Definition[]
Biometrics[]
Verification is the process of comparing a submitted biometric sample (trial template) against the biometric reference template of a single enrollee whose identity is being claimed, to determine whether it matches the enrollee's reference template.
Overview[]
There are two primary measurements of the effectiveness of verification:
- Verification rate: The rate at which legitimate end users are correctly verified.
- False acceptance rate: The percentage of times a system produces a false accept.
Privacy[]
It is important to understand the specific meaning of the phrase "whether an individual is who he or she claims to be." The individual has an identity outside the system. The system does not determine who the individual is in the global, absolute sense. The system makes a very specific, very narrow judgment as to the probability of a match between the new biometric template (trial template) and an existing biometric template that was previously collected (reference template). If there is a certain level of statistical matching the system concludes that the individual who originally enrolled is the same individual who is now facing the system.
A privacy protection analysis of the verification process would examine how rigid the organization’s reliance is on the system’s conclusions. If the system announces a match and proclaims a certain identity based on that match, the issue is how flexible the organization would be if the individual person disagrees with the claimed match. In determining to "absolute" identity of the individual, the issues would include:
- Whether the claims of the system are trusted above the claims of the individual?
- Whether the individual is given the opportunity to refute the conclusion of the system? Is it clear to both the individuals and the organization that the determination of "whether an individual is who he or she claims to be" is specifically limited to mean "do the two biometric templates match within an established parameter of statistical probability?" Put more simply: Is the data similar enough to grant the individual access?
- Technology is still limited and an understanding of these limits should be incorporated into the actual interactions between the individual and the organization.