Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 1 of 14
`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 1 of 14
`
`EXHIBIT 23
`EXHIBIT 23
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 2 of 14
`
`BIOMETRIC AUTHENTICATION 一
`SECURTTY AND USABILITY
`
`Vaclav Matyââ and Zdenek Riha
`Faculty of Informatics^ Masaryk University Brno^ Czech Republic
`(matyas, zrifea} Mi.muni.cz
`
`Abstract We would like to outline our opinions about the usability of biometric
`authentication systems. We outline the position of biometrics in the
`current field of computer security in the first section of our paper. 하he
`second chapter introduces a more systematic view of the process of bio­
`metric authentication - a layer model (of the biometric authentication
`process). The third section discusses the advantage and disadvantages
`of biometric authentication systems. We also propose a classification of
`biometric systems that would allow us to compare the biometrics sys­
`tems reasonably, along similar lines to Common Criteria [Ij or FIPS
`140-1/2 [4]. We conclude this paper with some suggestions where we
`would suggest to use biometric systems and where not.
`
`Keywords： authentication, biometricsj classificationj evaluation, security.
`1.
`INTRODUCTION
`This paper summarises our opinions and findings after several years
`of studying biometric authentication systems 褪효d thei호 security. Our
`research on security and reliability issues related to biometric authenti­
`cation started in 1999 at Ubilab, the Zurich research lab of bank UBS,
`and has been continuing at the Masaryk University Brno since inid-200〇.
`This paper summarises our personal views and opinions on pros and cons
`of biometric authentication in computer systems and networks.
`Proper user identification/authentication is a crucial part of the access
`control that makes the major building block of any system's security.
`User identifieation/authentic砒io효 has been traditionally based on:
`* something that the user knows (typically a PIN? a password or a
`passphrase) or
`* something that the user has (e.g., a key, a token, a magnetic or
`smart card, a badge, a pas힜port)*
`
`The original version of this chapter was revised: The copyright line was incorrect. This has been
`corrected. The Erratum to this chapter is available at DOI: 10.1007/978-0~387-35612-9..23
`注：.-:d. /〈爲丄，号,:•ね"済qは し：方担冷治方/、就沽心 心酒',:》;以*泠3•:•氽' •ふ]:：眾海？
`B.
`i七＜xwで・”滾 ぶ.;:;，:..£
`K,;’
`U' ： P
`
`DEF-AIRE-EXTRINSIC00000155
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 3 of 14
`
`228
`
`Advanced Communicidions and Mvitmedia S^urity
`
`These traditional methods of the user authentication unfortunately
`do not authenticate the user as such. Traditional methods are based
`on properties that can be forgotten, disclosed, lost or stolen. Passwords
`often are easily accessible to colleagues and even occasional visitors and
`users tend to pass their tokens to or share their password웡 with their
`colleagues to make their work easier. Biometrics, on the other hand, au­
`thenticate humans as such ~ in case the biometric system used is working
`prope외y and reliably, which is not so easy to achieve. Biometrics are
`automated methods of identity verification or identification based on the
`principle of measurable physiological or behavioural characteristic않 such
`as a fingerprint, an iris pattern。호 a voice sample. Biometric characteris­
`tics are (or rather should be) unique and not duplicable or transferable.
`While the advantages of biometric authentication definitely look very
`attractive, there are also many problems with biometric authentication
`that one should be aware of.
`2. m壬E LAYER MODEL
`Although the use of each biometric technology has its own specific
`issues, the basic operation of any biometric system is very similar. The
`separation of actions can lead to identifying critical i잉suむ옪 and to improv­
`ing security of the overall process of biometric aethe효ticatiom The layer
`model was designed by our biometrics team (the authors, Hans-Peter
`Frei> Kan Zhang) during the Ubiiab biometrics project, and its struc­
`ture is also similar to some findings presented in other seminal works on
`biometric authentication (e.g., [3? 5]).
`The whole process starts with the enrolment:
`First measurement (acquisition)
`2,1
`This is the first contact of the user with the biometric system. The
`user’s biometric sample is obtained using an input device. Quality of the
`first biometric sample is crucial for further authentications of this user.
`It may happen that even multiple acquisitions do not generate 'biometric
`samples with sufficient quality. Such a user cannot be registered with
`the system. There are also mute people, people without fingers or with
`injured eyes. Both these categories create a ^fail to enroF (FTE) group
`of users. Users very often do not have any previous experience with the
`kind of the biometric system they are being registered with, so the first
`measurement should be gnided by a professional who explains the use
`of the biometric reader.
