How do we measure it?

In this fourth and final post in our series on “The importance of optimizing all parts of a biometric system”, Peter Kollig, Senior Director of Engineering, System Architecture at IDEX Biometrics discusses how we measure biometric performance.

Biometrics are increasingly being used in a number of different areas to secure systems and transactions. When it comes to protecting smartcards with an on-board fingerprint sensor module, measuring the biometric performance of the card is an essential part of the process. This is because those parameters determine the usability of the biometric smart card and therefore determine whether potential banking customers are going to be comfortable adopting biometric card technology and rolling it out to their customers.

False readings

The two most important metrics where a biometric fingerprint sensor module is concerned are the False Accept Rate (FAR) and the False Reject Rate (FRR). These are the chances that an incorrect reading will be validated or that a correct biometric will be rejected.

FAR is about the security of the card itself and has to be low, typically at least equivalent to the security level of a 4-digit PIN (a 1:10,000 chance of a false acceptance). FRR, on the other hand, is about user convenience and an FRR of between 3% and 5% is the accepted standard in the industry today.

The nature of the technology means that there is a close relationship between FAR and FRR. One cannot usually be altered without affecting the other. A choice, therefore, has to be made in order to reach a reasonable compromise between user convenience or security and this will generally lean towards favouring security.

The role of the sensor

Instances of FRR and FAR are influenced by a number of factors that include the fingerprint sensor used, the card ergonomics and the approach used for initial enrolment. It is, therefore, crucial that the final card form factor and enrolment sleeves are used when biometric performance is being measured in order to ensure that the results are valid.

The fingerprints of different users can have very different properties and the FRR/FAR data is statistical data. It is therefore vital in getting valid test results that a sufficient number of users and unique fingers are used in the process. This process is described in ISO/IEC 19795-1 and -2. In order to help with the testing process, IDEX provides demo cards, print collection tools and tools to execute the actual biometric algorithm on a PC platform to allow for good execution times.

Of course, you also need to measure latency of the matching algorithm. This is also a statistical measure and IDEX provides tools to measure run time on actual hardware targets, for example, the Secure Element (SE) and the Biometric Micro Controller Unit (B-MCU). For biometrics in hardware limited environments such as smartcards, there is always going to be a trade-off between speed and restricted processing power and it is important for testing to quantify and allow the effects of this to be minimized.

The previous post in our series on “The importance of optimizing all parts of a biometric system” looked at how do we make it happen.