| Off          | Final                                                                                                      |

### Final decision

If the decision is not final, the exception status is NOT\_FINAL

If the decision is final and all necessary treatments are completed:

#### Enrollment

**APPROVE -** No hit of **d**finger and face reach the minimum count amount for enrollment, being considered a false positive

**BIOGRAPHIC -** Finger and face hit reach the minimum count for enrollment

**BIOMETRIC\_MISMATCH -** If finger hits and face non-hits/finger non-hits and face hits reach the minimum count for enrollment

**BIOMETRIC\_INCONCLUSIVE -** If all decisions are made but no conclusion is reached

#### Update

**APPROVE -** If finger and face hits reach the minimum count value for update, being considered a false negative

**BIOGRAPHIC -** Finger and face no-hits reach the minimum count for update

**BIOMETRIC\_MISMATCH -** If finger hits and face non-hits/finger non-hits and face hits reach the minimum count for update

**BIOMETRIC\_INCONCLUSIVE -** If all decisions are made but no conclusion is reached (all HIT, NO\_HIT or UNCERTAIN\_EXPERT, but without a defined minimum value)

### Priority

When an exception is prioritized or deprioritized, all exceptions for the same entrant are affected.