Biometrics Demystified: What You Need To KnowFrom fingerprints and retina scans to DNA and gesture recognition, the technology is advancing while costs are declining. Here's what you need to know.
Rising threat levels, increasing interconnectivity of systems, and the growing volume and value of data held by computers connected to the Internet have data owners re-evaluating access control methods. They need to do more than just check that authorized users have the correct login information; they also want to ensure that those people are actually the rightful owners of the login information they're using. Biometrics is the only way to do this.
With biometric authentication, every individual is unique. Most people are familiar with techniques such as fingerprint and facial recognition, which grant access based on physiological characteristics, but certain behavioral characteristics, such as typing rhythm, gait, and voice, also can be used.
User names and password combinations can be guessed or easily obtained by imposters. Tokens can be lost, forgotten, and stolen. But criminals can't guess fingerprints, and users can't forget or misplace their fingerprints. Physical attributes can't be faked the way ID cards can. And once a person has authenticated himself using biometrics, he can be tied directly to any actions he performs. This isn't the case with other form of authentication.
Biometric systems also have low administrative overhead. No more password resets. No more redistributing and renewing tokens, and no more revoking and replacing lost or stolen tokens. Most network operating systems allow for the easy integration of biometric authentication to replace and supplement passwords.
How Biometrics Works
Many people are under the misconception that biometric authentication involves direct comparison of the biometric trait--comparing an actual image of a fingerprint with stored fingerprints. What actually happens is that the device capturing the image creates a numerical value to represent the fingerprint--a digital hash of distinct characteristics. This value is sent to the authentication server for comparison with stored values.
With facial recognition, the camera captures an image of the face and extracts relevant characteristics, such as the distance between the eyes, width of the nose, shape of the cheekbones, and length of the jawline. These values are used to create a template.
To read the rest of the article,
Download the Nov. 21, 2011 issue of InformationWeek
Michael Cobb is founder and managing director of CobWeb Applications, a consulting firm that helps companies secure their IT infrastructures. Write to us at firstname.lastname@example.org.