With biometric identification and authentication systems, there are two critical security parameters known in the relevant art as the false acceptance rate (FAR) and false rejection rate (FRR). The false acceptance rate (FAR) is the likelihood of incorrectly allowing an unauthorized user access while the false rejection rate (FRR) is the likelihood that an authorized user is improperly denied access. The false acceptance rate and false rejection rate have an inverse relationship such that as false acceptance rate decreases the false rejection rate increases. Furthermore, as the false acceptance rate decreases, (increasing security level) significant performance degradation begins to occur due to multiple failed attempts to match an authorized user which ties up system resources and frustrates the user. This situation is further exacerbated by enrolling multiple biometric entries from a single user but obtained from different input sources. For example, fingerprints from the same individual are more likely to provide a false acceptance due to there being some correlation between fingerprint patterns from a single person.
In a situation where a user has 10 fingerprints enrolled, and each of the ten comparisons is accomplished using a 1:100,000 false acceptance rate, the effective security level is reduced to about 1:10,000. Therefore, if the desired effective security level is 1:100,000, each finger will need to be matched at a security level of 1:1,000,000. This is a significant problem because the false rejection rates at 1:1,000,000 are much greater than the false rejection rates at 1:100,000 resulting in reduced system performance and user dissatisfaction.
As more users are added to a computer system, additional comparisons are required to be performed which further degrades both the performance and security of the system. This is of particular concern for biometric single sign-on (SSO) computer systems where identification and authentication are performed using a single user input.
In biometric SSO computer systems, the computer system must perform a one-to-many comparison between the entered biometric sample and all enrolled biometric templates to first identify a group of enrolled biometric templates having a reasonable probably of matching the biometric sample, followed by a more detailed attempt to match the biometric sample against a specific enrolled biometric template. The one-to-many comparisons releases at least some information about the enrolled biometric templates and methodology employed to perform the matching which may degrade overall system security. Optimization of system security settings must provide for reasonable user identification without increasing false rejection or false acceptance rates.
One way to address the false rejection rate is to require the user to identify the finger they intend to use for matching. However, this method detracts from the usability of the system and may introduce other security concerns by specifically identifying the biometric input source.
Thus, it would be advantageous to provide an arrangement for use with fingerprint biometric security systems which allows for an initial screening of an enrollment biometric template from a plurality of enrolled biometric templates using a comparison method that does not compromise system security or degrade system performance.