ENHANCING ASSISTIVE TECHNOLOGIES:
THROUGH THE THEORETICAL ADAPTATION OF
BIOMETRIC TECHNOLOGIES TO PEOPLE OF VARIABLE ABILITIES
A Dissertation
Presented to the
Faculty of the
School of Business
Kennedy-Western University
In Partial Fulfillment
of the Requirements for the Degree of
Doctor of Philosophy in
Management Information Systems
by
William J. Lawson, Ph.D.
Tampa, Florida
i
© 2003
William J. Lawson
All Rights Reserved
ii
Dedication This dissertation is dedicated to my Grandmother, Charity Lawson who
passed away September 14, 2000. Following a short illness her life was
taken away unexpectedly. After our biological mother left when I was 2 years
old and my brother Tim was only 3 months old Grandma became the mother
to Tim and I.
My Grandma had been a constant source of inspiration and
encouragement in my life. Grandma was born August 25, 1918 near
Chicago, Illinois to Romanian Immigrates (Gypsies). She spent most of her
childhood traveling with her parents as a fortuneteller in a circus.
If you asked me to tell you what about my Grandmother stood out, I would
have to say that she was an extremely proud woman. She held her head
high and kept great faith through the many trials and tribulations throughout
her life. I would also tell you that I remember her explaining the “Golden
Rule” to me when I was 6 years old and I will never forget, she said that it
meant to “Do onto others as you wish done onto you”. I am so very proud of
my Grandmother - a woman endued with courage, strength, and the will to
fight. I am fortunate to have not only loved her, but to have been loved by
her. What a gift she gave me, for as I write this dedication a tear rolls down
my cheek.
iii
I love and miss you Grandma…
Acknowledgements
Without question my family have felt the pain and joy of this project,
and I thank them for their love, support and endurance of many unique
hardships.
This project could not have happened without the enthusiasm and
guidance of so many others. It would be impossible to list the names of all
of those that have encouraged me in the adaptation of biometrics as an
assistive technology. I would therefore, like to pay homage to the
insightfulness and courage of the one individual whom opened my eyes to
the assistive possibilities of biometric. That person is Michael Burks,
Public Relations Officer of the International Center for Disability Research
on the Internet. Thank you, Michael...
Finally, a thank you to AT&T (my financial sponsor) for their decision to
support this project came from their individual leadership. They are
leaders whom recognize the value and importance of this study to
business and society.
iv
v
Table of Contents
Page
List of Tables............................................................................................xiii
List of Figures ..........................................................................................xiv
List of Images...........................................................................................xv
List of Charts ............................................................................................xvii
Abstract of Dissertation ..........................................................................xviii
Chapter 1. Introduction ...................................................................... 1-35
Proclamation of Problem ...................................................................1
Foundation of the Study ....................................................................5
Significance of the Study ...................................................................6
Scope of the Study ............................................................................7
Rational of the Study .........................................................................7
Glossary of Terms .............................................................................8
Overview of the Study .......................................................................34
Chapter 2. Review of Related Literature......................................... 36-52
Mainstream Biometric Technologies .................................................37
Emerging Biometric Technologies ....................................................37
Radio Frequency Identification (RFID) .............................................39
Smart Card Technologies..................................................................40
Page
vi
Assistive Technologies ......................................................................42
Cultural Barrier (Disabled & Elderly) ................................................43
Universal Design ...............................................................................45
Adaptation to People of Variable Abilities .........................................45
Privacy/Legal Issues..........................................................................46
Security Issues ..................................................................................47
Disability Demographics ....................................................................49
Electronic News Sources ..................................................................50
Study Associated Standards .............................................................50
Summarization of Related Literature.................................................51
Chapter 3. Applied Research Methodologies................................. 53-68
Data Gathering Methods ...................................................................54
Historical Documentation...................................................................55
Quantitative Research Tools .............................................................56
Web-Based Surveys ....................................................................57
One-on-One Interviews................................................................58
Qualitative Research Tools ...............................................................60
Symposiums .......................................................................60
Teleconferences .......................................................................63
Page
Technical Committees .................................................................63
vii
Electronic Mail Exchanges...........................................................64
Communication Participants ........................................................65
Database of Study .............................................................................65
Accuracy, Reliability, Validity of Data ................................................65
Originality and Limitation of Data......................................................67
Methodological Summary..................................................................67
Chapter 4. Analysis of Data ........................................................... 69-186
What is a Biometric............................................................................70
Contrasting Authentication Methods..........................................71
Contact Biometric Technologies........................................................73
Fingerprint Identification .............................................................74
Palm Print and Footprint Identification ......................................77
Hand Geometry ........................................................................79
Dynamic Keystroke Authentication ............................................80
Dynamic Signature Recognition.................................................82
Contactless Biometric Technologies .................................................83
Facial Geometry ........................................................................84
Facial Thermography..................................................................85
Page
Iris Scan Recognition..................................................................86
Retina Scan Recognition ............................................................89
viii
Voiceprint Verification .................................................................90
Accuracy ............................................................................................91
Liveness Test.....................................................................................92
Advantages........................................................................................93
Disadvantages...................................................................................94
Existing Standards.............................................................................95
Emerging Biometric Technologies ....................................................96
Brainwave Biometric ...................................................................97
DNA Identification .......................................................................98
Vascular Pattern Recognition.....................................................99
Body Odor Recognition ..............................................................102
Fingernail Bed Recognition ........................................................103
Gait Recognition .......................................................................103
Handgrip Recognition ...............................................................104
Ear Pattern Recognition .............................................................105
Body Salinity Identification .........................................................106
Infra-Red Fingertip Imaging & Pattern Recognition..................107
Page
Storage Methodologies .....................................................................108
Client-Server Architecture ..........................................................109
Distributed Architecture ..............................................................109
ix
Radio Frequency Identification (RFID) ........................................110
Smart Card Technologies...........................................................111
Hybrid Architecture .....................................................................114
Existing Standards .......................................................................115
Disability Statistics .............................................................................118
Privacy/Legal Issues..........................................................................121
Civil Rights ........................................................................122
Individual Anonymity...................................................................123
Biometric Technologies ..............................................................124
Storage Methodologies................................................................125
Private Institutions.......................................................................127
Government Facilities .................................................................128
Public Places .......................................................................128
Misuse of Personal Data ............................................................129
Profiling (Big Brother Watching).................................................136
Page
Security Issues ..................................................................................138
Biometrics Technologies ............................................................139
Storage Methodologies...............................................................139
Assistive Technologies ...............................................................142
x
Existing Standards ......................................................................142
Cultural Barriers/Perceptions ............................................................145
The Elderly (Aging) Paradigm ....................................................146
Old Disability Paradigm ..............................................................146
New Disability Paradigm.............................................................147
Ability Sequestration of Society ...................................................157
Biometrics Technologies ............................................................158
Biometric Technology Markets ..........................................................159
Law Enforcement .......................................................................160
Government Sector.....................................................................161
Travel and Immigration ................................................................162
Corporate Sector ........................................................................164
Financial Sector 166
Healthcare Sector .......................................................................167
Page
Adaptation to People of Variable Abilities .........................................168
Reasonable Accommodation .....................................................168
Smart Card Interface ..................................................................169
Control .......................................................................171
Universal Design ........................................................................171
xi
Fused Biometric Solution ...........................................................176
Exoskeleton .......................................................................179
Implementation Strategies.................................................................181
Risk Assessment Methodology (RAM) .....................................183
Integration Concerns ..................................................................184
Enrollment/Administration Practices............................................185
Training/Education ......................................................................185
Alternative Authentication Methods ...........................................186
Auditing .......................................................................187
Accountability ........................................................................187
Oversight ........................................................................187
Chapter 5. Summary, Recommendations and Conclusions ..... 188-xxx
Mainstream Biometric Technology Summary ...................................188
Emerging Biometric Technology Summary.......................................189
Page
Summary of Cultural Barriers ............................................................189
Assistive Technology Summary ........................................................193
Universal Design Summary...............................................................195
Recommendations for Universal Standard .......................................195
Recommendations for Adaptation of Biometrics...............................196
Recommendations for Storage Methodologies.................................197
xii
Recommendations for Fused Biometric Solutions............................198
Conclusions .......................................................................................201
References..........................................................................................203-214
Appendices
Appendix 1: To Be Or Not To Be? (Survey Introduction)..................A-1
Appendix 2: Online Survey: Use of Biometrics and Neural
Implants .........................................................................A-2
Appendix 3: One-on-One Interview Questionnaire ...........................A-3
Appendix 4: Final Result Matrix: Online Survey - Per
Question Breakdown .....................................................A-4
Appendix 5: Fused Result: Online Survey – By Agreement
Levels.............................................................................A-5
Appendix 6: Aggregated Results of One-on-One Interview
Questions.......................................................................A-6
xiii
List of Tables
Page
Table 1: Twelve Known One-on-One Interview Participants .................57
Table 2: List of Teleconference Sponsoring Organizations ...................63
Table 3: Standard Biometric Header Followed by the BDB and
the SB.........................................................................................177
xiv
List of Figures
Page
Figure 1: Graphical Representation of Employed Research
Approach ....................................................................................54
Figure 2: Structure of CBEFF Data Block ...............................................177
xv
List of Images
Page
Image 1: Depiction of Fingerprint Patterns and Minutiae ....................75
Image 2: Comparison of an Ultrasonic and Optical Scanned
Fingerprint Image ....................................................................77
Image 3: Depiction of Palm Print Patterns and Minutiae........................78
Image 4: Depiction of Hand Geometry Recognition Process..............80
Image 5: Example of the Dynamic Keystroke Authentication
Process....................................................................................81
Image 6: Depiction of Dynamic Signature ............................................83
Image 7: Depiction of Facial Geometry Biometric ...............................85
Image 8: Depiction of Facial Thermography Pattern Biometric ..........86
Image 9: Depiction of Iris Scan Biometric ............................................87
Image 10: Left eye of researcher (Dr. William Lawson) ......................88
Image 11: Depiction of Retina Scan Biometric ....................................90
Image 12: Depiction of Voiceprint Verification Biometric.....................91
Image 13: Depiction of EEG Brain waveforms.....................................98
Image 14: Delineation of Vascular Scan Pattern .................................100
Image 15: Before and After Pictures of Spider Vein Procedure .........101
Image 16: Before and After Pictures of Varicose Vein Procedure......101
xvi
List of Images (continued)
Page
Image 17: Magnification of Human Nail Bed........................................103
Image 18: Identification of Measurable Ear Features..........................106
Image 19: Rendering of Fingertip Thermo Mapping Technique .........108
Image 20: Smallest RFID Chip..............................................................111
Image 21: Component Parts of Contactless Smart Card ....................112
Image 22: Flow of Smart Card Reader/Writer Functions ....................113
Image 23: Inductive Coupling for Contactless Smart Card .................114
Image 24: Example of a Biometric Identification Smart Card .............141
Image 25: INSPASS Station..................................................................162
Image 26: Rendering of a Exoskeleton ................................................179
Image 27: Example of Neural Interface................................................180
xvii
List of Charts
Page
Chart 1: American Disability Statistics, 1999 .......................................120
Chart 2: Canadian Disability Statistics, 1998 .......................................120
Chart 3: European Disability Statistics, 2001.......................................121
Chart 4: Potential Abuses of Power...................................................133-136
Chart 5: Fused Biometric Solution Decision Flow Chart .....................200
xviii
Abstract of Dissertation
ENHANCING ASSISTIVE TECHNOLOGIES:
THROUGH THE THEORETICAL ADAPTATION OF
BIOMETRIC TECHNOLOGIES TO PEOPLE OF VARIABLE ABILITIES
by
William J. Lawson, Ph.D.
Tampa, Florida
THE PROBLEM
Within the international culture of today’s information age there exist(s)
barriers to the adaptation of a secure access methodologies to electronic
devices and technology for people of variable abilities. This problem to be
addressed is that of a threefold design, each element is interconnected
and of an iterative nature.
The first element of the threefold problem is the lack of an international
assistive technology interface standard(s) that are based on universal
design philosophies, the second element is the cultural barriers that have
been created by the mindset of the international society, and the final
(third) resulting element is that the first two have created a shortage of
qualified personnel in the workplace.
xix
There also exists a theoretical assistive technology resolution that
could feasibly be adapted to the environments of schools, businesses, and
the international society at large. Biometric technologies could be fused
with other technologies both existing and emerging to play a significant
role in the eradication of the threefold problem.
THE METHOD
While the basal premise of this dissertation is that of original
innovation. There is no denying that the supporting elements of the
references have lent themselves to this paper are fundamentally based on
the eternal philosophies of applied research. It is the first-hand accounts
and experiences of those whom have come before that has lead to the
transition of emerging theories and technologies to origin of what is now
known as historical documentation. It is the historical documentation that
will add credence to the premise and this dissertation.
The exploration of case studies and technology trails was invaluable in
the research process. The exploration has allowed for the formation of
new case based approaches to address the validity and redundancy of the
research. The descriptive online surveys, one-on-one interviews,
conferences, teleconferences, and committees brought into play the
cultural psyche and philosophies of the international communities.
xx
The quantification and qualification of the research is based on the
existence of the encompassed commonalities between all of the acquired
data and research methods. The margin for error is subjective in nature
and left to the item-by-item interpretation of each individual person.
THE FINDINGS
The absolute majority of the research material, findings, and available
technologies predominately tend to support the feasible adaptation of
biometrics to people of variable ability levels. Currently, with respect to the
threefold problem the findings demonstrate that element one and three
can be eradicated today. However, element two, the shift of the cultural
barrier (paradigm) cannot be accomplished until elements one and three
have been put into effect. Once element one and three have been
successfully put into effect, it will take several years or maybe a decade
for element two of the threefold problem to be eradicated or at the very
least significantly transformed.
1
Introduction
Chapter 1
The information age has already revolutionized the way in which we
live our lives from day to day. Each and everyday, a multitude of labor-
intensive tasks are automated via some type of electronic device or
software application. The aforementioned growth of electronics and
technology has resulted in a greater demand for a rapid and defined
technique on how to adapt and implement emerging technologies to the
ever-changing environment of today. However, businesses and the
international society must not neglect to remember that with every
advance of automation of technology comes the need to invent a
standardized interface in order to properly facilitate the need for individual
access and control.
Proclamation of Problem
Within the international culture of today’s information age there exist
barriers to the adaptation of a secure access methodology to electronic
devices and technology for people of variable abilities. This problem to be
addressed is that of a threefold design, each element is interconnected
and of an iterative nature.
2
The first element of the threefold problem is the lack of an international
assistive technology interface standard(s) that are based on universal
design philosophies, the second element is the cultural barriers that have
been created by the mindset of the international society, and the final
(third) resulting element is that the first two has created a shortage of
qualified personnel in the workplace.
There also exist a theoretical assistive technology resolution that could
feasibly be adapted to the environments of schools, businesses, and the
international society at large. Biometric technologies could be fused with
other technologies both existing and emerging to play a significant role in
the eradication of the threefold problem.
