FAQ Biometrics

Deutsch English

Biometrics FAQ Fingerprint FAQ

Background Security Keywords Implementation Performance Links Publications Author

Last Change: 2020-04-25

Background Basic Terms • What is biometrics? • What is biometric recognition? • What is a biometric characteristic? • What is a biometric sample? • What are biometric features? • What is a biometric reference? • What is a biometric template? • What is enrolment? • How does biometric recognition work? Biometric Characteristics • What are the requirements for a biometric characteristic? • What are the most well known biometric characteristics? • What factors contribute to a biometric characteristic's development? • How does the manner of formation influence the usefulness of biometric characteristics? • How does one recognize randotypic characteristics? • Which biometric characteristics are most constant over time? • Which biometric characteristics are most suitable for recognition purposes? Authentication • What is authentication, identification, and verification? • What is biometric authentication? • What are the fundamental methods of authentication? • What are the advantages of biometric systems for authentication? • What are the characteristics of the various authentication methods? • What is the difference between biometric identification and biometric verification? • What are the advantages of biometric verification over biometric identification? • What is the difference between positive and negative identification? • What are the main uses of biometric identification and biometric verification? Standardization • Which organizations attend to standardizing biometric systems? • Which biometric standards are available now? • Is there any standard for biometric terms?

Implementation • What captures biometric characteristics? • What makes up a biometric authentication system? • What computation speeds are required by a biometric authentication system? • How do enrolment and biometric authentication work? • What are the advantages of using a combination of chip card and biometrics? • What is "Template on Card"? • How may a PC access control with "Template on Card" look like? • What is "Matcher on Card"? • What are the features of Matcher on Card?

Performance Definitions • Which measures reflect the effectiveness of a biometric authentication system? • How is the Failure-to-Enrol rate (FER/FTE) defined in detail? • What needs to be considered in the definition of FRR? • How is FRR defined in detail? • What needs to be considered in the definition of FAR? • How is FAR defined in detail? Performance Determination (for  Specialists) • How is the probability distribution function measured for a biometric system's authorized and unauthorized users? • How do the FAR/FRR paired graphs affect a biometric system? • How does one determine the "Receiver Operating Characteristic" (ROC) of a biometric system? • How does a transition from verification to identification affect the FAR? • How does a transition from verification to identification affect the FRR? • How is the False Identification Rate (FIR) calculated? • When are FAR and FRR values statistically significant? • What is essential when comparing the ROC performance of biometric systems? • What does separability of a biometric system mean? Practical Hints • What does one need to be aware of regarding the FAR/FRR? • Is a biometric system's performance dependent upon the user? • Is Failure to Enrol a typical problem for biometric systems? • How are the FAR and FRR minimized in a biometric system? • Is the Equal Error Rate a robust measure for system performance?

Security • What does security mean for an authentication system?  • What is compromisation of a biometric characteristic? • Is the compromisation of biometric characteristics a problem? • What can be done against compromisation of one's biometric characteristics? • What must be observed with respect to security when dealing with "Template on Card"? • Is biometrics a privacy-enhancing or a privacy-threatening technology? • Is biometrics more "secure" than passwords?

If looking for further keywords, press "Control + F" then enter the desired keyword.

What is biometrics?

(1) General: Biometrics is the science of measuring physical properties of living beings. (2) ISO/IEC: Biometrics is the automated recognition of individuals based on their behavioral and biological characteristics.

What is biometric recognition?

By measuring an individual's suitable behavioral and biological characteristics in a recognition inquiry and comparing these data with the biometric reference data which had been stored during a learning procedure, the identity of a specific user is determined.

What is a biometric characteristic?

A biometric characteristic is biological or behavioral property of an individual that can be measured and from which distinguishing, repeatable biometric features can be extracted for the purpose of automated recognition of individuals. Example: face.

What is a biometric sample?

A biometric sample is the analog or digital representation of biometric characteristics prior to the biometric feature extraction process and obtained from a biometric capture device or a biometric capture subsystem. Example: electronic face photograph. A biometric sample usually is delivered from a sensor, the main component of a biometric capture device. Generally, the biometric sample, often called raw data, comprises more information than is necessary for recognition. In many cases, the biometric sample is a direct image of the biometric characteristic such as a photograph.

What are biometric features?

Biometric features are information extracted from biometric samples which can be used for comparison with a biometric reference. Example: characteristic measures extracted from a face photograph such as eye distance or nose size etc. The aim of the extraction of biometric features from a biometric sample is to remove any superfluous information which does not contribute to biometric recognition. This enables a fast comparison, an improved biometric performance, and may have privacy advantages.

What is a biometric reference?

A biometric reference comprises one or more stored biometric samples, biometric templates, or biometric models attributed to a biometric data subject which can be used for comparison. Stored biometric features are called a biometric template. A biometric model is a stored function (dependent on the biometric data subject) generated from biometric features which is applied to the biometric features of a recognition biometric sample during a comparison to give a comparison result.

What is a biometric template?

A biometric template is a special case of a biometric reference, where biometric features have been stored for the purpose of a comparison. (The comparison is done during the recognition process between the stored biometric template and the actual biometric features which have been extracted from the biometric data coming from the biometric capture device resp. sensor.)

What is enrolment?

To be able to recognize a person by their biometric characteristics and the derived biometric features, first a learning phase must take place. The procedure is called enrolment and comprehends the creation of an enrolment data record of the biometric data subject (the person to be enrolled) and to store it in a biometric enrolment database. The enrolment data record comprises one or multiple biometric references and arbitrary non-biometric data such as a name or a personnel number.

How does biometric recognition work?

For the purpose of recognition, the biometric data subject (the person to be recognized) presents his or her biometric characteristic to the biometric capture device which generates a recognition biometric sample from it. From the recognition biometric sample the biometric feature extraction creates biometric features which are compared with one or multiple biometric templates from the biometric enrolment database. Due to the statistical nature of biometric samples there is generally no exact match possible. For that reason, the decision process will only assign the biometric data subject to a biometric template and confirm recognition if the comparison score exceeds an adjustable threshold.

What are the requirements for a biometric characteristic?

In the development of biometric identification systems, physical and behavioral characteristics for recognition are required which dispose of biometric features which are as unique as possible, i.e., which do not reappear at any other person: Uniqueness which occur in as many people as possible: Universality whose biometric features don't change over time: Permanence which are measurable with simple technical instruments: Measurability which are easy and comfortable to measure: User friendliness

What are the most well known biometric characteristics?

Biometric characteristic	Description of the features
Fingerprint	Finger lines, pore structure
Signature (dynamic)	Writing with pressure and speed differentials
Facial geometry	Distance of specific facial features (eyes, nose, mouth)
Iris	Iris pattern
Retina	Eye background (pattern of the vein structure)
Hand geometry	Measurement of fingers and palm
Finger geometry	Finger measurement
Vein structure of hand	Vein structure of the back or palm of the hand or a finger
Ear form	Dimensions of the visible ear
Voice	Tone or timbre
DNA	DNA code as the carrier of human hereditary
Odor	Chemical composition of the one's odor
Keyboard strokes	Rhythm of keyboard strokes (PC or other keyboard)
Password	Sequence of letters and digits memorized in brain

What factors contribute to a biometric characteristic's development?

Biometric characteristics develop: through genetics: genotypic through random variations in the early phases of an embryo's development: randotypic (often called phenotypic) or through training: behavioral As a rule, all three factors contribute to a biometric characteristic's development, although to varying degrees.  The following table rates the relative importance of each factor (o is small, ooo is large):

*Randotypic patterns often show genotypic traits in their overall structure.  These genotypic traits may disappear with increasing refinement (e.g., development of branches on a tree).

**Most implementations react to learn effects to various degrees, and therefore do have behavioral contributions which cannot be neglected.

How does the manner of formation influence the usefulness of biometric characteristics?

