Customer Portal

Security by Use of Biometrics

Security by Use of BiometricsA crucial element of today's business practices is security. Everyone is concerned with keeping important information as secure as possible. There are many consequences that may occur when important information falls into the wrong hands. Authentication and encryption are the key elements in keeping systems secure. Since humans have a tendency to forget on occasion, complicated passwords can become a problem, while simple passwords are much to easy to figure out by non-authorized users. Writing down passwords or sharing them with others is another flaw. With technology at today's level, the need for some form of user-friendly security is imminent. When Internet hackers work their magic, many suffer the consequences in a variety of and sometimes-costly ways. In the wake of all the heightened terrorism, security issues are being addressed in all aspects of personal and business steps.

Security by Use of BiometricsWide-area networks and the Internet have expanded their growth to the point of vast vulnerability. System downtime can cost companies hundreds of thousands of dollars in damage and many lost hours of work. "Is there a system that can provide adequate security?" the question still remains. A step in the right direction is biometrics. Authenticity of a user is the most secure way to keep systems safe. Since certain elements of humans are unique and not identical, biometrics can help with security by using authenticity of a one of a kind human element. Biometric software maps the physical characteristics in a combination that is exclusive to only one individual. The uniqueness and fact that very little changes over time, makes this process the least likely to fail.

Biometrics is the statistical analysis of biological observations and is based on a physiological characteristic such as fingerprint or face, or behavioral characteristics such as signature or voice. There are several different ways that biometrics can obtain this information, such as fingerprints, hand geometry, iris pattern, voice recognition, or facial structure. Replication of this information is virtually impossible, and some methods are more secure than others, but these methods are still the best way to secure a system. Biometric uses fall under the following categories:

  • Fingerprinting - built on a mathematical representation of over 100 identifiable markers found on each fingerprint, and must match at least 70 of these markers to be considered authentic. Fingerprint scan pads are becoming very popular, and some computer manufacturers have already begun to integrate them with their new systems.
  • Hand or Palm Geometry - uses the geometric shape of the hand and fingers, by measuring the finger length along with the thickness and width of the hand itself. Since the hand is not a unique feature, it can only be used for verification not for identification. An advantageous tool for someone that is constantly using the Internet is a mouse with a scanner located on it. With this idea, one doesn't have to always enter a password when changing from one site to another, because the scanned image taken with the mouse stores this information and is used when moving from site to site.
  • Iris Recognition - uses the features found in the iris and has 266 points of recognition, and must match over 150 to be considered authentic. Iris patterns like fingerprints, no two are alike and don't change characteristics.
  • Retina Recognition - maps the unique patterns of veins or capillaries in the back of the eye, these patterns vary from person to person, but unfortunately this structure can change over the duration of a person's lifetime.
  • Voice Recognition - the determination of the identity of a speaker by the use of characteristics of the voice. The use of the voice as a method of determining the identity of the speaker is called verification. Voice biometrics digitizes a profile of a person's speech and produces a model voiceprint or template. A problem with voice recognition is that a person may have a cold or sore throat that may alter the voice and the reading will not be correct. Many computer systems are now being sold with voice recognition technologies.
  • Facial Recognition - analyzes the patterns and measures the distances between facial features and stores them in a database. The areas of the face that don't change are the upper sections of eye sockets, the areas surrounding the cheekbones, and the sides of the mouth. It is the most accepted method, because it is the most common way in which people recognize each other. With the new technologies in video, and the use of surveillance cameras, this technology is the next logical step.
  • Signature Recognition - the analysis of handwriting signatures or styles, this method has been in use for many years. An automated signature system can differentiate between consistent styles and aspects that change almost every time a person signs their name.
  • Keystroke or Typing Recognition - the unique characteristics or typing rhythms people have while typing can be used to establish a unique identity pattern. This method is best used in computer access applications, because the verification occurs while the person is doing their job, and no other login process is necessary.

Other methods in use are Ear (shapes of the ear), Smell (identifying odors common to a person), Gait (established walking styles or mannerisms), and the most common one used in solving crimes is DNA testing (genetic makeup).

Today, businesses are looking into securing their information, or offering security to their customers. Banks and credit card companies around the world are starting to use fingerprint readers at their teller windows and face or fingerprint scans at ATM machines to replace pin numbers or passwords. Visa International will debut a new online security system in Hong Kong in September. This system will have an initial setup by the user then will have a popup screen when transactions are taking place, which will require authentication by the user.

Smart Cards the alternative to paper money may be used more often in the future because the data is stored on the card and not a PC, which can't be compromised by viruses or malicious users. With a lost Smart Card, the finder only has 3 chances to guess at password before the information on the card is erased and any alterations to the card will also result in loss of all information. The original information is stored in a database and can be recovered by the original cardholder. Smart Cards that hold fingerprint and facial authenticity are already in use in state and federal levels of the government. Several companies are coming out with versions of smart cards that will help protect the security of many. House bills are now waiting to be passed to turn drivers' licenses into smart cards, in hopes to deter criminals and underage drinkers.

Law Enforcement Agencies across the US are embracing the new fingerprinting and face recognition technology along with the access to large databases. Fingerprints taken from crimes committed years ago are now being solved with this new technology. Airports have also taken that extra step into the high security world not only with the employees they hire, but the passengers and luggage that board the planes. Nuclear Plants along with other power facilities are using biometric methods to ensure security.

Encryption is the best way to ensure that the receiver and sender of email are the only ones with access to the information. A new identity chip developed by Hitachi could soon be woven into paper money to help identify counterfeits. These types of chips may also play a large role in the prevention or return of stolen merchandise if embedded into consumer products.

When deciding on a security solution using biometrics, consideration must be given as to which type of verification will best address your business needs, which will be most cost effective, and how convenient will it be to use. Some businesses may have a need for a multi-level security system that may include using the least secure biometric technique to gain entrance to the lowest level and the most secure technique of biometrics to have the highest level of security and availability to all information.

Further Information:

A. K. Jain and S. Pankanti, "A Touch of Money", IEEE Spectrum, vol. 43, no. 7, pp. 22-27, July 2006.

A. K. Jain, A. Ross, and S. Prabhakar, "An Introduction to Biometric Recognition", IEEE Trans. on Circuits and Systems for Video Technology, Special Issue on Image- and Video-Based Biometrics, vol. 14, no. 1, pp. 4-20, January 2004.

A. K. Jain and A. Ross, "Multibiometric Systems", Comm. ACM, vol. 47, no. 1, pp. 34-40, January 2004.

A. K. Jain, L. Hong, and S. Pankanti, "Biometric Identification", Comm. ACM, vol. 43, no. 2, pp. 90-98, February 2000.