Security Issues
The most common standardized encryption method used to secure a company’s infrastructure is the Public Key Infrastructure (PKI) approach. This approach consists of two keys with a binary string ranging in size from 1024-bits to 2048-bits, the first key is a public key (widely known) and the second key is a private key (only known by the owner). However, the PKI must also be stored and inherently it too can fall prey to the same authentication limitation of a password, PIN, or token. It too can be guessed, lost, stolen, shared, hacked, or circumvented; this is even further justification for a biometric authentication system (Corcoran et al.).
Because of the structure of the technology industry, making biometric security a feature of embedded systems, such as cellular phones, may be simpler than adding similar features to PCs. Unlike the personal computer, the cell phone is a fixed-purpose device. To successfully incorporate biometrics, cell-phone developers need not gather support from nearly as many groups as PC-application developers must.
Biometrics Technologies
Security has always been a major concern for company executives and information technology professionals of all entities. A biometric authentication system that is correctly implemented can provide unparalleled security, enhanced convenience, heightened accountability, superior fraud detection, and is extremely effective in discouraging fraud (Nanavati et al.).
Controlling access to logical and physical assets of a company is not the only concern that must be addressed. Companies, executives, and security managers must also take into account security of the biometric data (template) (Walder, 1997).
There are many urban biometric legends about cutting off someone finger or removing a body part for the purpose of gain access. This is not true… For once you take away the blood supply of a body part the unique details of that body part starts to deteriorate within minutes. Hence the unique details of the severed body part(s) is no longer in any condition to function as an acceptable input for scanners.
Storage Methodologies
Per Walder (1997) the best overall way to secure an enterprise infrastructure, whether it be small or large is use a smart card. A smart card is a portable device with an embedded central processing unit (CPU). The smart card can either be fashioned to resemble a credit card, identification card, radio frequency identification (RFID), or a Personal Computer Memory Card International Association (PCMCIA) card (Biocentric Solutions Inc., n.d.). The smart card can be used to store data of all types, but it is commonly used to store encrypted data, human resources data, medical data, financial data, and biometric data (template). The smart card can be access via a card reader, PCMCIA slot, or proximity reader; it is therefore in compliance with section 508 of the Americans with Disabilities Act (ADA) (Walder, 1997).
In most biometric-security applications, you don't ask the system to determine the identity of the person who presents himself to the system. That is, you don't say to the system, "Of the millions of sets of fingerprints you have on file, which set contains a print that matches this print?" This problem is "one-to-many matching." Usually, you supply your identity to the system, often by presenting a machine-readable ID card, and ask the system to confirm that you are who you say you are. This problem is "one-to-one matching." Today's PCs can conduct a one-to-one match in, at most, a few seconds. One-to-one matching differs significantly from one-to-many matching. In a system that stores a million sets of prints, a one-to-many match requires comparing the presented fingerprint with 10 million prints (1 million sets times 10 prints/set).
Image 24: Example of a Biometric Identification Smart Card
(Source: www.biometricassociates.com)
A smart card is a must when implementing a biometric authentication system; only by the using a smart card can an organization satisfy all security and legal requirements (Biocentric Solutions Inc., n.d.). Corcoran et al. (1999) stated, “This process irrefutably authenticates the person presenting the card as the same person to whom the cryptographic keys belong and provides the necessary tight binding between cryptographic key storage and the authorized user of the cryptographic keys.” (p. 5).
Smart cards possess the basic elements of a computer (interface, processor, and storage), and are therefore very capable of performing authentication functions right on the card. The function of performing authentication within the confines of the card is known as ‘Matching on the Card (MOC)’. From a security prospective MOC is ideal as the biometric template, biometric sampling and associated algorithms never leave the card and as such cannot be intercepted or spoofed by others (Smart Card Alliance).
The problem with smart cards is the public-key infrastructure certificates built into card does not solve the problem of someone stealing the card or creating one. A TTP (Trusted Third Party) can be used to verify the authenticity of a card via an encrypted MAC (Media Access Control) (Everett, n.d.).
