Practical Guide to Biometric Security Technology
As organizations search for more secure authentication methods for user access, e-commerce, and other security applications,biometrics is gaining increasing attention. But should your company use biometrics? And,if so,which ones should you use and how do you choose them? There is no one best biometric technology. Different applications require different biometrics. To select the right biometric for your situation, you will need to navigate through some complex vendor products and keep an eye on future developments in technology and standards.Your options have never been more diverse. After years of research and development,vendors now have several products to offer. Some are relatively immature, having only recently become commercially available,but even these can substantially improve your company’s information security posture.We brieﬂy describe some emerging biometric technologies to help guide your decision making.
WHAT IS A BIOMETRIC?
The security ﬁeld uses three different types of
• something you know—a password, PIN, or piece of personal
information (such as your
mother’s maiden name);
• something you have—a card key,
smart card, or token (like a
SecurID card); and/or
• something you are—a biometric.
Of these, a biometric is the most secure and convenient authentication tool. It can’t be borrowed,
stolen, or forgotten, and forging one is practically
impossible. (Replacement part surgery, by the
way, is outside the scope of this article.)
Biometrics measure individuals’ unique physical or behavioral characteristics to recognize or
authenticate their identity. Common physical biometrics include ﬁngerprints; hand or palm geometry; and retina, iris, or facial characteristics.
Behavioral characters include signature, voice
(which also has a physical component), keystroke
pattern, and gait. Of this class of biometrics, technologies for signature and voice are the most
Figure 1 describes the process involved in using
a biometric system for security.
A ﬁngerprint looks at the patterns found on a ﬁngertip.There are a variety of approaches to ﬁngerprint verification. Some emulate the traditional police method of matching minutiae; others use straight pattern-matching devices; and still others are a bit more unique, including things like moiré fringe patterns and ultrasonics. Some veriﬁcation approaches can detect when a live ﬁnger is presented; some cannot. A greater variety of fingerprint devices is available than for any other biometric. As the prices of these devices and processing costs fall, using fingerprints for user verification is gaining acceptance—despite the common-criminal stigma
FREE IEEE PAPER