View and vote on the article here: Biometric Security - Take Two
Biometric Security - Take Two| Category | | | Summary | | The latest science fiction movies often show someone being granted access to a room by either placing their hand on a pad, speaking to a computer, or allowing their eye to be scanned. These are examples of automated methods of recognizing an individual ba |
| | Body | A recent commercial shows a user logging into his computer by passing his fingertip over an integrated sensor built into his laptop, which was IBM?s ThinkPad T42. That model was released October 19, 2004. ?With the new reader, located on the wrist rest below the arrow keys, users swipe their finger across a small horizontally oriented sensor to log-on to their systems, software applications, web sites, or databases.? (1)
Prior to integrated sensors, USB fingerprint scanners were available. So science fiction is reality, right here, right now. What do you know about them, aside from what you?ve seen in the latest scifi thriller? This article will give a brief overview of Biometric Security as well as identifying the standards committees responsible for biometric technology standards.
What are Biometrics? ?Biometrics are automated methods of recognizing a person based on a physiological or behavioral characteristic. Among the features measured are: face, fingerprints, hand geometry, handwriting, iris, retinal, vein, and voice.? (2) The typical authentication method of a user login and password or a card or badge is replaced by (or used in conjunction with) biometric authentication. ?Identity theft is the fastest growing crime in our nation today? (3), and while biometric security isn?t widespread enough yet to combat the problem, the technology is beginning to appear in everyday hardware and software. Akira Hino, an IBM Thinkpad Security Architect, wrote that ?fingerprint reading technology, although not perfect, has many security features that other technologies do not provide [and] is a strong alternative to passwords and, when used with them as is possible, creates the opportunity for an even stronger security choice.? (4)
How does biometric authentication work? Fingerprinting technology works on the basic premise that everyone?s fingerprints are different. As such, an optical image can be compared to records in a database until a match is found. However, what happens when someone gets a copy of your fingerprints? Signatures can be forged, and voice data can be copied. Thus biometrics, using an algorithm, scans and then extracts features from a captured image. An actual image of the fingerprint, iris, voice or face isn?t maintained, but rather, only features are stored as a template.
In the case of fingerprinting, there are different methods for capturing the image, but capacitive sensing is a reliable method of preparing the template ?based on electrical properties of the living layer of the skin ? rather than the superficial layer?. (4) The algorithm itself selects different pieces of information from scan to scan which increases the overall security of the technology. This is similar to facial recognition software, where various points along eye sockets, cheekbones, and the sides of the mouth, which are less susceptible to alteration, are recorded and then matched against templates. (5) The industry maintains that the captured identification data cannot be recreated or regenerated from the template.
Is biometrics the solution to authentication and privacy? Not yet. With regards to fingerprinting, the condition of the finger (wear, injury, sweat) and/or sensor (damage, optical impairment such as humidity) can cause the authentication to fail. In addition, although the likelihood is slim, it is possible for the authentication to falsely succeed if the algorithm matches a fingerprint with a template of a similar enough patterm. (4) While the industry claims regeneration of an image from the template is impossible or unfeasible, it has been shown that reconstruction of an image is in fact possible. (6)
Who is setting the standards for Biometric Security? "ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. In the field of information technology, ISO and IEC have established a Joint Technical Committee 1: ISO/IEC JTC 1 on Information Technology.? (7) The JTC 1 has established three SubCommittees, SC 17, SC 27, and SC 37. SC 17 focuses on cards and personal identification, (8) as well as the application of biometric technologies to these. (11) SC 27 focuses on IT security techniques (9) which included biometric data protections techniques, biometric security testing, evaluations and evaluations methodologies. (11) And finally, SC 37 focuses on the ?[s]tandardization of genetic biometric technologies pertaining to human beings to support interoperability and data interchange among applications and systems. Generic human biometric standards include: common file frameworks; biometric application programming interfaces; biometric data interchange formats; related biometric profiles; application of evaluation criteria to biometric technologies; methodologies for performance testing and reporting and cross jurisdictional and societal aspects.? (10)
Since there are several industry affiliates and standards activities, International Biometric Group (IBG) provides ?the ?State of Biometric Technology Standards? report [which includes] critical information on standards relevant to biometric products, applications and deployments?, (12) for a small fee.
In summary, biometric security technologies are being incorporated into widely used systems on a regular basis. While some methods are more expensive than others, fingerprint scanning has been included into laptops without increasing the overall price significantly. All forms of biometric technologies work similarly by using an algorithm to collect a few pieces of information from a scanned image, creating a template, which is then compared later against the image. Different algorithms collect differently and different methods are more reliable than others. The technology itself has yet to be proven infallible and works best when combined with a more traditional authentication system.
Bibliography
1. ibm.com
2. biometrics
3. idtheftcenter
4. pc.ibm.com
5. biometricgroup
6. wvu.edu
7. sc37
8. sc17
9. ni.din.de
10. jtc1
11. jtc1
12. biometricgroup |
|
This article was imported from zZine. (original author: SHEPHERD)
There are no replies to this post yet.
|