March 5, 2010 at 19:27Biometric Identification: Technology Reliability
It is believed that biometric identification is a very reliable and safe thing. I’ve been working in this area for several years, and I propose to understand this issue in more detail using the example of fingerprint identification of a person.
What is she like? Take a look at your finger. You see a lot of lines that converge, then diverge. Here on the points of these same convergence-differences, the so-called "biometric model" is built. It is different for everyone, and fingerprinters can almost unmistakably confirm or deny the involvement of a person in a fingerprint. But, firstly, fingerprinters take the full rolling finger model; secondly, taking into account all the lines, drawing, and other things. We can only be guided by the scanned part of the print. Which includes a certain number of points ("basic"), but not all.
There is a so-called (roughly speaking) “threshold of sensitivity”, that is, the number of points that must coincide. The higher it is, the more reliable, and the more difficult it is to achieve the correct verification of prints (to identify a person). Because the finger, in the end, needs to be applied in the same way or almost the same way as on the reference scan. And this is not easy. In addition, as mentioned earlier, not all of the fingerprint model is available to us, but only a part. Accordingly, we will also check only part of the points. This determines the need for a "threshold of sensitivity."
And everything would be fine, and people’s models are different for everyone, but the fact is that sometimes we have very similarprints. “Like two drops of water”, with slight differences. And here we get a problem. Comparing a person with different people (identifying), we may well be mistaken - get a “false positive”. And it would be nice when the system confuses the manager of one department with another. But when the system confuses junior - the developer and CEO, it is often sad. Especially for the CEO.
“Scientific” squeezes (where without them).
In biometrics, there are key percentage probabilistic indicators (thresholds):
- FAR (False Acceptance Rate, “system demanding level”) false tolerance. That is, the likelihood that the system will let the "stranger" person.
- and false failure FRR (False Rejection Rate, errors). That is, the probability that the system is notwill let "his" person.
The indicators are very closely related. The value (1 - FAR) is called specificity, the value (1 - FRR) is called sensitivity. By increasing / decreasing the sensitivity of the system we increase / decrease its specificity and vice versa.
Verification saves the situation a bit. But what is it and what is its difference from identification?
The identification looks something like this: Ivanov came to the system, puts his finger on, the system joyfully reports: “Bah! .. Ivanov! Hello, they
've been waiting for a long time! ” Verification, in turn, looks like this: Ivanov came to the system, tells her:“ I am Ivanov! ”, And puts a finger on it. The system happily reports: “Baaaaaa! .. Taki Ivanov. Hello, where have you been ?! ”
That is, during verification, the comparison does not occur with many people (fingerprints), but with one specific person (fingerprint). Then the threshold of sensitivity can be set higher. Also, the situation improves if two fingers are applied. If people are very similar in one fingerprint, then it is not at all a fact that they will be similar in another. But the technology is much more expensive.
Everything else, a lot depends on the scanner itself. Good scanners (from those I've seen) are very bulky and very expensive. But they can be used even in fingerprinting. However, they are extremely rarely taken. Basically, scanners are “cheap and angry” and work accordingly.
This we are not directly concerned with the capabilities of some "conditionally open" KFORs that they provide us with. You can easily replace the fingerprint of a person and without knowing either his password or his login, log into the system using his account.
In general, in my opinion, biometric identification is not as reliable as it seems.
And according to the fingerprint, it is not as reliable at the moment as we would like. Especially on large amounts of data (i.e., with a large number of users). After all, we will need to compare with more fingerprints and the likelihood that the system will malfunction increases.
Verification is definitely more reliable. An alternative may be retinal identification. Anyway, it looksmuch more reliable. But the equipment is expensive and it was not yet possible to feel it.
Recognition of visual images does not work more reliably than the “imprint”. From what I have seen: technology confuses even the sex of a person. With the right approach.
And the biometrics approach implies in any case thoughtful and informed.
I would like to add information on issues that arise almost always.
1. There was no experience of cutting off fingers.
2. Despite this, cut off fingers on most scanners do not work, because The scanner responds to the heat of the finger. There are exceptions, but they are bulky and expensive. What is shown in the films causes outright bewilderment.