The critical shortage of qualified personnel in the workplace is partly
related to the change of societies from that of an industrial based
workforce to a knowledge based workforce, partly because the baby
boomers have only had about half as many children as their parents, and
partly due to medical advances (Schaie & Schooler, 1998). As a result the
number of 20 to 24 year olds entering the workforce continues to fall
(NCD, 2001).
This critical shortage has forced employers to rethink their recruitment
strategies and look towards targeting chronological mature people, and
people with disabilities (variable abilities) (NCD, 2001). It is important to
3
recognize that people with disabilities are the largest minority group, they
cross all ethnic, racial, gender, chronological groups, and number at
around 54 million Americans and growing (U.S. Department of Labor
[USDOL], 2002). Out of the 29 million working age adults with variable
abilities in the U.S., about two thirds are unemployed and nearly 80
percent of that two thirds would like to work but have not had the
opportunity to do so (USDOL, 2002).
While people with variable abilities may have the desire to work, they
still may have to overcome the formidable attributes of the cultural barrier
or innate characteristics of a disenabling mental, physical, or emotional
barrier. Cultural barriers embody numerous complex, dynamic, and
diverse challenges to be overcome. These challenges are related to but
are not limited to organizational, management, and worker cultures. In
plain terms, it is discrimination (Hagner & DiLeo, 1993). To overcome the
disenabling effects of mental, physical, or emotional barriers, society at
large has looked towards the properties rewards of assistive technologies
for reinforcements.
Assistive technologies persists to grow at a break neck pace, society
has not evolved rapidly enough to maintain pace with the necessities of a
universally conceived access and control solution. With respect to the
threefold problem, the adaptation or fusion of biometric technologies and
4
smart card technologies to facilitate access and control is one technique
that can be employed to accomplish such a daunting chore.
Even in the technologically advanced environment of today, the
derivational technologies of biometrics are still considered to be in the
category of emerging technologies. Typically, an emerging technology
inhabits what is referred to as the development stage and is thereby
fundamentally proprietary in nature. Therefore, national or international
adaptation and implementation standards are traditionally not established
until it is financially worthwhile to do so or until a profound episode
demonstrates the necessity for a particular technological solution.
The necessity for a particular technology is typically directly related to
the desires of the human psyche (élan vital). Factors surrounding those
desires may possibly be demonstrated in the form of protection (such as
self-protection, self-preservation, self-defense, security, freedom, financial
markets…) or public perception (such as conceit, complacency, personal
privacy, happiness, identity fraud, safety, loss of control, governmental
conspiracy…). Even though an emerging technology may demonstrate the
capacity to be financially rewarding and/or fulfill a profound need a solution
may still not be established, because the technology does not apply to a
large enough demographic. For instance, the marketing strategy may not
have included disabled individuals (a routinely overlooked demographic). It
5
is not until such a technology is applicable or needed by the public at large
that an implementation standard is established.
Since biometric technologies do not currently meet the perceived needs
of the public at large, a standardized implementation plan has not been
conceived. I would however contend that public perception as related to
the cultural paradigm is the greatest challenge facing businesses,
managers, and society.
Foundation of the Study
This study examines the theoretical feasibility of enhancing assistive
technologies through the adaptation and implementation of biometric
technologies. Biometric technologies could theoretical be applied to all
areas of our earthly environment and may just become the standard
identification interface between man and machine.
The information gathered from this study can be absolutely applied to
assistive technologies and in turn can be a powerful tool to aid in the
expansion of knowledge and the creation of opportunities for all individuals
worldwide.
Significance of the Study
The technological underpinnings of biometric technologies are some
have the most promising and life altering fundamentals in existence today.
Barring cultural barriers, the adaptation and implementation of biometrics
6
technologies could feasibly bring about a rudimentary shift with respect to
security, access and control. Thereby, giving birth to the creation of many
new assistive technology solutions and launching the world into a new era,
an era where all things are possible and disabilities as we know them
today have been eradicated from existence.
Biometric technologies can be adapted to areas requiring secure
access and control. Biometrics can be used to access logical assets and
to potentially facilitate absolute control of both logical devices and physical
components, in both the realities of the virtual and tangible worlds. In
theory, biometric technologies could be adapted to interface with
applications, personal computers, networks, accounts, human resource
records, telephone system, automotive vehicles, planes, trains,
wheelchairs, exoskeleton, and could be used in the invocation of
customized profiles to enhance the mobility of people with varied ability
levels (Nanavati et al.).
An added benefit of to biometric technologies is that it could potentially
provide society with a feasible resolution to one of the greatest challenges
facing businesses of today. That problem is the task of business to
maintain a qualified workforce. This is primarily because of the change
from an industrial workforce to a knowledge workforce and because the
baby boomers have only had about half as many children as their parents.
7
Scope of the Study
This study will center on the underlining technologies of biometrics and
the existence of cultural barriers with respect to the adaptation of biometric
technologies standards within the workplace and the international society.
All attributes of the underlining technologies and the cultural barriers
will include but not be limited to the positives and negatives of biometric
readers, biometric characteristics, smart cards, neural interfaces,
technology standards, implementation strategies, legal issues, privacy
issues, barriers, workplace culture, government culture, civilian culture,
the elderly, and people with disabilities (whom have the most to gain).
Rationale of the Study
To overcome the disenabling effects of mental, physical (mobility),
structural (building), or emotional barriers as related to the access and
control of electronic devices and technology that span the environments of
both the virtual and tangible worlds.
The societies of the world have hence, looked towards the advantages
of assistive technologies for assistance. The reality of the matter is that
while assistive can help to overcome many mental, physical, and
emotional barriers it cannot and will not ever possess the ability to
overcome the reigning number one barriers confronting people with
disabilities. The reigning number one barrier has been created by the
8
international society and is referred to as the cultural barriers. Cultural
barriers embody numerous complex, dynamic, and diverse challenges to
be overcome. These challenges are related to but are not limited to
cultures of the workplaces and societies of the international communities
(Hagner & DiLeo, 1993).
Biometric technologies will play a significant role in the eradication of
the threefold problem. However, the best rationale of all is that to do so is
the mark of an enlighten people and the right thing to do.
Glossary of Terms
The following are terms that will be used throughout the study.
Ability to Verify/ATV: Is a combination of the FTE and FNMR.
Abstract Interactor: An interactor that describes the selection, input, or
output for a user interaction, without constraining the concrete form of
the interaction.
Accessibility: The opportunity for people of any ability level to interface
with electronic devices or technology to overcome all logical and
physical barriers.
Acoustic Emission: A proprietary technique used in signature
verification. As a user writes on a paper surface, the movement of the
pen tip over the paper fibers generates acoustic emissions that are
transmitted in the form of stress waves within the material of a writing
9
block beneath the document being signed. The structure-borne elastic
waves behave in materials in a similar way to sound waves in air and
can be detected by a sensor attached to the writing block.
Active Impostor Acceptance: When an impostor submits a modified,
simulated or reproduced biometric sample, intentionally attempting to
relate it to another person who is an enrollee, and the person is
incorrectly identified or verified by a biometric system as being that
enrollee. Compare with 'Passive Impostor Acceptance'.
AFIS (Automated Fingerprint Identification System): A highly
specialized biometric system that compares a single finger image with
a database of finger images, AFIS is predominantly within law
enforcement agencies.
AIAP: Acronym for Alternate Interface Access Protocol.
AIAP-URC: Acronym for Alternate Interface Access Protocol Universal
Remote Console.
Algorithm: A sequence of instructions that tell a biometric system how to
solve a particular problem. An algorithm will have a finite number of
steps and is typically used by the biometric engine to compute
whether a biometric sample and template is a match. See also
'Artificial Neural Network'.
10
Alternate/Abstract Interface Markup Language (AAIML): The Alternate
& Abstract Interface Markup Language (AAIML) is a vehicle by which
a target conveys an abstract user interface description to a URC in the
control phase, i.e. after a session has been opened between the URC
and the target. The abstract UI description is presentation
independent and must include all features and functions the target
provides via its default (built-in) user interface.
API (Application Program Interface): A set of services or instructions
used to standardize an application. An API is computer code used by
an application developer. Any biometric system that is compatible with
the API can be added or interchanged by the application developer.
See also Part III Terms Related to Specific Biometric Techniques for
'SVAPI' under 'Speaker Verification'.
Application Developer: An individual entrusted with developing and
implementing a biometric application.
Aqueous Humor: A transparent liquid contained in the anterior and
posterior chambers of the eye, produced by the ciliary process it
passes to the venous system via the canal of Schlemm.
Artificial Neural Network: A method of computing a problem. An artificial
neural network uses artificial intelligence to learn by past experience
11
and compute whether a biometric sample and template is a match.
See also 'Algorithm'.
ASIC (Application Specific Integrated Circuit): An integrated circuit
(silicon chip) that is specially produced for a biometric system to
improve performance.
Attempt: The submission of a biometric sample to a biometric system for
identification or verification. A biometric system may allow more than
one attempt to identify or verify.
Authentication: Is the process of validating that an individual is in fact the
person whom they claim to be.
Auto-correlation: A proprietary finger scanning technique. Two identical
finger images are overlaid in the auto-correlation process, so that light
and dark areas, known as Moiré fringes, are created.
Automatic ID/Auto ID: An umbrella term for any biometric system or
other security technology that uses automatic means to check identity.
This applies to both one-to-one verification and one-to-many
identification.
Backbone: The main wire of a network or the wire to which the nodes of a
network connect.
Behavioral Biometric: A biometric that is characterized by a behavioral
trait that is learnt and acquired over time rather than a physiological
12
characteristic. See Part III Terms Related to Specific Biometric
Techniques for 'Keystroke Dynamics', 'Signature Verification' and
'Speaker Verification'. Contrast with 'Physical/Physiological Biometric'.
Bifurcation: A branch made by more than one finger image ridge.
Binning: A specialized technique used by some AFIS vendors. Binning is
the process of classifying finger images according to finger image
patterns. This predominantly takes place in law enforcement
applications. Here finger images are categorized by characteristics
such as arches, loops and whorls and held in smaller, separate
databases (or bins) according to their category. Searches can be
made against particular bins, thus speeding up the response time and
accuracy of the AFIS search.
Biometric: A measurable, physical characteristic or personal behavioral
trait used to recognize the identity, or verify the claimed identity, of a
living person.
Biometric Application: The use to which a biometric system is put. See
also 'Application Developer'.
Biometric Data: The extracted information taken from the biometric
sample and used either to build a reference template or to compare
against a previously created reference template.
13
Biometric Engine: The software element of the biometric system, which
processes biometric data during the stages of enrolment and capture,
extraction, comparison and matching.
Biometric Identification Device: The preferred term is 'Biometric
System'.
Biometric Sample: Data representing a biometric characteristic of an
end-user as captured by a biometric system.
Biometric System: An automated system capable of, Capturing a
biometric sample from an end user; Extracting biometric data from
that sample; Comparing the biometric data with that contained in one
or more reference templates; Deciding how well they match; and
Indicating whether or not an identification or verification of identity has
been achieved.
Biometric Taxonomy: A method of classifying biometrics. For example,
San Jose State University's (SJSU) biometric taxonomy uses
partitions to classify the role of biometrics within a given biometric
application. Thus an application may be classified as:
Cooperative vs. Non-Cooperative User
Overt vs. Covert Biometric System
Habituated vs. Non-Habituated User
Supervised vs. Unsupervised User
14
Standard Environment vs. Non Standard Environment
Biometric Technology: A classification of a biometric system by the type
of biometric.
Booking: The process of capturing inked finger images on paper, for
subsequent processing by an AFIS.
Capacitance: Finger images capture technique that senses an electrical
charge, from the contact of ridges, when a finger is placed on the
surface of a sensor.
Capture: The method of taking a biometric sample from the end user.
Central processing unit (CPU): The brains of the computer.
Certificate authority (CA): The third party that issues digital certificates
and vouches for the identity of parties involved in an online
transaction.
Certification: The process of testing a biometric system to ensure that it
meets certain performance criteria. Systems that meet the testing
criteria are said to have passed and are certified by the testing
organization.
Comparison: The process of comparing a biometric sample with a
previously stored reference template or templates. See also 'One-To-
Many' and 'One-To-One'.
15
Claim of Identity: When a biometric sample is submitted to a biometric
system to verify a claimed identity.
Claimant: A person submitting a biometric sample for verification or
identification whilst claiming a legitimate or false identity.
Clock speed: The speed at which the CPU or microprocessor executes
instructions.
Closed-Set Identification: When an unidentified end-user is known to be
enrolled in the biometric system. Opposite of 'Open-Set Identification'.
CMOS (Complementary Metal Oxide Semiconductor): A type of
integrated circuit used by some biometric systems because of its low
power consumption.
Combinatorial: The branch of mathematics concerned with analyzing
combinations of events and their associated probabilities.
Commensurability: The universal format and length of Codes.
Concrete Interactor: An interactor that describes the selection, input, or
output for a user interaction, and includes information on the visual or
non-visual realization of that interaction, for example a list box or a
particular speech grammar.
Control Phase: The control phase is the time period in the URC-target
communication exchange when the URC controls the target via
AAIML.
16
Crossover Rate: Synonym for 'Equal Error Rate'.
D Prime: A statistical measure of how well a biometric system can
discriminate between different individuals. The larger the D Prime
value, the better a biometric system is at discriminating between
individuals.
Deep Web: Refers to a massive trove of information stored in databases,
multimedia files and other formats that don't turn up on standard
search engine services.
Degrees of Freedom: The number of statistically independent features in
biometric data.
Denial of service attack: Occurs when hackers send thousands or
hundreds of thousands of requests to a server at the same time with
the intention of knocking it out of service.
Discovery Phase: The discovery phase initializes the URC to locate and
identify all available targets.
Discriminate Training: A means of refining the extraction algorithm so
that biometric data from different individuals are as distinct as
possible.
DNA: DEOXYRIBONUCLEIC ACID organic chemical of complex
molecular structure that is found in all prokaryotic and eukaryotic cells
17
and in many viruses. DNA codes genetic information for the
transmission of inherited traits.
DPI (Dots Per Inch): A measurement of resolution for finger image
biometrics.
DSV (Dynamic Signature Verification): Synonym for 'Signature
Verification'.
Eigenface: A method of representing a human face as a linear deviation
from a mean or average face.
Eigenhead: The three dimensional version of Eigenface that also
analyses the shape of the head.
Encryption: The act of converting biometric data into a code so that
people will be unable to read it. A key or a password is used to
decrypt (decode) the encrypted biometric data.
End User: A person who interacts with a biometric system to enroll or
have his/her identity checked.
End User Adaptation: The process of adjustment whereby a participant
in a test becomes familiar with what is required and alters their
responses accordingly.
Enrollee: A person who has a biometric reference template on file.
18
Enrollment: The process of collecting biometric samples from a person
and the subsequent preparation and storage of biometric reference
templates representing that person's identity.
