There's a few different types of facial recognition. One of the more popular methods is looking for certain points on a face... a private technology called FACE-IT which is used often by the FBI and by many commercial vendors use this software.
What it does, is first it has to DETECT the face. There's a whole feild devoted simply to facial detection. What it does here, is it runs an image through a series of gaussian filters to detect the face... Basically, a whole lot of digital processing and filtering.
After the face is found, then the background is removed. The size is normalized (or scaled to be the same size that the images stored in the database are), the lighting is normalized, and the face is "rotated" to be looking straight at you. The rotation is done by finding the eyes and the mouth and lining them up straight in proportion to the outsides of the face, etc... the idea is to use the symetry of the eyes to rotate the face so it's always one direction. Of course, when it's rotated you'll lose skin tone and what not, but it's really not necessary to have that at this point. The FACE-IT system claims it can recognize a face if it's looking within 35 degree's of the camera... so you can only rotate it so much.
After all that is done... then you can begin finding the features of the face. First, the "First Order" features are found. This involves finding just the different features, the eyes, eyebrows, mouth, and face. The first order features are those 4 things, there lengths, area, and angles.
Next, the "Second Order" features are found. The second order features are basically the spacial relationships of the first order features. For example, the distance from the mouth to the left side of the face is one second order feature. The angle between the left eye and the right eyebrow is another one... and so fourth. These can get to be pretty numerous, I think FACE-IT finds over 90 different features.
After all this is found, all those measurements are stored in an array or something similar would be my guess. Using correlation, this array is compared to values of known faces in a database, and a match is either found or isn't. FACE-IT claims it only needs like 15 features to make a positive match.
Now... this is just one method (probably the more popular method). FACE-IT is a private, so even though I can tell you how it works, all the code, filters, etc. it uses are completely private. I also want to point out that Facial Recognition is still in it's infancy, isn't accurate at all, and can easily be fooled (with all the steps involved, it's easy to see where so many things can go wrong... starting from if someone shaves there eyebrows or if there is poor lighting and whatever else).
When it all comes down to it, after a positive match has been made by a facial recognition software, there's still a human behind the computer to confirm it.
The whole point of this entire post really, is to let you know what you're going to be getting into if you try it. There's plenty of code and references available on if you use google diligently... since it's still a technology in it's infancy, there's alot of open research around the net if you just look hard enough. You probably won't find everything you need for a complete system though. It involves a LOT of DSP though... so you'd probably need a pretty powerfull DSP processor, not just a simple little PIC.