|
Below
is an A - Z guide of commonly used terms
when discussing biometrics:
Attempt
The submission of a biometric sample to a biometric system for identification
or verification. A biometric system may allow more than one attempt
to identify or verify.
BEM
Biometric Evaluation Methodology
BioAPI
Biometrics Application Programming Interface standard.
Biometric
A measurable physical characteristic or personal behavioral trait
used to recognize the identity of an enrollee or verify a claimed
identity.
Biometric application
The use to which a biometric system is put.
Biometric data
Extracted information taken from a biometric sample and used either
to build a reference template on enrolment, or to compare against
a previously created reference template.
Biometric feature
A representation from a biometric sample extracted by the extraction
system.
Biometric sample
A biometric measure presented by the user and captured by the data
collection system.
Biometric system
An automated system capable of capturing a biometric sample from
an end user, extracting biometric data from the sample, comparing
the data with one or more reference templates, deciding on how well
they match, and indicating whether or not an identification or verification
of identity has been achieved.
Note that in CC evaluation terms, a biometric system may be a product
or may be (part of) a system for evaluation.
Biometric template
See template.
Capture
The process of taking a biometric sample via a sensor from a user.
CBEFF
Common Biometric Exchange File Format standard
CCEM
Common Criteria Evaluation Methodology [CEM]
Common Criteria
An international scheme for the security evaluation and certification
of IT systems.
Comparison
The process of comparing biometric data with a previously stored
reference template (or templates).
EAL
Evaluation Assurance Level
Enrollee
A user with a stored biometric reference template on file.
Enrolment
The process of collecting biometric sample(s) from a person, and
the subsequent preparation and storage of reference template(s)
and associated data representing that person's identity.
Failure to acquire
rate (FTA)
The failure to acquire rate is the proportion of attempts for which
a biometric system is unable to capture an image of sufficient quality.
When a biometric system allows multiple attempts, FTA measures failure
to capture over these multiple attempts.
Failure to enroll rate
(FTE)
The failure to enroll rate is the proportion of the user population
for whom the biometric system is unable to generate reference templates
of sufficient quality. It is the equivalent of FTA for the enrolment
process, and depends on the procedures used in enrolment (which
may differ from the procedures for later identification). It includes
those who, for physical or behavioral reasons, are unable to present
the required biometric feature.
False Acceptance
An incorrect identification of an individual, or an incorrect verification
of an impostor.
False Accept Rate (FAR)
The probability that a biometric system will incorrectly identify
an individual, or will fail to reject an impostor. For a positive
(verification) system, it can be estimated from: (the number of
false acceptances) ÷ (the number of impostor verification
attempts).
False Match Rate (FMR)
The rate for incorrect positive matches by the matching algorithm
for single template comparison attempts. For a biometric system
that uses just one attempt to decide acceptance, FMR is the same
as FAR. When multiple attempts are combined in some manner to decide
acceptance, FAR is more meaningful at the system level than FMR.
False Non-Match Rate
(FNMR)
The rate for incorrect negative matches by the matching algorithm
for single template comparison attempts. For a biometric system
that uses just one attempt to decide acceptance, FNMR is the same
as FRR. When multiple attempts are combined in some manner to decide
acceptance, FRR is more meaningful at the system level than FNMR.
False Rejection
A failure to identify or verify a genuine enrollee.
False Reject Rate (FRR)
The probability that a biometric system will fail to identify a
genuine enrollee. For a positive (verification) system, it can be
estimated from: (the number of false rejects) ÷ (the number
of enrollee verification attempts).
Identification
The process of using a submitted biometric sample for comparison
against the set of enrolled templates to match a user to an enrollee.
(Normally used only in one-to-many systems)
Identification system
Identification systems, where the user makes no explicit claim to
identity, may be compared to verification systems. Without a claimed
identity, the biometric system does a one-to-many process of comparison
against all enrollees in its database.
Impostor
A person making a false claim about identity to the biometric system.
Live processing
Direct enrolment/ identification of potential users via the normal
biometric capture process. Compare off-line processing.
Matching score
A measure of similarity or dissimilarity between the biometric data
and a stored template, used in the comparison process.
Multimodal biometric
A biometric device which uses information from different biometrics
- e.g. fingerprint and hand shape; or fingerprints from two separate
fingers. All statistical analysis of multimodal systems should consider
how the modes are combined in the comparison process.
NIST
National Institute of Standards and Technology
One-to-many matching
See identification system.
One-to-one matching
See verification system.
On-line processing
See live processing.
Operational testing
Testing a biometric system to measure its statistical properties
(e.g. FAR and FRR) in a specified operational environment, with
a specific target population.
Physical/ Physiological
biometric
A biometric which is characterized by a physical characteristic.
Positive claim
A claim by a user to be enrolled in the biometric system. An explicit
claim is often accompanied by a user identification, and may also
be associated with a password or PIN.
PP
Protection Profile. A form of generic Security Target defined in
the Common Criteria.
Receiver Operating
Characteristics (ROC)
A method of showing the performance of the biometric system over
a range of decision criteria - usually shown as a graph that relates
FAR to FRR as the decision threshold varies.
ROC
Receiver Operating Characteristics
Scenario testing
Testing a biometric system to measure its statistical properties
(e.g. FAR and FRR) in an environment modelled to simulate a particular
application.
Security Target
A set of security requirements and specifications to be used as
the basis for the evaluation of a TOE.
Sensor
The physical hardware device used for biometric capture
Sensor ageing
The gradual degradation in performance of a sensor over time.
Technology testing
Testing one or more biometric systems to measure statistical properties
(e.g. FAR and FRR) to compare various algorithms and technologies
- usually achieved by off-line processing.
Template
A user's stored reference measure based on biometric feature(s)
extracted from biometric sample(s).
Template ageing
The gradual change of a user's biometric feature(s) which requires
periodic updating of the user's reference template.
Threat
An intentional or unintentional potential event that could compromise
the security integrity of the system.
Threshold
A parametric value used to convert a matching score to a decision.
A threshold change will usually change both FAR and FRR - as FAR
decreases, FRR increases.
User
A person who requires access to the portal which is protected by
a biometric system.
Verification
The process of using a submitted biometric sample for comparison
against a template to match a user to a known enrolee. (Normally
used only in one-to-one systems, where the user may also have to
specify a user name and/or password or PIN)
Verification system
Verification systems, where the user explicitly claims an identity,
may be compared to identification systems.
Vulnerability
The potential for the function of a biometric system to be compromised
by e.g. intention (fraudulent activity); design flaw (including
usage error); accident; hardware failure; or external environmental
condition.
Weak Template
A template created from a noisy, poor quality, highly varying or
null image, which typically has a higher FAR than other templates.
|
