Support 		 
  | Products | Services | Partners | Support | News | Company | Purchase | View Cart | May 10, 2005    
 Knowledge Base
 Troubleshooting
 Interactive Support
 Software Download
 Supported Devices
 Support by Partner
 Report a Bug
 Product Registration

 Security Concepts
 Authentication Basics
 Biometrics
 Token
 Password
 Selection Process
 Overview
 Security
 Decision Tree
 Taxonomy
 Cost
 PKI

 Documents
Selection Process - Overview
As with most security solutions, there is simply no perfect technology that would act as the 'silver bullet'. Depending on the specific application and the exact requirements for a solution, a combination of multiple biometrics and token technologies may be ideal. When choosing an authentication technology or a combination thereof, the client should, among other criteria, consider the following basic factors:
  • Accuracy - FRR/FAR/FER/EER (see next paragraph), speed and maturity of technology
  • User acceptance - personal, cultural, political
  • Availability of technology
  • Competition or lack thereof
  • Critical vulnerabilities
  • Standards support - AFIS, BAPI, FIPS, etc.
  • Cost - ROI
  • Manufacturer reputation and 'history'
  • How critical is the data or physical location being secured

The performance of biometric based access systems using fingerprints or other means is limited by the performance of sensors and algorithms. The match confidence is always a matter of probability, and the accuracy is generally measured by establishing the values for the following four criteria: FRR (False Rejection Rate), FAR (False Acceptance Rate), FER (Failure to Enroll Rate), and ERR (Equal Error Rate). These rates are usually expressed as events per 1,000 or 10,000 uses.

FRR (False Rejection Rate) is the rate at which the system incorrectly rejects a legitimate attempt to verify. With increasing FRR, the probability increases that authorized personnel may have to submit credentials repeatedly before being granted the access to which they are entitled. In a high security environment, this might not be such an important issue, but a high FRR may create user acceptance problems.

FAR (False Acceptance Rate) - is the rate at which the system incorrectly accepts an invalid verification attempt. FER (Failure to Enroll Rate) - is the percentage of people that do not have sufficient sample quality to enroll on a given biometric system. For applications where convenience and general user acceptance are more important than security, administrators have had to settle for a high FAR in order to assure that authorized individuals are always granted access, at the cost of possibly granting access to unauthorized individuals.

FER (Failure to Enroll Rate) - is the percentage of people that do not have sufficient sample quality to enroll on a given biometric system. Every biometric feature can fail. Examples of failures to enroll can be caused by worn down or unavailable fingertip for fingerprints, medicine intake in iris identification (Atropin), hoarseness or lack of speech in voice recognition, or a disability affecting one's signature. Therefore, every biometric system needs to offer the flexibility of a 'fall-back process' and an alternative method of authentication.

EER (Equal Error Rate) - is the point where the FRR and the FAR are equal. A system with an FRR of 5% and a FAR of 5% will have an EER of 5%. FAR or FRR test paramaters are often tuned to favor either FRR or FAR, depending on the value that the test is meant to measure. In order to establish the proper EER value, however, the test parameters must remain consistent for FRR and FAR testing. As such, the EER is sometimes considered a more accurate value than separate FRR and FAR values.

User acceptance is often the key for deploying one or the other biometric technology. Regardless of how accurate a system is, the more difficult or inconvenient the system is to handle, the more frustrated users will become and the more money will have to be spent on training, maintenance, support and implementation.
Level of Security
There are multiple authentication technologies to choose from, and they each verify the identity of an individual and grant access to resources. However, they fundamentally differ in the level of security they provide. Whereas passwords are generally considered weak forms of authentication, token and even more so biometrics, have been established as much stronger forms of authentication. (Learn more about the specific technology by clicking on the cooresponding box.)


An advanced security architecture will allow these technologies to co-exist on a system and be combined into multi-factor authentication, providing for the proper level of security with the proper technology.

Technology Decision Tree
There are a multitude of information security and authentication technologies to choose from and the selection process is often overwhelming to the customer. Selecting the right authentication technology or a combination thereof is indeed a complex matter. The decisions in terms of functionality occurs on different levels. The following chart shows the different levels and one possible decision path.


The key to a successful selection is flexibility and modularity. There is simply no single path - technology, biometrics, algorithm, interface or sensor - that works for all, and is right for the years to come.
Biometric Taxonomy
The following 'biometric taxonomy' also applies when evaluating the use of biometrics:
  • Cooperative
    		•    vs.     Non-cooperative   - Are users willingly participating?
  • Overt
    		•   vs.     Covert   - Are user knowingly participating?
  • Habituated
    		•    vs.     Non-habituated   - Are users familiar with the system?
  • Supervised
    		•    vs.     Non-supervised   - Is the user alone when using the system?
  • Stable environment
    		•   vs.     Unstable   - Are the factors changing with time
  • Optional
    		•    vs.     Mandatory   - Are users required to use the system?
    While certain technologies such as token and fingerprint work generally work fine in a cooperative setting, face recognition has established a market in non-cooperative settings. Overall it can be said that biometrics and token technologies perform best in settings defined by the left column. A flexible system will allow a customer to consider all of these factors and provide a choice of technologies.
    Cost
    Cost is generally a decisive factor when selecting, developing, implementing and maintaining a system. The Total Cost of Ownership (TCO) is generally made up of:
    • Hardware
    • Integration
    • Software
    • Training
    • Number of enrollment methods
    • Maintenance
    • Support
    All of these factors and more have to be considered when selecting the right system. Via the consulting group we can help clients analyze their needs, define the system requirements, and help them to implement a tailored system that also meets their budget.
    Return to Top