`
`DEF-AIRE-EXTRINSIC00000156
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 4 of 14
`
`229
`
`Biometric Authentication — Security and Usability
`2.2
`Creation of master characteristics
`The biometric measurements are processed after the acquisition. The
`number of biometric samples necessary for further processing is based
`on the nature of given biometric technology. Sometime다 a single sam­
`ple is suflBcient, but often multiple (usually 3 or 5) biometric samples
`are required. The biometric characteristics are most commonly neither
`compared nor stored in the raw format (say as a bitmap).
`Storage of master characteristics
`2.3
`After processing the first biometric sainple(s) and extracting the fear
`tures, we have to store (and maintain) the newly obtained master tem­
`plate, Choosing proper discriminating characteristic for the categori­
`sation of records in large databases can improve identification (search)
`tasks iater on. There are basically 4 possibilities where to store the tern-
`piate: in a card, in the central database on a server, on a workstation
`or directly in an authenticatio효 terminal. The storage in an authenti­
`cation 切rmm이 cannot be used for large-scale systems, in such a case
`only the first two possibilities are applicable. If privacy issues need to
`be considered then the storage on a card (magnetic stripe, smart or 2D
`bar) has an advantage, because in this case no biometric data must be
`stored (and potentially misused) in a central database.
`As soon as the user is enrolledj she cm use the system for successful
`authentications or identifications. This process is 翊picallg fully auto­
`mated and takes the following steps:
`2A Acquisition(s)
`Current biometric measurements must be obtained for the system
`to be able to make comparison with the master template. These sub­
`sequent ac아由sitions of the user's biometric measurements are done at
`various places whe호€ authentication of the user is required. It is often
`up to the reader to check that the measurements obtained really belong
`to a live persons (the liveness property). In many biometric techniques
`(e.g., fingerprinting) the further processing trusts the biometric hard­
`ware to check the liveness of the person and provide genuine biometric
`measurements only. Some other systems (like the face recognition) check
`the user's liveness in software (time-phased sampling).
`2.5
`Creation of new characteristics
`The biometric measurements obtained in the previous step are pro­
`cessed and new characteristics are created. Only a single biometric sam-
`
`DEF-AIRE-EXTRINSIC00000157
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 5 of 14
`
`230
`
`Advanced Communications and Multimedia Security
`
`pie is usually available. This might mean that the number or quality of
`extracted features is lower than at the time of enrolment.
`2.6
`Comparison
`Currently computed characteristics are compared with the charac­
`teristics obtained during enrolment. If the system performs (identity)
`verification then these newly obtained characteristics are compared only
`to the master template. For an identification request the new character­
`istics are matched against a large number of master templates.
`2.7
`Decision
`The final step in the verification process is the yes/no decision based
`on a threshold. This security threshold is either a parameter of the
`matching process or the resulting score is compared with the threshold
`value. Although the error rates quoted by manufactures (typical values
`of equal error rate (ERR)' do not exceed 1%) might indicate that bio­
`metric systems are very accurate, the reality is much worse. Especially
`the false rejection rate is quite high (very often over 10%) in real appli­
`cations. This prevents legitimate users to gain their access rights and
`stands for a significant problem of biometric systems.
`& WHAT ARE THE ADVANTAGES OF
`BIOMETRIC AUTHENTICATION
`The primary advantage of biometric authentication methods over other
`methods of user authentic湖;is that they really do what they should,
`i.e., they authenticate the user. These methods use real human physio-
`togic이 or behavioural diaracteristics to authenticate users. These bio­
`metric characteristics are (more or less) permanent and not changeable.
`It is also not easy (although In some cases not principally impossible) to
`change oneM fingerprint, iris or other biometric characteristics.
`Users cannot pass their biometric characteristics to other users 題딶
`easily as they do with their cards or p財swo호ds.
`Biometric objects cannot be stolen as tokens, keys, cards or other ob­
`jects used for the traditional user anthentication, yet biometric charac­
`teristics can be stolen from computer systems and networks. Biometric
`characteristics are not secret and therefore the availability of a U8孩ド3
`fingerprint or iris pattern does not break security the same way as avail­
`ability of the 眼eFs password. Even the use of dead or artificial biometric
`characteristics should not let the attacker in.
