Case 6:21-cv-01101-ADA Document 31-12 Filed 05/19/22 Page 1 of 5
`Case 6:21-cv-01101-ADA Document 31-12 Filed 05/19/22 Page 1of5
`
`EXHIBIT 12
`EXHIBIT 12
`
`

`

`Case 6:21-cv-01101-ADA Document 31-12 Filed 05/19/22 Page 2 of 5
`
`PERGAMON
`
`Pattern Recognition 35 (2002) 2727-2738
`
`PATTERN
`RECOGNITION
`
`wwwxlsevier.com/locate/patcog
`
`Biometric perils and patches
` Jonathan H. Connell, Nalini K. Ratha
`Ruud M. Bolle
`*,
`Exploratory Computer Vision Group, IBM Thomas J. Watson Research Center, Yorktown Heights, NY 10598, USA
`
`Received 31 October 2001; accepted 31 October 2001
`
`Abstract
`
`Biometrics authentication offers many advantages over eonventional authentieation systems that rely on possessions or
`special knowledge. With eonventional teelinology, often the mere possession of an employee ID card is proof of ID, while
`a password potentially can be used by large groups of colleagues for long times without change, 〔「he fact that biometrics
`authentication is non-repudiable (hard to refute) and, yet, convenient, is among its most important advantages. Biometries
`systems, however, suffer from some inherent biomefries-specific security threats. These threats are mainly related to the use
`of digital signals and the need for additional input devices, though we also discuss brute-force attacks of biometrics systems.
`There are also problems common to any pattern recognition system. These inelude “wolves" and "lambs", aud a new group
`we call "chameleons". An additional issue with the use of biometries is the invasion of privaey because the user has to enroll
`with an image of a body part. We discuss these issues and suggest some methods for mitigating their impact. © 2002 Pattern
`Reeognition Soeiety. Published by Elsevier Seienee Ltd. All rights reserved.
`
`Keywords: Secure authentication; Threat model; Biometries; Fingerprint; WSQ eompression; Data hiding; Caneellable biometries
`
`1. Introduction
`
`Today^s prevailing techniques for user authentication in­
`volve mainly passwords and user IDs or magstripe magnetie
`cards and PINs. These methods suffer fi'om several limita­
`tions. One of the main problems is that sueh systems ean be
`fooled relatively easily. First of ail, passwords, PINs, and
`magstripe cards ean be easily shared among users of a sys­
`tem or resource. Moreover, passwords aiid PINs can be il-
`heitly aequired (say) by direet eovert obsewation. Onee an
`intruder has the password, the person has total access to the
`associated resource. Hence, a major prohiem with current
`authentication technology is that there is no way to positively
`link the usage of a system to the actual user, i.e., the issue
`of ''repudiation". Similarly, while critical credit card trans­
`action information is sent over the weh using secure encryp­
`tion methods, the present practice is not capable of assuring
`that the rightful credit eard owner pays for the transaetion.
`
`* Corresponding author. Fax: +1-914-784-7455.
`E-mail addresses: holle@us.ihm.com (R.M. Bolle),
`jconiiell@us.ihm.com (J.H. Connell), ratiia@us.ibm.com
`(N.K. Ratiia).
`
`In summary, in a networked environment where the access
`points to systems and resources are wid이y distributed geo­
`graphically, remote authentication policies based on a sim­
`ple combination of user ID and password, or, worse, simply
`based on possession, have become inadequate.
`〔「he eonsequenees of ineorreet and insecure authentication
`methods in commercial environments can be catastrophic.
`The value of a reliable user authentication is not just limited
`to computer access. Many other applications in everyday life
`could benefit fi'om more reliable user authentication, e.g.,
`banking, immigration and physical access control such as an
`airport. Thus biometrics technology is attractive because it
`provides true user authentieation. Biometries is a rapidly ad­
`vancing area eoneemed with identifying a person based on
`their physiologieal or behaviora 1 eharaeteristies. Rather than
`checking the knowledge or possessions of the nser, physio­
`logical or behavioral traits that are more or less unique to an
`individual are checked to authenticate the user. Examples of
`physiological biometrics include fingerprint, face, and iris;
`behavioral biometrics include speech pattern and signature.