Enrollment Time: The time period a person must spend to have his/her
biometric reference template successfully created.
Equal Error Rate: When the decision threshold of a system is set so that
the proportion of false rejections will be approximately equal to the
proportion of false acceptances. A synonym is 'Crossover Rate'.
Ergodicity: The representative ness of sub samples.
Ethernet: Technology standard used to link computers in local area
networks.
Extraction: The process of converting a captured biometric sample into
biometric data so that it can be compared to a reference template.
Extranet: A network linking different computer networks over the Internet.
Failure to Acquire: Failure of a biometric system to capture and extract
biometric data.
Failure to Acquire Rate: The frequency of a failure to acquire.
False Acceptance: When a biometric system incorrectly identifies an
individual or incorrectly verifies an impostor against a claimed identity.
Also known as a Type II error.
19
False Acceptance Rate/FAR: The probability that a biometric system will
incorrectly identify an individual or will fail to reject an impostor. Also
known as the Type II error rate.
False Match Rate/FMR: Alternative to 'False Acceptance Rate'. Used to
avoid confusion in applications that reject the claimant if their
biometric data matches that of an enrollee. In such applications, the
concepts of acceptance and rejection are reversed, thus reversing the
meaning of 'False Acceptance' and 'False Rejection'. See also 'False
Non-Match Rate'.
False Non-Match Rate/FNMR: Alternative to 'False Rejection Rate'. Used
to avoid confusion in applications that reject the claimant if their
biometric data matches that of an enrollee. In such applications, the
concepts of acceptance and rejection are reversed, thus reversing the
meaning of 'False Acceptance' and 'False Rejection'. See also 'False
Match Rate'.
False Rejection: When a biometric system fails to identify an enrollee or
fails to verify the legitimate claimed identity of an enrollee. Also known
as a Type I error.
False Rejection Rate/FRR: The probability that a biometric system will
fail to identify an enrollee, or verify the legitimate claimed identity of an
enrollee. Also known as a Type I error rate.
20
Failure to Acquire/FTA: Represents the probability that the user
biometric characteristic is either damage, flawed, and/or not presented
in the correct manner.
Failure to Enroll/FTE: Represents the probability that a user failed to
enroll into the biometric system.
FAS: Fused Accessible Solution.
Field Test: A trial of a biometric application in 'real world' as opposed to
laboratory conditions.
Filtering: A specialized technique used by some AFIS vendors. Filtering
is the process of classifying finger images according to data that is
unrelated to the finger image itself. This may involve filtering by sex,
age, hair color or other distinguishing factors.
Fixed-Text System: The preferred term is 'Text-Dependent System'.
Goats: Biometric system end users whose pattern of activity when
interfacing with the system varies beyond the specified range allowed
by the system, and who consequently may be falsely rejected by the
system.
Genetic Penetrance: The degree to which characteristics are passed
from generation to generation.
Hamming Distance: The number of disagreeing bits between two binary
vectors. Used as measure of dissimilarity.
21
Identification/Identify: The one-to-many process of comparing a
submitted biometric sample against all of the biometric reference
templates on file to determine whether it matches any of the templates
and, if so, the identity of the enrollee whose template was matched.
The biometric system using the one-to-many approach is seeking to
find an identity amongst a database rather than verify a claimed
identity. Contrast with 'Verification'.
Impostor: A person who submits a biometric samples in either an
intentional or inadvertent attempt to pass him/herself off as another
person who is an enrollee.
In-House Test: A test carried out entirely within the environs of the
biometric developer, which may or may not involve external user
participation.
Instant Messaging: A system in which words typed on a computer
appear almost simultaneously on the computer screens of other
people.
Interactor: An abstract or concrete user interface element that describes
a choice for the user to make, some input to obtain from the user, or
some output to convey to the user.
Invisible Web: see DEEP WEB.
22
Iris Features: A number of features can be found in the iris. These are
named corona, crypts, filaments, freckles, pits, radial furrows and
striations.
Linux: An operating system developed by volunteer programmers around
the world as an alternative to Microsoft Corp.'s Windows. In addition
to not being a Microsoft product, the other big selling point of Linux is
that it is open-source software.
Live Capture: The process of capturing a biometric sample by an
interaction between an end user and a biometric system.
Live Scan: The term live scan is typically used in conjunction with finger
image technology. Synonym for 'Live Capture'.
Local area network (LAN): A computer network with a reach limited to an
office, a building or a campus.
Managed service provider (MSP): Any company that offers outsourced
hosting and management of Web-based services, applications and
equipment.
Match/Matching: The process of comparing a biometric sample against a
previously stored template and scoring the level of similarity. A accept
or reject decision is then based upon whether this score exceeds the
given threshold.
23
Media Access Control (MAC) Address: On a local area network (LAN)
or other network, the MAC (Media Access Control) address is your
computer's unique hardware number. (On an Ethernet LAN, it's the
same as your Ethernet address.) When you're connected to the
Internet from your computer (or host as the Internet protocol thinks of
it), a correspondence table relates your IP address to your computer's
physical (MAC) address on the LAN. The MAC address is used by the
Media Access Control sub layer of the Data-Link Layer (DLC) layer of
telecommunication protocol. There is a different MAC sub layer for
each physical device type. The other sub layer level in the DLC layer
is the Logical Link Control sub layer.
Microprocessor: See Central Processing Unit.
Minutiae: Small details found in finger images such as ridge endings or
bifurcations.
Minutiae Points: are local ridge characteristics that occur at either a ridge
bifurcation or a ridge ending.
MOC (Match-On-Card): technology offered in certain smart cards with
which a biometric template comparison is carried out within the
confines of the card.
24
Morphogenesis: The process of shape formation: the processes that are
responsible for producing the complex shapes of adults from the
simple ball of cells that derives from division of the fertilized egg.
Neural Net/Neural Network: Synonym for 'Artificial Neural Network'.
OEM (Original Equipment Manufacturer/Module): A biometric
organization (Manufacturer), which assembles a complete biometric
system from parts; or a biometric Module for integration into a
complete biometric system.
One-To-Many: Synonym for 'Identification'.
One-To-One: Synonym for 'Verification'.
Open-Set Identification: Identification, when it is possible that the
individual is not enrolled in the biometric system. Opposite of 'Closed-
Set Identification'.
Open source: Technology with an underlying programming code that is
free for all to use and alter. A band of programmers, technologists and
some companies around the world are advocating open-source
technology. The goal is to develop technology that is compatible with
other technologies.
Optical: Finger images capture technique that uses a light source, a prism
and a platen to capture finger images.
25
Out Of Set: In open-set identification, when the individual is not enrolled
in the biometric system.
Passive Impostor Acceptance: When an impostor submits his/her own
biometric sample and claiming the identity of another person (either
intentionally or inadvertently) he/she is incorrectly identified or verified
by a biometric system. Compare with 'Active Impostor Acceptance'.
Patch: Software program used to fix a hole or bug in a software
application. Companies offer "patches" free to customers when
vulnerabilities or problems are discovered in the products they sell.
Pectinate Ligaments: The network of fibres at the iridocorneal angle
between the anterior chamber of the eye and the venous sinus of the
sclera; it contains spaces between the fibres that are involved in
drainage of the aqueous humor, and is composed of two portions: the
corneoscleral part, the part attached to the sclera, and the uveal part,
the part attached to the iris.
Performance Criteria: Pre-determined criteria established to evaluate the
performance of the biometric system under test.
Photonics: Technology used to transmit voice, data and video via light
waves over thin strands of glass.
Physical/Physiological Biometric: A biometric, which is characterized by
a physical characteristic rather than a behavioral trait. See Part III
26
Terms Related to Specific Biometric Techniques for 'Body Odor', 'Ear
Shape', 'Face Recognition', 'Finger Geometry', 'Finger Image', 'Hand
Geometry', 'Iris Recognition', 'Palm', 'Retina', 'Speaker Verification'
and 'Vein check'. Contrast with 'Behavioral Biometric'.
PIN (Personal Identification Number): A security method whereby a
(usually) four-digit number is entered by an individual to gain access
to a particular system or area.
Platen: The surface on which a finger is placed during optical finger image
capture.
Plug-in: Software programs that make a Web browser run better,
including allowing the downloading of information on the Internet.
Presentation-Independent Template: A form of UIID. It describes a
mapping from a user interface socket to a structured set of abstract
interactors. This mapping provides access to all of the commands and
readable data points within the user interface socket.
Privacy: The degree to which an individual can determine which personal
information is to be shared with whom and for what purpose. Always a
concern is when an authorized users pass confidential information to
another vendor or government agency.Public key infrastructure
(PKI): Refers to the framework, including digital certificates and
27
certificate authorities, used to securely conduct and authenticate
online transactions.
Reasonable Accommodation: Include those structural and technological
modifications that do not impose an undue hardship on the employer.
Receiver Operating Curves: A graph showing how the false rejection
rate and false acceptance rate vary according to the threshold.
Recognition: The preferred term is 'Identification'.
Response Time: The time period required by a biometric system to return
a decision on identification or verification of a biometric sample.
Ridge: The raised markings found across the fingertip. See also 'Valley'.
Ridge Ending: The point at which a finger image ridge ends.
Risk Assessment Methodology (RAM): A three-step method of
assessing the risk of whether to endorse or veto the relevance of a
proposed solution.
Routers: Devices that act as traffic cops for computer data on the
Internet.
Security: The protection of data against unauthorized access. Programs
and data can be secured by employing a carefully designed and
planned authentication method.
Semantic Web: A vision or concept articulated by some computing
leaders -- including Tim Berners-Lee, recognized as the creator of the
28
World Wide Web -- of how computer programs and technologies can
be used to semantically structure, describe, search and interpret
documents and data on the Web. This concept envisions the Web
evolving from an HTML-based one to the semantic Web.
Session: A continuous period over which a user is engaged with the
target.
Short message service (SMS): Brief text messages that are transmitted
via mobile phones.
Software agent(s): "Intelligent" software programs that perform tasks,
search and retrieve information a user requires from databases and
computer networks.
Supplemental Resources: Interpretation and translation resources that
may be used in building a user interface. These resources include text
for labeling interface elements, help text, translations into other
languages, and icons, graphics or other multi-media elements.
Target: The target is a device (e.g. VCR) or service (e.g. online phone
directory) that the user wishes to use.
Target-Class Template: A UIID that can be mapped to the user interface
socket of any target of a certain class such as microwave ovens or
televisions.
29
Technology Access Barriers (TAB): A structure or object that impedes
free bi-directional in parallel access (movement) to technology.
Template/Reference Template: Data, which represents the biometric
measurement of an enrollee used by a biometric system for
comparison against subsequently, submitted biometric samples.
Thermal: A finger image capture technique that uses a sensor to sense
heats from the finger and thus captures a finger image pattern.
Third-generation networks: Much-hyped technology that promises to
enable high-speed downloading of data, including videophone service,
and worldwide compatibility.
Third Party Test: An objective test, independent of a biometric vendor,
usually carried out entirely within a test laboratory in controlled
environmental conditions.
Threshold/Decision Threshold: The acceptance or rejection of biometric
data is dependent on the match score falling above or below the
threshold. The threshold is adjustable so that the biometric system
can be more or less strict, depending on the requirements of any
given biometric application.
Throughput Rate: The number of end users that a biometric system can
process within a stated time interval.
30
Trojan horse: Malicious code that is often hidden in e-mail attachments
that once activated can be used to steal or destroy programs and data
on a computer.
UBID: Acronym for Universal Biometric Identification.
UI: Acronym for User Interface.
UIID: Acronym for User Interface Implementation Description.
Ultrasound: A technique for finger image capture that uses acoustic
waves to measure the density of a finger image pattern.
Universal Remote Console (URC): The URC is a device or software
through which the user accesses a target. The URC complies with the
AIAP-URC specification and is capable of rendering any AAIML
specified user interface. It is “universal” in the sense that it can be
used to control any AIAP-URC compliant target. It is assumed that
users will choose a URC capable of meeting their personal interaction
requirements.
URC: Acronym for Universal Remote Console.
User: The client to any biometric vendor. The user must be differentiated
from the end user and is responsible for managing and implementing
the biometric application rather than actually interacting with the
biometric system.
31
User Interface Instance: A UIID that completely describes a user
interface and has been built and made available in advance of the
user’s session with the target.
User Interface Instantiation: A UIID that completely describes a user
interface and has been dynamically derived from a presentation-
independent template during the user interface construction phase of
a user’s session with a target.
User Interface Socket: A low level description of a specific target. It
describes the functionality and state of the target as a set of data
points and commands.
Validation: The process of demonstrating that the system under
consideration meets in all respects the specification of that system.
Valley: The corresponding marks found on either side of a finger image
ridge.
Verification/Verify: The process of comparing a submitted biometric
sample against the biometric reference template of a single enrollee
whose identity is being claimed, to determine whether it matches the
enrollee’s template. Contrast with 'Identification'.
Web bugs: Invisible files hidden on Web pages to help marketers
determine who has seen their ads.
Webcast: Audio, video or both broadcast on the Web.
32
Web clipping: Shortened versions of Web pages designed to fit and be
displayed on the small screens of handheld devices.
Web services: A catch-all term describing a trend in which services are
delivered over the Internet, or the Internet is used to automate tasks.
Wide area networks (WANs): Computer networks, spanning great
distances that are connected to each other.
Wi-fi: A wireless technology standard that was formerly called 802.11b.
The technology allows people to connect to networks using simple
radio antennas in their laptops or desktop PCs.
Worm: A computer program that replicates and spreads from computer to
computer via e-mail.
WSQ (Wavelet Transform/Scalar Quantisation): A compression
algorithm used to reduce the size of reference templates.
X Internet: Buzzword coined by Forrester Research Inc., with the X
standing for "executable" or "extended" Internet in which non-PC
devices and consumer products, including cell phones, televisions,
cars and refrigerators, are linked to the Internet.
Zero Effort Forgery: An arbitrary attack on a specific enrollee identity in
which the impostor masquerades as the claimed enrollee using his or
her own biometric sample.
33
Overview of the Study
This research paper will attempt to show that within the international
culture of today’s information age there exist a threefold (interconnected)
problem to be addressed with respect to the existence of a secure access
methodology to electronic devices and technology for people with variable
abilities. Furthermore, this study will analyze the theoretical aspects,
concepts, and barriers (logical, physical, cultural, and tangible) related to
the adaptation and implementation of biometric technologies to people
with of variable abilities. This study must and will embody the
characteristics of universal design philosophies.
34
Review of Related Literature
Chapter 2
From a multi-dimensional perspective there are a multitude of related
theories, concepts, practices (strategies), and technologies from both
printed and electronic mediums that apply to each individual facet of
assistive technologies, biometric technologies, smart card technologies,
universal design, neural control, privacy issues, legal issues, security,
accessibility, and the ever-present cultural barriers of society. More to the
point, the related literature will link the theories, concepts, and practices of
the aforementioned facets to the adaptation of biometric technologies to
people with disabilities. Thereby, proving that biometric technologies can
indeed be adapted to people with disabilities as the supreme assistive
technology.