Assistive Technologies
In the not so distant past, assistive technologies were limited to the connection of local assets; as such security concerns were satisfied by the very nature of limited physical (hands on) access to the assistive device. With the unveiling of networked architectures of both wired and wireless venue, assistive technologies must now be adaptive to local and networked devices.
Existing Standards
The security standards were sourced from Woodward, Orlans, & Higgins (2003) p. 174, the National Institute of Standards and Technology, and Information Technology Laboratory web sites:
ANS X9.84-2001 (Published TBA): Biometric Information Management and Security, defines the requirements for managing and securing biometric information (for example, fingerprint, iris scan, voiceprint) for use in the financial industry. Published by the American National Standards Institute (ANSI) standard was developed by the X9.F4 Working Group of ANSI Accredited Standards Committee X9, an ANSI accredited standards organization that develops, establishes, publishes, maintains and promotes standards for the financial services industry. X9.84-2000 specifies the minimum-security requirements for effective management of biometrics data for the financial services industry and the security for the collection, distribution and processing of biometrics data. It specifies: (1) the security of the physical hardware used throughout the biometric life cycle; (2) the management of the biometric data across its life cycle; (3) the utilization of biometric technology for verification/identification of banking customers and employees; (4) the application of biometric technology for physical and logical access controls; (5) the encapsulation of biometric data; and (6) techniques for securely transmitting and storing biometric data. The biometric data object specified in X9.84 is compatible with CBEFF.
CDSA/CSSM Authentication - Human Recognition Service (HRS) API V2: (Common Data Security Architecture) - API for use with CDSA/CSSM for authentication using biometric techniques and uses the EMM (Elective Module Manager) facilities provided in the CDSA’s CSSM (Common Security Services Manager), to provide a generic authentication service for CDSA. It provides a high-level generic authentication model that is suited to use with any form of human authentication, for operation with CDSA. Particular emphasis has been put on designing it for performing authentication using biometric technology. CDSA/HRS covers the basic functions of Enrollment, Verification, and Identification, and includes a database interface to allow a biometric service provider (BSP) to manage the identification population for optimum performance. It also provides primitives, which allow an application to manage the capture of samples on a client, and the functions of Enrollment, Verification and Identification on a server. It is designed to support multiple authentication methods, both singularly and when used in "a combination or "layered" manner. This API was developed by the" BioAPI Consortium, using earlier work from several interest groups. It is based on the BioAPI Consortium's published Version 1.0 8, March 20, 2000.
Cultural Barriers/Perceptions
People as diverse as those of variable abilities (Swanson & Fouad, 1999) are subject to many barriers, theories, concepts, and practices that stem from the relative culture (i.e. stigma, dignity or heritage) and perceptions (i.e. religion or philosophical) of the international community. These factors are so great that they could encompass a study of their own. To that end, Szymanski and Parker (1996) have theorized that to a certain degree that the application of diversity factors from current theories, concepts, and practices may be capable of providing a sturdy framework to the management of employees with disabilities. Moreover, Hagner and DiLeo (1993) have implied that the term diversity is a synonymous reflection of the initiatives and objectives of affirmative action policies. The concept of diversity in the workplace actually refers to the differences embodied by the workforce members at large (Barnartt & Altman, 2001). The differences between all employees in the workforce can be equated to those employees of different or diverse ethnic origin, racial descent, gender, sexual orientation, chronological maturity, and ability; in effect minorities (Szymanski & Parker, 1996).
The Elderly (Aging) Paradigm
Even with the medical advances of the 21st century to increase longevity and improved health among the aging, an elderly person still runs the risk of developing a chronic functional disability. The elderly have been stereotyped as unproductive and dependent upon others for their survival. For instance, that the elderly are too inept to keep mental pace with rapid-growth of companies. This mindset is unfair and detrimental to the vitality of society as well as the dignity of the aging individuals.
Equality however remains limited in part due to the persistence of myths and misperceptions by society about the ability of people of variable abilities in business. More interesting, is that some people of variable abilities believe the same crippling myths themselves.
Old Disability Paradigm
As our societies and workplaces have changed from that of industrial to informational, personal computers, telecommunication devices, and other high-level technologies have become the dominant component of our national culture and economic system. This has also changed employees from industrial workers (skilled laborer) to knowledge workers. The result of this change is that people of variable abilities now have more career options (National Council on Disability [NCD], 2001).
