|HOME||Biometric Links||E-business||IT Security|
Authentication plays a very critical role in security-related applications like e-commerce. There are a number of methods and techniques for accomplishing this key process. In this regard, biometrics is gaining increasing attention these days. Security systems, having realized the value of biometrics, use biometrics for two basic purposes: to verify or identify users. There are a number of biometrics and different applications need different biometrics.What is a Biometric
Biometric is the most secure and convenient authentication tool. It can not be borrowed, stolen, or forgotten and forging one is practically impossible. Biometrics measure individual's unique physical or behavioral characteristics to recognize or authenticate their identity. Common physical biometrics include fingerprints, hand or palm geometry, retina, iris, and facial characteristics. Behavioral characters characteristics include signature, voice, keystroke pattern, and gait. Of this class of biometrics, technologies for signature and voice are the most developed.Biometric Technologies
There are many biometric technologies to suit different types of applications. To choose the right biometric to be highly fit for the particular situation, one has to navigate through some complex vendor products and keep an eye on future developments in technology and standards. Here comes a list of biometrics :
Fingerprints - A fingerprint looks at the patterns found on a fingertip. There are a variety of approaches to fingerprint verification, such as traditional police method, using pattern-matching devices, and things like moire fringe patterns and ultrasonics. This seems to be a very good choice for in-house systems.
Hand geometry - This involves analyzing and measuring the shape of the hand. It might be suitable where there are more users or where user access the system infrequently. Accuracy can be very high if desired, and flexible performance tuning and configuration can accommodate a wide range of applications. Organizations are using hand geometry readers in various scenarios, including time and attendance recording.
Retina - A retina-based biometric involves analyzing the layer of blood vessels situated at the back of the eye. This technique involves using a low intensity light source through an optical coupler to scan the unique patterns of the retina. Retinal scanning can be quite accurate but does require the user to look into a receptacle and focus on a given point.
Iris - An iris-based biometric involves analyzing features found in the colored ring of tissue that surrounds the pupil. This uses a fairly conventional camera element and requires no close contact between the user and the reader. Further, it has the potential for higher than average template-matching performance.
Face- Face recognition analyses facial characteristics. It requires a digital camera to develop a facial image of the user for authentication. Because facial scanning needs an extra peripheral things that are not included in basic PCs, it is more of a niche market for network authentication. However, the casino industry has capitalized on this technology to create a facial database of scam artists for quick detection by security personal
Signature - Signature verification analyses the way user signs his name. Signing features such as speed, velocity, and pressure are as important as the finished signature's static shape. People are used to signatures as a means of transaction-related identity verification.
Voice - Voice authentication is based on voice-to-print authentication, where complex technology transforms voice into text. Voice biometrics requires a microphone, which is available with PCs nowadays. Voice biometrics is to replace the currently used methods, such as PINs, passwords, or account names. But voice will be a complementary technique for finger-scan technology as many people see finger scanning as a higher authentication form.Uses of Biometrics
Biometric technology is one area that no segment of the IT industry can afford to ignore. Biometrics provide security benefits across the spectrum, from IT vendors to end users, and from security system developers to security system users. Here we discuss a number of critical applications that are in need of biometrics. For decades, many highly secure environments have used biometric technology for entry access. Today, the primary application of biometrics is in physical security: to control access to secure locations (rooms or buildings). Biometrics permit unmanned access control.Biometric devices, typically hand geometry readers, are in office buildings, hospitals, casinos, health clubs and lodges. Biometrics are useful for high-volume access control. There are several promising prototype biometric applications. One of them, EyeTicket, links a passenger's frequent-flyer number to an iris scan. After the passenger enrolls in the system, an unmanned kiosk performs ticketing and check-in of course without luggage. Some of the US airports use a sort of hand geometry biometric technology for performing citizen-verification functions.
It is also expected that virtual access as the application that will provide the critical mass to move biometrics for network and computer access. Physical lock-downs can protect hardware, and passwords are currently the most popular way to protect data on a network. Biometrics can increase a company's ability to protect its sensitive data by implementing a more secure key than a password. Using biometrics also allows a hierarchical structure of data protection, making the data even more secure. Biometric technologies further help to enhance security levels of access to network data.