Even though the type of developmental factor does not solely determine a biometric characteristic's usefulness, there are a few things to take into account: pure genotypic characteristics can't differentiate between monozygotic (identical) twins or clones purely behavioral characteristics are, by definition, easiest to imitate behavioral characteristics are strongly affected by external influences and the disposition of the user normally for identification purposes, randotypic contributions are essential due to their necessity for creating absolute uniqueness

How does one recognize randotypic characteristics?

The following must be considered: Even monozygotic twins have obviously differing randotypic characteristics. As a rule of thumb, random variations do NOT follow bodily symmetry.  For example, the right and left iris have different details, and are not mirror symmetrical to each other.

Which biometric characteristics are most constant over time?

Reasons for variation over time: Growth Wear and tear Aging Dirt and grime Injury and subsequent regeneration etc. Biometric characteristics, which are minimally affected by such variation are preferred.  The degree to which this is possible is shown in the following table.  Easily changed effects such as dirt and quickly healing injuries such as an abrasion, are not taken into consideration.

Biometric characteristic	Permanence over time
Fingerprint (Minutia)	oooooo
Signature (dynamic)	oooo
Facial structure	ooooo
Iris pattern	ooooooooo
Retina	oooooooo
Hand geometry	ooooooo
Finger geometry	ooooooo
Vein structure of the hand	oooooo
Ear form	oooooo
Voice (Tone)	ooo
DNA	ooooooooo
Odor	oooooo?
Keyboard strokes	oooo
Comparison: Password	ooooo

Which biometric characteristics are most suitable for recognition purposes?

Prior to comparing the relative worth of different biometric characteristics, we must define the appropriate criteria to be used.  For these purposes, we will use four categories: Comfort: duration of verification and the ease of use Accuracy: minimal error rates  (clarity, consistency, measurability) Availability: the portion of a potential user group who can use biometrics for technical recognition purposes (universal, measurable) Costs: essentially due to the biometric capture device incl. sensors. Note that some of the following ratings are based on current versions (status: March 2000) which could change drastically with new solutions.

green = best red = worst

As one can see, determining an 'optimal' biometric characteristic is hardly possible.  For biometric characteristics ranking high in accuracy, fingerprints currently have the lowest costs.  The iris rates high in all categories, unfortunately including cost.  If the costs would sink significantly, the iris would be ideal. DNA loses points in accuracy, because it can't differentiate between monozygotic twins today (analyzing mutational information may help in the future).

What is authentication, identification, and verification?

Here we define authentication as the process of determining the identity of a person and confirming his or her authenticity. In multi-user systems, authentication regularly accomplishes an identification and a verification. The identification part confirms that the identity, usually given by a unique identifier such as a user name, is known to the system. If identification was successful, in a next step the identity is verified using a verifier such as something like a secret, shared between the person to be authenticated and the authenticating system. Usually, identifiers are considered as public whereas verifiers are secrets like a key pattern or a password. Authentication often is combined with authorization. Authorization is the process of assigning certain rights or permissions to a person.

What is biometric authentication?

Authentication may take advantage of biometrics by using a biometric characteristic as identifier or as verifier. When using biometrics as an identifier, uniqueness (very low FAR) is an essential requirement especially for large user numbers. When using biometrics as a verifier, the biometric characteristic may be either viewed as a secret or as public. In the latter case, it is essential that a fake detection is provided against mechanical copies of the biometric characteristic.

What are the fundamental methods of authentication?

Biometrics "Who I am" Biometrics uses nature's oldest system to identify people -- via unforgettable and unchanging physical characteristics.  From time immemorial, humans have had to perform recognition tasks themselves.  Today, technology is advanced enough to assist us or even relieve us of recognition tasks. Secret Knowledge "What I know" Here authentication takes the form of secret PINs and passwords, which the user has to keep track of. The person to be authenticated has to share the secret knowledge with the authenticator. Previously, this was the simplest method of authentication for machines. Secret knowledge can be applied also where several persons have to be authenticated in a simple way without distinction. According to the definition of biometrics, "secret knowledge" may be considered as a special case of biometrics, provided the subject to be authenticated is a person. Personal Possession "What I have" Examples for authentication are having a key, ID card, passport (with or without a chip), or more generally a token, which allows entrance, for example, into a private room. Essential for this method is the existence of secret features which are to be shared between token and the authenticator (or at least the inability to get the token copied combined with a copy detection). Combination Systems For security reasons, often two or all three of the above methods are combined, e.g., a bank card with a PIN. Only combined systems are able to fulfill the requirements of "strong" authentication.

What are the advantages of biometric systems for authentication?

Advancing automation and the development of new technological systems, such as the internet and cellular phones, have led users to more frequent use of technical means rather than human beings in receiving authentication.  Personal identification has taken the form of secret passwords and PINs.  Everyday examples requiring a password include the ATM, the cellular phone, or internet access on a personal computer. In order that a password cannot be guessed, it should be as long as possible, not appear in a dictionary, and include special symbols such as +, -, %, or #.  Moreover, for security purposes, a password should never be written down, never be given to another person, and should be changed at least every three months.  When one considers that many people today need up to 30 passwords, most of which are rarely used, and that the expense and annoyance of a forgotten password is enormous, it is clear that users are forced to sacrifice security due to memory limitations.  While the password is very machine friendly, it is far from user-friendly. There is a solution that returns to the ways of nature.  In order to identify an individual, humans differentiate between physical characteristics such as facial structure or sound of the voice.  Biometrics, as the science of measuring and compiling distinguishing physical characteristics, now recognizes many further features as ideal for the definite identification of even an identical twin.  Examples include a fingerprint, the iris, and vein structure.  In order to perform recognition tasks at the level of the human brain (assuming that the brain would only use one single biometric characteristic), 100 million computations per second are required.  Only recently have standard PCs reached this speed, and at the same time, the sensors required to measure characteristics are becoming cheaper and cheaper.  Therefore, the time has come to complement the password with a more user friendly solution - biometric authentication. Based on user friendliness, biometrics, when used as alternative authentication component, offers the chance to reduce cost significantly without loss in security. As addendum to traditional methods, biometrics even may be used in highly vulnerable areas. Since the definition of biometrics includes behavioral characteristics, one may consider the password as a limit case of a biometric characteristic. In this case the answers above relativise inasmuch as it shows the large bandwidth of properties of biometric characteristics, not only concerning the difference between biological characteristics and passwords.

What are the characteristics of the various authentication methods?

*also depends on the quality of a copy detection within the authenticator

What is the difference between biometric identification and biometric verification?

In a biometric identification, the recognition biometric features are compared to many or all biometric references stored in the system. In a biometric verification, the recognition biometric features are only compared to one biometric reference stored in the system. If a system has only one saved biometric reference, identification is similar to verification. Otherwise, biometric verification is a limit case of biometric identification.

What are the advantages of biometric verification over biometric identification?

Biometric verification is much faster than biometric identification when the number of biometric references is very high. Biometric verification shows a better biometric performance than biometric identification when the number of biometric references is very high.

What is the difference between positive and negative identification?

In a positive identification the user is interested to be identified, in the negative case the user tries to avoid successful identification. For example, the thief is not interested in being identified by comparing the latent prints from the scene of crime with his fingerprints. This is a negative identification. If I am authorized to get access to my office, I am strongly interested to be identified, e.g., by iris recognition. This is a positive identification. The main impact of positive versus negative identification regards user cooperation. In the negative case the user is not willing to cooperate (even if he is "innocent") at the stage of feature acquisition. Therefore, a negative identification often needs observation. Even the sensor may be affected by the type of identification: For example, negative fingerprint identification needs full size sensors and ten-print treatment at least for the enrolment process.

What are the main uses of biometric identification and biometric verification?