`While automated biometrics helps to alleviate many of the
`problems associated with the existing authentication meth­
`ods, there are still weak points where these systems can be
`
`0031-3203/02/$22.00 © 2002 Pattern Recognition Society. Published by Elsevier Seienee Ltd. All rights reseived.
`PlI: 80031-3203(01)00247-3
`
`DEF-AIRE-EXTRINSICOOO00036
`
`

`

`山, 山 ~뜨
`山 Q
`
`Z S 〇〇〇〇〇〇。 一S N _ ~*L X
`Case 6:21-cv-01101-ADA Document 31-12 Filed 05/19/22 Page 3 of 5
`
`
`
` Lmoqs
`.홰 二 ÖISÖO0 二
`•s으 npOLU JO cs。읙 栏S -3む A9S JO sj으
`
`
`島 v
`AS u으 罠오G요 릉 P善 q 's つE 을 으 q !흐 음
`흐
`s ゴ
`
`ミ으 魚 MO들 응 將.宀 M흐 詩 d 7 E
`
`七덧> 急 s오 §
`능 昌 cq모;&
`.웅 s d s R、으. m 貝 요
`SAS sつLqgrncuq j o 巴 m つ쯔 Iq E R 쓰 宀A
`p % R q 矽 急 m쯰
` MHrnex心
`・& 二」 -SJgN 日 P인 ic누 sq ÖR つ s u i我 sAs sつLQgrncuq q으 淺
`.ua 切 Xs u으 七 品 〇3。』s a n흐 i ra si
`〇一 sö으 K m po〕扫4 lö g l
`ぢ x q
`*
`u i巴 s>s c으 罠으 109q扫w s으，
`으 q e エ .g w s LIMOqs s v
`
`
`
`一 &
`
`s日霎 s A s我 員 苞日 席 H .z
`
`一 2
`
`m으
`
`A
`
`。M
`
`.c ö으2s UI G 。A 【X
`209 JO A응 ALid 요-
`豈 sö으 으 능00 つ 뽀 <öos .岩으
` 皆 Lms
`18 01 uつe o jd d b .mo si q으 q m "SOLq윽 u으 q 으 q q lo으£ 〇¢ jo
`-d800 つ 요
`扫ゑ s m 源 PÖ0 즘 Xis s읗
`q 오 jo A 1 3쯔
`一 段! 흠 긍 A 』c
` m i o s 。은 。S。D “스 으 jq 源
`누 s o n b m q賦 一
`IGI 。q
` .ocz s 덩 흐 늬 P P O (I 〇一
`寸 Ö으 ；2S ÖI
` cöo으의 u흐 も 岂 깅 u u i덚
`흐HR siqi jo Ed mV •SPJOMSSed q扫m
`R R m p c w N I 은,尸 OSISAI
`siq j m흐 im oつ PSR sluLIdJOXL日 Jo sqaö 。,QS 扣q 익= Aprns 은 夕
`ゴ。qE£ .sm쯔 sAs Dgseq—p.mMSSRd ヨ 은 E B & L m oつ ヨ
`와
`一。ARq
`ちö op 扫2qi s으 昂 SI ガ も00 R sldwっつG gs云 I s으. s s g p 뜨, iq
` .sm쯔 sAs pgsRq—s으, qm L S Jq PÖ3 !p<EOMSSRd IK Ö 0E暗 ALSO
`归 jp 財 q i〇 m으 dxg sm m Ö으
`으HM
` 乂つ쯔 罠
`K》。s ÖI
`を q s。
` ぎ I쯔
`A즈dE S.I
`SAS p 善 q —PJOAを震 d 日 石%Ed 〔흠 으 b m
`Iq§ 녕 됴 W s 4 w흐 = 2 s £ g* WA .日폴
`s 흐 扫l항 苕
`SAS ÖCWH枳AÖ뽀 w -u ssno으 p 으 歹 ベ