In retrospect, the post World War I theory or concept of disability was perceived as a medical condition (mental, physical, or emotional) that lead to the inability of a person to conduct work, which is commonly referred to as the medical model (Heldrick, 1999). The medical model concept was perceived and widely accepted as the most accurate definition up until the 1990’s. In the 1990’s, the medical model concept (old paradigm) started to shift ever so slightly to what is nowadays known as the disability paradigm (new paradigm).
New Disability Paradigm
The shift in paradigms from the old to the new has lead to the rethinking of many related theories, concepts, and practices from those that viewed disabilities under the medical model paradigm to what is now considered to be that of a social model (new disability paradigm) (Barnartt & Altman, 2001). Some of the most popular theories, concepts, and practices are the theory of work adjustment, organizational career theory, Super’s theory, and the role theory (Szymanski & Parker, 1996).
The theory of work adjustment was developed in the 1960s by the state of Minnesota and for all intensive purposes the theory of work adjustment is a person-environment theory model (Hagner & DiLeo, 1993). In accordance with the work of Szymanski and Parker (1996), the relationship between the employee and the workplace environment can be a source of unfathomed strength or profound confusion. Nonetheless, Szymanski and Parker (1996) have stated that the person-environment theory model is based on the following paraphrased assumptions (p. 83):
Individuals seek out and create environments that offer possibilities of leadership such that they are in charge.
Degree of fit between the person and environment is associated with significant outcomes that can substantially affect the performance, productivity, satisfaction, turnover, and stress.
The process of person and environment fit is reciprocal.
The major presumption in the theory of work adjustment is that employees seek to maintain a positive relationship with their workplace environment. Employees therefore bring their individual and/or team requirements to the workplace environment, and the workplace environment brings its requirements to the individual employees or the team (Barnartt & Altman, 2001). The implication is that for work adjustment to take place the employee and the workplace environment must achieve some degree of incontrovertible symmetry. In simplistic terms the employee and the workplace environment are in effect tethered to each other. The theory of work adjustment does not only apply to individuals with disabilities, it actually applies to all employees (Swanson & Fouad, 1999).
When the organizational career theory was first conceived it was perceived as an economic based theory and did not include employees with disabilities. This is because the medical model of disability was still widely accepted and a person with a disability was not thought of as needing or desiring a career, for he or she was unable to work (Swanson & Fouad, 1999). The organizational career theory is more of a theoretical method that can be used by employers in the development of career planning strategies or to meet company objectives and as a strategic career management tool for employees. The purpose of this theory is to match the skills and abilities of an employee to the best career fit within the organization (Szymanski & Parker, 1996). The organizational career theory favors the established hierarchical bureaucracy of an enterprise as the idea and most efficient method of deployment. Hence, it is the responsibility of the employer to seek the best career fit to meet required organizational personnel objective, in doing so the employee will subsequently profit (Swanson & Fouad, 1999).
Super’s Theory is a developmental theory that predicates the notion that there exists a fundamental correlation between the differences of people and occupations. These differences can be summed up in terms of abilities and personality traits. In theory, to achieve the most benevolent outcome it is feasibly possible for employers to translate such differences into occupational suitability factors for people with disabilities (Swanson & Fouad, 1999). As stated in the work of Szymanski and Parker (1996), the Super’s theory encompasses fourteen propositions, of which only three have practical application to the management of employees with disabilities (p. 87-89):
People differ in their abilities and personalities, needs, values, interests, traits, and self-concepts.
People are qualified, by virtue of these characteristics, each for a number of occupations.
Each occupation requires a characteristic pattern of ability and personality traits, with tolerances wide enough to allow both some variety of occupation.
Since Super’s theory is a developmental theory it is relevant to make note that employees progress through seven different stages of career priority. This progression is most often associated to an employee’s age. For example, at age 18 an employee may be on a journey of self-discovery or exploration for the career. The progression of stages continues from the exploratory stage, to basic training, to early career, to mid-career, to late career, to disengagement of career focus, to the final stage of retirement (Hagner & DiLeo, 1993). However, for employees with disabilities this progression stages most often becomes stuck for an extended time somewhere in between the early to mid-career stages (Swanson & Fouad, 1999). As indicated by Barnartt and Altman (2001), it is important for a manager to recognize such a condition and take action in the advancement of an employee to the next career stage.