Fighting Crime Comparing evidence from a crime scene with previously or subsequently recorded biometric data Examples:  fingerprint, DNA Security Authentication for computer, network, and physical access and rights management Example: logon to PCs by user name and smartcard Comfort Identifying a person and changing personal settings accordingly For example, setting the seat, mirrors, etc. in a multi-user car by facial recognition

Which organizations attend to standardizing biometric systems?

ISO/IEC JTC1 SC 37 (world) DIN NI-37 (Germany)

Which biometric standards are available now?

The actual status of biometric standards is found on the iso.org page (found under Information Sources).

Is there any standard for biometric terms?

Yes. Within working group 1 of  ISO/IEC JTC 1 SC37 a document called "Harmonized Biometric Vocabulary" (ISO/IEC 2382-37) has been prepared. An HTML version of this vocabulary is found under Information Sources. For translations the national bodies are responsible.

What captures biometric characteristics?

For recording and converting biometric characteristics to usable computer data, one needs a biometric capture device with an appropriate sensor (see table).  Of course, costs can greatly vary for different sensors.  However, we can't forget that many technical devices already have sensors built in, and therefore, offer possibilities to measure biometric characteristics nearly free of cost.

Biometric characteristic	Sensor
Fingerprint (Minutia)	capacitive, optic, thermal, acoustic, pressure sensitive
Signature (dynamic)	Tablet
Facial Structure	Camera
Iris pattern	Camera
Retina	Camera
Hand geometry	Camera
Finger geometry	Camera
Vein structure of the the hand	Camera (infrared)
Ear form	Camera
Voice (Timbre)	Microphone
DNA	Chemical Lab
Odor	Chemical sensors
Keyboard Strokes	Keyboard
Comparison: Password	Keyboard

What makes up a biometric authentication system?

A basic biometric system is made up of: a sensor to capture the biometric characteristic a computer unit to process and eventually save the biometric data an application, for which the user's authentication is necessary In detail, the processing unit comprises (see also biometric recognition) a "feature extraction unit" which filters the uniqueness data out of the raw data coming from the sensor (called biometric sample) and combines them into the biometric feature, a "comparator" which compares the biometric features with the biometric reference and delivers a "score" value as result, and a "decision unit" which takes the score value (or values) as well as the threshold to derive a two-valued decision (authorized or non-authorized).

What computation speeds are required by a biometric authentication system?

Generally, computation speeds adequate for pattern recognition [Wikipedia] are required.  This is about 100 million operations per second, which have been attained by affordable hardware (PC, DSP [Wikipedia]) since about 1998.

How do enrolment and biometric authentication work?

A prerequisite for authentication is enrolment, in which the biometric features are saved as a personal reference either decentrally on a chip card or PC, or centrally in a data base.  Since the quality of the enrolment essentially determines the performance of the authentication, it must be implemented carefully.  It is obvious that enrolment must take place in a trustworthy environment. During an authentication, a new scanning of the biometric characteristic is required.  This time it is not saved; instead, it is compared to the biometric reference(s).  If the comparison shows sufficient similarity, for example, access to the appropriate applications can be granted. Most biometric systems show the following procedure in detail: Capturing a data set (e.g., image or sound, called biometric sample) which includes the biometric features to be extracted using an appropriate biometric capture device incl. the sensor Examination of the data quality; if it is insufficient, the data are rejected immediately or appropriate user guidance is given how to improve the quality Extraction of the desired biometric features from the biometric sample For enrolment: Storage of the biometric features as a biometric reference in the "reference archive" For authentication: Comparison of the actual (request) biometric features with the biometric reference using a "comparator" and generation of a score value which determines the degree of coincidence For authentication: Exceeds the score value a predetermined threshold, access is granted, otherwise the request is rejected

What are the advantages of using a combination of chip card and biometrics?

In authentication, possession of a chip card combined with biometric methods may further increase reliability.  Not only are biometric references saved on the chip card, but also identity data of the user. For authentication, chip card plus capturing of the biometric characteristic is required.  The following advantages result: entry of a user ID via keypad is unnecessary no central data base storing references is necessary compromisation of the biometric characteristic without the possession of the card is not critical when using a chip card with an integrated crypto processor and biometric comparator, systems allowing possible compromisation by decrypting a readout are rendered nearly impossible. if a normal chip card is stolen, it may be blocked and a new card issued.  With a crypto card on the other hand, only the saved, non displayed secret key must be changed. Still higher protection is achieved when using a crypto card which integrates biometric sensors in the card.  This offers more effective protection against input of compromised data records, as this sensor cannot be externally intercepted when it is the only interface for the input of biometric data.  Today's chip cards, however, don't yet offer the computational power required to extract the biometric sample's data directly on the card.

What is "Template on Card"?

Regarding "Template on Card", a chip card stores the extracted biometric template as biometric reference electronically. There are different ways of realization: The chip card is a simple memory card, the storage is done without encryption same as 1., however with encrypted template The chip card is a processing card (and offers secret storage capabilities) The chip card is a processing card with cryptographic functions These possibilities fulfill increasing security requirements with increasing order. In all cases it must be noticed the communication partners of the chip card codetermine the security of the whole system.

How may a PC access control with "Template on Card" look like?

We consider the following implementation possibilities: The chip card is a pure memory card, storage is unencrypted During enrolment, a PC connected to a biometric sensor extracts the biometric features, and subsequently stores them as biometric reference on chip card. At verification, the access seeker inserts her chip card into the chip card reader and then her biometric characteristic is again scanned. The scanned biometric characteristic is then compared to the reference stored on the chip card at the PC. If the comparison exceeds a certain level of similarity, full clearance is granted to the network by sending the decrypted password (which is stored on the PC encrypted) from the PC to the server. The chip card is a pure memory card, storage is encrypted. See above. Additionally, however, decryption of the reference from the card is done on the PC or better yet on the server with a securely stored key. Alternatively, the comparison process should likewise occur on the server. Thereby, the current extracted biometric features are transmitted securely from the PC to the server. The chip card is a processor card (smart card) with crypto function The communication partners of the crypto card are a PC, a biometric sensor and a protected server. During a log-on trial, the crypto card and the server create a secured connection. The server retrieves the reference data from the crypto card. Simultaneously, the PC extracts the biometric features from the sensor's raw data (biometric sample) and sends them (potentially secured by a one-time key) to the server where it is compared to the card's biometric reference. If the comparison is positive, the PC grants access to the network drives.

What is "Matcher on Card"?

Chip cards with integrated biometric comparator do not only store the reference, they also compare the biometric template with the incoming biometric features. For that reason the card needs an internal processor ("smartcard").

What are the features of Matcher on Card?

Advantage against other solutions Applications which use a PIN authentication on a smart card, may be extended to biometric authentication without changing the infra structure. Example: SIM card for mobile phones. Even in the case of a loss of the phone and/or the SIM card no unauthorized access to the net is to be feared. As the reference template need not leave the card, more privacy is guaranteed - but only if the fingerprint acquisition system is under full control of the user (example: cell phone with perfect protection against malicious software). Drawback There is only limited processing power and memory space available on the smart card. This requires some compromises with regard to biometric recognition performance.

Which measures reflect the effectiveness of a biometric authentication system?