`
`DEF-AIRE-EXTRINSIC00000158
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 6 of 14
`
`Biometric Authentication — Security and Usability/
`
`231
`
`Most biometric techniques are based on something that cannot be lost
`or forgotten. This is an advantage for users as well as for system admin­
`istrators because the problems and costs associated with lost, reissued or
`temporarily issued tokens/cards/passwords can be avoided, thus saving
`some costs of the system management.
`Another advantage of biometric authentication systems may be their
`speed. The authentication of a habituated user using an iris»based iden­
`tification system may take 2 (or 3) seconds while finding your key ring,
`locating the right key and using it may take some 5 (or 10) 았econd乩
`Disadvantages of biometric authentication
`3,1
`So why do not we use biometrics everywhere instead of p醐$word욍 or
`tokens? Nothing is perfect, and biometric authentication methods also
`have their own shortcomings. First of all the performance of biometric
`systems is not ideal (yet?). Biometric systems still need to be improved
`in the terms of accuracy and speed. Biometric systems with the false
`rejection rate under 1% (together with a reasonably low false acceptance
`rate) are still rare today. Although few biometric systems are fest and
`accurate (in terms of low feise acceptance rate) enough to aliow iden­
`tification (automatically recognising the user identity), most of current
`systems are suitable for the verification only, as the false acceptance rate
`is too high^.
`The fall to enrol rate brings up another important problem. Not all
`users can use any given biometric system. People without hands cannot
`use fingerprint or hand-based systems^. Visually impaired people have
`difficulties using iris or retina based techniques. As not all users are able
`to use a specific biometric system, the authentication system must be
`extended to handle users felling into the FTE category. This can make
`the resulting system more complicated, less secure or more expensive.
`Even enrolled users can have difficulties using a biometric system. The
`FTE rate says how many of the input samples are of insufficient quality.
`Data acquisition must be repeated if the quality of input sample is not
`sufficient for further processing and this would be annoying for users.
`Biometric data are not considered to be secret and security of a bio­
`metric system cannot be based on the secrecy of user*§ biometric charac­
`teristics. The server cannot authenticate the user just after receiving her
`correct biometric characteristics. The user authentication can be suc­
`cessful only when user's characteristics are fresh and have been collected
`from the user being authenticated. This implies that the biometric input
`device must be trusted. Its authenticity should be verified (unless the
`device and the link are physically secure) and tier's liveness would be
`
`DEF-AIRE-EXTRINSIC00000159
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 7 of 14
`
`232
`
`Advanced Communications and Multimedia Security
`
`checked. The input de히ice also should be under human supervision or
`tamper-resistant. The feet that biometric characteristics are not secret
`brings some issues that traditional authentication systems need not deal
`with. Many of the current biometric systeros are not aware of this feet
`and therefore the security level they ofier is limited.
`Some biometric sensors (particularly those having contact with users)
`also have a limited lifetime. While a magnetic card reader may be used
`for years (or even decades), the optical fingerprint reader (if heavily used)
`must be regularly cleaned and even then the lifetime need not exceed
`one year.
`Biometric systems may violate user's privacy. Biometric characteris­
`tics are sensitive data that may contain a lot of personal information.
`The DNA (being the typical example) contains (among others) the ixseFs
`preposition to diseases. This may be a very interesting piece of informa­
`tion for an insurance company. The body odour can provide information
`about user*8 recent activities. It is also told [3] that people with asym­
`metric fingerprints are more likely to be homosexuaily oriented, etc.
`Use of biometric systems may also imply loss of anonymity. While
`one can have multiple identities when authentication methods are based
`on something the user knows or has, biometric systems can sometimes
`link all 畦웡er actio】坎 to a single identity.
`Biometric systems can potentially be quite troublesome for some users.
`These users find some biometric systems intrusive or personally invasive.
`E후en if 효〇 biometric system is really dangerous, users are occasionally
`afraid of somethi효g they do 효ot know much about. In some countries
`people do not like to touch something that has already been touched
`many times (eg, biometric sensor), while in some countries people do
`not like to be photographed or their faces are completely covered.
`Lack of standards (or ignorance of standards) may also posses a serious
`problem. Two similar biometric systems from two difierent vendors are
`not likely to interoperate at present.
`4. POSSIBLE CLASSIFICATION OF
`BIOMETRIC SYSTEMS
`Classifications help to compare systems. The famous Orange Book
`[2] divided systems into four categories (A D) with additional subcat­
`egories. Ali the security f。泌;成es (such as 悬cces뒀 control or auditing) get
`attention. The higher security level the more sophisticated protection
`is required. But the higher levels also have more stringent assurance
`requirements. There must be more reason to believe that the system
`functions as designed.
