Preface

Biometrics is fascinating! Imagine having the ability to take a physical trait, quantify it, and then use it as proof of who you are. The excitement I feel about this subject is the same as how I felt when I got my first computer. Here is the latest in technology, and it's mine to explore. It is not often that one is presented with an opportunity to work and research a subject that both excites and has practical applications.

The promise of biometrics has never been greater. With the proliferation of passwords and the need to find a better and stronger factor of authentication, biometrics offer a solution. The use of a biometric trait to replace an existing password or the use of a biometric trait as an access key to Single Sign-On that can then proxy a password is the "killer application" that is going to drive biometrics. The biometric trait provides convenience with increased security. It is exactly this relationship between convenience and security that will drive biometric adoption.

The biometric technologies currently being sold and deployed will make the online world a more secure and private place. For everything that biometrics is and promises to be, it is important to remember it is a technological tool. Like any technological tool, if used for its intended purpose, it performs well; if used where it does not belong, it can fail.

The rate of biometric research is increasing every year. New and more exotic methods are being conceived to measure physical traits. The final chapter goes into more detail on what the future has in store for biometrics.

I believe that the maturity of the biometric industry is in the area of logical security. It is in the protecting of logical access to computing resources that biometrics will make the jump to a mainstream technology. It is with this belief that I took a job at a small biometrics start-up in early 1997. At that time, the industry was still forming for securing logical access through biometric use. There were many companies looking for the right combination of software and hardware to take the industry to the next level. For the next several years , I was privileged to be intimately involved in the development of both hardware and software for this biometric marketplace . It was my role to be the customer- facing resource for the company. I was on the frontline, walking with our customers on the "bleeding edge" of the industry. Being on-site with the customers and seeing how they actually wanted to use the technology gave me great insight into the direction the technology needed to go to be successful. On the frontline, I also experienced the successes and failures of proofs of concept, pilots, and deployments. Along the way, I got screamed at, called at all hours of the day and night, and told that my technology will cost someone his or her job!

It is exactly this "school of hard knocks" approach that has prepared me for writing this book. And it is the culmination of these experiences that I used to compile the book's material.

In any technology field, there are skeptics. It is the skeptics who keep the biometric industry honest, and skeptics can also make the best customers. At a trade show, I was approached by a group of senior technology people from the federal government. They stopped briefly to look at our booth signage and commented about another company with lots of claims and no substance. In talking with them, I came to learn that they had previous experience with a company that had made promises, but never delivered. I explained to them what our company could do and only what we could do, and they said our claims seemed even larger. I offered to demonstrate the solution, and they believed that I would show them " demoware " or make an excuse about why something did not work. On the contrary, I was able to show the full system running and doing exactly what I said it could do. No excuses needed! This federal government group later became a customer. It was this experience that made it clear that if you say you can do something, you need to prove it. It was this encounter that convinced me that when dealing with customers or anyone else, you need to show what you are talking about and deliver on those promises.

It is with that same attitude that I wrote this book. As mentioned earlier, what follows is based on my own experience. It did not happen to a friend of a friend, and it is not some tired , retold case study from years ago. What follows is the truth on implementing biometrics for network security.