gfiumara
commented
1 year ago Based on the ISO/IEC definition, FMR is the proportion of trials measured during a performance test, while FAR is the proportion of "units of work" performed by a biometric system. This comment gives the option for both. Subtle, but definitely worth the suggestion.
Section - 5.2.3
Page - 33
Line - 1280-1282
Comment
Biometric performance testing should be done following best practices or internatioal standards to measure the false acceptance or rejection objectively. Such standards should also be refered correctly.
ISO/IEC TS 19795-9 "Information technology — Biometric performance testing and reporting — Part 9: Testing on mobile devices" uses FAR, instead of FMR, for the performance testing for mobile biometrics.
ISO/IEC 19795-1 "ISO/IEC 19795-1 "Information technology — Biometric performance testing and reporting — Part 1: Principles and framework" states that confidence level shall also be determined to estimate the FAR/FMR to show that how the estimated FAR/FMR may be accurate.
[ISO/IEC30107-1] is a standard for the PAD testing and explains that zero-effort impostor attempt is an example of human PAI. [ISO/IEC30107-1] doesn't mention or explain the FMR at all.
The Biometrics Security iTC has created a guidance for biometric performance testing refering ISO/IEC 19795-1, however, this guidance doesn't require full compliance with ISO/IEC 19795-1 to enable cost-effective performance testing.
Suggested Change
The biometric system SHALL operate with a false accept rate (FAR) or false-match rate (FMR) [ISO/IEC2382-37] of 1 in 10000 or better with adequate confidence level. Testing of biometric performance SHALL be in accordance [ISO/IEC19795-1].