False Acceptance Rate (FAR) The FAR is the frequency that a non authorized person is accepted as authorized.  Because a false acceptance can often lead to damages, FAR is generally a security relevant measure. FAR is a non-stationary statistical quantity which does not only show a personal correlation, it can even be determined for each individual biometric characteristic (called personal FAR). False Rejection Rate (FRR) The FRR is the frequency that an authorized person is rejected access.  FRR is generally thought of as a comfort criteria, because a false rejection is most of all annoying. FRR is a non-stationary statistical quantity which does not only show a strong personal correlation, it can even be determined for each individual biometric characteristic (called personal FRR). Failure To Enrol rate (FTE, also FER) The FER is the proportion of people who fail to be enrolled successfully. FER is a non-stationary statistical quantity which does not only show a strong personal correlation, it can even be determined for each individual biometric characteristic (called personal FER). Those who are enrolled yet but are mistakenly rejected after many verification/identification attempts count for the Failure To Acquire (FTA) rate. FTA can originate through temporarily not measurable features ("bandage", non-sufficient sensor image quality, etc.). The FTA usually is considered within the FRR and need not be calculated separately, see also FNMR and FMR. False Identification Rate (FIR) The False Identification Rate is the probability in an identification that the biometric features are falsely assigned to a reference. The exact definition depends on the assignment strategy; namely, after feature comparison, often more than one reference will exceed the decision threshold. Further Implicit Measures False Match Rate (FMR). The FMR is the rate which non-authorized people are falsely recognized during the feature comparison. In contrast to the FAR, attempts previously rejected due to poor (image-) quality (Failure to Acquire, FTA) are not accounted for. Whether a falsely recognized biometric characteristic leads to increases in FAR or FRR depends upon the application. (There are applications, which define a successful recognition as a rejection, when, for example, double release of identification cards for a person with a false identity is prevented by comparing the actual reference features with the centrally stored reference features of all cards released so far.) False Non-Match Rate (FNMR). The FNMR is the rate that authorized people are falsely not recognized during feature comparison. In contrast to the FRR, attempts previously rejected due to poor (image-) quality (Failure to Acquire, FTA) are not accounted for. Whether a falsely recognized biometric characteristic leads to increases in FAR or FRR depends upon the application.

How is the Failure-to-Enrol Rate (FER/FTE) defined in detail?

Due to the statistical nature of the failure-to-enrol rate, a large number of enrolment attempts have to be undertaken to get statistical reliable results. The enrolment can be successful or unsuccessful. The probability for lack of success (FER(n)) for a certain person is measured:  FER(n) =  Number of unsuccessful enrolment attempts for a person (or feature) n Number of all enrolment attempts for a person (or feature) n These values are better with more independent attempts per person/feature. The overall FER for N participants is defined as the average of FER(n):  FER =  1 N N n=1  FER(n) The values are more accurate with higher numbers of participants (N). Alternatively, the median value may be calculated. Finally, the result of an enrolment attempt has to be defined exactly: An enrolment attempt is successful if the user interface of the application provides a "successful"- or "finished" message. An enrolment attempt is unsuccessful if the user interface of the application provides an "unsuccessful" message. In cases where no defined completion is available, a fixed enrolment time interval has to be given to ensure comparability. If the time interval has expired the enrolment attempt is counted unsuccessful.

What needs to be considered in the definition of FRR?

Even though the false rejection rate, FRR, is intuitively easy to understand, there can be many problems when trying to fix an unequivocal or universal definition.  The following must be taken into account: The FRR is a statistical value whose measurement accuracy depends on the number of measurements.  Now the FRR is not only dependent on the biometric system, but on the users as well.  There is thus a personal FRR.  If one wants to deal with large numbers of people, it is important that the end result is not negatively affected by an individual.  Such could occur when the number of attempts per person differs.  This problem can be avoided, if one first identifies each personal FRR curve and calculates the mean from those (or uses the median, but this provides different values!). The exact meaning of rejection must be clarified.  Here for example, the total number of recognition attempts before the final assessment of a failed recognition play a role.  There are systems, which can continuously process a verification in real time.  Here a verification time slot is offered. Many biometric systems reject a verification due to poor picture quality (e.g., dirty or worn down fingers in a fingerprint verification, noisy surroundings in a voice recognition, poor lighting in a facial recognition, or sensor problems).  When such problems are not due to a faulty operation, rejections due to picture quality problems are still false rejections.  The user is indifferent to the reason for false rejections. Even the personal FRR can vary with time.  It sinks, for example, when one frequently uses the system, which can learn to avoid false rejections.  In such cases, it is only reasonable for comparisons to determine FRR during learning phases. In the case that a liveness/fake recognition is also used, this needs to be considered when determining the FRR.

How is FRR defined in detail?

Due to the statistical nature of the false rejection rate, a large number of verification attempts have to be undertaken to get statistical reliable results. The verification can be successful or unsuccessful. In determining the FRR, only fingerprints from successfully enrolled users are considered. The probability for lack of success (FRR(n)) for a certain person is measured:  FRR(n) =  Number of rejected verification attempts for a qualified person (or feature) n  Number of all verification attempts for a qualified person (or feature) n These values are better with more independent attempts per person/feature. The overall FRR for N participants is defined as the average of FRR(n):  FRR =  1 N N n=1  FRR(n) The values are more accurate with higher numbers of participants (N). Alternatively, the median value may be calculated. Important: the determined FRR includes both poor picture quality and other rejection reasons such as finger position, rotation, etc. in the reasons for rejection.  In many systems, however, rejections due to bad quality are generally independent of the threshold.  The FRR after quality filtering is similarly defined: Number of rejected "qualified" attempts  Total number of "qualified" attempts An FRR defined as such, generally yields better data sheet values, but these lower numbers are not reflected in reality from a user's perspective. Finally, the result of a verification attempt has to be defined exactly: A verification attempt is successful if the user interface of the application provides a "successful" message or if the desired access is granted. A verification attempt counts as rejected if the user interface of the application provides an "unsuccessful" message. In cases of no reaction, a verification time interval has to be given to ensure comparability. If the time interval has expired the verification attempt is counted unsuccessful.

What needs to be considered in the definition of FAR?

Similar to the FRR, the false acceptance rate can be defined differently. The FAR is a statistical value, whose measurement accuracy depends on the number of measurements. The FAR depends not only on the biometric system, but on the user as well.  There is also a personal FAR. If one wants to deal with large numbers of people, it is important that one individual does not negatively affect the end result.  Such could occur when the number of attempts per person differs.  This problem can be avoided, if one first identifies each personal FAR curve and calculates the mean from those (or uses the median, but this provides different values!).  In determining FAR, it is generally easier to limit the number of recognition attempts to 1 per person.  Further attempts per person will smooth out the ROC graph, but add little to the statistical significance. If the biometric system has picture quality management, which happens to reject a false user due to poor picture quality (click here for example) already before verification, this is of course a correct rejection, and leads to an improved FAR. Strong behavioral biometric features (e.g., voice or signature) are often purposefully forged or copied. In investigating FAR, it needs to be determined whether tests simply recognize foreign features or also attempted forgeries.  This difference can be serious.

How is FAR defined in detail?

Due to the statistical nature of the false acceptance rate, a large number of fraud attempts have to be undertaken to get statistical reliable results. The fraud trial can be successful or unsuccessful. The probability for success (FAR(n)) against a certain enrolled person n is measured:  FAR(n) =  Number of successful independent fraud attempts against a person (or characteristic) n  Number of all independent fraud attempts against a person (or characteristic) n These values are more reliable with more independent attempts per person/characteristic. In this context, independency means that all fraud attempts have to be performed with different persons or characteristics! The overall FAR for N participants is defined as the average of all FAR(n):  FAR =  1 N N n=1  FAR(n) The values are more accurate with higher numbers of different participants/characteristics (N). Alternatively, the median value may be calculated. Whether a correct rejection is due to poor picture quality or really to a person's unauthorized status, remains (just like in practice) extraneous. The crucial number for the determination of statistic significance is the number of independent attempts.  Obviously, two attempts in which alternately one person is the reference and another places the request, are not independent of each other. Likewise, multiple attempts from one unauthorized user are considered dependent and therefore have less meaning for statistical significance. Finally, the following items have to be settled, or defined, respectively: What is a fraud attempt? How is the result of a fraud attempt defined exactly? Usually, during FAR determination, a fraud attempt is an attack using the characteristics of non-authorized persons. This, however, pretends a high security which may not be present since there are a lot of further possibilities for promising attacks. A fraud attempt is successful if the user interface of the application provides a "successful" message or if the desired access is granted. A fraud attempt counts as rejected if the user interface of the application provides an "unsuccessful" message. In cases where no "unsuccessful" message is available, a verification time interval has to be given to ensure comparability. If the verification time interval has expired the fraud attempt is counted unsuccessful.

