Log in ....Tribune


Dot.ComLatest in ITFree DownloadsOn hardware

Monday, April 29, 2002 		Lead Article

Identifying people through behaviour patterns
Munish Johar

ILLUSTRATION BY RAJIV KAULAs organisations search for more and more secure authentication methods for user access systems, electronic commerce, and other security applications, biometric technology is gaining increasing attention in today’s rapidly changing technology scenario. Once the stuff that you saw in James Bond movies, biometric technology (such as devices that read your fingerprints, cameras that recognise your face, software that knows your voice) is being used globally by companies and is readily available. However the question that comes to mind immediately is — What is Biometric?

Before giving a formal definition to the term biometric, it is important to provide some background information. The security field uses three different types of authentication methods:

  • Something you know (lowest level of security) — a password, PIN (Personal Identification Numbers), or piece of personal information (such as your mother's maiden name);

  • Something you have (second level of security) — a card key, smart card, or token;

  • Something you do or something you are (highest level of security) – this is a biometric, it comprises of both physiological and/or behavioural biometrics, including fingerprints, voiceprints, signatures, etc.
 

Of these authentication methods, biometrics is the most secure and convenient authentication tool. It can't be borrowed, stolen, or forgotten, and forging one is practically impossible. With this in mind, we can now proceed to formally define biometrics: can be defined as measurable characteristics of the individual based on their physiological features or behavioural patterns that can be used to recognise or verify their identity". Biometric technologies attempt to automate the measurement and comparison of these characteristics for recognising individuals. Common physical biometrics include fingerprints; hand or palm geometry; and retina, iris, or facial characteristics. Behavioural characters include signature, voice (which also has a physical component), keystroke pattern, and gait. While there are advantages to using biometrics, authentication systems should not forego other methods as part of the overall authentication scheme. Security systems are generally built up using one, two, or all three of the above mentioned authentication methods, providing several levels of security. For example, you could use a card key to access your place of work, but you would also be required to verify your fingerprints against the biometric stored on the card. This would ensure that someone couldn’t just steal your card and gain access to your office. You could do away with the card altogether and just identify yourself using your fingerprints. Besides being easier to use, there is no physical object to lose.

Biometric technologies were first proposed for high-security specialist applications. However these days things are different as not only has considerable technical progress been made, providing more accurate, more refined products, but unit cost has dropped to a point, which makes them suitable for broader scale deployment where appropriate, in addition, the knowledge base concerning their use and integration into other processes has increased dramatically. These technologies are now emerging as the key elements in developing online systems, as well as offline and stand-alone security systems, and for personal computing protection (originally designed for large companies, biometrics have now been scaled and made affordable for small networks and stand-alone systems.). Biometric technologies provide important components in regulating and monitoring access and presence. Significant application areas include electronic commerce, security monitoring, database access, border control and immigration, forensic investigations and telemedicine. In addition to such verification applications, biometric systems can be used for less constrained problems such as automatic identification of individuals, as a result of this, the biometric systems can be used in security applications, such as fraud and intrusion detection.

The above diagram depicts the process pictorially and the accompanying points provide a more complete explanation.

A. An end user attempts to access a protected network.

B. The application/Web server passes a request to the authentication server to verify the end user’s identity.

C. The authentication server checks the database for the end user’s identity profile (such as biometric templates).

D. Based on the security requested and constraints, an authentication policy is dynamically generated.

E. The authentication server prompts the end user for his/her credentials.

F. The credentials provided by the end user are matched against the database.

G. The authentication sever sends a yes or no validation response.
 


Whilst individual biometric devices and systems have their own operating methodology, there are some generalisations one can make as to what typically happens within a biometric systems implementation. The most ‘popular’ biometrics seems to gravitate at present around the following methodologies:

Fingerprints: This biometric involves looking at the patterns found on a fingertip. A greater variety of fingerprint devices are available than for any other biometric. These systems have a high accuracy rating, are quick to use, take up little space and are relatively low cost, so they’re useful for providing security for large numbers of users.

Hand geometry: Hand geometry involves analysing and measuring the shape of the hand. This biometric offers a very good balance of performance characteristics and is quite easy to use.

Retina: A retina-based biometric involves analysing the layer of blood vessels found at the back of the eye. Retinal scanning can be quite accurate but does require the user to look into a receptacle and focus on a given point. This is not particularly convenient for people who wear glasses. For this reason, retinal scanning is not in widespread use, even though the technology itself can work well.

Iris: An iris-based biometric, on the other hand, involves analysing features found in the coloured ring of tissue that surrounds the pupil. Iris scanning, on the other hand is definitely less intrusive of the eye-related biometrics, it uses a fairly conventional camera element and requires no close contact between the user and the reader. Iris biometrics work with glasses in place and is one of the few devices that can work well in identification mode.

Face: Face recognition analyses the facial characteristics of a user. It requires the use of a digital camera to develop a facial image of the user for authentication. Because facial scanning needs an extra device not generally included with basic personal computers, it is targeted towards more niche areas such as network authentication.

Signature: Signature verification analyses the manner in which a user signs his or her name. Common signing features such as speed, pressure, and velocity are as important as the finished signature's static shape. This biometric enjoys a synergy with existing processes that other biometrics do not. Signature verification devices are reasonably accurate in operation and obviously lend themselves to applications where a signature is an accepted identifier.

Voice: Voice authentication is not based on voice recognition (as most of us would think) but on voice-to-print authentication, where complex technology transforms voice into text. Voice biometrics has the most potential for growth; because it requires no new hardware, most personal computers already contain a microphone. However, poor quality and ambient noise can affect the verification process.

No single biometric technology has dominated the market. Different technologies are being used for the same applications. To gain widespread acceptance in businesses, multiple individual biometrics methods must coexist in a single system solution. Initially, these techniques were employed primarily in specialist high security applications, however we are now seeing their use and proposed use in a much broader range of public facing situations. Future use of biometric technologies may include:

  • ATM machine use.

  • Workstation and network access

  • Travel and tourism

  • Internet transactions

  • Telephone transactions

  • Public identity cards

In the past few years, biometric technology has rapidly pushed through barriers that had slowed its adoption in mainstream environments, performance, accuracy and reliability have steadily increased amongst all types of biometrics methods and the prices of the capture devices used by this technology have plunged, making biometrics an attractive addition to security systems. For many companies, biometric systems are the perfect answer to the expensive and time-consuming problems of fraud, theft, and access control. Technical and financial considerations aside, biometrics can pose a significant cultural challenge and introducing fingerprint scanners to every desktop or a facial recognition based entry system has to be done sensitively and carefully. Once the exclusive preserve of sci-fi books and movies, biometrics now has to be considered as one of the many challenges of modern day management.

Home
Top