`
`DEF-AIRE-EXTRINSICOOO00160
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 8 of 14
`
`Biometric Authentication — Security and Usability
`
`233
`
`The ITSEC also classifies the security of systems, so does the Common
`Criteria. A product or a system can be certified for a particular security
`class. The vendor asks an independent organisation to evaluate prop­
`erties of a particular product/system and if this Target of Evaluation
`complies with the criteria, the label is granted. Although an obtained
`security label does not automatically imply that the product is securcj
`it helps in product categorisation and comparison.
`In this chapter we categorise 'biometric systems according to the level
`of protection they ofier. Our classification proposal divides systems into
`four levels. We first introduce the model of a biometric system. Then ad­
`justable and/or optional parameters of biometric system아 are discussed
`and at the end four security levels are described.
`4.1 Modules of a biometric system
`Any biometric system is basically made of the following components:
`
`Figure 1. 까he model of a biometric system.
`
`1 PortaL Its purpose is to protect some assets. An example of a
`portal is the gate at an entrance of a building. If the user has been
`successfully authenticated and is authorised to access an object
`then access is granted.
`2 Central controlling unit receives the authentication request, con­
`trols the biometric authentication process and returns the result
`of user authentication.
`
`DEF-AIRE-EXTRINSICOOO00161
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 9 of 14
`
`234
`
`Advanced Communications and Multimedia Security
`
`3 Input device. The aim of the input device is biometric data acqui­
`sition. During the acquisition process uweF힝 liveness and quality
`of the sample may be verified.
`4 Feature extraction module processes the biometric data. The out­
`put of the module is a set of extracted features suitable for the
`matching algorithm. During the feature extraction process the
`module may also evaluate quality of the i효put biometric data.
`5 Storage of biometric templates. This will typically be some kind of
`a database. Biometric templates can also be stored on a user-held
`medium (ag,? smartcard). In that case a link between the user and
`her biometric template must exist (e.g., in the form of an attribute
`certificate).
`6 The biometric matching algorithm compares the cu*ent biometric
`features with the stored template. The desired security threshold
`level may be a parameter of the matching process. In this case the
`result of the matching will be a yes/no answer. Otherwise a score
`representing the similarity between the template and the cur호ent
`biometric sample is returned. The central unit then makes the
`ye웠/go decision.
`Parameters of biometric systems
`4.2
`What does it take for one biometric system to be more secure than
`another one? What are the differences among van이塑 systems?
`
`Liveness testing: Incorporation of a liveness test makes an attack against
`the biometric system more difficult. There are various liveness
`tests offering various levels of protection. Most of the tests, how­
`ever, can be easily cheated. A combination of multiple liveness
`tests can make the system more secure.
`Tamper resistance: If the biometric system is not under constant hu­
`man supervision it has to rely on tamper resistance. Without
`tamper resistance or supervision the system can be tampered with
`and forged/replied biometric data can be injected into the system.
`
`Secure communication: Biometric system components can be either
`standalone and communicate with each other 〇히er an external in­
`secure medium or can be coupled in a tamper-resistant box. The
`communication among module다 within a tamper-resistant co히er
`need not be secured, but the communication over an insecure line
`should be authenticated and encrypted.
`
`DEF-AIRE-EXTRINSICOOO00162
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 10 of 14
`
`Biometric Authentication — Security and Usability
`
`235
`
`Security threshold level: Lower false acceptance rate means higher
`level of security (and unfortunately, in most cases, also higher false
`rejection rate causing user frustration). A proper value must be
`set in accordance with goals of the biometric system.
`
`Eall-back mode: In some systems the biometric authentication may
`be sufficient for the user authentication. In some systems an ad­
`ditional authentication method must be used and the biometric
`authentication is only a necessary part of user authentication. Suc­
`cessful authentication using this additional method may but need
`효ot be sufficient for use하 authentication.
`Proposal of classification
`4.3
`Our proposal of classification divides biometric systems into four cat­
`egories according to the level of security they offer. The higher security
`category the higher level of protection the system offers. Which level
`to choose depends heavily on the purpose of the biometric system, its
`threats and on available funds.