How is the probability distribution function measured for a biometric system's authorized and unauthorized users?

In order to investigate the performance of a biometric verification system, one looks at how the system reacts to a large number of inquires for biometric features from authorized as well as unauthorized users.  Due to natural fluctuations and measurement imperfections, the results of such an investigation are never absolutely certain, instead are only predictable to a certain extent.  In order to determine the error rates, "false acceptance" and "false rejection," the yes/no decisions of "authorized/unauthorized" are not used, instead the underlying degree of similarity between an inquiry and the saved reference feature.  In a series of measurements, similarity ratings ("score values") are collected for authorized and unauthorized users.  Then the frequency of incidence is counted for every similarity rating.  After being normalized with the total number of inquiries, both resulting histograms make up an approximation to the probability distribution function.  They show the measured estimation of a certain similarity rating's (n) probability of occurring for authorized users (pB(n)) and unauthorized users (pN(n)): pB(n) ~  Number of measurements with similarity rating n for authorized user  Total number of measurements for authorized users pN(n) ~  Number of measurements with the similarity rating n for unauthorized  Total number of measurements for unauthorized users The higher the total number of measurements, the more accurate the estimation.  (See "Statistical Significance" .  A mathematical determination of probabilities as a relationship between the relevant possibilities and the total number of possibilities fails because as opposed to dice, there are simply too many different possibilities to be able to include.) In an ideal case (unfortunately unachievable), both distribution curves do not overlap.  That means, inquiries for unauthorized users have the low similarity ratings, whereas all the high similarity ratings are for authorized users.  In such a case it is easy to define a decision threshold, that clearly differentiates between authorized and unauthorized users.  In practice, however, there is always an overlap when the number of users is high enough. Here comes a typical diagram:

How do the FAR/FRR paired graphs affect a biometric system?

The error graphs of FAR and FRR are respectively defined as the probability that an unauthorized user is accepted as authorized, and that an authorized user is rejected as unauthorized.  The curves are dependent upon an adjustable decision threshold for the similarity of a scanned biometric characteristic to a saved reference.  The following derivations apply under the assumption that a similarity rating value can be any whole number between 0 and K, and that, for simplicity's sake, the probability of value K occurring is 0. It also makes sense in practical applications, when we first consider the FMR and the FNMR and later extract the threshold-independent rejections due to insufficient image quality from the FAR and FRR. Furthermore, we assume that for acceptance the coincidence of two features and for rejection the non-coincidence is required. If a general probability distribution function p is given for discrete similarity values n, the probability PM(th) that the scanned biometric characteristic with similarity rating n falls below threshold th ("misses") is:  PM(0) := 0      PM(th)  = th-1 n=0 p(n) th = 1, 2, 3, ..., K  The sum of correct matches and mismatches must equal the number of total events.  For that reason, the probability PH(th) that the similarity rating of the scanned trait reaches or exceeds threshold th ("hits") will be:  PH(th) = 1 - PM(th) = K n=th p(n) (th = 0, 1, 2, ..., K) The False Match Rate FMR(th) is an estimation to the probability that the similarity of two non-identical features does not reach or exceed a certain threshold value th.  Therefore:  FMR(th) ~ PH(th)= 1 - th-1 n=0  pN(n) (th = 1, 2, 3, ..., K) For the False Non-Match Rate FNMR (th), applies the analogous:  FNMR(th)  ~ PM(th) =  th-1 n=0  pB(n) (th = 1, 2, 3, ..., K) where pN is the probability frequency function for non authorized users and pB is for authorized users. The approximation (~) indicates that only the expected value of the measured failure rates FMR and FNMR are identical with the probabilities PH resp. PM. The limit values are: FMR(0) = 1 FMR(K) = 0   FNMR(0) = 0 FNMR(K) = 1 To calculate FAR and FRR, the threshold-independent quality rejection rate QRR (equals FTA, depending on definition) has to be taken into consideration. Provided that a false acceptance is assigned to a false match, we obtain: FAR(th) = (1 - QRR) FMR(th)   FRR(th) = QRR + (1 - QRR) FNMR(th) For the border values we then get: FAR(0) = 1 - QRR FAR(K) = 0 FRR(0) = QRR FRR(K) = 1 Setting a similarity rating th as the threshold to differentiate between authorized and non authorized users, results in the experimental estimation of false acceptance rate FAR(th), as the number of similarity ratings of non authorized users that fall above this threshold in comparison to all trials / number of similarity ratings.  Conversely, the false rejection rate FRR is the number of authorized user's similarity ratings which fall below this same threshold compared with the total inquiries.  Through integration (in practice, successive summation) of the probability distribution curves, FAR and FRR graphs are determined, which are dependent on the adjustable adopted threshold th. The following diagrams show typical results in linear and logarithmic scale:

How does one determine the Receiver Operating Characteristic (ROC) of a biometric system?

The FAR/FRR curve pair is excellently suited to set an optimal threshold for the biometric system.  Further predictors of a system's performance, however, are limited.  This is partially due to the interpretation of the threshold and similarity measures.   The definition of the similarity measures is a question of implementation.  Almost arbitrary scaling and transformations are possible, which affect the appearance of FAR/FRR curves but not the FAR-FRR values at a certain threshold. A popular example is the use of a "distance measure" between the biometric reference and the scanned biometric features.  The greater the similarity, the smaller the distance.  The result is a mirror image of the FAR/FRR curves.  A favorite trick is to stretch the scale of FAR/FRR curves near the EER (Equal Error Rate: FAR(th) = FRR(th)), (i.e., using more threshold values) thus making the system appear less sensitive to threshold changes. In order to reach an effective comparison of different systems, a description independent of threshold scaling is required.  One such example from the radar technology is the Receiver Operating Characteristic (ROC), which plots FRR values directly against FAR values, thereby eliminating threshold parameters.  The ROC, like the FRR, can only take on values between 0 and 1 and is limited to values between 0 and 1 on the x axis (FAR).  It has the following characteristics:  The ideal ROC only have values that lie either on the x axis (FAR) or the y axis (FRR); i.e., when the FRR is not 0, the FAR is 1, or vice versa. The highest point (linear scale under the definitions used here) is for all systems given by FAR=0 and FRR=1. The ROC cannot increase As the ROC curves for good systems lie very near the coordinate axis, it is reasonable for one or both axis to use a logarithmic scale: Remark 1: Instead of "ROC", sometimes the term "DET" (Detection Error Tradeoff) is used. In those cases, the term "ROC" is reserved for the complimentary plot 1 - FRR against FAR. Remark 2: For ROC and DET often the comparison failure rates FNMR and FMR instead of the system failure rates FRR and FAR are taken. This has a few mathematical advantages. But it represents practice only then completely, if FTA (Failure to Acquire) and, in the generalized case, FTE (Failure to Enrol) actually should be 0 so that FRR = FNMR and FAR = FMR. As a consequence, ROCs and DETs on the basis of FNMR/FMR are suitable as comparison measure for complete systems only under  this (exceptional) condition! Furthermore, it should be noted that EER values also depend on the definition via FNMR/FMR or FRR/FAR. A comparison of the EER of different systems is only reasonable if the definitions coincide.

How does a transition from verification to identification affect the FAR?

In a verification a biometric feature is compared with only one reference, whereas in an identification, it is compared with N (N>1) different references. This transition to an identification results in higher FAR, and in an ideal case is as follows: FARN = 1 - (1 - FAR1)N where FARN is the false acceptance rate for N different stored references. The formula is restricted to the "access control" case where the correct assignment to an identity is not essential. For an N·FAR1 significantly smaller than 1,  we have approximated: FARN ~ N·FAR1 Example:  A data base has 100 000 different references.  In an identification, FAR is raised from 10-7 to about 10-2! If in an application the correct assignment of ID data is essential (e.g., for bank transactions), other methods have to be used, as explained under Determination of FIR.