In reference to the role theory, employees fit into a particular career role and as such they are expected to assume the perceived characteristics of that role. The career role may be permanent or temporary and will dictate how each person or employee’ will be perceived by the employer and society. Under the medical model, a person with a disability is perceived by society as unable to work. Thus, it is very hard for some people (employers, managers, etc.) to understand why someone with a disability would desire to work (Barnartt & Altman, 2001).
The role theory is a sociological theory composed of multiple role concepts. Barnartt and Altman (2001) have listed several of these role concepts. They are, “role salience, role set, role discontinuity, role strain, role conflict, role ambiguity and role synchrony” (p. 85).
As per the concept of workplace accommodations, employers with 15 employees or more must make reasonable workplace accommodations for employees with disabilities. Reasonable accommodations will include those structural and technological modifications that do not impose an undue hardship on the employer. The phases ‘reasonable accommodations’ and ‘undue hardship’ have not been distinctly defined. However, each can be gauged by the size, revenue, and nature of the company. For those employers or managers desiring more detail, they can refer the guidelines outlined by the Americans with Disabilities Act 1990 and current amendments via the Disability Rights Section website (United States Department of Justice, Civil Rights Division, Disability Rights Section [USDOJ], 2002).
From the perspective of the manager, some disabilities or impairment may be hidden or just not obvious. Furthermore, the Americans with Disabilities Act of 1990, precludes the employer from inquiring about a disability or impairment. It is therefore the obligation of the employee to furnish the manager or employer with enough selective information to demonstrate that an employee has a disability or impairment that limits or restricts his or her ability to perform what is referred to as major life activities (USDOJ, 2002). Per the National Council on Disability (2001), a major life activity is the impairment in the performance of manual task, walking, learning, concentrating, thinking, speaking, breathing, sleeping, hearing, seeing, interacting with others, or caring for oneself.
The website of the United States Department of Justice, Civil Rights Division, Disability Rights Section, Section 504 was amended in 2002 to the Americans with Act of 1990, as such a person with an disclosed disability or impairment may ask for accommodations to include, modification of facilities, assistive equipment or devices, part-time work schedule, modified work schedule, time away for treatment, unpaid leave of absence, job restructuring, additional education, modification of policy, or transfer to a vacant position for which the employee is qualified to fill. However, the United States Department of Labor, Office of Disability Employment Policy (2002) has legislated that the requesting employee must also be willing to participate in the process of researching, determining, developing, and implementing a reasonable accommodation. If the employee does not fully participate he or she may lose their right to such a reasonable accommodation. In the context of participation, the employee may voluntarily submit to a medical or psychological examination, as the resulting documentation may be needed to determine if the employee has a temporary or permanent disability. As per the United States Department of Justice, Civil Rights Division, Disability Rights Section website, a temporary disability may not warrant an accommodation via the aegis of the Americans with Disabilities Act of 1990 and if the disability is deemed as permanent the documentation may help to identify the perimeters for the most efficacious accommodation (USDOJ, 2002).
The concept of assistive technology refers to the belief that assistive technologies can dissolve the barriers most disability issues. In truth, assistive technologies are only effective when accompanied by the proper legislation, policies, and an equitable cultural paradigm in the workplace (Flippo, Inge, & Barcus, 1995). Assistive technologies can be an electronic device, a piece of software or a hardware component used to assist the employee (United States Department of Justice, Civil Rights Division [USDOJ], 1998). Assistive technology theories and concepts predicate the tenet philosophy that universal design is tethered directly to the universal access of all technologies, electronic or not (USDOJ, 2002).
As per Flippo, Inge, & Barcus (1995), the fundamental development of assistive technologies foundations have been dictated by legislation and federal policy. The aforementioned legislation and policies have also set the stage for standards associated to the application of communication technologies, sensory impairment technologies, mobility, and strategies for the workplace and schools. As implied by Heldrick (1999), the employment of assistive technologies within companies has also created a multitude of developmental staffing and creative financing issues.