`
`Level 1 f Very simple systems: Systems falling into this category
`are more or less very simple. They ofier only restricted level of
`protection and can be easily cheated. Such systems have no live­
`ness test incorporated and no part of the system has to be tamper­
`resistant. The communication among particular components need
`not be authenticated nor encrypted. Successful biometric authen­
`tication 瓦 sufficient means of authentication and after an uiisnc-
`cessfiil biometric authentication some traditional authentication
`method is of也호ed.
`Such biometric systems are subject to easy attacks such as un­
`plugging the biometric input device and mjectmg pre杭이面y eaves­
`dropped biometric data (because of no encryption or authentica­
`tion), misuse 〇호 high false acceptance rate or faked trivial copies
`of biometric characteristics.
`
`Level 2 — Simple systems: Biometric systems at level two require mu­
`tual authentication of particular compone효ts and encrypted com­
`munication. Still no liveness testing or tamper resistance is re­
`quired, The biometric authentication is suffice효t authentication.
`A traditional authentication method as a sufficient authentication
`method is ofifered only in the case of biometric system malfunction.
`Systems on level two offer a certain level of security and still re­
`main relatively cheap. Some of the easiest attack팡 are eliminatedj
`
`DEF-AIRE-EXTRINSICOOO00163
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 11 of 14
`
`236
`
`Advanced Communications and Multimedia Security
`
`but the systems still can be tampered with or cheated with faked
`biometric characteristics.
`Level 3 - Intermediate systems: Level three systems already do have
`some kind of liveness test. Exposed components of the system
`(typically the'biometric input device) must be guarded or tamper­
`resistant against moderate attacks. The communication must be
`authenticated and e효c호ypted. The biometric authentication is suf
`ficient, and the system never offers traditional authentication as a
`sufficient authentication method.
`Such biometric systems will be able to resist moderate attacks.
`Advanced tampering methods or advanced faked biometric charac­
`teristics, however, will still be able to cheat the biometric systems.
`Level 4 - Advanced systems: For systems of level four more than
`one advanced liveness test method are required. Exposed and un­
`guarded components must 'be tamper-resistant. Such tamper re­
`sistance must be able to resist advanced tampering attacks. Com-
`mu효Nation among particular components (except within a tamper­
`resistant box) must be mutually authenticated and encrypted. Suc­
`cessful biometric authentication is necessary but not sufficient part
`of the user authentication. A supplemental traditional authentica­
`tion method must be a necessary part of the autheuticatiouj too.
`Preferably multiple biometric techniques should be hwelved in the
`biometric authentication.
`Biometric systems falling into the level four should be able to resist
`even professional and well-funded attacks. But nothing is bullet­
`proof and designing a system resistant to (for example) very well
`funded attacks of intelligence services is rather difficult.
`
`Table 1. Brief overview of classification proposal.
`
`Secure Comm.
`no
`yes
`yes
`yes
`
`IVaditional autb method
`sufficient/any time
`suSicieat/malfunction
`not su^cient
`not sufHcient/required
`
`효 〇
`
`Liveness Tamper res.
`Level
`no
`1
`no
`2
`no
`yes
`3
`moderate
`4
`multiple
`advanced
`5. CONCLUSIONS
`Let 睥 discuss where the use of biometric systems may be an advantage
`and where not. Biometrics are a great way of authenticating users. The
`user may be authenticated by a workstation during the logon, by a smart
`card to unlock the private key, by a voice verification system to confirm
`
`DEF-AIRE-EXTRINSICOOO00164
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 12 of 14
`
`Biometric Authentication — Security and Usability
`
`237
`
`a bank transaction or by a physical access control system to open a
`door. All of these cases are typical and correct places where to deploy a
`biometric system.
`Very promising are solutions where the cryptographic functions as
`well as the biometric matching, the feature extraction and the biometric
`sensor are all integrated in one (ideally also tamper-resistant) device.
`Such d取 ice 옹 provide a very high protection of the secret/private key as
`the biometric data as well as the secret/private key wili never have to
`leave the secure device.
`We believe that biometric authentication is a good additional authen­
`tication method. Even cheap and simple biometric solutions can increase
`the overaii system security if used on top of existing traditional authen­
`tication methods.
`Biometrics can be used for dozens of applications outside the scope
`of computer security. Facial recognition systems are often deployed at
`frequently visited places to search for criminals. Fingerprint systems
`(APIS) are used to find an ofiender according to trails left on the crime
`spot. Infrared thermographs can point out people under influence of
`various drugs (different drugs react in different ways). Biometric systems
`successfully used in non-authenticating applications may but also need
`not be successfully used in authenticating applications.
`5.1 Where not to use biometrics?