How does a transition from verification to identification affect the FRR?

During identification the recognition biometric features are compared to all references. Obviously, in contrast to a verification, more than one similarity value (score) is generated. This fact complicates the decision, whether a biometric characteristics to be accepted, or not. In particular, there are multiple ways to decide, if, e.g., several scores exceed a threshold. As a result, each decision procedure needs its own definition for a false rejection. Two examples are given: One must differentiate between applications which allow access to personal data after a successful identification (e.g., access to a personal bank account), and applications which grant general access not dependent on one's identity (e.g., entrance to a room without a protocol of an identified person's presence). In the first case an assignment of a biometric characteristic to a false identity may happen. This is called a false identification, characterized by the False Identification Rate FIR. Furthermore, it is conceivable that more than one reference template will generate a score above the threshold. This case is treated in Determination of FIR, showing that different decision strategies may yield different results. In the second case, with increasing numbers of different references, the false rejection rate FRR decreases!  How can that be?  Very simply:  it increases the probability that a justified user is "identified" not only from his or her own personal features, but also those of others, as normally would be considered a false acceptance.  The user, however, does not notice the system's mistake.  Mathematically, under ideal conditions this appears: FRRN = FRR1(1-FAR1)N-1

How is the False Identification Rate (FIR) calculated?

During an identification, the recognition biometric features are compared to many references and possibly, the similarity value will exceed the threshold for more than one reference. This is non-critical if only granting access, but can be very problematic if the correct assignment of personal data to the biometric characteristic is required (Example: access to a bank account via ATM). The probability for the identification of further (by definition false) candidates (independent of the correct reference) can be calculated from the FAR since these candidates would represent false acceptances in the case of verification. Its value is given by: 1 - (1 - FAR1)N-1 ~ (N - 1) FAR1 whereby FAR1 is the False Acceptance Rate for a system with one reference. N represents the number of references. The approximation (right side) applies in the case that the resulting value lies considerably under 1. The False Identification Rate can first be calculated after selecting one of the candidates. One standard, which is often found in practical applications, could be, for example, that the candidate with the highest similarity value is chosen (presuming that there is only one). Unfortunately, the FIR is only ascertainable when the probability density functions are available for false acceptance as well as false rejection. Easier to calculate is the rule that multiple candidates are completely rejected, which raises the FRR and lowers FAR. The following definitions apply here: FAR   probability that a non-authorized person is identified FRR   probability that an authorized person is not identified FIR   probability that an authorized person is identified, but is assigned a false ID These definitions result in the following formulas under ideal conditions (statistic independence, same error rates for all people, ...); where the index N is again the number of references: FARN = N FAR1 (1 - FAR1)N-1 FRRN = 1 - (1 - FRR1 - FAR1 + N FRR1 FAR1) (1 - FAR1)N-2 FIRN = (N - 1) FRR1 FAR1 (1 - FAR1)N-2

When are FAR and FRR values statistically significant?

A value is considered statistically significant when it is likely that is falls within a given error interval and the probability of falling outside this area by chance is relatively low.  Statistical significance is dependent upon the number of trials or sample size.  Because biometric values are difficult to model, the existence of statistical significance is hard to estimate.  As a rule of thumb ("Doddington's rule"), one must conduct enough tests that a minimum of 30 erroneous cases occur [Porter 1977]. Example: An FAR of 10-6 can be considered reliable, when 30 errors occur in 30 million trials. One error in a million trials also has an FAR of 10-6, but statistically is far less significant.  One can see that biometric tests are very expensive if performance needs to be very high.  The situation would be easier, if further information could be considered along with the yes/no questions (or accept/reject), as for example the proximity of a decision to the acceptance threshold.

What is essential when comparing the ROC performance of biometric systems?

The accuracy performance of a verification system can be determined by exactly three statistical quantities: FAR, FER, and FRR. Since these three quantities influence each other when parameters (e.g., quality acceptance thresholds for enrolment and authentication) are changed, a comparison of one quantity between two systems makes only sense when the other two quantities are mutually equal. For example, let the FARs of different systems be compared. Then the corresponding FRRs must be equal, and the FERs must be equal, too. Regarding a ROC diagram, this condition can be easily fulfilled for all FRRs for which the curve has been measured, provided that the FERs of all curves are constant and the same. However, this is often violated since the FERs are actually different! A solution to this problem comes from the procedure used, e.g., in the Fingerprint Verification Competition FVC2002, where different algorithms for fingerprint recognition have been tested. The idea is to consider a failure-to-enrol case as a virtual "FTE user" with the properties: If the virtual FTE user tries a (virtual!) authentication, the result is always a rejection, thus increasing the FRR. If an impostor tries an authentication attempt against a virtual FTE user, always a rejection is supposed, thus decreasing the FAR. This way, the FER is eliminated and the ROC curves as well as the FAR/FRR values are forced to become comparable. Mathematically, we implement this method by introducing a Generalized FRR (GFRR) and a Generalized FAR (GFAR). (It will be a matter of standardization to fix these terms. Here they are used until standardization is finalized.) The calculation of GFRR and GFAR is quite simple, if we assume that each authentication trial is preceded by its own enrolment trial. This should make sense because authentication performance is not independent of enrolment: a good enrolment delivers better FRR values than a worse one. Therefore it seems to be statistically more accurate not to base a whole FRR statistics on a single enrolment! GFAR(th) = (1 - FER) FAR(th)   GFRR(th) = FER + (1 - FER) FRR(th) Here (th) denotes the dependency on the decision threshold parameter th which is assumed to range between 0 and K (arbitrary), see "How do the FAR/FRR paired graphs affect a biometric system?". These formulas show a strong relationship to those derived for FAR and FRR when including the FTA (Failure-to-Acquire). Similarly, we get for the border values: GFAR(0) = (1 - FER)(1 - QRR)   GFAR(K) = 0       GFRR(0) = FER + (1 - FER) QRR   GFRR(K) = 1 Both formulas are symmetric in QRR (= FTA) and FER (= FTE), showing the strong relationship between Failure to Enrol and Failure to Acquire. In some cases these two values are even equal. This happens when the biometric system uses the same quality rejection mechanisms and levels for enrolment and for authentication. In practice, higher quality requirements during enrolment, leading to a higher FTE, might be quite reasonable to prevent enrolment of nonsense features. Furthermore, too low an enrolment quality will decrease usability of the authentication systems in daily use. In many applications it is better to spend more time during enrolment than losing time by multiple authentication trials. A ROC diagram using GFAR and GFRR will be called Generalized ROC (GROC) diagram for consistency.

What does separability of a biometric system mean?