`日 我も d R JO s m i쯔 듸 s m쯔
`J 듸 ぜヨ土 .s枳,q g u ls q <呂日 〇 3 p g p ö쪼 X。 sq äo p덚
`Ö으 セ엇
`M 履u 。x AJg> 으 ö으 ssm흐 p 들
`〇 ゴ。> 。M o q 日 oqw巨 〇つ？ 石口 d,履 X
`
`IGU Ö0 SHOO』으- .u o뮹 으
`お一着t u 으, 糸틍 iq 01 쯔
`im s u i凸
`Iq o jd w ち w q 로 gp 日 ssm흐 d 금 n 은 尸 ゴ
`쯔넎 d slq) UI
`.0 으 흠 붕 ISE
`Soo§ 〇 A g A u d 쯔 흐 즐 日 日 s sj E 요
`s iq j， ち 善의 日 m 〇c底
`p昌 巴% n 3 sロ뜨 。p 。桓 A u d ss으
`꾸 ö g q w馬 *y
`m 。切 AS 00 担む
`・s。£ 〇> ご puB cs.泊®gl u쯔 ほ흐
`—l 。s 으 q e c巴으E 요 杉£
`"J
`§ 〇 胃 q으 IS sつLU2U으 q jo Jg q u m ö P E m 上i R AIÖO 胃 q 』%n
`e ”を 尸 .PVHnb巴 s« ö a u o s p 。xö흐 も gq § 〇 成p,IOMSSRd
`깒 qハm s csgw jög !흥 iX으 El넎 篇S I S • § 〇 >öfl
`財우
`p언
`2 QI
`K pguxISSKVI gq § 〇 』ssn s q ! puR PSI-gつu eつ Ansg gq so
`USMQl ro 成WXPRq p§ SAS; ?x ・g CSUOISSOSSOd -R
`으 〔ぞ(q d §
`p%Rq ö으 罠切% 暗 q扫w ,10』 ・SUBKn A iq u g p i 10 g으H뜨 必으.&. i
`gqi SI 02 罠 o q u으 宀-r忌 2.1 を u i으 q
`으 q 2 d 対 s o u v
`• w 뜨 罠
`AjLm财 s p응 £ siqdos Ho 、、日흥 으 므 q뜨 m a r 官브 jo d d o
`흥 = ddß ss目 I5mq«s
`p昌 s u m 으 duM % E 와
`ゴgAOMOq CSÖCW
`p善 q —q源 SR q으 IS s등 그 으 dde p g p ö오 흐 m 응 L £ I E .ss
`j pssiA眼 dns e 日 p s s n si
`읗
`S。LI1。UI으 q IT .UI으 u o p s으. q m M U O I q u i 으 a is s o a s ;으 q扫2
`JO sgB Q M s u 一E g A % 巴志 Mgq- 成gq으 巴 q AiLin財 s IS A M d
`cl sM m ass 듸 ヨ1 어3 PM s쯔 lb 目 前쯰 ö으 a x j으 臨 p急 p
`2切 q x § q = v
` S J J £ g， 履X昌! Aueqöw切 qns V H nbal
`，.언
` flo ガm쯔 sAs s음 q s m으 8 .SMつ彩な Mö 으-으 p
`cpö흐 宀 J요 ち 요-
`
`苴(수.은 u q 〇A 210jd 豈 su i오
`AS p 善 qlp.ICMS忌 d .p용 쬬
`
`一
`
`
`
`
`
`~2
`
`一으
`
`一
`
`一 s
`
`몬>
`
`一
`
`一
`
`
`
`A
`
`Ifloo e 。q i〇u A m %qA ゴ
`
`slö巻.I d ? 善 q e즈 읗 §
` 오 〕 g q d A J O U 。
`JO 善 q용 p 오
`p 』3MSS~2d O J 」쯔 口 UMS SI (E ox 彩 s) SS82 d so 『一으 一扫 suo つ
`xöqd31 포
`응 I d a포 뜨 LL . SI쯰 終넎 qつ p-IOMSS^d podAA 와
`6 9보 % 누
`응 <己 ö으id 요- % (7 尊 흐 ssw
`
`.， 日 JO 窝응 ，
`
`오 」■(!