3. The cut off fingers by me never warmed up, therefore I cannot answer “what will happen”.
PS Thanks for the karma, transferred to that blog, the subject of which (it seemed to me) the article is closest. Tell me if you missed.
What is she like? Take a look at your finger. You see a lot of lines that converge, then diverge. Here on the points of these same convergence-differences, the so-called "biometric model" is built. It is different for everyone, and fingerprinters can almost unmistakably confirm or deny the involvement of a person in a fingerprint. But, firstly, fingerprinters take the full rolling finger model; secondly, taking into account all the lines, drawing, and other things. We can only be guided by the scanned part of the print. Which includes a certain number of points ("basic"), but not all.
There is a so-called (roughly speaking) “threshold of sensitivity”, that is, the number of points that must coincide. The higher it is, the more reliable, and the more difficult it is to achieve the correct verification of prints (to identify a person). Because the finger, in the end, needs to be applied in the same way or almost the same way as on the reference scan. And this is not easy. In addition, as mentioned earlier, not all of the fingerprint model is available to us, but only a part. Accordingly, we will also check only part of the points. This determines the need for a "threshold of sensitivity."
And everything would be fine, and people’s models are different for everyone, but the fact is that sometimes we have very similarprints. “Like two drops of water”, with slight differences. And here we get a problem. Comparing a person with different people (identifying), we may well be mistaken - get a “false positive”. And it would be nice when the system confuses the manager of one department with another. But when the system confuses junior - the developer and CEO, it is often sad. Especially for the CEO.
“Scientific” squeezes (where without them).
In biometrics, there are key percentage probabilistic indicators (thresholds):
- FAR (False Acceptance Rate, “system demanding level”) false tolerance. That is, the likelihood that the system will let the "stranger" person.
- and false failure FRR (False Rejection Rate, errors). That is, the probability that the system is notwill let "his" person.
The indicators are very closely related. The value (1 - FAR) is called specificity, the value (1 - FRR) is called sensitivity. By increasing / decreasing the sensitivity of the system we increase / decrease its specificity and vice versa.
Verification saves the situation a bit. But what is it and what is its difference from identification?
The identification looks something like this: Ivanov came to the system, puts his finger on, the system joyfully reports: “Bah! .. Ivanov! Hello, they
've been waiting for a long time! ” Verification, in turn, looks like this: Ivanov came to the system, tells her:“ I am Ivanov! ”, And puts a finger on it. The system happily reports: “Baaaaaa! .. Taki Ivanov. Hello, where have you been ?! ”
That is, during verification, the comparison does not occur with many people (fingerprints), but with one specific person (fingerprint). Then the threshold of sensitivity can be set higher. Also, the situation improves if two fingers are applied. If people are very similar in one fingerprint, then it is not at all a fact that they will be similar in another. But the technology is much more expensive.
Everything else, a lot depends on the scanner itself. Good scanners (from those I've seen) are very bulky and very expensive. But they can be used even in fingerprinting. However, they are extremely rarely taken. Basically, scanners are “cheap and angry” and work accordingly.
This we are not directly concerned with the capabilities of some "conditionally open" KFORs that they provide us with. You can easily replace the fingerprint of a person and without knowing either his password or his login, log into the system using his account.
In general, in my opinion, biometric identification is not as reliable as it seems.
And according to the fingerprint, it is not as reliable at the moment as we would like. Especially on large amounts of data (i.e., with a large number of users). After all, we will need to compare with more fingerprints and the likelihood that the system will malfunction increases.
Verification is definitely more reliable. An alternative may be retinal identification. Anyway, it looksmuch more reliable. But the equipment is expensive and it was not yet possible to feel it.
Recognition of visual images does not work more reliably than the “imprint”. From what I have seen: technology confuses even the sex of a person. With the right approach.
And the biometrics approach implies in any case thoughtful and informed.
I would like to add information on issues that arise almost always.
1. There was no experience of cutting off fingers.
2. Despite this, cut off fingers on most scanners do not work, because The scanner responds to the heat of the finger. There are exceptions, but they are bulky and expensive. What is shown in the films causes outright bewilderment.
3. The cut off fingers by me never warmed up, therefore I cannot answer “what will happen”.
PS Thanks for the karma, transferred to that blog, the subject of which (it seemed to me) the article is closest. Tell me if you missed.