The paragraphs that follow will only be a synopsis of the dominant
philosophies as related to the many facets of implementation and
adaptation of biometric technologies to people with disabilities. Hence, the
35
following paragraphs will assist to establish a literary framework of cultural
theories, societal concepts, implementation practices, and technology
standards.
Mainstream Biometric Technologies
The function of a biometric technologies authentication system is to
facilitate controlled access to applications, networks, personal computers
(PCs), and physical facilities. A biometric authentication system is
essentially a method of establishing a person’s identity by comparing the
binary code of a uniquely specific biological or physical characteristic to
the binary code of an electronically stored characteristic called a biometric.
The defining factor for implementing a biometric authentication system is
that it cannot fall prey to hackers; it can’t be shared, lost, or guessed.
Simply put, a biometric authentication system is an efficient way to replace
the traditional password based authentication system (Ashbourn, 2000).
Emerging Biometric Technologies
The neural waves emanate from a subject’s brain in the form of
brainwaves or bioelectrical impulses. To further iterate this, please refer to
an article called “Monkey Brain Operates Machine” published on the BBC
News website (http://news.bbc.co.uk/hi/english/sci/tech/
newsid_1025000/1025471.stm). This is not the first article or paper of this
type, to promote the attributes of neural control. On the contrary, there
36
have been countless papers and articles released from multiple
universities and colleges in an attempt to document their research.
IBVA Technologies (www.ibva.com) is the first company to
commercialize the distribution of a neural control device. Essentially, a
neural control device is a system that is designed to sense and analyze a
persons’ neural waves and then interfaces with a computer to allow the
user to navigate (control) with brainwaves; neural control would be
analogous to the use of a human hand. The problem is that the technology
must be customized for each user and is therefore not easily adaptive to
each individual. The researcher has speculated that brainwaves are
unique and could emerge from neural devices as the newest biometric.
The title of the paper is "Let Me In!!! (Biometric Access & Neural Control)”
and was published (November 2001) at
http://www.icdri.org/biometrics/let_me_in.htm by the International Center
for Disability Resources on the Internet. Republished (March 2002) at
http://www.nextinterface.net/biometricsandsecurity and (June 2002) at
http://www.findbiometrics.com/Pages/letmein.html.
Corporate and university website are of a tremendous source of
information on emerging technologies. The corporate website of PosID,
Inc. (http://www.posidinc.com) is an excellent source of information on an
emerging biometric technique known as "Infrared Imaging And Pattern
37
Recognition" and it should be as they hold the patented (#5,351,303).
Radio Frequency Identification (RFID)
As indicated by the white paper composed by Accenture (2001), a
RFID employs radio frequency communications to exchange data between
a portable memory device and a host computer. An RFID typically
consists of a tag, label, or PCB for storing data, an antenna to
communicate, and a controller. RFID’s can either be active (battery) or
passive (no battery) and can be produce with read/writer (two-way) or
read only (one-way) capabilities. Additionally, an RFID is a suitable
method of replacing bar code.
Clark Richter (1999) of Intermec Technologies Corporation author of a
white paper titled “RFID: An Educational Primer” he has in general terms
explained basic RFID concepts with respect to RFID technology, markets
and applications.
Editor Chris Corum (2002) of AVISAIN Inc., authored “Why RFID is the
right choice for personal ID”. In this newsletter the author declares that an
RFID card is the best and most secure method of identification. An RFID
card is a bare bones version of a contactless smart card.
Smart Card Technologies
The most common standardized encryption method used to secure a
company’s infrastructure is the Public Key Infrastructure (PKI) approach.
38
This method consists of two keys with a binary string ranging in size from
1024-bits to 2048-bits, the first key is a public key (widely known) and the
second key is a private key (only known by the owner). However, the PKI
must also be stored, and inherently, it too can fall prey to the same
authentication limitation of a password, PIN, or token. It too can be
guessed, lost, stolen, shared, hacked, or circumvented; this is even further
justification for a biometric authentication system (Corcoran et al.).
Per Walder (1997), the best overall way to secure an enterprise
infrastructure, whether it be small or large is use a smart card. A smart
card is a portable device with an embedded central processing unit (CPU).
The smart card can either be fashioned to resemble a credit card,
identification card, radio frequency identification (RFID), or a Personal
Computer Memory Card International Association (PCMCIA) card
(Biocentric Solutions Inc., n.d.). The smart card can be used to store data
of all types, but it is commonly used to store encrypted data, human
resources data, medical data, and biometric data (template). The smart
card can be access via a card reader, PCMCIA slot, or contactless
proximity reader; it is therefore in compliance with section 508 of the
Americans with Disabilities Act (ADA) (Walder, 1997).
A smart card is the best storage medium to use when implementing a
biometric authentication system; only by the using a smart card can an
39
organization satisfy all security and legal requirements (Biocentric
Solutions Inc., n.d.). Corcoran et al. (1999) stated, “This process
irrefutably authenticates the person presenting the card as the same
person to whom the cryptographic keys belong and provides the
necessary tight binding between cryptographic key storage and the
authorized user of the cryptographic keys.” (p. 5).
Smart Card Alliance (http://www.smartcardalliance.org) is a not-for-
profit organization that is known among the smart card industry as the
premiere source of smart card research data and reports. The mission of
the Smart Card Alliance is to promote the acceptance of smart card
technologies. The mission of the Smart Card Alliance would be analogous
to the mission of the Biometrics Consortium, which is to promote
acceptance of biometrics.
The premiere expert on the use of RFIDs and smart cards as assistive
technology to aid people with disabilities is Dr. John Gill, OBE FIEE of the
Royal National Institute for the Blind. Dr. Gill has participated in numerous
studies and published multiple papers that are of great significance to this
study. Other than the historical documentation that has been contributed by
Dr. Gill, the research has also been participating in a one-on-one
conversation with Dr. Gill via email exchange.
40
Assistive Technologies
Assistive technologies play a major role in school, work, and the
society at large. With respect to authors of assistive technology books, the
quantity of material is scarce; on the other hand the quality of the available
material is supreme. “Assistive technology: A resource for school, work, and
community”, was composed by Flippo, Inge, & Barcus (1995) and is one
such artistic production.
The fundamental development and foundation of assistive technologies
are dictated by legislation and federal policy. The legislation and policies
have also set the stage for standards associated to the application of
communication technologies, sensory impairment technologies, mobility, and
strategies for schools, the workplace, and society (Flippo, Inge, & Barcus,
1995).
While published books are scarce, there are many more source of
literature related to assistive technologies from government and nonprofit
organizations, both domestic to the United States and international. The
accessible future was authored by the National Council on Disability [NCD]
(2001, June 21) and is a publication that attempts to establish that an
assistive technology framework is a civil rights concept.
41
As implied by Heldrick (1999), the employment of assistive technologies
within companies has also created a multitude of developmental staffing and
creative financing issues.
Cultural Barrier (Disabled & Elderly)
The post World War I theory or concept of disability was perceived as a
medical condition (mental, physical, or emotional) that lead to the inability
of a person to conduct work, which is commonly referred to as the medical
model (Heldrick, 1999). The medical model concept was perceived and
widely accepted as the most accurate definition of a person with a
disability up until the 1990’s.
In the 1990’s, the medical model concept (old paradigm) started to shift
ever so slightly to what is nowadays known as the disability paradigm
(new paradigm). This shift in paradigm has lead to the rethinking of many
related theories, concepts, and practices from those that viewed
disabilities under the medical model paradigm to what is now considered
to be that of a social model (the disability paradigm) (Barnartt & Altman,
2001). Some of the most popular are the theory of work adjustment,
organizational career theory, Super’s theory, and the role theory
(Szymanski & Parker, 1996).
As stated in the proclamation of problem of this research paper, the
critical shortage of qualified personnel in the workplace, is partly related to
42
the change of societies from that of an industrial based workforce to a
knowledge based workforce, partly because the baby boomers have only
had about half as many children as their parents. As a result the number
of 20 to 24 year olds entering the workforce continues to fall (NCD, 2001).
And partly because, medical advances has contributed to the rapid growth
of an aging society, as such the aging seniors are having to working longer in
order to prepare for retirement (Schaie & Schooler, 1998).
The elderly paradigm is not so dissimilar from that of the old disability
paradigm. For as people age, their vision, hearing, cognitive, and mobility
abilities start to diminish. Charness, Parks & Sabel (2001) have stated that,
“If technology is not equipped to deal with these natural human changes, it is
poorly designed, and further disenfranchises segments of the society” (p.
47). The societies that Charness, Parks & Sabel (2001) are referring to are
those people of variable abilities.
Universal Design
Why is universal design important? A white paper titled “Business
Benefits of Access-for-All Design”, which was penned by Steve Jacobs
(2002, November 22) puts forward the concept that, universal design is not
only a good idea, it is an absolute must for companies. Publications from
many other authors, university researchers (TRACE Center), companies
(Microsoft; AT&T; and EDS), non-profit organizations (International Center
43
for Disability Resources on the Internet [ICDRI]; Center for Applied Special
Technology [CAST]; The Biometric Foundation, and BioAPI Consortium),
and international government agencies all agree with conclusions of Steve
Jacobs, that in order to remain competitive in the dynamic environment of
today, companies must endorse universal design standards.
Adaptation to People of Variable Abilities
The International Center for Disability Resources on the Internet (ICDRI)
has within the grasp of it’s website and experts a theoretical account of
numerous theories, concepts, and practices with respect to people with
disabilities. By no means is this complete list of dedicated and prestigious
organizations; it is only a few. But, the same can be said of the following
nonprofit and governmental organizations; the National Organization on
Disability, the United States Department of Justice, Civil Rights Division, and
the United States Department of Labor.
Dr. John Gill, the Chief Scientist for the Royal National Institute for the
Blind has addressed numerous issues surrounding the adaptation of
assistive technologies to the elderly and people with disabilities. Dr. Gill is
well respected and he has published many papers (Design of smart card
systems to meet the needs of disabled and elderly persons) and conducted
studies (SATURN Project).
44
Privacy/Legal Issues
The Americans Civil Liberties Union (ACLU) is only one of many local,
state, federal, and international organizations with legitimate concerns
about the security (privacy) or misuse of the biometric data collected by
the government and private companies (Winter, 2000). The
aforementioned concerns are of such importance that two organizations
were formed to address the concerns, the first is the International
Biometric Industry Association (www.ibia.org), which is sponsored by the
National Institute of Standards and Technology (NIST) and the second is
the Bioprivacy Organization (www.bioprivacy.org), which is sponsored by
the International Biometric Group (www.biometricgroup.com) (Woodlands
Online, n.d.).
Attorney Susan Gindin of the San Diego Law Review has authored an
extraordinary paper that details numerous informational privacy and legal
issues of the Internet age. Even though her paper “Lost and found in
cyberspace: Informational privacy in the age of the Internet” was published
in 1997 much of the content is still applicable today.
Security Issues
Security has always been a major concern for all information
technology professionals. To that end, many countries have conducted
45
studies; the Information Assurance Technical Framework (IATF) is one such
study that was sponsored by the National Security Agency (NSA).
However, it is important to note that there exist a commonality in security
guidelines between all countries and private institutions. Identification and
Authentication (I&A) methods consist of three common category types, a
password (something you know), a physical token (something you have),
and a biometric (something you are). The most recommended I&A method
involves combining two of the three I&A category types (i.e. physical token
and a biometric). The most common standardized encryption method used to
secure a company’s infrastructure is the Public Key Infrastructure (PKI)
approach (NSA, 2000).
The PKI approach consists of two keys with a binary string ranging in size
from 1024-bits to 2048-bits, the first key is a public key (widely known) and
the second key is a private key (only known by the owner). However, the PKI
must also be stored and inherently it too can fall prey to the same
authentication limitation of a password, PIN, or token. It too can be guessed,
lost, stolen, shared, hacked, or circumvented; this is even further justification
for a biometric authentication system (Corcoran et al.).
Controlling access to logical and physical assets of both the virtual and
tangible worlds are not the only concerns that must be addressed.
46
Security managers must also take into account security of the biometric
data (template) (Walder, 1997).
The biometric data can be stored in a number of ways, either in a
centralized database or in a distributed system. Examples of a distributed
system would be an optical card, memory card, proximity card, token, or a
smart card. No matter what storage method is used, the biometric data
must be encrypted to ensure that security requirements are met
(Biocentric Solutions Inc., n.d.).
A biometric authentication system that is correctly implemented can
provide unparalleled security, enhanced convenience, heightened
accountability, superior fraud detection, and is extremely effective in
discouraging fraud (Nanavati, S., Thieme, & Nanavati, R., 2002).
Disability Demographics
William P. LaPlant Jr. has and continues to aid people with disabilities
by volunteering his expertise to those organizations in need of assistance.
As such, he has served in multiple positions to include serving as the
Chairman of the International Center for Information Technology
Standards, Information Technology Access Interfaces Technical
Committee (INCITS/V2). It is, however, Mr. LaPlant’s income producing
position as a computer scientist for the U.S. Census Bureau that has aid
to establish current disability demographics. Mr. LaPlant has researched
47
and composed an excellent and detailed reference paper titled, “Disability
Statistics & Policy in the United States of America and the World” that
clearly brings together all disability demographics. The research paper has
been published by the International Center for Disability Resources on the
Internet (ICDRI).
Additional sources of literature relating to demographics can be found
via Individuals with Disabilities: Enabling Advocacy Link (IDEAL) and the
National Organization on Disability (NOD) to name a few.
Electronic News Sources
Electronic news sources provide timely notification of trends and have
aided to spread the word of biometric technologies that have been
successful and/or unsuccessful implemented within various international
market sectors of law enforcement, government, travel and immigration,
corporate, financial, and healthcare. Here is a small indefinite quantity of
those sources, New York Times (http://www.nytimes.com), Washington Post
(http://www.washingtonpost.com), Macon Wire Service (http://www.macon.
com), The Register (http://www.theregister.co.uk), Business Week
(http://www.businessweek.com), Newsweek/MSNBC
(http://www.msnbc.com/ news), British Broadcasting Corporation
(http://www.bbc.co.uk.com), Los Angeles Times (http://www.latimes.com),
American for Civil Liberties Union (http://www.aclu.org/news), Find Articles
48
(http://www.findarticles.com), Contactless News
(http://www.contactlessnews. com), and Government Computer News
(http://www.gcn.com).
Study Associated Standards
The Architectural and Transportation Barriers Compliance Board (2002);
have published the Electronic and Information Technology Accessibility
Standards in the Federal Register on December 21, 2000. This document
was crafted as a directed study in response to the technology barriers and
accessibility guidelines contained within section 508 of the Rehabilitation Act
Amendments of 1998. The sections of the Rehabilitation Act Amendments of
1998 are to all intents and purposes amendments to the Americans with
Disabilities Act of 1990. Additionally, standards committees like the
International Committee for Information Technology and Standards (INCITS)
and other non-profit organizations have aid in addressing the concept of
universal design as relative to assistive technologies.