The organizational concept of culture is the cultural paradigm that exists within the workplace of every company or enterprise. As coined on the Department of Labor’s website, the organizational concept is sometimes referred to as the “Social Theory of Disability” (USDOL, 2002). An example of this would be the dissimilar social ranking between management and employees.
The organizational culture is a set of learned attitudes, behaviors, and the other factoids that comprise a way of conducting business life with co-workers and management within an organization. While, it is unlikely that any one employee or manager will share his or her personal culture with all their co-workers. It is, however, very likely that he or she will choose to share their personal culture with at least one co-worker, both within the organization and outside of the organizational confines. With different organizational groups a varied level of comfort is achieved. The practice of establishing a desired level of comfort is known by most employees as networking and can be an effective reconnaissance tool for employees and managers alike (Szymanski & Parker, 1996).
The concept of management functions is a broad plan of attack for managers on how to influence the organization and employees through effective planning, organizing, directing, controlling, employee selection, employee support, employee training and development, and management style (Hagner & DiLeo, 1993). There are many practices that management could feasible employ to determine what management functions are best suited to influence diverse employees with disabilities (Szymanski & Parker, 1996). The overpowering objective of the theories and concepts as related to the management functions of employees with disabilities is to promote or invoke a paradigm shift within the organization, management ranks, and the workers cultural from the current damning cultural to one that recognizes the potential abilities of a person (NCD, 2001).
Ability Sequestration of Society
Societies from the beginning of recorded history have made sequestration of those with variable abilities a legal and moral acceptable practice. Sequestration happens on many levels as those with variable abilities tend to be generally ignored, forgotten and regard as invisible part of the society. Even today we sequester the elderly to nursing homes. It has been even worse for those with disabilities, for in the not to distant past those with disabilities were perceived as a plaque on society and were committed to mental institutions or in some case nursing homes.
Society sees the practice of sequestration those with variable abilities to a nursing home or mental institution as a means of providing care, or it just may be a method employed by family members to remove the undesirables (elderly and disabled) from society. In either event the origin of segregation in society is directly linked to the divergence of abilities between the bulk of society and those of variable abilities, the elderly and disabled.
Sequestration of those with variable abilities in our society is not only practiced by family members, but by governments. This is evident by an article written by Wilkie, D. (2003, May 17). The article suggests that via the use of life-cost benefit calculations that the U.S. government places less value on the lives of seniors, the disabled, and the sick. The author has alluded to the fact that the government has deemed it more cost-effective to give more support to policies that care for young people. The antonym of that is that the elderly, sick, and disabled are not worth saving.
Although it is done in a different context, the practice of placing value on a person’s life or determining cost-effectiveness is not unheard of. This approach is used everyday by life and health insurance companies. Life insurance companies have conducted numerous studies on how to determine the value of a life and what factors may contribute to the ending of life (http://ideas.repec.org/p/nbr/nberwo/7193.html). Health insurance companies use such studies to determine the cost-effectiveness of medical maintenance (http://aee.cas.psu.edu/docs/ 216001246.html). While many people may deem such practices as acceptable and/or necessary. There are others that see this as discrimination (http://www.drc-gb.org).
Biometrics Technologies
No biometric technique is foolproof. People need to be clear on that issue. Getting objective comparisons of the false acceptance rate (FAR) and false rejection rate (FRR) of various technologies is just about impossible. The FAR is the percentage of time that a system grants access to someone who is misrepresenting himself. The FRR is the percentage of time that a system denies access to a legitimate applicant. In general, in any system, the more stringent you make the acceptance criteria, the lower the FAR becomes and the higher the FRR becomes.
Based on the personal communication from Henry J. Boitel, Esq. (March 20, 2003) and an article from the New York Law Journal. The weakest link in security is the human factor. The communications go on further to state that an organization is "vulnerable to security breaches if it has not taken steps to prevent the exploitation of the human element" (Toren, 2003). In short, biometrics could be perceived as a socially regressive technology that excludes the disabled and the elderly.