`Although good for user 히ithe효tication$ biometrics cannot be used to
`authenticate computers or messages. Biometric characteristics are not
`secret and therefore they cannot be used to sign messages or encrypt
`documents. If my fingerprint is not secret there is no sense in adding it
`to documents we have written. Anyone else could do the same. Crypto­
`graphic keys derived from biometric data are nonsense, too.
`Remote biometric authentication is not trivial at all. The assump­
`tion that anyone who can provide my fingerprint can also iise my bank
`account in the horaebanking application is not a good idea. Remote
`biometric authentication requires a trusted biometric sensor. Will a
`bank trust your home biometric sensor to be sufficiently tamper resi동*
`tant and provide trustworthy liveness test? Although remote biometric
`authentication may work in the theory, few (if any) current devices are
`trustworthy e효öugh to be used for remote 'biometric authentication.
`While using biometrics as an additional authentication method does
`not weaken the security of the whole system (if users do not rely on the
`biometric component so much to ignore the traditional authentication
`method, e.g., by using simple passwords), replacing an existing system
`
`DEF-AIRE-EXTRINSICOOO00165
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 13 of 14
`
`238
`
`Advanced Gommnnicotions md Multimedia Security
`
`with a biometric one may be more risky. Users as w인 1 as administra­
`tors and system engineers tend to overestimate security properties of
`biometric systems; such a decision must be based on and confirmed by
`a risk analysis. Particularly, reviewing the process of the biometric data
`capture and transfer is very important. Sometimes biometric authenti­
`cation system웡 replace traditional authentication systems not because of
`higher security but because of higher comfort and ease of use.
`False rqects - the unpleasant property of biometric systems caus­
`ing authorised users to be rejected - may prevent biometric systems
`to spread into some specific applications, where inability of a user to
`authenticate herself (and run 疝 action) may imply sen이甥 problems.
`
`* Different biometric samples of the same person will never be same.
`* Biometric systems make error$.
`* Biometric data are not secrete
`* The role of the input device is crucialj and this device must be
`trusted or well secured.
`* The biometric system should check user^s liveness.
`* Biometrics are ,good for user authentication. They cannot be used
`to authenticate data or computers.
`Notes
`1. There are two kinds of errors that biometric systems do: false rejeciion occurs when
`a legitimate user is rejected and false acceptance occurs when an impostor is accepted as a
`legitimate user. 햣he number of false rejections/false acceptances is usually expressed as a
`percentage from the total number of authorised/unauthorised access attempts. The equal
`error nste (ERR) is the point where FAR and FRR are equal. The ERR value as such does
`not have any practical use, but it can be used as indicator of the biometric system accuracy.
`2. Both the FAR, and FRR are functions of the threshold value and can be traded off,
`but the set of usable threshold values is limited. For example a system with the ERR of 1%
`m阿 be se¢ to operate at the FAR of 00L%? but this would imply the FRK to jump over 90
`or 95% J which would make system unusable,
`3. The FTE rate is estimated as 2% for fingerprint based systems and 1% for iris based
`systems. Real values of the FTE rate are dependent on the input device model, the enrolment
`policy and the user population.
`References
`[1] Conunon Criteria for Information T聆¢molo흥y Security Evaluation, v 2,1, 1999,
`[2] Department of Defei^e (1985)’ Trusted Computer System Evaluation Criteria.
`[3] Jain, A., B아1% R, and Pankanti S. (1999). BIOMETRICS: Personal lâeniificatwn
`in Networked Society> Kluwer Academic Publishers.
`
`DEF-AIRE-EXTRINSICOOO00166
`
`

`

`Case 6:21-cv-01101-ADA Document 31-23 Filed 05/19/22 Page 14 of 14
`
`Biometric Authentication — Security and Usability
`
`239
`
`[4] National Institute of Standards and Technology (1994 and 2001). Security Re­
`quirements for Cryptographic Modules^ FIPS PUB [枪丄/，・
`[5] Newham, E, (1995). The biometric report, SBJ Services.
`[6] Matyââ, V., Hfha, Z, (2000), Biometric Authentication Systems. Technical report,
`http://www.ecom-moaitor,com/papers/biometricsTRSOOO.pdf
`.
`[7] Mansfield, T. (2001) Biometric Product Testing 一 Fmfd Report^ National Physical
`Laboratory, 2001, http: //w«w. apl. co, uk/.
`
`DEF-AIRE-EXTRINSICOOO00167
`
`