Summarization of Related Literature
The work of authors such as Szymanski and Parker (1996) have
alluded to the fact that before people with disabilities could not be fully
integrated into the workplace until the culture of the workplace becomes
more welcoming. This is because the medical model did not perceive
people with disabilities as potential workforce assets. Hence, not much
49
emphasize had been placed on resolving the workplace barriers. The shift
of paradigms from that of the medical model to the disability model has
fostered a change in the perceptions of society and the workplace culture.
Additionally, the National Council on Disability believes that the only way
to shift the culture is to establish legislation (NCD, 2001). Still, Hagner and
DiLeo (1993) advocate a middle ground approach of legislation and
accessibility standards.
The related literature will add credence to the threefold problem and
will demonstrate that there exist a theoretical resolution that could feasible
be adapted to the environments of schools, businesses and society at
large.
50
Applied Research Methodologies
Chapter 3
The purpose of this chapter is to present the research methods used to
address the elements of previously described threefold problem of
establishing a secure access methodology of electronic devices and
technology for people with variable abilities. The general research
methodologies employed in this chapter are to a greater extent conducive to
the exploration and grouping of qualitative commonalities. Commonalities will
be the key.
A mixed-method research strategy of integrating different elements is
likely to produce better results in terms of quality and scope. This is a
practical and an ideally more monolithic way to conceptualize and instigate
the evaluation process. The mixed-method puts forth a genuine effort to be
reflexive and offers a more critical evaluation of case studies. It is a practical
and ideally more useful means of ensuring accountability to broader
audiences (Yin, 1994). The researcher has combined both quantitative and
qualitative research methods.
Figure 1 is a graphical representation of the aforementioned research
approach that has been employed in this paper by the researcher:
51
Figure 1: Graphical Representation of Employed Research Approach
Data Gathering Methods
Though regression-discontinuity of the mixed-method research strategy is
strong in internal validity and can parallel other non-equivalent designs in
terms of validity threats, interpretation of results might be difficult. Outcomes
might be the result of combined effects of factors that are not exactly related.
Per Greene, Caracelli, and Graham (1989) here are five major reasons to
use the mixed-method:
Triangulation - will increase chances to control, or at least assess, some
of the threats or multiple causes influencing our results.
52
Complementarily - clarifies and illustrates results from one method with
the use of another method to add information and qualify results (i.e.
committee involvement).
Development - partial results from the results might suggest that other
assessments should be incorporated.
Initiation - stimulates new research questions or challenges results
obtained through one method (i.e. in-depth interviews). May provide
new insights on how focus study.
Expansion - integration of procedures will expand the breadth of the
study and likely enlighten the study.
Historical Documentation
Applying historical documentation (a.k.a. lessons learned) to this
research paper is not only practical; it would have been negligent not to do
so. Historical documentation will help to establish the concept of
commonalities, identify concerns, link data to propositions, and lead to the
unveiling of potential solutions. Historical documents for the research
paper are derived from both printed and electronic online sources and are
of domestic and international origin. The documents are comprised of
published books, news articles, government publications, white papers,
university websites, corporate websites, and the websites of not-for-profit
organizations.
53
Quantitative Research Tools
The research tools consist of a combination of web-based survey
(questionnaire) and one-on-one interview. Both the web-based survey and
the one-on-one interview were conceived as quantitative research
methods and are were administered to a diverse demographic of
participants. There are one hundred and thirty-seven participants of the
web-based survey. Participants of both the web-based survey and the
one-on-one interviews are individuals that span all age groups, gender,
economic status, ability level, race, and experience level, no one group
was excluded.
The one-on-one interview participants consist of thirty-five individuals
of which, twelve out of the thirty-five participants are known to the
researcher. The remaining twenty-three are of random occurrence and
remain totally unknown to the researcher. A list of the twelve known
participants is included in Table 1.
54
Table 1: Twelve Known One-on-One Interview Participants
Name Title Organization Email Address Michael R. Burks Public Information ICDRI and AT&T Worldnet [email protected] Brad Allenby VP-Environment, Health AT&T Corporate [email protected] Jose L. Pardos, Ph.D.
Ambassador of Spain at Special Mission for IT’s
Ministry of Foreign Affairs [email protected]
David DeVinney Manager – EOM and CSP AT&T Global Network [email protected] Eric Bunge Architect Narchitects [email protected] Ronald Pettit System Engineer AT&T Global Network [email protected] Wade Wilkins Project Manager Consultants In Business,
Engineering, and Research [email protected]
Dr John Gill OBE Chief Scientist Royal Institute for the Blind [email protected] William P. LaPlant,Jr.
Computer Scientist and Chairman, INCITS/V2
U.S. Census Bureau/INCITS
Charles L. Sheppard
Research Coordinator National Institute for Standards and Technology
Steven Trubow Chief Technology Officer Tal Digital [email protected]
Matthew S. Hamrick
Sr. Engineer Cryptonomicon [email protected]
Web-Based Surveys
A descriptive survey method was administered via the World Wide
Web with the cooperation and support of the International Center for
Disability Resources on the Internet (www.ICDRI.org). The goal of the
survey was to better understand how people viewed the adaptation of
biometrics to other emerging technologies. The participants were engaged
via the telephone and multiple email requests that were distributed via
reflector sites and group lists. It is important to note that confidentiality is
intact, as the identity of the participants has remained totally obscured.
55
The complete survey consists of an explanation paper entitled “To Be
Or Not To Be (http://www.icdri.org/biometrics/to_be_or_not.htm)” and a
detailed survey (questionnaire) (http://www.icdri.org/biometrics/
survey_biometric.htm). The explanation paper served as an introduction to
the survey. The explanation paper is included as Appendix 1 and the
detailed survey is Appendix 2.
The hope was that the survey would provide assistance in determining
if the international citizenry were accepting of emerging technologies. For
example, were they accepting of adapting biometrics and/or neural
implants as an assistive technology, or did they just fear the unknown?
One-on-One Interviews
The interviews averaged thirty minutes in length and were administered
from January 15, 2002 to January 15, 2003. As many of the subjects were
extremely busy people, their convenience and availability were the major
factor that determined the length of the interviews. A few of the interview
subjects, however, had quite a lot to say, and these interviews were
longer. The interviews were semi-structured, and subjects were
encouraged to express their thoughts freely. At the beginning, the
researcher briefly explained the purpose of my study to each subject. The
researcher then, told the subject that he was exploring the possibility of
adapting biometric technologies to people of variable abilities (disabled &
56
elderly). Usually, the subject immediately replies with the question, why?
The researcher would then explain in further detail, that it is believed that
by fusing biometric technologies with other established and emerging
technologies that it would be theoretical possible to breakdown the vast
majority of access barriers. The end result is that people would become
more self-sufficient thereby causing a cultural paradigm shift; hence there
would be scores more of qualified people available for employment. The
absolute majority of the interviews were conducted face-to-face. However,
five of the interviews were conducted via telephone and three were
conducted via electronic mail (total of eight).
Interviews were conducted until it became apparent in the researcher’s
judgment that the incremental new information from each additional
interview was minimal.
A sampling of typical and scripted open-ended questions that were
discussed has been included as Appendix 3. The hope was that the
interview would yield that which first-line supervisors, middle-level
managers, and senior executives believed to be productivity barriers,
attitude towards assistive technologies, perceived technology barriers, and
general management issues they have encountered when seeking people
of variable abilities for employment. It is important to make mention that
many of the one-on-one interview participants are extremely intelligent
57
and of high prominence within the international community at large. In
most cases they are published authors in their own right.
Qualitative Research Tools
The researcher’s purpose for participating in a variety of assorted
meeting types and electronic mail exchanges was in some cases to share
the researcher’s concept of adapting biometrics to people of variable
abilities. In most cases it was to sit quietly by in order to obtain a greater
understanding of technology employment strategies from the experts
(worldwide). It was the hope of the researcher to a greater number of in
person meetings. Unfortunately, due to lack of financial sponsorship this
was not feasible.
Symposiums
From May 2001 to January 2003, the researcher has participated in
three symposiums. The first symposium was the User Experience
Symposium 2001 that was sponsored by AT&T Labs at the Red Bank Inn,
Red Bank, New Jersey. The researcher’s contribution to the symposium
was a paper titled “Biometric Technologies”. At this stage the assistive
qualities of biometric technologies were still in it infancy and had not been
fully explored by the researcher. Overall the paper was well received and
sparked the interest of the International Center for Disability Resources on
the Internet.
58
By the second symposium the researcher was better prepared to explain
and answer questions pertaining to the assistive aspects of biometric
technologies. The researcher made a presentation to three hundred plus
members of the Internet Society at the INET 2002 Symposium, Washington
D.C. The paper entitled “The New Wave” was published at
http://www.icdri.org/biometrics/new_wave.htm by ICDRI. The presentation
was extremely well received and was praised by members of he international
community. According to Jose Luis Pardos, Ph.D. the Ambassador at Large
for Spain, the techniques profiled in the ISOC presentation were influential in
the implementation of several projects that the University Murcia is working
on in Spain at them moment. Below is a direct quote from Dr. Pardos whose
work is profiled at: Universidad Y Discapacidad (http://www.um.es/undis) at
the University of Murcia:
It happens that I was in Washington DC. last 19th of June for INET'2002 and I had a Panel on Disabilities and beyond on Web accessibility with my long standing good friends Mike Burks, Mark Urban, and some others. I did have the chance of hearing Bill Lawson *important* contribution to our Panel on Biometrics. I think he is an outstanding thinker and innovator. I have read and listen to his Presentation and I am deeply thankful for the many ways he has enlightened me with his many writings and deep thoughts. I also think Bill well deserves any kind of official recognition and I am strongly supporting it.
The 10th Plenary of the InterNational Center for Information
Technology Standards, Information Technology Access Interfaces
59
Standards Development Technical Committee (INCITS/V2) was the third
symposium. The symposium was held at the Radisson Hotel in Orlando,
Florida from January 19-20, 2003. The work of the researched came to
the attention of the Co-Chairman of the Biometric Consortium/M1 and
Chairman of INCITS/V2. Consequently the researcher was invited to
present at the symposium. It was the intent of the researcher to make a
persuasive presentation to the plenary that a sub-committee must be
established in order to develop technology access standards for
biometrics that embodied the aspects of security, accessibility, and
privacy. The presentation was a huge success and the researcher is now
the Chairman of the INCITS/V2.1 Sub-committee. The researcher expects
to have a fused biometric prototype available within the next two years.
Furthermore, it is the intent of the researcher to elaborate on the elements
of the fused biometric prototype as part of another doctoral dissertation in
the very near future.
Teleconferences
The researcher has participated in dozens teleconferences related to
all aspects of biometric technologies, smart card technologies, civil
rights/bio-privacy initiatives, assistive technologies, and standards. The
teleconferences were conducted over a period of eighteen months and
included participants from the international community. Of the dozens of
60
teleconference, the same small group of organizations repeatedly
sponsored the majority of the teleconferences. A listing of the small group
of sponsoring organizations numbering at seven can be viewed in Table 2:
Table 2: List of Teleconferece Sponsoring Organizations
Content Organization URL Biometric Technologies The International Biometric Group, LLC. www.biometricgroup.com Biometric Marketing International Biometric Industry Institute www.ibia.org Biometric The Biometric Foundation www.biometricfoundation.org Biometric Privacy Issues Bio-Privacy Organization www.bioprivacy.org Smart Cards Smart Card Alliance www.smartcardalliance.org Biometric Standards International Committee for Information
Technology Standards (INCITS)/M1 www.incits.org
Interface Standards International Committee for Information Technology Standards (INCITS)/V2
www.incits.org
Technical Committees
The researcher has participated as a contributing member in the
creation of Section 508 amendment to the American with Disabilities Act
from November 2001 to March 2002. From September 2001 to July 2002
the research worked with the Biometric Consortium
(http://www.biometrics.org) (a.k.a. INCITS/M1) to craft the first biometric
template format. The biometric template format is known as the Common
Biometric Exchange File Format (CBEFF) V1.0, which was later revised to
version 1.1.
Current the researcher is working with the International Center for
Information Technology Standards (INCITS), Information Technology
61
Industry Council (ITI), V2 (http://www.incits.org/tc_home/v2.htm), B10
(http://www.incits.org/tc_home/b10.htm), T4
(http://www.incits.org/tc_home/t4.htm), and M1
(http://www.incits.org/tc_home/m1.htm) as the Chairman of the
INCITS/V2.1 Subcommittee to develop technology standards for the
adaptation of biometric to people of variable abilities. The standards that
come from this venture will be released as part of a new component (field)
within CBEFF V2.0.
Electronic Mail Exchanges
Given that the adaptation of biometric technologies to people of
variable abilities is theoretical in nature and in many cased consider by
some to be an emerging technology this research method was absolutely
critical to the research paper. This method allowed the researcher to
communicate with some of the foremost experts of biometric technologies,
privacy concerns, legal issues, security techniques, universal design and
accessibility for all methodologies.
Communication Participants
The participants were representative of all diversity factors to include
age, race, ability level, gender, culture, religion, etc… and representative
of the international community. In some case the participant’s identity
were known to the researcher and in other cases the participant’s identity
62
was and still remains anonymous. The participants were as diverse as the
universe and as worldly as any great explorer.
Database of Study
Exploring prior case studies can reduce the need to test theoretical
boundaries or concepts. Furthermore, the exploration of biometric, smart
card, assistive technology, and public opinion case studies has allow the
research to gain a valuable non-bias insight into thought process and
implementation strategies that have been completed.
Accuracy, Reliability, and Validity of Data
Typically the value of research is evaluated based on its accuracy,
reliability, and validity, which for all meticulous purposes equates to the
notion of trustworthiness. In the quest to gain a better understanding of the
barriers relevant to the adaptation of biometric technologies to people of
variable abilities, special attention was paid to the issue of trustworthiness.
For all one-on-one interviews the participant determined the course of his
or her interview, while the researcher asked follow-up questions in an
effort to clarify and explore certain details more thoroughly. Allowing the
participants to determine the direction of the interview minimized the
researchers bias and increased the extent to which the data represented
the opinions of the participants.
To check for saturation, after the first fifteen participants were
63
interviewed and data was analyzed for commonalities, two additional
interviews were conducted with someone that had not previously been
interviewed. The identities of the participants were and are still unknown to
the researcher as the participants were approached in a hospital waiting
room and a coffee shop. What is known of the participants is that they
represent the different generational views. The formats of the interviews
were similar to the previous interviews that have been conducted, in that
they were of an open forum. After the participants had free shared their
opinions, the researcher shared the thoughts and opinions that have been
identified from the other interview and survey participants.
Originality and Limitation of Data
Given that the focus of the research study is conceive on the
adaptation of emerging technologies to a rapidly shifting culture it is fair to
conclude that the over whelming majority of the source material and data
is of original content.
