<meta charset="UTF-8">
<meta name="robots" content="noindex,nofollow" />
<link rel="shortcut icon" type="image/x-icon" href="/wiki/images/favicon.ico" />
<link rel="icon" type="image/x-icon" href="/wiki/images/favicon.ico" />

<pre>
!!! Overview
[{$pagename}] ([SOFA-B]) includes variables for:
* [False Match Rate] ([FMR]) 
* [False Non-Match Rate] ([FNMR])
* [Presentation Attack Detection Error Rate] ([PADER])
* [Effort|Attack Effort] required to perform the [attack].

[{$pagename}] attempts to provide a starting point for the overall [Strength of Function for Authenticators] [framework] by identifying the ways in which [biometric] [authenticator] strength can be measured and evaluated. It focuses on three core concepts: False Match Rate, Presentation Attack Detection Error Rate, and Effort .

!! Match Rate Interdependence
 [False Match Rate] ([FMR]) and [False Non-Match Rate] ([FNMR]) are interdependent: adjusting the [biometric] system to decrease one of these rates will increase the other.
 
When two [biometric] samples are compared, a [biometric] system will generate a similarity score. For example, a range of similarity scores may be 1 (for low similarity) to 100 (an exact match). The [binary] match or non-match decision is made based on where this score falls with respect to a decision threshold:
* a value above the threshold is considered a match
* a value below the threshold is considered a non-match. 
Setting this threshold is a [Risk Assessment] decision because it results in errors, as some number of true match scores will fall below the threshold, while some true non-matches will fall above it. Changing the decision threshold to a higher value will decrease false matches, but it will also increase false non-matches. In other words, the [False Match Rates] and [False Non-Match Rates] are interdependent: adjusting the [biometric] system to decrease one of these rates will increase the other.

[{$pagename}] for [Opportunistic Attacks], the statistic that is of interest is the [False Match Rates] because it is a measure of the [degree of difficulty|Attack Effort] to find an [imposter] that randomly matches a legitimate [user]. [False Non-Match Rates] is a measure of [User Experience], signifying how often a legitimate user will be rejected. However, when [False Match Rate] is measured, it is necessarily measured at an [False Non-Match Rates] level because the two statistics are interdependent.

!! More Information
There might be more information for this subject on one of the following:
[{ReferringPagesPlugin before='*' after='\n' }]
----
* [#1] - [Strength of Function for Authenticators|https://pages.nist.gov/SOFA/ |target='_blank'] - based on information obtained 2017-12-12- 
* [#2] - [Biometrics &amp; Password - FA, FR &amp; Threshold|https://www.slideshare.net/HitoshiKokumai/biometrics-password-fa-fr-threshold|target='_blank'] - based on information obtained 2017-12-13- 
</pre>