Biometric Technology Markets
In recent years, many governmental and commercial market sectors have adopted the use of biometric technologies as a proven method for authenticating a users access to valuable data or physical structures. The market sector that have seen the largest increase of implementation are the law enforcement sector, government sector, financial sector, healthcare sector, travel sector, and the immigration sector, these market sectors are referred to as biometric vertical markets (Nanavati et al.).
Law Enforcement
One-to-many matching is typical of fingerprint searches that law-enforcement authorities conduct with the aid of automatic fingerprint-identification systems (AFISs). Some proposed iris-scan systems would also perform one-to-many matching, using only an iris scan to identify an individual.
AFISs are expensive (typically more than $1 million) systems that incorporate high-speed parallel processors. The systems do not make the final judgment on which stored fingerprints match the presented print. Rather, the systems determine which sets of stored prints have a high likelihood of matching the presented print. Human experts then further evaluate the AFIS selections to see which are most likely to match the presented print.
There are many opportunities for biometric technologies to aid law enforcement professionals in the disbursement of justice.
Corrections - Biometric technologies are currently being used in the law enforcement market to monitor the movements of prisoners and guards in prisons (Ashbourn, 2000).
Surveillance – With the availability of facial-scan technologies law enforcement has sought to place cameras within high crime neighborhoods, sporting events (Superbowl in Tampa Bay), and entertainment districts (Nanavati et al.) to name a few.
Tracking – Movement of suspected criminals through airlines, public places, and government buildings (Woodward, Orlans, & Higgins, 2003)
Locating - The Child Protection Education of America (CPEA) (http://www.find-missing-children.org) is a nonprofit organization that offers free digital fingerprinting (all ten) and digital photographing of children in hopes of protecting children. It is notable to acknowledge that CPEA does not retain images of the fingerprints or photograph. Instead CPEA prints the digital data to a card for the parents to retain (V. Dinova (CPEA Director), personal communication, June 11, 2003).
Government Sector
Just about 1,000 city government employees of Oceanside, CA have been using a biometric authentication system that was installed by at the workstation level by BioLogon. According to the Information Technology Director of Oceanside, Michael Sherwood many of the helpdesk calls were to reset password, since the system was installed the number of helpdesk calls have dropped by approximately 60%. Additionally, Sherwood has deemed the biometric authentication system as a timesaver and a worthy investment (Quintanilla, 2000).
The Department of Defense (DOD) Biometric Management Office (http://www.defenselink.mil/c3i/biometrics) has been exploring methods of using biometric technologies to enhance POW and refugee processing, weapons access, information security, intelligence, coalition operations, healthcare, force protection and access control, and sensitive areas.
Welfare offices in San Diego and Connecticut (Department of Social Services) are using digital fingerprint-recognition software to make sure recipients do not collect benefits more than once.
Travel and Immigration
Per the Biometric Consortium INSPASS and PORTPASS were both developed to track the entry of travelers into the United States. Hand geometry is the biometric of choice for INSPASS, while voice verification is the biometric for PORTPASS.
Image 25: INSPASS Station
Source: http://www.panynj.gov/aviation/inspassguysm.jpg
INSPASS was designed to be utilized by travelers entering the United States via airports and/or foot. While, PORTPASS was developed to be employed at point of entry for travelers via the conveyance of automotives (i.e. dedicated commuter lanes between port of entry) into the United States. Additionally, both INSPASS and PORTPASS predicate a one-to-one biometric match philosophy. To accomplish the one-to-one match the traveler will be issued a smart card containing the traveler’s biometric template. In the case of PORTPASS the traveler’s biometric template is stored via a RFID that is attached to the travel’s vehicle.
Governments around the world have implemented biometric technologies to protect live, civil liberties, individual privacy. The Otay Mesa, CA border crossing between Mexico and the United States employs a facial geometry biometric to authenticate the crossing of 3,000 commuters. The Sheriff’s Department in Los Angeles, CA uses facial geometry to compare a composite sketch to a database of 350,000 mug shots (Woodlands Online, n.d.).