Limitations of data with respect to research methodologies and the
availability of employed tools to conduct this study are riddled with intrinsic
limitations. Creep of the researcher’s bias and bias of other assistive
technology supporter were an extremely limiting factor during the
collection and analysis phase of the study. The reason for this
phenomenon as perceived by the researcher is that there are many
64
advocates of assistive technologies and no opponents. With respect to
this study the only opponents are those of biometric technologies, not
assistive technologies in general.
Methodological Summary
When exploring management and adaptation of information systems
the mixed-method approach is the best method to utilize (Greene &
Caracelli, 1997). The methods and tools that were used allowed the
researcher conduct a predominately qualitative analysis of each study unit
and at same time the study was of a predominately interpretative nature
with some aspects of positivist influences (Yin, 1994).
65
Analysis of Data
Chapter 4
Pattern matching of all evidence relative to the theoretical adaptation of
biometric technologies to people of variable abilities will be the dominant
mode of analysis to be employed by this study (Yin, 1994). An additional
consideration is that the study will borrow a small number of the research
concepts and/or methodologies from chapter 3, in order to wholly
accomplish the analysis phase for this chapter.
Even though it was the intent of Greene, Caracelli, and Graham (1989)
for the following approach to be applied as a research concept and/or
methodologies. The researcher has endeavored to transition a prominent
research approach of Greene, Caracelli, and Graham (1989) into an
analysis approach in order to identify the element of the evidence that
embody the constructs of triangulation, complementarily, development,
66
initiation, expansion and last but not least to aid in the unbiased
presentation of the evidence.
To help ensure validity of the analysis phase, there are four principles
that should be adhered to in order to achieve a high-quality analysis of the
evidence. As stated by Yin (1994), the analysis ought to rely on “all
relevant evidence”, “include all major rival interpretations”, “address the
most significant aspect” of the case study, and bring to bear the
researcher’s “prior experience, expert knowledge”. Whilst conducting the
analysis phase of this study, it will be the intent of the researcher to adopt
the recommendations of Yin and other research experts as fact and
endeavor to adhere to such guidance.
What is a Biometric
When this question 3 of Appendix 6 was proposed to the participants of
the one-on-one interviews the results were that only six of the thirty-five
participants were even familiar with biometrics.
A biometric authentication system is essentially a pattern recognition
system that establishes a person’s identity by comparing the binary code
of a uniquely specific biological (physical) or behavioral characteristic
(trait) to the binary code of a stored characteristic. This is accomplished by
acquiring a live sample (the characteristic) from a petitioner (individual
who is requesting access). The system then applies a complex and
67
specialized algorithm to the live sample; it is then converted into a binary
code. Once the live sample has been converted into a binary code, it is
compared to the reference sample (previously stored binary code) to
determine the petitioner’s access or not.
If we were to breakdown the word biometric we would find that ‘bio’
simply means ‘biological (living)’ and that ‘metric’ refers to ‘measurement’.
However, it is a little more complex then that. A biometric is a physical
body measurement of a biological characteristic or pattern recognition of
behavioral traits (i.e. voice, signature or keyboard dynamics). Both the
biological characteristic and/or the behavioral trait must be unique to an
individual and able to be repeatedly acquired by an electronic device.
The function of a biometric is to facilitate controlled access to
applications, networks, personal computers (PCs), and physical facilities.
Simply put, a biometric is an efficient way to replace the traditional
password based authentication system (Ashbourn, 2000).
Contrasting Authentication Methods
There are three methods of resolving a person’s identity. The first is
verification, which involves confirming or denying a person’s claimed
identity (Am I whom I claim to be?). For now, the consensus is that
dynamic signature verification, voiceprint verification, hand geometry,
keystroke dynamics, facial geometry recognition, thermo graphic
68
recognition, and vein recognition are generally considered to be
verification biometrics and are best suited for a low security area.
Identification is the second method of resolving a person’s identity.
With this method one has to establish a person’s identity (Who am I?).
Identification biometrics commonly include those biometrics which have
been thoroughly tested and proven to be near to 100 percent effective in
real life environments. A fingerprint identification, palm print identification,
retina scan recognition, and iris-scan recognition are considered to be
positive identifiers. As technology evolves, the boundary between a
verification and identification biometric will be blurred in some cases and in
other cases biometrics will traverse the boundary.
For virtually unassailable confirmation of an individual’s identity, the
third method of a multi-modal hybrid identification method has been highly
recommended (Nanavati et al, 2002). An automatic personal identification
system based solely on fingerprints or faces is often not able to meet the
system performance requirements of the consumer. Facial recognition is
fast but not reliable; while fingerprint verification is reliable there are many
external factors that can lead to a false rejection of a users authentication
(i.e. dry finger, dirt, oil, improper positioning, cut or abrasion).
Implementing a multi-modal hybrid strategy will overcome the
limitations of face recognition systems as well as fingerprint verification
69
systems. The identity established by the system is more reliable than the
identity established by a face recognition system. In addition, the multi-
modal fusion schema enables performance improvement by integrating
multiple cues with different confidence measures (International Journal of
Biometrics).
For example, the Pentagon has implemented a fingerprint and facial
recognition solution within the military to identify its’ members (Washington
Post, October 29, 2001).
Contact Biometric Technologies
For the purpose of this study, a biometric technology that requires an
individual to make direct contact with an electronic device (scanner) will be
referred to as a contact biometric. Given that the very nature of a contact
biometric is that a person desiring access is required to make direct
contact with an electronic device in order to attain logical or physical
access. Because of the inherent need of a person to make direct contact,
many people have come to consider a contact biometric to be a
technology that encroaches on personal space and to be intrusive to
personal privacy (International Biometric Group LLC: BioPrivacy Initiative).
An intrusive biometric is usually considered to be one which requires
undesirable contact with the subject in order to acquire the electronic data
sample of the biological characteristic in question. An example of an
70
intrusive biometric could be retina-scan because of the close proximity to
the eye, facial scanning because of cultural or religious reasons (not allow
to show face), and fingerprint or palm scanning due to hygiene concerns.
Fingerprint Identification
According to Woodward, Orlans & Higgins (2003), “Fingerprints were
used as personal marks or signatures in part of Asia as early as the third
century B.C.”. The fingerprint is an established biometric and are classified
into five categories: arch, tented arch, left loop, right loop, and whorl. The
fingerprint classification system was invented in 1892 by Azizul Haque for
Sir Edward Henry (Inspector General of Police in Bengal, India). Up until
1926 it was thought that Sir Edward Henry invented the fingerprint
classification system. The fingerprint classification system consequently
came to be known as the Henry System.
A fingerprint image classification is based on the number and location of
the detected minutia (singular) point or minutiae (plural) points. The
"Henry System" is still used today to categorize fingerprint cards.
However, the fingerprint scanners of today are much more capable of
identifying more details then just arches, tented arches, left loops, right
loops, whorls. As demonstrated by Image 1, you can clearly see the
patterns and the depiction of minutiae (Ashbourn, 2000).
71
Image 1: Depiction of Fingerprint Patterns and Minutiae Top row (left to right): loop, composite (double loop), spiral, or shell whorl. Middle row
(left to right): target whorl, simple arch, tented arch. Bottom row: minutiae.
Source: http://www.hit.co.kr/ehomepage/solution/ Fingerprint%20Identification%20Technology.files/image002.jpg
It has been reported by many news source (i.e. The Baltimore Sun)
that there are some shortcomings related to the use of fingerprint
scanners. Fingerprint scanners work well for fingerprint imaging of many
people, but there is a percentage of the population that cannot be
adequately imaged. They include senior citizens and laborers because
their fingertips are worn down, women and Asian’s because their prints
are not well defined (O’Brien, 2003). Finger abrasions, user errors, and
72
maintenance issues are attributed to this rise. In addition, many fingerprint
scanners frequently encounter problems when attempting to image:
* Very dry finger * Irregular ridge structures
* Very oily finger * Contaminated finger
* Very low humidity * Contaminated platen
* Finger abrasions * Improper positioning
All of these problems are the result of the inability of the sensors that
are used in those products, to penetrate through air gaps or through
contaminant material on the finger or platen. All of these shortcomings can
be overcome by way of an ultrasonic scanner. Ultrasonic scanners can
easily pass through many materials to include the air gap between the
scanner and user. The below images clearly demonstrate that the
fingerprint quality of the ultrasonic scanner has been greatly enhanced.
Most importantly, while the use of a fingerprint biometric is accessible
to the majority of the population it is not accessible to all. Fingerprint
scanners require a level of mobility, coordination, dexterity, and accuracy
of finger placement that not all people possess, especially those of
variable or limited abilities.
Image 2: Comparison of an Ultrasonic and Optical Scanned Fingerprint
73
Optical Scanner Ultrasonic Scanner
Source: http://www.ibm.input.optical.com
Palm Print and Footprint Identification
Whether it is palm prints or footprints, the evolution of the human
blueprint has allowed them both to share virtually all of the same
detectable characteristics as fingerprints. The major difference is that the
palm and foot are larger and can therefore yield a greater number of
minutiae points to be used for comparison of the sample biometric to the
stored biometric template.
The parallels between the characteristics of fingerprints and palm prints
(footprints) can easily be observed by comparing Image 1 (above) to
Image 3 (below). You can clearly see the patterns and the identification of
the minutiae points on the left side of Image 3.
74
Image 3: Depiction of Palm Print Patterns and Minutiae
Source: http://www.jyhoriba.co.uk/jy/forensic/images/6pointsm.jpg
Just like fingerprint or palm prints, footprints can be scanned using the
same techniques as fingerprints or palm prints. The obvious draw back is
that the use of footprints as an identification method is not sanitary,
convenient or practical for public use.
Hand Geometry
Hand geometry was bestowed to the populace at the Shearson Hamill
investment bank on Wall Street nearly 20 years ago. The biometric is
75
essentially based on the fact that every individual's hand is shaped
differently than another and over the course of time the shape of the
person's hand does not significantly change. Unlike fingerprint imaging
systems, hand geometry readers are not affected by natural and
environmental surface details, such as lines, scars, dirt, and fingernails.
The basic operating principle is to measure and/or record the physical
geometric characteristics of an individual's hand.
There are numerous hand geometry scanning devices in existence and
they all (currently) fall into one of two detection categories, mechanical or
image-edge detection. Both methods are used to take over 90
measurements of the length, width, thickness, depth of fingers/thumb, and
the surface area of a person’s hand and fingers. With the technology of
today all 90 measurements of a subject’s hand can be processed within
one second.
To capture the measurements of a person’s hand, a charge-coupled
device (CCD) digital camera is used to record the hand's three-
dimensional shape (Zunkel, 1998).
Image 4: Depiction of Hand Geometry Recognition Process
Step 1 (Place Hand) Step 2 (Scanning)
76
Step 3 (Measurements are processed)
Source: http://bias.csr.unibo.it/research/biolab/graphics/hand1.gif
Dynamic Keystroke Authentication
Dynamic keystroke authentication technologies is a behavioral
biometric that can provide a strong security and cost-effective access
solution to users. Additionally, dynamic keystroke authentication
technologies are easy to deploy and maintain. This is because dynamic
keystroke authentication technologies only require the purchase of
proprietary software, as the required equipment, the keyboard already
exist as part the users system.
Keystroke authentication technologies look at the way a person types
at a keyboard (typing rhythms) and measures the "dwell time", which is
77
the amount of time a user holds down a particular key and "flight time",
which is the amount of time it takes a user to transition between keys.
Refer to Image X below for an example of how the calculations transpire:
Image 5: Example of the Dynamic Keystroke Authentication Process
Source: http://globalservices.fujitsu.com/fj/CATALOG/AD05/05-00023/IMAGE
As with any biometric there are advocates and antagonists, and
dynamic keystroke authentication technologies are no different. Other than
the realism that a dynamic keystroke biometric is one of verification and
not of identification; it is nevertheless the fundamental claim advocates
that both enrollment as well as authentication can occur without being
detected by the user that has antagonists concern.
78
One of the foremost advocates of the dynamic keystroke recognition is
Net Nanny (http://www.netnanny.com). Net Nanny advocates the use of
dynamic keystroke recognition as a method of exacting Internet parental
control in order to protect children from Internet predators.
Dynamic Signature Recognition
No personal attribute is as common for identification as the use of a
signature. Unfortunately, a signature is one of the least reliable methods of
identification. Forgers have a myriad of ways to reproduce a signature that
looks similar to the owner. Dynamic signature recognition technologies
can foil the forgers. When a biometric sensor captures a signature, it
captures more than just the appearance of the signature. A biometric
signature capture device measures such variables as the speed and
direction of your hand movements as a signature is formed. Some units
also measure the force with which you press the pen against the paper
and the angle at which you hold the pen. The devices often consist of a
pad that contains a resistive grid or a 2-D array of ultrasonic sensors.
Signature-capture units can't validate a signature already affixed to a
document that was received by mail or fax.
Image 6: Depiction of Dynamic Signature
79
Source: http://www.buysec.no/Produkter/ Klient/SGPDAPRI/bio_logon_klein.jpg
Contactless Biometric Technologies
A contactless biometric can either come in the form of a passive
(biometric device continuously monitors for the correct activation
frequency) or active (user initiates activation at will) biometric. In either
event, authentication of the user biometric should not take place until the
user voluntarily agrees to present the biometric for sampling. A
contactless biometric can be used to verify a persons identity and offers at
least two dimension that contact biometric technologies cannot match. A
contactless biometric is one that does not require undesirable contact in
order to extract the required data sample of the biological characteristic
80
and in that respect a contactless biometric is most adaptable to people of
variable ability levels.
Facial Geometry
Facial recognition systems are one of the fastest growing biometric
technologies. A facial geometry system measures such characteristics as
the distance between facial features (from pupil to pupil, for instance) or
the dimensions of the features themselves (such as the width of the
mouth).
In principle, the analysis of the face seems to be the best way to
perform identity authentication and also the most acceptable to the public
at large; for this is the most natural way for human beings to identify
someone and we do it everyday. Not to mention, it is passive/non-
intrusive. However, due to the perception of phantasmagoric privacy and
the fear of big brother’s all seeing pineal eye this has not been the case
(further discussion to follow).
Image 7: Depiction of Facial Geometry Biometric
81
Source: http://www.safe-travel.com/spids/v3/images/tech_pic1.jpg
Facial Thermography
Employs the use of an infrared camera to capture the emission of heat
patterns that are generated by the vascular system of the face. Heat that
passes through facial tissue of a human being produce a unique and
repeatable pattern (aura). The captured aura is converted into data and
then compared to stored auras of authorized individuals, at which point
possible matches are generate along with probability percentages. The
facial print does not change over time and is accurate than facial geometry
identification technologies.
Image 8: Depiction of Facial Thermography Pattern Biometric
82
Source: www.msu.edu
Iris Scan Recognition
The iris (colored portion of eye) is a protected internal organ of the eye,
behind the cornea and the aqueous humor, yet readily visible externally at
a comfortable distance. The iris is composed of elastic connective tissue,
with traceable meshwork, whose prenatal morphogenesis is completed by
the 8th month of pregnancy. It consists of pectinate ligaments adhering
into a tangled mesh revealing striations, ciliary processes, crypts, rings,
furrows, a corona, sometimes freckles, vasculature, and other features.
