Windows Hello biometric requirements
Learn about the hardware requirements for biometric equipment, such as IR camera and fingerprint readers in order to support Windows Hello.
Terminology
| Term | Definition |
|---|---|
| False Accept Rate (FAR) | Represents the number of instances that a biometric identification solution verifies an unauthorized person. This is normally represented as a ratio of number of instances in a given population size, for example 1 in 100,000. This can also be represented as a percentage of occurrence, for example, 0.001 percent. This measurement is heavily considered the most important with regards to the security of the biometric algorithm. |
| True Accept Rate (TAR) | Represents the number of instances a biometric identification solution verifies the authorized user correctly. This is normally represented as a percentage. It is always held that the sum of the True Accept Rate and False Reject Rate is 1. |
| False Reject Rate (FRR) | Represents the number of instances a biometric identification solution fails to verify an authorized user correctly. Usually represented as a percentage, the sum of the True Accept Rate and False Reject Rate is 1. |
| Confidence | The confidence in a claimed FAR represents the robustness of the analysis performed in verifying a claimed FAR. Depending on the target or claimed FAR and the importance of the target use case, confidence levels can be varied. |
| Biometric sample | This refers to the complete biometric sample required to perform a verification operation. For example, a single fingerprint is required to perform a verification. |
| Biometric spoof | This refers to a synthetic replica of a biometric sample. |
Fingerprint reader requirements
Large Area sensors (a sensor matrix of 160 x160 Pixels or more at a dpi of 320 or greater):
- FAR < 0.001%.
- Effective, real world FRR with antispoofing or liveness detection <10%.
- presentation attack defense measures are a requirement.
Small Area sensors (a sensor matrix of less than 160x160 at a dpi of 320 or greater):
- FAR < 0.002%.
- Effective, real world FRR with antispoofing or liveness detection <10%.
- Presentation attack defense measures are a requirement.
Swipe sensors:
- FAR < 0.002%.
- Effective, real world FRR with antispoofing or liveness detection <10%.
- Antispoofing measures are a requirement.
Facial feature recognition requirements
- FAR < 0.001%.
- TAR > 95%.
Appendix
The number of comparisons required to verify a particular level of confidence in a claimed FAR is shown below:
# of Unique Comparisons = C = 1/((1-Conf)) × 1/((FAR))
where FAR is the desired False Accept Rate and Conf is the desired Confidence.
For example, with a desired FAR of 0.001%, at a confidence of 96%:
# of Unique Comparisons = C = 1/((1-0.96)) × 1/((0.00001))
C = 25 × 100,000
C = 2,500,000
In this case, 2,500,000 comparisons would be required to reach the desired confidence in the claimed FAR.
To determine the number of unique biometric samples, n, to be collected to achieve these comparisons, the formula below can be used:
# of Comparisons = n!/2(n-2)!
C = n(n-1)/2
∴ n^2-n = 2C
where n is the number of unique biometric samples.
In the cases where n^2>>n, the above formula can be simplified to:
n^2 ≈ 2C
∴ n ≈ √2C
Continuing with the example above, the number of unique biometric samples needed would be:
n ≈ √(2×2,500,000)
n ≈ 2,236.1
Meaning about 2,237 unique biometric samples will be needed to verify the confidence in the claimed FAR.