New York's JFK airport uses hand scanners, but the purpose is to speed frequent flyers through customs. London’s Heathrow airport has started directing selected international passengers to bypass immigration agents and instead look into a iris scanner to see if the passengers’ iris sampling matches the passengers’ frequent flier iris template and numbers.
Physical access for employees to secure areas of airports in San Francisco, Hawaii, O’Hare’s in Chicago, Charlotte/Douglas International and Frankfurt, Germany are controlled by a biometric authentication system. All reports describe the system as being highly effective (Nanavati et al.).
Corporate Sector
Ever since the implementation of the first enterprise network, organizations have continuously searched for the most impregnable method(s) available to keep corporate knowledge and personal privacy (data) secure from the unauthorized intrusion, violation, or destruction of prying eyes. Traditionally, the most dominant methods of securing a companies’ infrastructure is to merge an employee’s username with a password, personal identification number (PIN), or a secure token (Nanavati et al.).
The function of a biometric authentication system is to facilitate controlled access to applications, networks, personal computers (PCs), and physical facilities. A biometric authentication system is essentially a method of establishing a person’s identity by comparing the binary code of a uniquely specific biological or physical characteristic to the binary code of an electronically stored characteristic called a biometric template. The defining factor for implementing a biometric authentication system is that it cannot fall prey to hackers; it can’t be shared, lost, or guessed. Simply put, a biometric authentication system is an efficient way to replace the traditional password based authentication system (Ashbourn, 2000).
Therefore, it is reasonable to conclude that PCs, cell phones, and other wireless (mobile) devices would be the first mass-market products to incorporate biometrics. Compared with desktop units, notebooks and other mobile devices are more subject to theft, tampering, been lost and has a shorter lifespan of usefulness (as technology rapidly evolves).
Today, most information-technology (IT) managers would probably pay a modest premium for an easy-to-use alternative to password protection of such machines. But, many of these managers expect to wait several years before they consider widespread deployment of biometrics on desktop PCs and workstations.
The prolific increase of cell phone (voice), laptops (fingerprint), PDAs (fingerprint), and other mobile devices have prompted security agencies throughout the world to issue a warning that mobile devices are becoming even more of a security risk to corporations. A great number of the mobile devices wireless access to a corporate network with very little security, and have become the weak link in the corporate infrastructure. The newest solution of mobile device manufactures is to design biometric authentication system into their platform (Van Impe, 2002).
Even the entertainment industry is no stranger to biometric technologies. Orlando's Disney World uses hand recognition to prevent visitors from sharing season passes. Casinos across the country routinely use facial recognition technology to identify known cheaters.
A potential application of conjecture would be the function of biometrics to protect the copyright privileges of music, movies, and software creators. It is the hypothesis of the researcher that a biometric algorithm could be employed to encrypt and decrypt media stored on a multitude of mediums (i.e. CD-R/RW, DVD-R/RW, flash memory, etc.). The end result would be that only the legitimate owner of might access the work of art. It is the sincere expectation of the researcher to explore this hypothesis in greater detail within the near future.
Financial Sector
Fraud and identity theft cost consumers and financial institutions of dollars billions in loss revenue each year. Many people do not realize how easily criminals can obtain our personal data without having to break into our homes. In public places a theft can watch you from a nearby location as you punch in your telephone calling card number, credit card number, or ATM PIN. They can use various electronic communication devices to ease drop on your telephone conversation while you give your credit-card number to another business. The thief can go dumpster diving at your home or office to obtain copies of your checks, credit card or bank statements, or other records that typically with your name, address, and/or telephone number. Criminals can also spoof the Internet to acquire identifying data, such as passwords, banking information, or other confidential identity data (http://www.consumer.gov/idtheft).
To counter identity theft and fraud a growing number of banks, including Texas-based Bank United, the Bank of America and Wells Fargo, are using biometric technology to improve the security of online banking and replace PINs and bankcards at ATMs.
Healthcare Sector
Health care centers must comply with what is referred to as the HIPPA legislation and one of the principles of HIPPA is to safeguard access to patient data. Health care centers like New York State Office of Mental Health, St. Vincent Hospitals, and Health Care Centers have adopted a biometric authentication system as the preferred method (Nanavati et al.).
Share with your friends: |