You are conducting user acceptance testing against the fingerprint-based physical access control to the computer room. System administrators and engineers report that they are often blocked outside the door. Which of the following is the most feasible solution to solve this problem? (Source: Wentz QOTD)
A. Lower the error rate of the CER
B. Lower the slope of the FRR curve to reduce Type I error
C. Lower the slope of the FAR curve to reduce Type II error
D. Ask the vendor to replace the fingerprint reader with a new one having lower EER
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Ask the vendor to replace the fingerprint reader with a new one having lower EER.
CER, not adjustable, is determined by the performance of the fingerprint reader. Lower CER implies the replacement of the fingerprint reader. Lowering the slope of FRR and FAR curves is not possible without altering the hardware configuration of the fingerprint reader as well.
The Curves of FRR and FAR
The curves of FRR (false rejection rate) and FAR (false acceptance rate) stand for the recognition performance of a fingerprint reader. Fingerprint recognition performance is subject to the hardware configurations of the fingerprint reader. The curves are fixed and unadjustable, but they can shift, change shape, or become lower or deeper if the CPU, memory, optical component for recognition, etc. are replaced or upgraded.
Even though altering the sensitivity or threshold of matching fingerprint patterns will not affect the curves, FRR and FAR (not the curves) are adjustable by altering the sensitivity or threshold.
CER (also known as EER) is unadjustable as well because it is determined by FRR and CER. It’s an overall recognition performance indicator of a fingerprint reader. When a couple of fingerprint readers are benchmarked, those that have lower CER render better recognition performance.
Type I and Type II Error
False rejection is a type I error, while false acceptance is a type II error. Both are errors and negatively correlated. The higher is the false rejection rate (FRR), the lower is the false acceptance rate (FAR), and vice versa.
“In statistical hypothesis testing, a type I error is the rejection of a true null hypothesis (also known as a “false positive” finding or conclusion), while a type II error is the non-rejection of a false null hypothesis (also known as a “false negative” finding or conclusion).” (Wikipedia)
- Biostation User Guide
- Security and Accuracy of Fingerprint-Based
Biometrics: A Review
- Understanding the Three Factors of Authentication
- Type I and type II errors
- Null hypothesis
- Statistical hypothesis testing
- AP®︎/College Statistics
- Data Analysis in the Geosciences GEOL 8370
- FIDO Biometrics Requirements
- Biometric Authentication Systems
- BEAT Biometrics Evaluation and Testing
您正在對電腦機房的指紋辨識的實體訪問控制進行驗收測試。 系統管理員和工程師指出，他們經常被擋在門外。 以下哪項是解決這個問題的最可行方式？
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.