`흐 SL ら P m dxn 요) 으 PE음
`
`S SJ pjOM S깒 d 온
` uMoqs ui의
`SAS s으 糸 m으 q 。一q
`巻 q M p w o q A愛 요 J 二 희 宀 CI
`으 ，흐 IS IS A」心즈 SI G으 罠으 も心q扫u P g s £ IP 』3 M S끊 d 罠 ヨ 巴ON
`.。흐 im im i 皿日q3흐 u k누 SDoqj윽 u jo Oldses
`으 p 扫psjo Ö으au으 d x 。윽
`( 「寸」.JgN ÖI
`( 「0
` sra) 黑ぢ Ural
`3£ ヨ 胃) M영 曰호 q희 一운 온
`』0 gsn 요
`을 m d :島一占
`어 巴dg XÖIq2§I 으 急
`.sfc ・ 爸 ヨ 鬣 〇日 q으 s XÖJS3 sö으
`LI
`으 q뜨 急 a ö으 扣smbDR
`cpi흐 I SI sv m s«의 u qDns XÖW RISgQ -s
`-8鳥 IS jg q jo pue x ö u q皈q SLIlouIogx Jönoo。0 0101 Ms
`彩 으 iq M u으 응 op TO 罠 SOAEB jgq9 으 u 。q 」L - e m s s s
`IM
` ë U-E G oq财 s *s ) v m s g m
`(g으 £ sも) A M쯔 口m힎 jp
`匕 u s p m s R 財 qAS ”q つ罠曰 j o 8Jxgp <3 巴 〇os 의연% öo
`2q 只£b SI Ö으 S I8 P メヨq 。桓 日 요JL •おお財별 p 、qaq
`pe흐
`.白뜨 sqns ER Agqj s요 m on PÖB q으흐 u s。罠교 m 我 〇* 匸
` ögq M s멋 SI 으 n p o m ヨ5 lo -nd扫一〇 g q j、.一%& 物
`兰 A
`pgAU£ 쯰 s d m쯰 步 吕 r 切Ö 身 X r
`扫id의 扫HPLm つ 요
`p요 요 § I PÖR P^A쯔<nE 으 쯔sds쪼 p巴 〇切 顷듸 D öodsQI
`ioo 요
`CQI p음 日뜨 つ k をLH S0 財 sn k 쯔 흥 ロö s q u u OH •寸
`흐 U S。으 duM x心 」0』) pom qL q윽 p s p s z - m wむつ sq
`•(s p wつ -I
`
`§ 〇 您흐 느 흥 R q으 -s •즘 pLAjp득 브
`호 u으 α
`急 d eち sつL
`으
` OSRq용 p R 日 p응 切 切 0£ 흐 臨 s巴 d巴 퉁
` 专 s巴 dpE 〇A
`ILIVAÖI öb u으
`s q ö 。UI그 m i9 의너 m (I .( 。으
`=一m u i j의. Id』。앜 n i
`
`UIO.4 00 LWLIbA JO
`
`JO ULIQI 으 W ÖI c.縛 。) 180皈IS Oiseq 으 宀一
`s〔등
`s 0M O直 요 ) 응 m m긍 으 s s m올
`희 qs S E I CUOSRg』
`G り
`•인 J드 q u g s E d 〇- öcw또 u % 巴 d m s l 耳 扫넎 つ日ÖXIS
`으 q i JO土
`s음 IRA 眼 sn R US 白 p巴 m b으 一흐 品 is sつy w rn으 q gq- 日= 史M
`• 읖 §
` 인
`夸 s 음 d p i 一つ目日 〇つ
`s s 으 号 m으 q 요
`p 一 m q 으 so 브 思 第§ s % n
` q M ベ 응 I d L £ 二희 흥 8 둥)
`-m
`뎐 s 웨브으
`臨 SQXd8 W흐.
