As with most security
solutions, there is simply no perfect technology that
would act as the 'silver bullet'. Depending on the
specific application and the exact requirements for a
solution a combination of multiple biometrics and token
technologies may be ideal. When choosing an
authentication technology or a combination thereof the
client should among other criteria consider the
following basic factors:
- Accuracy -
FRR/FAR/FER/EER,
speed and maturity of technology
- User acceptance -
personal, cultural, political
- Availability of
technology
- Competition or lack
thereof
- Critical
Vulnerabilities
- Standards support -
AFIS, BAPI, FIPS, etc.
- Cost - ROI
- Manufacturer
reputation and 'history'
- How critical is the
data or physical location being secured
The performance of
biometric based access systems using fingerprints or
other means is limited by the performance of sensors and
algorithms. The match confidence is always a matter of
probability, and the accuracy is generally measured by
establishing the values for the following four criteria:
FRR (False Rejection Rate), FAR (False Acceptance Rate),
FER (Failure to Enroll Rate), and ERR (Equal Error
Rate). These rates are usually expressed as events per
1,000 or 10,000 uses.
FRR
(False Rejection Rate) is the rate at which the system
incorrectly rejects a legitimate attempt to verify. With
increasing FRR, the probability increases that
authorized personnel may have to submit credentials
repeatedly before being granted the access to which they
are entitled. In a high security environment this might
not be such an important issue, but a high FRR it may
create user acceptance problems when the.
FAR
(False Acceptance Rate) - is the rate
at which the system incorrectly accepts an invalid
verification attempt. FER (Failure to Enroll Rate) - is
the percentage of people that do not have sufficient
sample quality to enroll on a given biometric system.
For applications where convenience and general user
acceptance are more important than security,
administrators have had to settle for a high FAR in
order to assure that authorized individuals are always
granted access, at the cost of possibly granting access
to unauthorized individuals.
FER
(Failure to Enroll Rate) - is the percentage of people
that do not have sufficient sample quality to enroll on
a given biometric system. Every biometric feature can
fail. Examples of failures to enroll can be caused by
worn down or unavailable fingertip for fingerprints,
medicine intake in iris identification (Atropin),
hoarseness or lack of speech in voice recognition, or a
disability affecting one's signature. Therefore, every
biometric system needs to offer the flexibility of a
'fall-back process' and an alternative method of
authentication.
EER
(Equal Error Rate) - is the point
where the FRR and the FAR are equal. A system with an
FRR of 5% and a FAR of 5% will have an EER of 5%. FAR or
FRR test parameters are often tuned to favor either FRR
or FAR, depending on the value that the test is meant to
measure. In order to establish the proper EER value
however, the test parameters must remain consistent for
FRR and FAR testing. As such, the EER is sometimes
considered a more accurate value than separate FRR and
FAR values.
User acceptance is
often the key for deploying one or the other biometric
technology. Regardless of how accurate a system is the
more difficult or inconvenient the system is to handle,
the more frustrated users will become and the more money
will have to be spent on training, maintenance, support
and implementation. |
