Studying up on biometric security terms, can someone clarify the difference between 'Match'/'Non-Match' and 'Rejection'/'Acceptance'?
Asked
Active
Viewed 733 times
3
-
1Can you provide some context? Maybe a specific system you've seen this on? – RoraΖ Nov 03 '15 at 20:55
-
@RoraΖ I'm just asking for a purely vocabulary clarification. I found [this,](http://www.bromba.com/knowhow/BiometricFailureRates.htm) though it's not too clear on the differences. – House3272 Nov 03 '15 at 21:29
-
I don't feel like retyping it and can't cut-and-paste but the answer is [here](https://books.google.com/books?id=1Wpx25D8qOwC&pg=PA15&lpg=PA15&dq=%22False+acceptance%22+%22false+match%22&source=bl&ots=9xO15Unw92&sig=PEFEvz0ckX5425-ZQIJWokP8QDo&hl=en&sa=X&ved=0CDoQ6AEwBGoVChMIsM-B0J_1yAIVgzQ-Ch0q1gOW#v=onepage&q&f=false) – Neil Smithline Nov 03 '15 at 22:00
3 Answers
1
There are a number of ways of phrasing the same things, personally, I prefer "True/False Positive" (referring to times when the system accepted the attempt, and whether it should have) and "True/False Negative" (referring to when the system rejected the authorisation attempt, and whether it should have).
The fact of the matter is that the True attempts are of little concern. They basically signify "the system is doing what it should be". The False Positives are very bad, because they mean that someone has been able to gain access when they shouldn't have. Any significant level of False Positives basically mean that a system is broken.
False Negatives are bad, but for different reasons. It means that the system hasn't allowed someone in when it should have. While this means that the data may still be secure, the user inconvenience should not be discounted. Remember "Security that comes at the cost of convenience, comes at the cost of security". A system that people don't use is as bad as a system that is broken.
Jozef Woods
- 1,247
- 8
- 7
0
The concepts are easy to confuse, but they differ based on perspective.
Match means that the measuring process matched the biometrics to the stored version. This is from the perspective of the measurement and analysis function. You improve this by improving the measurement functions.
Acceptance means that the result of the entire set of functions resulted in the conclusion that the user should be allowed access. This an emergent property that includes the results of a "biometric match" as well as any other factors. You improve this by improving the system logic and function as a whole.
A False Match might result in False Acceptance. But, it is possible that a rejected match still results in False Acceptance if the tolerance of the algorithm or other logic functions still allow it.
schroeder
- 123,438
- 55
- 284
- 319
-2
False acceptance:
False acceptance is the most serious and critical biometric security error which gives unauthorized access to the systems which are specifically confidential and hidden from those users. A false acceptance rate (FAR), is the measurement of probability that the biometric security system will erroneously accept an access attempt by attacker.
False match:
This occurs when a user’s biometric characteristic appears to match characteristic from another user. This results in false acceptance ( an unauthorized user is granted access).
-
1
-
This doesn't explain the difference between the two ideas. The quotes you pulled seem to mean the same thing. – schroeder Nov 03 '19 at 16:03