The Receiver Operating Characteristic (ROC) offers an objective comparison of different biometric systems, in the form of a graph.  More practical would be the specification of one single measured value, which forms a kind of average of all the systems settings.  Therewith, only a global description of the system would be possible.  One must therefore understand that a system can be better overall, despite worse local functioning, for example in an operating point. Separability is intuitively the ability of a biometric system to differentiate authorized and unauthorized users on the basis of a biometric feature.  The higher the separability, the fewer the errors while differentiating authorized and unauthorized users.  The measure of the separability, like that of the ROC, cannot be dependent on implementation specific scales.  Additionally, a separability measure should be easy to calculate. A well known measure for the (inverse) separability is the Equal Error Rate (EER).  Unfortunately, the EER describes only one single point of the ROC.  While the definition is simple, the calculation is not so easy; the EER point does not exist as a measurement, instead it is derived through decision and approximation. An (inverse) separability measure, which also prevents the EER disadvantages, is the area below the ROC graph.  It allows easy calculation of all ROC values through summation.  The only difficulty is the fact  that the ROC values are not equidistant.  Therefore, every y value (FAR) must be weighted by the distance between its corresponding x value (FRR) and the next value.  This distance for every ROC point is just the difference (that is, the gradient) of two consecutive values in the FAR graph.  As a result, the distance is given by the probability distribution graph of non authorized users.  (For continuous functions, in which the sum can be replaced by an integral, this would be a consequence of the substitution rule for integrals!)   The ROC area, here called ROCA, is (K+1 is the number of similarity ratings considered with pN being the probability distribution function for unauthorized users): ROCA =  K n=1 FRR(n)pN(n-1) This formula simply needs additions and multiplications of existing measured values.  Even though implementation specific similarity ratings n are summed, the ROCA is still independent of their definition. However, one must assume that no threshold-independent rejections occurs, i.e., FRR = FNMR and FAR = FMR. Both EER and ROCA can take on values between 0 and 1.  Ideal separability of a biometric system and therewith the distribution pB and pN obviously result in EER and ROCA values of 0.  But what value belongs to the ideal non separability.  Intuitively, ideal non separability can only mean that both distributions pB and pN are exactly the same.  But in the case: pN = pB => FAR = 1 - FRR => EER = ½ and: pN = pB  => ROCA =  K n=1 FRR(n)pB(n-1) ~ ½ (Proof for the approximation: one replaces the sum with an integral and considers pB as the derivative of FRR.  Now, only the rules for partial integration are needed.) Reasonable vales for EER and ROCA lie between the extremes: 0 for perfect separability and ½ for perfect non separability.  What do values between ½ and 1 then mean?  This range is left for cases, in which distributions pB and pN trade roles and change places in the diagram.  For separability, this range has practically no meaning in biometrics.

What does one need to be aware of regarding the FAR/FRR?

The measurement of biometric features as well as the features themselves are subject to statistical fluctuations. Therefore, every biometric recognition system has a built-in acceptance threshold, which when raised both decreases FAR and increases FRR.  It should be clear that the given FAR and FRR values are belonging to the same threshold value. Stating only the FAR or only the FRR is thus misleading. Additionally, even the Failure-to-Enrol Rate FER must be considered when comparing the FAR/FRR values of different systems. This is because the enrolment procedure can be parametrized in such a way that only best quality biometric features are approved for biometric templates while lower quality samples are dropped, thus contributing to a higher FER. Normally, the higher the FER forced by the biometric system, the better the FAR and FRR values, and vice versa! In biometrics FAR/FRR are not theoretically ascertainable, instead they must be determined statistically in costly tests. Determining statistical significance is equally difficult.  There were no standardized techniques, therefore results could vary due to differences in test conditions and sample size.  Clarity was only provided by disclosure of the test conditions.

Is a biometric system's performance dependent upon the user?

Generally, yes.  This applies for false acceptance rate (FAR) as well as for false rejection rate (FRR).  We experience this in our everyday lives -- some faces are easy to recognize and remember, whereas others are difficult.  Therefore, the statistical means of FAR and FRR, typical indicators, are not very helpful for individual users.  This dependence on the individual user is also responsible for the fact that statistical properties of FAR and FRR measurements are very difficult to quantify.

Is Failure to Enrol a typical problem for biometric systems?

Every biometric characteristic can occasionally or permanently fail.  Examples of temporary failures can be caused by worn down or sticky fingertips for fingerprints, medicine intake in iris identification (Atropin), hoarseness in voice recognition, or a broken arm affecting one's signature.  Well known permanent failures are, for example, cataract, which makes retina identification impossible, or rare skin diseases which permanently destroy a fingerprint.  Therefore, every biometric system needs a fall-back process.  One also needs a fall-back if a key is lost or a PIN is forgotten; so not only are biometric systems affected by user failure, rather all authentication systems.  In fact one can see that also here, biometric systems are preferable to conventional methods.

How are the FAR and FRR minimized in a biometric system?

The false acceptance rate (FAR) can be adjusted in the recognition algorithm via the acceptance threshold - the higher the acceptance threshold, the lower the FAR.  Raising the acceptance threshold, however also raises the FRR.  Therefore, the goal must be to have as small an FAR as possible for any given FRR, and vice versa.  There are certain factors which primarily influence the FAR, while others mainly affect the FRR.  For a fixed FRR, FAR is dependent on the following factors: type of biometric feature quality of the sensors user behavior effectiveness of the recognition algorithm the number of biometric references in an identification system Therewith, the optimization possibilities are clear: determine suitable biometric characteristics: here the uniqueness of the biometric characteristics essentially affects the FAR, whereas permanence and measurability affect the FRR choose the sensor with the best (picture) quality: this mainly reduces the FRR eliminate false operations of the user:  this also reduces the FRR optimize the recognition algorithm limit the number of biometric references in an identification system: this reduces the FAR and increases the FRR

Is the Equal Error Rate a robust measure for system performance?

No. Using the threshold parameter, most practical biometric systems are not adjusted for FAR = FRR which defines the EER but for FAR << FRR. Since ROCs of different systems may behave completely different, two systems with the same EER may even differ by decades for other ROC points. To avoid such large errors, only the FAR - FRR pairs in the operating point are to be considered, e.g., by comparing the FARs at a common FRR. A consideration of the EER is only reasonable in those rare cases where the system uses the EER as operating point.

What does security mean for an authentication system?

Often "security" is said when the ability to prevent false authentication is meant.  False authentication could happen through: too high a false acceptance rate (FAR) fraud or forgery attempts technical deficiencies Perfect protection cannot exist.  However, one can try to make the FAR as small as possible, forgery attempts as costly as possible, and through intensive testing minimize the technical deficiencies. The security realm also includes protecting biometric and other personal data against misuse.

What is compromisation of a biometric characteristic?

In this case, compromisation is the exposure of one or more biometric characteristics of a person allowing use for forgery purposes.

Is the compromisation of biometric characteristics a problem?

Biometric characteristics should be as unique and permanent as possible.  If compromised, it is argued that biometric characteristics could be misused and then, like a password, rendered unusable, except that a password is always exchangeable whereas a biometric characteristic isn't.  The actual danger depends upon the application and the associated precautions. Yes - if the compromising in a statistical sense is able to create a mean total damage that is larger than the anticipated mean total benefit of a specific biometric application. Generally, one should expect this, when measures against compromisation are in no reasonable proportion to the possible amount of damage. Especially, this affects biometric systems which regard the biometric characteristic solely as secret, although it is easy to compromise and a fake copy can be assembled from it in a simple way. Yes - if properties of the affected person can be extracted from the biometric characteristic which could prove unfavorable for him or her. Example: genetic disease information from DNA. No - if the biometric system is able to "doubtlessly" establish the difference between the original of the biometric characteristic and the fake copy assembled from the compromised biometric characteristic. In biometric systems this is achievable up to a certain degree by a multitude of organizational and technical measures and strongly depends on the selected biometric characteristic. Sometimes it is said to be important that the original picture (e.g., the finger line picture) is not reconstructible from the characteristics' data record.  But this doesn't help much because any reconstruction trial of a person's biometric characteristic which produces the same data record as the original is sufficient for misuse [Bromba 2003].

What can be done against compromisation of one's biometric characteristics?

Provide your biometric characteristics only to trustworthy applications of trustworthy system operators. The operator must commit not to pass the biometric data to third parties but to store them with sufficient protection, at best encrypted. Favor biometric applications which are exclusively able to utilize your biometric data if you present a chip card which is under your control. (On this chip card the biometric references may be stored, or a secret personal key which allows a temporary decryption of your biometric data stored in the biometric system in encrypted form.) Do not publish your biometric characteristics, if these are inherently difficult to compromise and therefore could be regarded as secrets by a certain biometric application. Examples are fingerprint, iris, or vein patterns. This is critical especially in those cases where a forger is able to assign the biometric data to a designated person.

What must be observed with respect to security when dealing with "Template on Card"?

