Biometric Authentication

Previous page
Table of content
Next page

Biometric Authentication

Biometric authentication is the science of authenticating someone by analyzing biological data, primarily human bodily characteristics such as fingerprints, retinal and iris patterns, voice patterns, facial features, signature, typing characteristics, and DNA. This form of authentication requires that the known result of the sampled biometric characteristic be stored on a central server or on a SmartCard, which is presented with the sample for comparison. Let us emphasize that we are not talking about biometric identification, which is a much more complicated problem of taking a biometric sample and comparing it against a large database of samples to look for a match. Biometric authentication means taking a sample and comparing it against a known target and producing a yea or nay response.

In considering a biometric authentication solution, you should examine several factors:

         Perceived ease of use

         Acceptable transaction time

         Contingency measures for errors

         Location of actual authentication

         Gathering, verification, and storage of initial information

         Compatibility and connectivity issues

Other usability issues surround the use of biometric authentication, from user willingness to be subjected to sampling, based on health concerns (as in a laser-based retinal scan, for example), to users not wanting their fingerprint or DNA information stored on a central server that may be exploited by the government or a corporation for some other purpose. There are ways of potentially alleviating these privacy fears, such as encrypting the information as the sample is made and storing the encrypted form so that the original information cannot be retrieved. (Privacy issues are discussed in greater detail in Chapter 8, "Privacy.")

Potential security vulnerabilities also must be overcome, such as the following:

         The robustness of the user interface

         The security of the interface between the authentication device and the host system

         The security of the third-party transportation network

         The security of the authentication server and application

         The security of the host device

         The security of the database

         The integrity of the biometric device performance

The key is that all these COTS or proprietary add-on products are tools. Used with full knowledge of their capabilities and vulnerabilities, these tools can enhance the security of a process, device, or system. Used alone, each provides some benefit, but when skillfully combined with other tools, they create an overall system that provides security greater than the sum of the individual parts. Knowing when and which tools to use to achieve the required benefit without imposing undue restrictions or processes is where the work really begins. In other words, good application or system design begins with the business process requirements, and this is what drives the design. Incorporating security from the beginning is the key. We discuss this further in Chapter 12, "Define and Design."

 


Previous page
Table of content
Next page
Wireless Security and Privacy(c) Best Practices and Design Techniques
Wireless Security and Privacy: Best Practices and Design Techniques
ISBN: 0201760347
EAN: 2147483647
Year: 2002
Pages: 73
Authors: Tara M. Swaminatha, Charles R. Elden
BUY ON AMAZON
ADO.NET 3.5 Cookbook (Cookbooks (OReilly))
C++ GUI Programming with Qt 3
Mastering Delphi 7
InDesign Type: Professional Typography with Adobe InDesign CS2
Lean Six Sigma for Service : How to Use Lean Speed and Six Sigma Quality to Improve Services and Transactions
The Oracle Hackers Handbook: Hacking and Defending Oracle
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy