You are in the: Small Business Computing Channelarrow View Sites +
Small Business Technology
» ECommerce-Guide | Small Business Computing | Webopedia | WinPlanet |  »Close
Enter a word for a definition... ...or choose a computer category.

   Term of the Day
   New Terms
   New Links
   Quick Reference
   Did You Know?
   Tech Support
   Webopedia Jobs
   About Us
   Link to Us

talk to us
   Submit a URL
   Suggest a Term
   Report an Error
Internet Lists
Internet News
Internet Resources
Linux/Open Source
Personal Technology
Small Business
Windows Technology
xSP Resources
Corporate Info
Tech Jobs
E-mail Offers
  Be a Commerce Partner

How Biometrics Security Works

Warriors have long used emblems, uniforms and tattoos to physically identify themselves to their compatriots. Secret passwords were in use long before the first person logged in at a keyboard. Today, the world of enterprise security is increasingly incorporating biometric identifiers as an additional weapon within the security arsenal.

International Biometric Group, a New York City-based consulting firm, reports that the worldwide market for biometric devices grew 67 percent last year to reach $1.2 billion. And analysts there estimate a further expansion to $4.6 billion by 2008.

The largest share of that money (48 percent) goes for fingerprint recognition systems, followed by facial recognition (12 percent). While these two are the most popular, there are other methods that analyze a person's physical or dynamic characteristics. Physical biometric methodologies also look at the following:
  • Eyes — Examining the lines of the iris or the blood vessels in the retina;

  • Hands — Taking a 3D image and measuring the height and width of bones and joints, and

  • Skin — Analyzing surface texture and thickness of skin layers.

Key Terms To Understanding Biometrics

Generally, the study of measurable biological characteristics. In computer security, biometrics refers to authentication techniques that rely on measurable physical characteristics that can be automatically checked.

In a biometric security system, the process of comparing a biometric data sample against all of the system’s databased reference templates in order to establish the identity of the person trying to gain access to the system.

When looking at strong authentication, you want two out of three factors — something you have, something you are and something you know. While, eyes, hands and skin are commonly used as biometric identifiers, more dynamic methodologies also are being introduced, such as the following:

  • Voice — Detects vocal pitch and rhythm;

  • Keystroke Dynamics — Analyzes the typing speed and rhythm when the user ID and password are entered;

  • Signature — Matches the signature to one on record, as well as analyzing the speed and pressure used while writing, and

  • Gait — Measures length of stride and its rhythm.

To keep performance high and storage requirements manageable, today's biometric technologies don't have to store or analyze a complete picture of the body part or the physical feature being used. Imagine the processing power that would be needed to store a high resolution picture of someone's face and then compare it with a live image pixel by pixel.

Instead, each method reduces the body part or activity to a few essential parameters and then codes the data, typically as a series of hash marks. For example, a facial recognition system may record only the shape of the nose and the distance between the eyes. That's all the data that needs to be recorded for an individual's passport, for example.

When that person comes through customs, the passport doesn't have to include all the data required to reproduce a full-color picture of the person. Yet, armed with a tiny dose of key biometric information, video equipment at the airport can tell whether the person's eyes are closer together or if his nose is slightly wider than the passport says they should be.

None of these biometric systems are infallible, of course. However, the rates of false negatives and false positives have markedly improved. One of the problems with fingerprint readers, for instance, is that they couldn't distinguish between an actual fingerprint and the image of one. In the recent movie National Treasure, Nicholas Cage's character lifted someone's fingerprint off a champagne glass and used it to gain access to a vault. That's not pure fiction.

Japanese cryptographer Tsutomu Matsumoto lifted a fingerprint off a sheet of glass and, following a series of steps, created gelatin copies. He then tested these on 11 fingerprint readers and each accepted the gelatin prints.  Outside the lab, Malaysian thieves chopped the fingertip off a businessman and used it with the fingerprint reader on his Mercedes. But none of those methods would work with higher-end fingerprint readers. The latest fingerprint readers are incorporating more advanced features, such as making sure the finger is a certain temperature. Everyone's hand is different, as some are consistently warm or cold. In addition, they can also check if there is a pulse and tell how much pressure is being applied.

Such sophistication, however, has its drawbacks. Authorized users may find themselves locked out even when the devices are working properly. Why? Tiny changes, due to accidents or injuries, can change a biometrics profile, rendering it effectively obsolete. The thing to keep in mind with any biometrics is that your ID does change over time. If you cut your finger, your biometric may not be the same any more. Or your early morning voice is different than after talking for eight hours.

Biometrics in the Enterprise

While biometric authentication certainly adds an extra layer of security, it would be a mistake to implement a high-end system and then feel that break-ins instantly would be consigned to the history books. It takes back-end integration, constant vigilance and consistent user involvement to keep an enterprise secure. Security is a user issue and must go all the way to the desktop. You need to have a very layered architecture and assume that any layer could fail some day.

The most popular biometric tool at the moment is the fingerprint reader. Some even use USB drives. And some keyboards and laptops come with them built in. These devices have come way down in price. As a standalone device, the unit price has dropped below $100. But, in an enterprise setting, that is just the start of the costs.

IT departments have to ensure, for example, that back-end security systems can accommodate biometric authentication, and scale to the required number of users. Plus, if fingerprint readers are not incorporated into the laptop or desktop, it adds to the number of devices that need to be supported by IT.  There is little point, then, in adopting a stand-alone biometrics system that cannot easily be assimilated into the organization's existing security fabric.

Biometric authorization techniques are no longer so leading edge that they are difficult to marry with traditional security safeguards. Today's systems are well enough developed that they can be incorporated into enterprise systems without too much effort.  A strong authentication system is what you want to focus on and biometrics can be part of it, but the user should still have to memorize something or have a token, and you need to make sure that polices and the management structure relating to it are firmly in place.

Did You Know...
Personal USB Biometric Pods claim to allow secure fingerprint identification which provides a secure way to remember passwords. These gadgets are now available for under $30 USD.

Related Terminology: Webopedia > Computer Science > Biometrics

~ By Drew Robb
Adapted from eSecurity
Last updated: January 06, 2006

Related Links

eSecurity Planet Online
eSecurity Planet is dedicated to providing enterprise security professionals with the latest and most useful online security news, information and advice.

Webopedia's "Did You Know...How Fingerprint Scanners Work"
Today fingerprint devices are by far the most popular form of biometric security used, with a variety of systems on the market intended for general and mass market usage. Long gone are the huge bulky fingerprint scanners; now a fingerprint scanning device can be small enough to be incorporated into a laptop for security.

eSecurity Planet Article: Gait Advances in Emerging Biometrics
Recognition by the way someone walk (their gait), the shape of their ears, the rhythm they make when they tap and the involuntary response of ears to sounds all have the potential to raise the stock of biometric techniques.

Biometric Consortium
Extensive collection of information pertaining to the research, development, testing, evaluation, and application of biometric-based personal identification/verification technology. The Biometric Consortium serves as the U.S. Government's focal point for this technology.

DRM Watch
Analysis of digital rights management technology.

Do you have an interesting piece of computer-related trivia that you would like us to explore?
Tell us about it.

JupiterWeb networks:

Search JupiterWeb:

Jupitermedia Corporation has three divisions:
Jupiterimages, JupiterWeb and JupiterResearch

Legal Notices, Licensing, Reprints, & Permissions, Privacy Policy.

Jupitermedia Corporate Info | Newsletters | Tech Jobs | Shopping | E-mail Offers