During the first year of life a blanket of chromatophore cells usually
changes the coloration of the iris, but the available clinical evidence
83
indicates that the trabecular pattern itself is stable throughout the lifespan
(Daugman, n.d.).
Image 9: Depiction of Iris Scan Biometric
Source: http://www.cnn.com/2000/TECH/computing/07/24/ iris.explainer/iriscode.jpg
The original concept was developed by Dr. Leonard Flom and Dr. Aran
Safir, and the original software patents were developed by Dr. John
Daugman. IriScan, Inc. acquired the patent rights from Dr. Daugman and
licensed the rights for banking and government kiosk applications to
Sensar, Inc. While both Sensar and IriScan use the same underlying
technology, Sensar has enhanced the acquisition process.
Being that the iris is an internal organ of the eye, the iris is immune
(unlike fingerprints) to environmental influences, except for its pupillary
response to light. Pupillary motions, even in the absence of changes in
illumination, and the associated elastic deformations it creates in the iris
texture, provide one test against photographs, glass eyes, or other
resemblance of a living iris. Other tests involve changing infrared LED light
84
sources which should cause corresponding changes in their specular
reflections from the cornea; detecting the properties of contact lens which
might contain a printed fake iris pattern riding upon the spherical surface
of the cornea, rather than in an internal plane within the eye; testing for the
properties of living tissue under varying wavelengths of both visible and
infrared illumination; and so forth.
Image 10: Left eye of researcher (Dr. William Lawson)
Left Eye Before Lasik Procedure Left Eye After Lasik Procedure However, with the advent of laser procedures such has LASIK to
correct myopia. It is now possible to reshape of the corena, thereby
altering the keratometic (refractive) values and thickness of the eye. While
laser procedures do not alter the iris itself, it does alter the cornea and that
alone may be enough to provoke a FTA (Failure to Acquire) or a FR
(False Reject) error in the matching process. Above is an attempt to
85
demonstrate the effects of Lasik, the subject is William Lawson (Courtesy
of Lasik Plus).
Retina Scan Recognition
The retina is the surface inside the back of the eye, upon which images
that have passed through the pupil are focused. In order to use a retinal
scanner, the user places her eye relatively close (between 1 and 2 inches)
to the reader and focuses on a rotating green light. In order to enroll, five
scans of good quality are recommended; to verify, a single scan is
needed. This technology is generally used for physical security
applications rather than for data security applications.
Despite its relative sophistication, retina scan is actually one of the
oldest biometrics. As far back as the 1930's, research suggested that the
patterns of blood vessels on the back of the human eye were unique from
person to person. With the exception of some types of degenerative eye
diseases, or cases of severe head trauma, retinal patterns are stable
enough to be used throughout one's life.
Image 11: Depiction of Retina Scan Biometric
86
Source: http://www.retinaltech.com/Twin2l.jpg
Voiceprint Verification
With existing voice-transmission technology, voice recognition can
work over long distances via ordinary telephones. A well-conceived and
properly implemented voice-based security system could provide major
enhancements to the safety of financial transactions conducted over the
telephone (Voice Security Systems).
Image 12: Depiction of Voiceprint Verification Biometric
87
Source: http://www.cnn.com/1999/TECH/computing/12/27/ wap.voice.idg/story.voice.cellphone.jpg
Accuracy
Accuracy of a biometric is measured in the terms of FR (False
Rejection), FAR (False Acceptance Rate), FRR (False Rejection Rate),
FMR (False Match Rate), FNMR (False Non-match Rate), FTA (Failure to
Acquire), FTE (Failure to Enroll), EER (Equal Error Rate), ATV (Ability to
Verify) (Woodward, Orlans, & Higgins, 2003).
Noting that for each biometric the interpretation of accuracy is variable.
But, even if a legitimate biometric characteristic is presented to a
biometric-based authentication system correctly, authentication cannot be
guaranteed. This could be because the sensor(s) are subjected
background noises, limitations of the processing methods, changes in the
environment, faulty liveness test, and more importantly, the variability of
88
both the biometric characteristic as well as its presentation. And then it
could be that the biometric system was not correctly implemented or the
user was not correctly enrolled (Nanavati et al, 2002).
Liveness Test
There is not one standardized liveness test in existence today. The
reason for this is that manufactures of biometric technologies tend to keep
the details of a liveness test confidential. Some consider liveness test to
be the most critical step in both the accuracy of the biometric and the well
being of the user.
A liveness test that is correct applied can avail itself as another method
of ensuring accuracy and security, by eliminating the potential use of
faked biometric characteristics (i.e. the gummy finger). The liveness test
addresses the urban myth that someone can steal another’s identity by
using the severed finger to gain access to personal assets, financial or
otherwise. Once a finger or any body part is severed from the body the
presence of oxygen, heat, and melanin in the body part rapidly fall towards
depletion or unacceptable levels.
Advantages
Biometric technologies can be applied to areas requiring logical access
solutions, and it can be used to access applications, personal computers,
networks, financial accounts, human resource records, the telephone
89
system, and invoke customized profiles to enhance the mobility of the
disabled (Nanavati et al.).
In a business-to-business scenario, the biometric authentication
system can be linked to the business processes of a company to increase
accountability of financial systems, vendors, and supplier transactions; the
results can be extremely beneficial (Ashbourn, 2000).
The global reach of the Internet has made the services and products of
a company available 24/7, provided the consumer has a user name and
password to login. In many cases the consumer may have forgotten
his/her user name, password, or both. The consumer must then take steps
to retrieve or reset his/her lost or forgotten login information. By
implementing a biometric authentication system consumers can op to
register their biometric trait or smart card with a company’s business-to-
consumer e-commerce environment, which will allow a consumer to
access their account and pay for goods and services (e-commerce). The
benefit is that a consumer will never lose or forget his/her user name or
password, and will be able to conduct business at their convenience
(Nanavati et al.).
A biometric authentications system can be applied to areas requiring
physical access solutions, such as entry into a building, a room, a safe or
it may be used to start a motorized vehicle. Additionally, a biometric
90
authentication system can easily be linked to a computer-based
application used to monitor time and attendance of employees as they
enter and leave company facilities (Nanavati et al.).
In short, contactless biometrics can and do lend themselves to people
of all ability levels.
Disadvantages
Some people, especially those with disabilities may have problems with
contact biometrics. Not because they do not want to use it, but because
they endure a disability that either prevents them from maneuvering into a
position that will allow them to make use the biometric or because the
biometric authentication system (solution) is not adaptable to the user. For
example, if the user is blind a voice biometric may be more appropriate.
Existing Standards
As with any ascendant computer technology, standards and software
must precede ubiquitous deployment. The biometric standards were
sourced from Woodward, Orlans, & Higgins (2003) pp. 173-179, National
Institute of Standards and Technology, and Information Technology
Laboratory web sites:
ANSI/NIST-CSL 1-1993: Specifies a common data format for the
interchange of fingerprint information. Published by the American
91
National Standard for Information Systems/National Institute of
Standards and Technology – Computer System Laboratory.
ANSI/NIST-ITL 1a-1997: Specifies a common data format for the
interchange of fingerprint, facial, scars, mark, and tattoo information.
Published by the American National Standard for Information
Systems/National Institute of Standards and Technology – Information
Technology Laboratory.
ANSI/INCITS 358-2002: Is the BioAPI Specification Version 1.1. It defines
an open source standard API that provides a set of high-level
abstractions for software applications to communicate across-
platforms (for example, Enroll, Verify, Identify), a set of primitive
functions, (for example, Capture, Process, Match, Create Template)
and a common data structure called the Biometric Information Record
(BIR) used by an application as the input and output to the Biometric
Service Provider (BSP). The BioAPI V1.1 was developed by the
BioAPI Consortium (www.bioapi.org) and published by the American
National Standard for Information Systems/International Committee
for Information Technology Standards.
NISTIR 6529-2001: Is the Common Biometric Exchange File Format
(CBEFF) describes a set of data elements necessary to support
biometric technologies in a common way independently of the
92
application and the domain of use (e.g., mobile devices, smart cards,
protection of digital data, biometric data storage). CBEFF facilitates
biometric data interchange between different system components or
between systems, promotes interoperability of biometric-based
application programs and systems, provides forward compatibility for
technology improvements, and simplifies the software and hardware
integration process. Published by the National Institute of Standards
and Technology – Information Technology Laboratory.
Emerging Biometric Technologies
Many inventors, companies, and universities continue to search the
frontier for the next biometric that shows potential of becoming the ‘one’
(to borrow a cliché from ‘The Matrix’). An emerging biometric is a biometric
that is in the infancy stages of proven technological maturation. Once
proven, an emerging biometric will evolve in to that of an established
biometric.
Brainwave Biometric
Keep in mind that brainwaves resolve into nothing more then
recognizable patterns. If we could identify at least one pattern that was
unique, unchanging, and monotonous, then we would have a security
protocol of peerless supremacy (J. Gunkleman, personal communication,
May 1, 2002). Such a solution could not be stolen or easily duplicated and
93
could theoretical be applied to all people, to include mobility challenged
individuals (i.e. amputees, paraplegics, quadriplegics).
While it is true that a person has the ability to alter most of their own
brain wave patterns, through the use of drugs or other external elements.
It is hypothesized that they cannot alter what is referred to as their
baseline brain-wave pattern (Woodward, Orlans, & Higgins, 2003).
Image 13: Depiction of EEG Brain waveforms
Source: www.eegspectrum.com
There are major privacy and perceived mind reading concerns about
using brainwaves as a biometric that must be addressed (H. Boitel,
personal communication, March 29 and August 7, 2002).
DNA Identification
94
DNA is an abbreviation of deoxyribonucleic acid. DNA is a unique and
measurable human characteristic that is accepted by society as absolute
evidence of one’s identity. In reality DNA identification is not absolute but it
has come to be considered as the best method of confirming someone’s
identity with a near perfect probability of 99.999% accuracy (http://genetic-
identity.com).
The chemical structure of everyone's DNA is the same. The only
difference between people (or any animal) is the order of the base pairs,
which there are many millions of base pairs in each person's DNA. Using
these sequences, every person can be identified based on the sequence
of their base pairs.
However, because there are so many millions of base pairs, the task of
analyzing them all would be extremely time-consuming. Hence scientists
use a small number of sequences of DNA that are known to greatly vary
among individuals in order to ascertain the probability of a match.
The major issues with DNA identification revolve around the realistic
ability of capturing and process the sample of a person in a controlled and
lawful manner that does not violate civil rights.
Vascular Pattern Recognition
The system identifies a person using the patterns of veins in the back
of the hand, face, or for that matter any body part with visible veins. A
95
persons vein patterns are in fact highly stable throughout their life. They
are developed before birth and even differ between twins of all types.
Vascular pattern recognition technology has been developed to
minimize the disadvantages of commercially available biometric systems
and to provide users with impeccable security, usability, reliability,
accuracy, and user acquiescence.
Image 14: Delineation of Vascular Scan Pattern
Source: www.neusciences.com/biometrics/images/Techno9.gif A note of speculative caution, this is an emerging biometric technology
and as such there is not a great deal of factual data that speaks to the
prospect of shifting veins from their original path. With the advancing
growth of laser technologies and procedures it may be possible today or in
the near future to alter the path of veins. Doing so may render a vein
96
recognition based biometrics as void of physical mutability and hence
nullify the validity of this technology.
The conjecture of this theory was derived from the manifested data and
images found via the Ideal Image website (www.idealimage.com). Images
15 and 16 are graphical depictions of both the before and after results of a
spider vein and a varicose vein procedure.
Image 15: Before and After Pictures of Spider Vein Procedure
Source: http://www.idealimage.com/photos/veins.htm
Image 16: Before and After Pictures of Varicose Vein Procedure
97
Source: http://www.idealimage.com/photos/veins_varicose.htm
This hypothesis is further substantiated by a personal communication
with Joe Rice (CEO Brite-Sparks Engineering Ltd.). Who had this to say
(J. Rice, personal communication, March 27, 2003):
Yes I think you can, one could certainly shut down some small capillary structures, however shutting down too much may lead to circulation problems and gangrene. However, I bet it's possible to alter most physical biometrics with laser surgery including, irises, retinas, fingerprints, faces, voice etc. In fact laser surgery would probably have an impact on a behavioral trait as well, depends how radical the surgery is! Laser surgery could be used to add or remove (write or erase) information but it's likely to have more impact on surface feature biometrics, interior feature biometrics may be more difficult to write to.
Body Odor Recognition
Body odor recognition is a contactless physical biometric that attempts
too confirm a person’s identity by analyzing the olfactory properties of the
98
human body scent. According to the University of Cambridge
(http://www.cam.ac.uk) the sensors that they have developed are capable
of capturing the body scent from non-intrusive body parts, such as the
hand. Each chemical of the human scent is extracted by the biometric
system and converted into a unique data string.
Fingernail Bed Recognition
AIMS (http://www.nail-id.com) is a U.S. based company that has been
developing a system which scans the dermal structure under the
fingernail. The human nail bed is a unique longitudinal structure that is
made up of nearly parallel rows of vascular rich skin with parallel dermal
structures in between narrow channels.
Image 17: Magnification of Human Nail Bed
Source: http://www.nail-id.com/Media/nailgroves.gif Gait Recognition
99
Is a behavior biometric that attempts to recognize people by the
manner in which they walk and/or run. Gait recognition or gait signature as
it is sometime referred to; it uses a radar system to capture the subject in
motion (gait cycle).
An explanation to the gait cycle can be found via the ISIS research
group at the Department of Electronics and Computer Science at the
University of South Hampton (http://www.gait.ecs.soton.ac.uk). The gait
cycle refers to angles of the rotation formed by the thigh and lower leg
rotation while the subject is in motion. The gait cycle is divided into three
phases, stance, swing, and float. The period of time that the foot is in
contact with terra firma is the stance phase, the swing phase is the period
of time the foot is in forward motion while off the ground, and the float
phase during which time that neither foot is on the ground. The final step
is to perform a canonical analysis using the Fourier algorithm to produce
the gait signature.
Georgia Tech Research Institute (GTRI) is considered to have in their
mist some of the foremost experts of this technology. GTRI claim that they
are building a new radar system that can identify people from up to 500
feet away during the day, night, and all-weather conditions.
Handgrip Recognition
100
Advanced Biometrics Incorporated invented this technology, with hope
of it one day being used to prevent unauthorized use of handguns. Many
handgun manufactures like Smith & Wesson and Colt have invested
millions in the exploration and adaptation of this technology. It is the hope
of handgun manufactures to create a smart handgun that will only
recognize authorized users (JUSTNET).
Handgrip technology does not take measurements, nor does it rely on
external features of the hand. It focuses on the internal part of the hand by
analyzing the unique subcutaneous tissues, blood vessel patterns, veins,
arteries and fatty tissues of a hand in a gripped position.