`누 으 IpOUI <
`000 JC
`IBA
`■。흐 u m lrn p g=흥
`ぢ， m jiq p u e SXUIÖUS ÜXPLI gqj 듸 s= nsM
`AIÜA『る으 10。CSUOJ
`*
`XSISSgつ〇,la slqrL -SSHPLI s z=허 》0! Ikq- SUIqALIOXIW XLnss。つ
`一洛 s i。置 m 2 巨 。
`10 .Id 筮 n으 으 一§ 흠 「Aq p w흐
`의 函 오 1
`JO E g u e a g X p u 2L L .SSOFWaHMIq p u e XÖJPÖ9 w xpu AIU。
`흐Ö I£
`srnqM C희
`H X듸 qo罠 m 石口 dめ X u q 切§ 成扬 qハm
`s p m w挡 扫너 le g x ö u JO sodx l 8 ! 으 으 一。으
`SKMLXS u흐연 lu
`으 W M .su으 1 8 1tm q p u v s 애 H pu。¥ 조 s 路 p u 着 8 요 m
`등 つ e d u 忌
`sA으
`WA p冃 ssmpロ 』〇 Sa퓽 d
`K JO SJSES
`.xs EJ けX뜨드 扫넘 id財 x ö u V •凸 d s R S siq i 듸 as3
`정 u l p ä 厂
`으 n d m oつ je q j ハ当コ〇〇日 00 『る へ s 。벌- 恭qj V .7
`切忌。910皈IS S
`おm o ö쇼 d 。리 음 U s s 으
`忌소 司 m p언
`2 p s s ö銘 。急 흐
`一 q=M D我2 顷栏日 A-luBq 80 ui si 罠 q)
`亠 .七ロ쯔
`" m m
`TO。q
`,3 qjod *IQ듸 s q x n c벼
`jo s u s s 들 d 島ÖÖ R sq 글 00 扫
`M긍 R E p응gööo つ 財 吕흥
`s おEd 勤 덤 뽀 흐 中 p뵤
`s R sq
`글03 ä .，흔 으18 (IヽV ä q희
`
`변 ，§ 日 s k 〇一p쯔 财 吕 〇つ
`10
`lo q d으 巴 v 으 m음 do흐 m 오 - 。q 므 1100 s £ 、
`SI q으 q M
`工흐 iXis s으 扫2인 = q wqA
`Q E P O m UOUEHlbつR IR Ö X £ rul
`JO 을 lURS e s § 乌 p p昌 SPIm d흥 罠 q i 苴 A £ 扫id듸 一느 -I
`
`
`
`
`
`
`
`IOS
`
`一
`
`A쪼
`
`~2
`
`A spu
`
`
`
`コ은
`
`A
`
`一
`
`3뮹
`
`一붕
`
`一 s
`
`一흐
`
`U읗
`
`一
`
`
`
`
`
`
`
`c으
`
`
`
`一
`
`一
`
`K히
`
`S앙
`
`
`
`〇A
`
`mAC三 q j gqj u lk누 I 。d PÖ8
`あ 00 只 = Im 왜
`m SJOqum u 요
`Aq p응 으 p m 豈 s으 n D O U I。s오 J 、
`
`一
`
`一
`
`QI료 J 요
`
`為L ? £ (ベ응 で .3 芸ミ.ミ ぎ 招 V ミ& 目へ/ .忘 2 3一富 그 必
`
`

`

`Case 6:21-cv-01101-ADA Document 31-12 Filed 05/19/22 Page 4 of 5
`
`R M . B음 & aL 一Paii으 ゴ Rec我ミミ으 35
`
`2727,,,27.38
`
`2729
`
`
`Fig- 一- The different aages o f an auThe
`
`므 icaUon viewed as a paHern recognmQn sy으 em・
`
`Fig- '• rhe blomeö.lcs specific attack POSTS 5 a biom elncs au-
`ThenucaUon sysTem are IndicaEd,
`
`e m im e ra fm g a ll p ossible b lo rn e m c s signals o r 一e m p l으eV
`쫖 a g e m as applied 5 fin g e rp n트
`W e ex am in e This Sri,
`s m
`3 2
`입
`of a pa드 m s느 acq u ired 엽 g n a l a i Uw
`• R잉 u b m is s i으
`(느으
`ユ—— a recorded 연 g m二 is rep lay ed To -he sy으
`おm 》
`by p a ssin g -he s e n s o r E x a m p le s here m을 de fhe pres旨'
`a s p y of a n n g e rp ri트 Im a g p 으，
`m믄압
`a recorded
`
