Biometrics | Information Technology Security. Advice from Experts

Biometrics refers to the technologies that can identify and verify physical parts of the human body or their corresponding traits or behavior. These technologies include fingerprint readers, facial scanners, retina scanners , signature and voiceprint digitizers. They work by comparing a digital sample provided to them by the user and automatically verify it against a database of known identities. If there is a match, the user is recognized and identified . If not, the system may save the digital information for further processing to determine who the user was.

Biometrics has been a technology on the verge of acceptance for several years, but high costs and questions about its reliability have constrained widespread commercial acceptance. During the past five years , these concerns have been addressed through technical improvements, with false positives (incorrectly identifying one person as another) and false rejections (incorrectly rejecting the correct person) now in the acceptable range of 99.9%, as needed for commercial application.

Biometric security is considered to be one of the most secure methods of identification, as it verifies something that you do, and something that you are. For example, your signature and your typing pattern is something you do. Your fingerprint, facial characteristics, voice and eye profile are things that you are. Biometric identifiers are far better at protecting access than passwords or physical devices such as badges or keys as they are far more difficult to steal or share. When combined with other methods of identification, biometric techniques provide strong defense against unauthorized access to information, systems and networks.

Biometric measurements are usually classified into four domains:

Universality: virtually all people should be able to use the system
Uniqueness: no people should have the exact same characteristic
Permanence: the characteristic should be resilient over time
Collectability: the characteristic should be measurable quantitatively

When selecting which biometric factor to identify, system suppliers also look at device performance (speed, accuracy and reliability); acceptability of the device to users (is it invasive, dangerous, offensive); and circumvention (to what degree users can fool the system). Regardless of device type, the biometric identification process works the same way:

A sample is taken of the person s biometric characteristic, and transformed into a mathematical code that will be used as the match . When the user wants to access the system, he or she provides a new sample ” such as a fingerprint ” which is compared against the sample. If it matches, access is granted to the user. If not, a challenge question or a second match may be requested to verify the user s identity. If the second match fails, access is denied .

Where should biometric technology be used? Although it can be deployed everywhere, the most cost effective places are where the user s identity must absolutely be verified . Examples include a pharmacist filling a prescription, a financial trader trusted to move millions of dollars in trades every day, people with a need-to-know security clearance, and convicted prisoners who might have a similar name or visual appearance as someone else to prevent them from leaving prison in their place.

Typical security applications in the IT world include access control to computer rooms and facilities, access to computer networks and systems, and as a single sign-on method for users who use multiple systems with unique identification methods.