We have seen Biometrics devices have been used while giving the access to certain areas, also in recent times its also been added to your personal number (Aadhaar number) in India. We have got a task to add the Biometrics functionality to login on a website.
In our case it was intermediate data which we are sending to the server and thus the server will match that intermediate data which is present in teh database to know that the person is authenticated or not.
For the identification we have to send some threshold value because its very rare that the data between what is enrolled and what is at the time of authentication will match 1 to 1. So the threshold is all about removing the false positive and false negative and keeping it secure. Threshold also depends on the company you are dealing with, if its banking or other then the security should be too tight otherwise one error in million is ok for other companies.
It is just the POC we are doing and till now we have not faced any issues using the device and the SDK's and it can be easily integrated with our existing login system. What we have also found out is that the device work is nothing but sending the image data to the SDK and thus all the processing should be done by the SDK itself. I must say that the SDK's processing is quite fast and thus I can see that even if we have to do 10000s of check it will keep up with the performance.
The SDKs read if the device is connected to the computer or not and once it detects it starts processing or capturing the information.