`은 응 sign은 fro m a speaker, Se으 리 4 •一 aiscu ss잉 sem e
` 으 』c h re p la y s ，
`양 h n iq iお s io d끄
`A s sh o w n m 』3g ・ 技 片 拐 p ossible io 뽀 la c k boTh fhe clieiユ
`(I J and -he server (ーー) m -hese ways，
`AÖOTher Type o f aMack is -he prese:드 s ile n 01 a la k e b io '
`rn em es ヨ -he seöscr- ゴ fhis m o d e 으 aimckG a re p lic a 01 a
`으으 m ばx a m p le s m c iu d e a
`b lo m e ffc s is p resu m ed io -he sy
`fake Imger" a forged copy of a slgnamrp cr a face mask・
`F 巴富 finger d으 e요 一§ m a v be achieved aT The s s s o r byu fo r
`In s fa n c ? sensing H ager c e n d u으 」v ify or pulse- s o h s o n s are
`コcv When
`은
`(흐 e으 으 her 돕 잉 of 詩 ke b io m쯔
`n eeded To
`p ro c잉 sm g p o w e r Increase% softw are algor旨 m s 좃 三 be able
`To d으
`cT such a ü a c k s b y p ro c잉 sin g v id e o i의 her ih目 single
`요 三 im ag es 3.
`
`一
`
`一
`
`一 cf
`
`お으
`
`一
`
`一
`
`
`
`
`
`
`
`ë rence between password! and blometncsIbased
`One ciiff
`systems is fW fhere is Ö0 £lake password
`* deie(부 or e q u iv a '
`요5p H is unclear ever广 w n a i a
`甘트 m fske b io m끄 븡
`s deTe
`fake p a ssw o rd w c u la be (p erh ap s a w읍, d in 드 e α호 ionary7)-
`Alsou Hl a passw ord| o r Tokenlbased au- heno cailo n sy으 却m
`Ö0 preca드느
`MIS n e e d 一〇 be 一a k eö a g a in忍 replay aH acks ^ n c e
`
`D E F , A 一 R E . E X너 R 一 N S 一c 〇〇〇〇〇〇 3 8
`
`
`아 ！Q님 - & p assw ords ，「ne n흐 cher (으 age 4 ) resem bles 言
`p i응 ess of comparing gcrypied pass정 r d s 〔passw ords are
`으 r er* 나 y p K d fb rm i읍 security reasons 」
`of哲 m a ic h & m Th
`a e p i으 s a a is irib드nd paifem recog'
`T he system o l F ig '
`Mion sysKm m Thai processing may be Qlvld& between
`一he se n so r ih e clie트 『 떱 id ih e server- fh is is reflected m
`The g ro u p in g im p lie d b y 言 fhree dashed b o x잉 o f Fig-
`In such a sy忍e m rnere are Three c o m m u n lQ m § chës 亦
`뜨 iers m The f-guTe
`Indlca-ed b y -he
`A・ transmission cbasnel X4 between -he sensing device
`a n d in e 將 aiure exira으 191/le m p la ie 응 i흐
`『u c a c n m o d u le
`S u c h a c h a n n e l Transmits fhe mpuT b io m흐
`H1CS5 such as 쯘
`image of The user s nngg
`B- T he charm쯔 d뜨 w e e n 등 e K a iuお exira요 1011 ユe m p la ie
`으
