Identifying people
through behaviour patterns
Munish Johar
Munish Johar
As
organisations search for more and more secure authentication methods
for user access systems, electronic commerce, and other security
applications, biometric technology is gaining increasing attention in
today’s rapidly changing technology scenario. Once the stuff that
you saw in James Bond movies, biometric technology (such as devices
that read your fingerprints, cameras that recognise your face,
software that knows your voice) is being used globally by companies
and is readily available. However the question that comes to mind
immediately is — What is Biometric?
Before giving a
formal definition to the term biometric, it is important to provide
some background information. The security field uses three different
types of authentication methods:
-
Something you know (lowest level of security) — a password, PIN (Personal Identification Numbers), or piece of personal information (such as your mother's maiden name);
-
Something you have (second level of security) — a card key, smart card, or token;
-
Something you do or something you are (highest level of security) – this is a biometric, it comprises of both physiological and/or behavioural biometrics, including fingerprints, voiceprints, signatures, etc.
 |
|
The above diagram
depicts the process pictorially and the accompanying points
provide a more complete explanation.
A. An end user
attempts to access a protected network.
B. The
application/Web server passes a request to the authentication
server to verify the end user’s identity.
C. The
authentication server checks the database for the end user’s
identity profile (such as biometric templates).
D. Based on the
security requested and constraints, an authentication policy is
dynamically generated.
E. The
authentication server prompts the end user for his/her
credentials.
F. The
credentials provided by the end user are matched against the
database.
G. The
authentication sever sends a yes or no validation response.
|
Whilst individual biometric devices and systems have their own operating methodology, there are some generalisations one can make as to what typically happens within a biometric systems implementation. The most ‘popular’ biometrics seems to gravitate at present around the following methodologies:
Fingerprints: This
biometric involves looking at the patterns found on a fingertip. A
greater variety of fingerprint devices are available than for any other
biometric. These systems have a high accuracy rating, are quick to use,
take up little space and are relatively low cost, so they’re useful
for providing security for large numbers of users.
Hand geometry: Hand
geometry involves analysing and measuring the shape of the hand. This
biometric offers a very good balance of performance characteristics and
is quite easy to use.
Retina: A
retina-based biometric involves analysing the layer of blood vessels
found at the back of the eye. Retinal scanning can be quite accurate but
does require the user to look into a receptacle and focus on a given
point. This is not particularly convenient for people who wear glasses.
For this reason, retinal scanning is not in widespread use, even though
the technology itself can work well.
Iris: An
iris-based biometric, on the other hand, involves analysing features
found in the coloured ring of tissue that surrounds the pupil. Iris
scanning, on the other hand is definitely less intrusive of the
eye-related biometrics, it uses a fairly conventional camera element and
requires no close contact between the user and the reader. Iris
biometrics work with glasses in place and is one of the few devices that
can work well in identification mode.
Face: Face
recognition analyses the facial characteristics of a user. It requires
the use of a digital camera to develop a facial image of the user for
authentication. Because facial scanning needs an extra device not
generally included with basic personal computers, it is targeted towards
more niche areas such as network authentication.
Signature: Signature
verification analyses the manner in which a user signs his or her name.
Common signing features such as speed, pressure, and velocity are as
important as the finished signature's static shape. This biometric
enjoys a synergy with existing processes that other biometrics do not.
Signature verification devices are reasonably accurate in operation and
obviously lend themselves to applications where a signature is an
accepted identifier.
Voice: Voice
authentication is not based on voice recognition (as most of us would
think) but on voice-to-print authentication, where complex technology
transforms voice into text. Voice biometrics has the most potential for
growth; because it requires no new hardware, most personal computers
already contain a microphone. However, poor quality and ambient noise
can affect the verification process.
No single biometric
technology has dominated the market. Different technologies are being
used for the same applications. To gain widespread acceptance in
businesses, multiple individual biometrics methods must coexist in a
single system solution. Initially, these techniques were employed
primarily in specialist high security applications, however we are now
seeing their use and proposed use in a much broader range of public
facing situations. Future use of biometric technologies may include:
-
ATM machine use.
-
Workstation and network access
-
Travel and tourism
-
Internet transactions
-
Telephone transactions
-
Public identity cards
0 comments:
Post a Comment