We consider the following possibilities for storage of biometric references on a chip card: The chip card is a pure memory card, storage is unencrypted. The chip card can be read by anyone who finds it. The chip card can be duplicated by anyone; however, only the authorized can use it. In principle, cards with references of non-authorized users can be produced which grant access to the system. If the authorized user's (non-biometric) data is saved on the card, the danger of compromisation when lost is high. The chip card is a pure memory card, storage is encrypted. The chip card can be read by anyone who finds it, but the contents cannot be interpreted. The chip card can be duplicated by anyone; however, only the authorized can use it. Authentication via cards with references of non-authorized users is generally prevented. Compromisation of data is prevented. The chip card is a processor card (smart card) with crypto function The chip card's stored data can only be read and interpreted by a trustworthy communication partner (e.g., a protected PC or a protected server via a non-protected PC) Duplication of the chip card is preventable Authentication via cards with references of non-authorized users is generally prevented Compromisation of data is prevented It depends on a specific application which security level is necessary and what will be the possible solution.

Is biometrics a privacy-enhancing or a privacy-threatening technology?

Recent concerns with the possible uses and misuses of biometrics has led to a discussion whether biometrics is privacy-enhancing or privacy threatening.  A central question, according to Woodward (1999), is whether a user has full control over his data, knowing when, where, and why submitted biometric data are used.  Non-intended reuse is possible in non-biometric systems, but fear is increased due to the highly personal nature of biometric data, as opposed to simply an ID number.  Some biometric data, such as DNA, showing medical information can be passed along to commercial systems, insurance companies, or the government.  Privacy concerns with biometrics as summarized by Wirtz (2000) are: Unauthorized access to biometric data Unauthorized disclosure of biometric data to third parties Use of biometric data for other than intended purpose Collection of biometric data without the knowledge of the individual Meeting privacy and data protection requirements is a central concern to the success of biometric systems. Legal concerns can help ensure that biometrics are properly applied and therefore increase an individual's security.

Is biometrics more "secure" than passwords?

This question at least poses two problems: biometrics is not equal to biometrics (in accordance to the definition of biometrics, even passwords may be considered as a limit case of biometrics), and the term "secure" is in fact commonly used, but it is not exactly defined. However, we can try to collect pros and cons in order to find at least an intuitive answer which indicates possible differences between different biometric characteristics. It is a matter of fact that the security of password protected values in particular depends on the user. If the user has to memorize too many passwords, he will use the same passwords for as many applications as possible. If this is not possible, he will go to construct very simple passwords. If this will also fail (e.g., if the construction rules are too complex), the next fall-back stage is to notify the password on paper. This would transform "secret knowledge" into "personal possession". Of course, not every user will react this way. Rather the personal motivation plays an important role: is he aware of the potential loss caused by careless handling of the password? It is easy if the user is the owner. But often foreign possession (e.g., that of the employer) has to be guarded, whose value one often can hardly estimate. If motivation is missing, any password primarily tends to be felt bothersome. In this case, and that seems to be the normal case, it is assumed that biometrics has considerable advantages. Contrariwise, passwords feature an unbeatable theoretic protection ability: an eight-digit password which is allowed to contain any symbol from an 8-bit alphabet offers 1020 possible combinations! This is a real challenge for any biometric feature.  The requirements are obvious: such a password is maximally difficult to learn, it must not be written down, it must not be passed to anyone, the input must take place absolutely secret, it must not be extorted, and the technical implementations must be perfect. This leads us to the practical aspects: the implementation must be protected against replay attacks, keyboard dummies (e.g., false ATMs), wiretapping etc. Even biometric features have to cope with such problems. However, it can be assumed that hijacking biometric features is not easier than sniffing a password, provided the implementation expense is comparable! Conclusion: Surely, there are cases where passwords offer more security than biometric features. However, these cases are not common!

Publications Albrecht, A. "Biometrische Verfahren im Spannungsfeld von Authentizität im elektronischen Rechtsverkehr und Persönlichkeitsschutz", Frankfurter Studien zum Datenschutz, Nomos, 2003. Behrens, M.; Roth, R. (Editors) "Biometrische Identifikation - Grundlagen, Verfahren, Perspektiven", Vieweg, 2001.  Bromba, M. U. A. "On the reconstruction of biometric raw data from template data", 2003-04-20 Jain, A.; Bolle. R.; Pankanti; S. (Editors); "Biometrics: Personal Identification in Networked Society", Kluwer Academic Publishers, 1999. Lenz, J.-M.; Schmidt, C.; "Die elektronische Signatur", Deutscher Sparkassenverlag, ISBN 3093057051, 2004. Petermann, Thomas; Sauter, Arnold; "Biometrische Identifikationssysteme", TAB-Arbeitsbericht, 2002. Porter, J. E. "On the "30 error" criterion", in: "National Biometric Test Center - Collected Works - 1997-2000 - San Jose State University ". Wirtz, B. "Biometric Systems 101 and Beyond", in: Secure - The Silicon Trust Quarterly Report, Autumn 2000, 12-17. Woodward, J.D.; "Biometrics: identifying law and policy concerns", in: Jain, A.; Bolle. R.; Pankanti; S. (Editors); "Biometrics: Personal Identification in Networked Society", Kluwer Academic Publishers, 1999, 385-405. Zhang, D.; Jing, X.; Yang, J.; "Biometric Image Discrimination Technologies", Idea Group Publishing, ISBN 159140830X, 2006

Links Information Sources Homepage of Jean-François Mainguet (biometrics.mainguet.org) Central USG site for information about biometrics (http://www.biometrics.gov) Biometric Bits (biometricbits.com) Harmonized Biometric Vocabulary (christoph-busch.de/ standards.html) Published standards: JTC 1/SC 37  - Biometrics (iso.org/iso/iso_ catalogue/catalogue_ tc/catalogue_tc_browse.htm? commid=313770&published=on) Reasearch page of Christoph Busch (christoph-busch.de/) Non-profit Organizations TeleTrusT Deutschland e.V. (teletrust.de/) The Biometrics Discussion Group (biometricbits.com/ biometrics_discussion_ group.htm) Universities and Institutes IBIS Institute for Biometric Identification Systems (University of Friedberg-Giessen) (biometrie-info.de/) Biometrics Research Homepage at Michigan State University (biometrics.cse.msu.edu/) NIST National Institute of Standards and Technology (nist.gov/ biometrics) FBI Biometric Center of Excellence (biometriccoe.gov) Resource Guides findBiometrics (findbiometrics.com/) Evaluations, Testing, Certifications BSI Bundesamt für Sicherheit in der Informationstechnik (bsi.de/)

Author In 1968, Manfred U. A. Bromba began an education as electronic technician at the company Nixdorf Computer AG. It followed a study of electrical engineering and physics at Paderborn University. After obtaining a "Dr. rer. nat." degree, he researched another two years in the field of digital signal processing. In 1983, he changed to the semiconductor division of Siemens AG where he was responsible for a series of multimedia innovations: First IC set for flicker-free 100 Hz-TV (1987) First Embedded DRAM -IC for TV sets (1988) Multiport Serial Access Memory for TV (TV-SAM) High-End graphics IC for Teletext (MEGATEXTTM) MultiMediaCardTM First fully working prototype of a MP3 players with memory card (1995) (implemented by Pontis) In 1986, the company "Dr. Bromba Infrarotindikatoren" was founded. In 1997, Bromba assumed the biometrics activities of the Siemens division "Private Networks". 1999 the worldwide first prototypes of a cell phone with fingerprint authentication and an ID card with complete sensing and processing on card had been finished and shown at the CeBIT fair. Manfred Bromba is author of numerous publications and inventions. As a member of TeleTrusT e.V., CAST Forum, and the biometrics working group NI-AHGB/NI-37 of the DIN e.V., he actively participated in the promotion and standardization of biometric systems.

Responsible for the Biometrics FAQ's content: Dr. Manfred Bromba Impressum