>> "Dr. Memon said their findings indicated that if you could somehow create a magic glove with a MasterPrint on each finger, you could get into 40 to 50 percent of iPhones within the five tries allowed before the phone demands the numeric password, known as a personal identification number."
>I don't understand how this is possible at all.
You're confusing Sensitivity (also called the true positive rate), Specificity (also called the true negative rate), and conditional probabilities.
>I used to belong to a gym that used a fingerprint reader for entry, and it correctly identified me (flashing my name) from the other 1,000+ members each time.
This is the finger-print reader's sensitivity, P ( Access granted or positive identification | Correct key is supplied [your thumb] ). It is not Probability ( Access granted or positive identification | Incorrect key is supplied)
I think the point is that it recognizes their fingerprint, and doesn't mistake it for any of the 999 other users. If it can tell the differences between a thousand fingerprints, why can't it be sensitive enough to reject at least 999/1000 false fingerprints?
Think of it this way: What's the probability that one of the 5 master prints match their specific 1/1000 fingerprint, and not one of the other 999 customers? If you can distinguish between 1000 people, you should be able to distinguish a real from 999 fakes.
You're assuming an equivalent amount of entropy between the 1000 real fingerprints and constructed fake ones which are attempting to be as close as possible to the real one. That seems unreasonable to me.
You're still also only considering false negatives (user is erroneously rejected). You have no data points about false positives (user is erroneously allowed).
If the sensor always detects and admits Bob, even when it's Alice, you'd have the exact same success data for Bob.
>You're still also only considering false negatives (user is erroneously rejected). You have no data points about false positives (user is erroneously allowed).
As far as I understood, the system is distinguishing between its members so we have some data about false positives because OP was always identified as themselves and never as another member.
From that data point, how can you be sure that every single finger pressed to the reader doesn't identify as OP? You are assuming OPs low false negative rate has implications about false positives.
Edit: this type of reasoning is probably what lead to the recent authentication bypass flaw in Intel's AMT code. It just accepts anything passed to it as a valid password hash. That test is probably still passing in their CI system...
. . . because the gym still uses the system? If it didn't accurately distinguish between their customers, why would they still use it?
This is 100% not the same type of reasoning. We have reason to believe that the fingerprint accurately distinguishes between 1000 different options. False positive and false negative aren't meaningful terms here, because we're no longer dealing with yes/no results.
"If this authentication system didn't work nobody would use it" is literally the reasoning I mentioned above.
> we're no longer dealing with yes/no results
That's exactly what we're dealing with. Iterate through the list of fingerprints in the database, does provided == stored.
You might be interested in reading about CER (crossover error rate). It's the term used for discussing the trade-off between type 1(false positive) and type 2 (false negative) in biometric systems especially.
You really think the gym would use a system where a large portion of fingerprints match as OP? No, we're not dealing with yes/no. We're dealing with "which fingerprint matches the given data best", not "does the given data match a given fingerprint well enough". The scanner doesn't return "is this person OP", it returns "which person is this".
>I don't understand how this is possible at all.
You're confusing Sensitivity (also called the true positive rate), Specificity (also called the true negative rate), and conditional probabilities.
>I used to belong to a gym that used a fingerprint reader for entry, and it correctly identified me (flashing my name) from the other 1,000+ members each time.
This is the finger-print reader's sensitivity, P ( Access granted or positive identification | Correct key is supplied [your thumb] ). It is not Probability ( Access granted or positive identification | Incorrect key is supplied)
It's because of Bayes theorem. https://en.wikipedia.org/wiki/Bayes%27_theorem#Drug_testing