E-commerce developers are exploring the use of biometrics and smart cards to more accurately verify a trading party's identity. Banks are bound to use this combination to better authenticate customers and ensure non-repudiation of online banking, trading and purchasing transactions. Point-of-sales (POS) system vendors are working on the cardholder verification method, which would enlist smart cards and biometrics to replace signature verification. Biometrics can help to obtain secure services over the telephone through voice authentication..
The last interesting application is for covert surveillance. Using facial and body recognition technologies, researchers hope to use biometrics to automatically identify known suspects entering buildings or traversing crowded security areas such as airports.Selecting a Biometric Technology
There are a number of biometric technologies available at the moment. It is very critical to pick up the one which meets the user profiles, the need to interface with other systems or databases, environmental conditions, and a host of other application-specific parameters. Here comes some of the key points to be taken into account before selecting one:
1. Ease of use - some biometric devices are difficult to handle unless there is proper training.
2. Error incidence - Time and environmental conditions may affect the accuracy of biometric data. For instance, biometrics may change as an individual becomes old. Environmental conditions may either alter the biometric directly (if a finger is cut and scarred) or interfere with the data collection (background noise when using a voice biometric).
3. Accuracy - Vendors often use two different methods to rate biometric accuracy: false-acceptance rate (FAR) or false-rejection rate (FRR). Both methods focus on the system's ability to allow limited entry to authorized users. However, these measures can vary significantly depending on how one adjust the sensitivity of the mechanism that matches the biometric. There may be instances where FAR decreases and FRR increases. Thus we have to be careful to understand how the biometrics vendors arrive at quoted values of FAR and FRR. Because FAR and FRR are interdependent, we can draw a plot, which can facilitate to determine the crossover error rate (CER). The lower the CER, the more accurate the system
There are some other vital ingredients to be analyzed :
1. Cost - biometrics devices and their related things, such as installation, connection, user system integration, research and test of the biometric system, system maintenance, etc.
2. User acceptance - certain user groups reject biometric technologies on various grounds because of privacy concerns.
Some application-specific requirements like security level, which can be low, moderate or high. This decision will greatly impact which biometric is most appropriate for this kind of applications.
Finally organizations should consider a biometric's stability including maturity of the technology, degree of standardization, level of vendor and governmental support, market share and other support factors. Mature and standardized biometric technologies usually have stronger stability.Future Research Directions
Although companies are using biometrics for authentication in a variety of situations, biometric technologies are evolving and emerging towards a large scale of use. Standards are coming out to provide a common software interface to allow sharing of biometric templates and to permit effective comparison and evaluation of different biometric technologies. One of them is the Common Biometric Exchange File Format, which defines a common means of exchanging and storing templates collected from a variety of biometric devices.
Biometric assurance - confidence that a biometric can achieve the intended level of security - is another active research area. Another interesting thing to be examined is combining biometrics with smart cards and public-key infrastructure (PKI). A major problem with biometrics is how and where to store the user's template. Because the template represents the user's personal characters, its storage introduces privacy concerns. Also storing the template in a centralized database paves for attack and compromise. On the other hand, storing the template on a smart card enhances individual privacy and increased protection from attack, because individual users control their own templates. Vendors enhance security by placing more biometric functions directly on the smart card. Some vendors like Biometric Associates, have built a fingerprint sensor directly into the smart card reader, which in turn passes the biometric to the smart card for verification.
PKI uses public- and private-key cryptography for user identification and authentication. It has some advantages over biometrics as it is mathematically more secure and it can be used across the Internet. The main drawback of PKI is the management of the user's private key. To be secure, the private key must be protected from compromise and to be useful, the private key must be portable. The solution is to store the private key on a smart card and protect it with biometric. There are proposals for integrating biometrics, smart cards and PKI technology for designing Smart Access common government ID cards.
On concluding, the technologies devices and products for biometrics started to appear on steady pace towards facilitating widespread use. This article gives a snapshot of the dynamics under way in this popular biometrics market.