`흐 1011 m o d u le 읍 id -he m a tc h in g m o d u le 。.& Is 응 m '
`MslTL
`m u n lc a T l§ c h a n n e l w ill ir읍 ismiT ih e b io m뜨
`ゴ cs ie m p la le
`A liem aT iv也y i f ih e sensor has Ms o w n p ro cessin g c a p a b= ’
`슥 fhe sensor m a y 8 mpmm The bsmerコcs Template =sell-
`T he C H S i f h § Jus- pass잉 등 is th ro u g h io fhe server-
`G rh e c h a n n e l betw een 言 iM c h e r a n d 言 a p p lic吝 〇户
`,we do 3으 c o n sider 言 security aspects o f -his c h a n n e l in
`This p a p e r since These are 드 e sam e as in a p assw ord —based
`sysTem。
`
`一 •
`
`2
`
`一
`
`一
`
`ーー
`
`Observe Thai There are many psms of affack m a bio'
`m흐 hies a m h e m lc a ilc n sysfem m a d d i § n To Th
`으 為 sh e w n m
`gies a n d p o lic ie s I M are e m '
`M a n y security 才을
`Fig-
`p 一o y e d m T o day s passw Q rd& ased sy忍e m are d ir*1 1 y appM '
`cab-e io b lo m e trlc s lb a s e d sys才 m s 。For ex am믐 。음 cry p ied
`은 ImmaT& re m으 e aHa，cs
`c o m m u m c으 」§ channels s c읍
`Addiilonal aüack P9트
`s can be ellm m a- ed i f ih e maTcher a n d
`e n ro lle d im gerpriiM K m p la fe s reside m a secure
`喝- 一§ •
`
`一응
`
`一 •
`
`一으
`
`一
`
`s
`
`ヽ 2 흐 o m으 Fics M드 e m -h 증으
`=1 음 巴 쯔 id
`T h 응 으
`お w in o u s so 퉁 잉 o f으 Tack" b 으 h 으= i음
` S c h n으 e r 「〇」 describes
`b io m e in c s au ih en - lcaaon sysfem s・
`som e o f 言 abuses 드4 can occur w=h biometrics 르 h e트 i'
`cal흐
`으 em s, O b s으. v m M hお c lle m ——server m o d으 Q구
` SV
`we ICCLls § iwo Types of aMack- One o f 드 e s p replays is
`speciiic fo b s m쯔 rics system s ，
`
`一
`
`g- 卜
`
`• BSKilorce aüack 4 드 e sensor (c ll아 M) or a i 도 e server——
`jusi like a bmTe!10rce aHack on -radiiiorK二 a u s e m lc a w압
`ゴ(느 in v o lv e s s u m아쓰 in g aーー possib-e pass—
` 늬
`system s “
`w읍 d% such a n attack 음 a bio m etric s sysTem Invo lves
`
`
`一
`
`
`
`

`

`Case 6:21-cv-01101-ADA Document 31-12 Filed 05/19/22 Page 5 of 5
`
`2730
`
`R. M. Belle et al. I Pattern Recognition 35 (2002) 2727-2738
`
`there is no variation of the “signal" from one presentation
`to another.
`Further, a password-hased system always provides only
`one of two results, the password either matches or it does not.
`In a biometries-hased system, however, the situation is quite
`different. A deeision must he made based upon a "degree
`of mateh^^. The system ean therefore make errors and the
`tradeoffs between various error rates must be considered.
`
`3.1. E"OE F시龙s
`
`The error rate of a pattern reeognition system in general,
`and an automated biometries system in patlieular, is depen­
`dent on several factors. Typically, the system performance
`reflects the quality of the input and enrolled hiometries sig­
`nals, along with the hasie eharaeteristies of the underlying
`algorithms.
`While hiometries systems most often store a eompaet rep­
`resentation of the sample, it is also possible, of course, to
`store the original signal itself. Either way, both the hiomet-
`rie signal samples and their representations/templates are
`patterns. That is, the pattern P is a sample S(绥)of hiomet-
`rie 阕，or it is a template that represents S(阕).Here,多 can
`he viewed as uniquely assoeiated with an individual. There­
`fore, 匆 三｝D(individual), the identity of an individual.
`Authentieating a person ean then he formulated in terms of
`hypothesis testing. Let the stored hiometrie sample or tem­
`plate he pattern P' = S¢多')and the aequired one be pattern
`P — S(阕).In terms of hypothesis testing, we have
`
`H〇 : —列, the elaimed identity is eorreet,
`
`H]：多尹多'， the elaimed identity is not con-eet. (1)
`
`Often, some similarity measure, s — Sim (P, P')—
`SzRKS(绥),S(绥'))，determines how similar patterns P and
`P' are. Decisions are then made based on a decision thresh­
`old r； H〇 is decided if 5 F and Hi is decided if s < T.
`For expression (1), deciding Hi when H〇 is true, incor­
`rectly rejects an individual. Such a false reject is also called
`a false negative or Type I error. Deeiding H〇 when Hi is
`true, on the other hand, results in the false acceptance of an
`individual, also known as false positive or Type I error. The
`False Accept Rate (FAR) and False Reject Rate (FRR) to­
`gether characterize the accuracy (error rate) of a recognition
`system. The FAR and FRR are closely interrelated variables
`and depend strongly on the decision threshold T (see Fig. 3).
`The distrib니tion on the left is of scores from intruders, while
`the disfrihution on the right is of scores from genuine users.
`The decision threshold T determines the tradeoff between
`FAR and FRR.
`The error rates are a ftinction of the mateh/non-mateh
`deeision threshold as shown in Fig. 3. Often the interplay
`of the two errors is presented hy plotting FAR against FRR
`with the decision threshold T as the free variable. This plot
`is called the reeeiver operator eharaeteristies (ROCs) eurve.
`
`Fig. 3. There are two types of error rales in a biometries authenli-
`eation system: FRR and FAR.
`
`Fig. 4. An ROC curve is the relation between the FRR and FAR
`as a function of decision threshold T.
`
`An example of an ROC curve is 아 10wn in Fig. 사. One can
`improve one of the error rates only at the expense of the
`other, i.e., any effort to lower one of the errors automatically
`increases the other error rate. Depending on the applieation,
`the system^s operating point ean he shifted toward a low
`FAR or a low FRR; the equal error point Teer is seldom
`used. Typieal error rates for a fingerprint system are in the
`range of for false aeeept and 1〇t for false rejeet [4].
`There is, however, yet another system performanee issue
`known as the ''fail to enroll" rate (see Ref. [8]). This is
`the percentage of subjects that simply eannot be enrolled
`heeause of poor hiometries signals, or signals that ai'e too
`hat'd (noisy) to match. Obviously, if such individuals can
`he detected and excluded Irom using the system hy some
`sort of exception handling, both FRR aud FAR can he much
`improved.
`
`3.2. Brute-foree attaeks
`
`Both biometrics- and password-based systems can be at-
`taeked by brute-foree. The diffieulty by whieh passwords can
`be allaeked is relatively easy to analyze. Here we analyze
`
`DEF-AIRE-EXTRINSICOOO00039
`
`