Ear Pattern Recognition
The shape of the outer ear, lobes, bone structure and the size are
unique to each person. Ear pattern recognition is employed as a physical
contactless biometric (Carreira-Perpinan & Sanchez-Calle, 1995) and uses
an Optophone to verify the shape of the ear. A French company, ART
Techniques, developed the Optophone and the process. It is a telephone
type handset, which is comprised of two components (lighting source and
cameras).
Much like the minutiae points of a palm print or fingerprint the outer ear
has many detailed features that can be measured and compared to a
biometric template.
101
Image 18: Identification of Measurable Ear Features
Source: http://www.dcs.shef.ac.uk/~miguel/papers/ps
Body Salinity Identification
102
An individual’s salinity level of salt in the body is believed to be unique.
This technology passing a tiny electrical current through the body in order
to analysis the salt content. The more salt in the body, the more
conductive the body becomes to electricity.
An unexpected benefit of this technology is that as the electrical current
passes through the body it can also carry data at a transfer rates
equivalent to a 2400-baud modem. Many researchers Michigan State
University, Indiana University, Purdue University) have speculated that
this technology could be used to facilitate communication between devices
(i.e. watches or cell phones).
Infrared Fingertip Imaging and Pattern Recognition
The technology concepts imposed for this biometric is very similar in
most respects to the concepts that are used by facial thermography. With
both facial thermography and infrared fingertip imagine use thermal
mapping to identify patterns. The primary difference the way in which the
thermal mapping is acquired. Facial thermography involves the taking of a
picture with an infrared camera, while the infrared fingertip imaging and
pattern recognition biometric involves the comparing the relative
differences in thermal energy being observed by an infrared detector. A
further contrasting comparison is that the infrared fingertip imaging and
pattern recognition biometric is a contact biometric, while facial
103
thermography is contactless (M. Wilmore, personal communication,
February 5, 2003)
Image 19: Rendering of Fingertip Thermo Mapping Technique
Source: http://www.posidinc.com/images/concept.jpg
Storage Methodologies
The biometric data can be stored in a number of ways, either in a
centralized database, in a distributed system, or on a user owned portable
storage device. Many of the methods used to store the biometric data is
done so in a cross-methodology fashion. No matter what storage method
is used, the biometric data must be encrypted to ensure that security
requirements are met (Biocentric Solutions Inc., n.d.).
104
Client-Server Architecture
The client-server architecture is most commonly associated to a
centralized database approach. This approach is a one-to-many matching
process as the centralize database stores all associated data in one
location that is accessible via telecommunications assets.
Distributed Architecture
A distributed architecture is when a database is distributed to remote
servers. In this scenario a centralized biometric database does exist and
could have been fractured into geographical data segments using an ad
hoc algorithm. The segmented data is then forced to geographically
remote servers in a distributed fashion; the reason for this approach is to
foster a one-to-a-few match of biometric users to small dataset.
An example of one-to-a-few matching is an entry-control system for the
restricted-access work area of a small work group (of, say, 20 people or
fewer). In this example, the workers might not need access cards; they
might need to present only a facial biometric to a sensor at the point of
entry. A modest computer could determine within a few seconds whether
the presented print matched one of the biometrics in the database.
Radio Frequency Identification (RFID)
A RFID is essential an inductively or capacitively coupled electronic
UPC (Universal Product Code) bar code that is part of a distributed
105
architecture. The RFID tag was originally developed and attached to cattle
as a method of tracking them. The herder would use a hand held device to
read the RFID. Today RFID tags can communicate to a networked system
and so that businesses can electronic track every product as it moved
through the supply chain.
Some biometric developers have proposed using attaching RFIDs to a
card for storage of biometric templates, which in itself is not unreasonable.
Other developers have proposed the implantation of RFIDs into humans. It
is possible to use RFID technology to identify and track human being, as
RFIDs are currently being used to identify and track (tag) non-humanoid
animals (RFID Journal).
Image 20: Smallest RFID Chip Smallest RFID Chip (Hitachi) is 0.3 millimeter square
Source: http://www.rfidjournal.com/ezimagecatalogue/
106
catalogue/phpSnTWUU.jpg
Smart Card Technologies
Smart cards possess all of the advantages of RFIDs, with the added
advantages of extended computing and extended storage space. One of
application of smart cards is to decrease the dependence on centralized
databases for storing personal data and to replace RFIDs and magnetic-
stripe cards, which are not smart. Smart cards may provide access to
important personal data, but the data resides on a remote storage device.
Smart cards come in two basic varieties, contact and contactless. If not
for the interchanging of two parts a contact and contactless smart cards
would be virtually identical. A contactless smart card consist the basic
parts depicted in Image X (card body, contacts, chip, and antenna).
Image 21: Component Parts of Contactless Smart Card
Source: http://www.swats.se/images/swats/3/swats_kortritningar.gif
107
Both the contactless and contact smart cards share many of the same
parts. The primary differences between a contactless and contact smart
card is that the contactless smart card has an antenna and no battery,
while the contact smart card is reversed. The contact card is void of an
antenna and has a battery.
Contact smart cards use the battery as the energy source and rely on
physical contact in order to convey data. Contactless smart cards do not
have a battery as the energy source, nor does it require contact in order
convey data. In a contactless smart card the antenna serves a dual
purpose. The antenna is used to convey the data to a remote device and it
is the power source.
Image 22: Flow of Smart Card Reader/Writer Functions
108
Source: http://edevice.fujitsu.com/fj/CATALOG/ AD05/05-00023/IMAGE/p39_e.gif
Just like an RFID the contactless smart card uses the antenna to
derive power from inductive coupling. Inductive coupling is the process of
generating a strong, high frequency electro-magnetic field, which
penetrates the cross-section of the coiled antenna area. By inducting an
electro-magnetic field voltage is generated in the smart card's antenna
coil. The voltage within the coil reaches a maximum due to resonance
step-up in the parallel resonant circuit. This voltage is rectified and serves
as the power supply for the card functions.
Image 23: Inductive Coupling for Contactless Smart Card
109
Source: http://edevice.fujitsu.com/fj/CATALOG/ AD05/05-00023/IMAGE/p37_2_e.gif
Hybrid Architecture
A hybrid-architecture schema uses a truly distributed database (e.g.
RFID or smart card) and will normally be comprised of a TTP (trusted third
party) that could be elicited via a client-server network. The difference is
that the mission of the TTP is to verify the genuineness of the card via a
security certificate(s) and/or the MAC (Media Access Control) address. By
employing this strategy the TTP does not store user specific data or the
biometric templates and therefore does not have explicit knowledge of the
user’s identity.
Existing Standards
110
Standards relating to storage methods are well defined, established
and accepted by the international communities.
AAMVA Fingerprint Minutiae Format/National Standard for the Driver
License/Identification Card DL/ID-2000: The purpose of the
American Association for Motor Vehicle Administration (AAMVA)
Driver’s License and Identification (DL/ID) Standard is to provide a
uniform means to identify issuers and holders of driver license cards
within the U.S. and Canada. The standard specifies identification
information on drivers’ license and ID card applications. In the high-
capacity technologies such as bar codes, integrated circuit cards, and
optical memory, the AAMVA standard employs international standard
application coding to make additional applications possible on the
same card. The standard specifies minimum requirements for
presenting human-readable identification information including the
format and data content of identification in the magnetic stripe, the bar
code, integrated circuit cards, optical memories, and digital imaging. It
also specifies a format for fingerprint minutiae data that would be
readable across state and province boundaries for drivers’ licenses.
DL/ID-2000 is compatible with the BioAPI specification and CBEFF.
ISO/IEC 7810 (Published 1985): Identification cards: Physical
characteristics – This standard outlines characteristics relative to
111
different sizes of cards. ID-1 has become the standard size for contact
and contactless cards (dimensions: 54 mm x 85.6 mm x 0.76 mm
(2.125 in x 3.370 in x 0.03 in).
ISO/IEC 10373 (Published 1993): Identification cards: Test Methods –
The standard has seven parts, Part 1: General characteristics tests,
Part 2: Cards with magnetic stripes, Part 3: Integrated circuit(s) cards
with contacts and related interface devices, Part 4: Close coupled
cards, Part 5: Optical memory cards, Part 6: Proximity cards, Part 7:
Vicinity cards.
ISO/IEC 10536 (Published 1996): Identification cards: Contactless
integrated circuit(s) cards: Close coupling contactless cards (operating
distance less than 2 millimeters) – The standard has three parts, Part
1: Physical characteristics, Part 2: Dimension and location of coupling
areas, Part 3: Electronic signals and reset procedures.
ISO/IEC 14443 (Published 2001): Identification cards: Contactless
integrated circuit(s) cards: Proximity contactless cards (operating
distance up to 10 centimeters) – The standard has four parts, Part 1:
Physical characteristics, Part 2: Radio frequency power and signal
interface, Part 3: Initialization and anti-collision, Part 4: Transmission
protocol.
112
ISO/IEC 15693 (Published 2001): Identification cards: Contactless
integrated circuit(s) cards: Vicinity contactless cards (operating
distance up to 1 meter) – The standard has three parts, Part 1:
Physical characteristics, Part 2: Air interface and initialization, Part 3:
Anti-collision and transmission protocol.
ISO/TC204 Transport Information and Control Systems
(http://www.sae.org/technicalcommittees/gits.htm): Deals with Human
Factors and Man-Machine Interface issues, and U.S. Working Advisory
Groups to ISO/TC204/WGs 3, 10, 11 and 13. Standardization efforts of
ISO/TC204 are harmonized with the ongoing efforts of CEN/TC278,
Road Transport and Traffic Telematics, resulting in parallel
development of global standards.
JTC 1/SC 17 Identification Cards and related devices
(http://www.sc17.com): In 1988 the International Organization for
Standardization (ISO) and the International Electro technical
Commission (IEC) created a Joint Technical Committee on Information
Technology (ISO/IEC JTC1). JTC1 comprises of some 19 sub-
committees covering the area of Information Technology. Sub-
Committee 17 (SC17) has responsibility for developing standards for
Identification Cards and personal identification.
113
JTC 1/SC 31 Automatic Identification and Data Capture Techniques
(http://www.uc-council.com/sc31/home.htm): ISO (International
Organization for Standardization) and IEC (International Electro-
Technical Commission) jointly sponsor Joint Technical Committee
number one, JTC 1, to address subjects of interest to both
organizations. JTC 1 in turn created several subcommittees to address
specific issues. Among those subcommittees is SC 31.
Disability Statistics
Unlike other statistical data, that which relates to people of variable
abilities is not concrete. The reasons for such variances lie in how we as a
society define the term disability, and how we group disabilities into those
that affect hearing, speech, vision, mobility, agility, learning, memory, and
psychological.
Additionally, as per the content of both the formal and informal
interviews that the researched has conducted it had been communicated
that while society may conclude that a person to has a disability. The
person in question may not consider himself or herself to have a disability,
merely just challenged. Case in point, one of the interviewees suffers from
a hearing lost.
With respect to disability statistics, the question that we as a society
have to ask is, “at what point should we consider a loss of physical or
114
mental abilities to be a disability? Is it when a physician has determined
that the percentage of loss ability has reached a tacit level or is when the
person in question states that he or she has a disability?”
Historically, the accumulation of disability statistic from those countries
which are considered to be less developed, is either difficult to come by or
non-existent. The following charts are an attempt to paint a graphical
picture of statistical data from the three most predominant disabilities and
their sources:
U.S. Census Bureau (http://www.census.gov): 5.7% of Americans are vision impaired
5.9% of Americans have a hearing loss
17.7% of Americans have reduced mobility
Chart 1: American Disability Statistics, 1999
Canadian Statistical Reference Centre (http://www.statcan.ca/start.html): 17.4% of Canadians are vision impaired
17.7
5.7
5.9
Vision Impaired Hearing Loss Reduced Mobility
115
30.4% of Canadians have a hearing loss
71.7% of Canadians have reduced mobility
Chart 2: Canadian Disability Statistics, 1998
Royal National Institute for the Blind (http://www.tiresias.org):
1.9% of Europeans are vision impaired
6% of Europeans have a hearing loss
23.1% of Europeans have reduced mobility
Chart 3: European Disability Statistics, 2001
71.7
17.4
30.4
Vision Impaired Hearing Loss Reduced Mobility
23.1
1.96
Vision Impaired Hearing Loss Reduced Mobility
116
Just by glancing at the charts above one can’t help to see that there
are more people whom experience reduced mobility, than any other
group. Privacy/Legal Issues
Privacy and legal issues will almost surely delay and complicate the
introduction of biometrics into your daily routine. If society is to realize the
technology's full potential, changes are necessary in many laws. For
example, laws that require your signature or photograph on certain
documents will have to allow (though probably not require) the substitution
of biometric identity-verification techniques.
By means of numerous personal communications, surveys (Appendix
4, Question 3), and interviews the researcher has concluded that by opting
to use a single biometric (e.g. fingerprint scanning) without the presence
of an alternative authentication method, that biometric technologies cannot
be applied to all groups of people. Hence, the purchaser has ultimately
chosen a solution that will surely increase the likelihood of discrimination
against specific diverse groups (i.e. people of variable abilities).
Civil Rights
One of the most consistent and prolific constraint towards the
implementation of many new technologies is the controversy over civil
rights, namely privacy (physical or informational) issues. It is a consensus
117
of opinions that opponents of newfangled emerging technologies such as
biometrics are necessary to the developmental and implementation
processes for emerging technology. Opponents of emerging technologies
urge all technology maestros to improve designs, refine processes, and
safeguard the things we hold most dear, our freedom and humanity.
Furthermore, it is believed that the majority of civilized people are
compassionate and recognize the supreme need for new assistive
technologies. Therefore, both advocates and opponents alike must do
everything possible as civilized human beings to bestow freedom to
everyone in need. To accomplish such a monumental task, society must
harness the creativity and innovation of our society to develop new
theories and assistive technologies.
Individual Anonymity
Many individuals are concern that the ubiquitous proliferation of
biometric technologies into our societies would be the catalyst that leads
to the destruction of individual anonymity. The reasoning behind this fear
is that the supposed lost of individual anonymity can discourage
spontaneous and free behavior (i.e. speech). The underlining concept
here is the perceived loss of freedom or losing oneself.
Still, there are other individuals that believe that anonymity has already
gone astray. This group of individuals believes that if the omnipresence of
118
‘Big Brother’ (government) wanted to track down an individual that it could
be easily accomplished via credit card transactions, cell phones, pagers
(two-way), GPS (Global Positioning Satellites) and surveillance of the
subject and/or acquaintances.
An interesting tidbit about the concept of individual anonymity with
respect to the Fourth Amendment as explained by Woodward, J., Orlans,
N., & Higgins, P. (2003), p. 358 is that based on:
Florida v. Royer, 460 U.S. 491, 497-498 (1983), a law enforcement officer does not violate the Fourth Amendment when he approaches an individual in a public setting and asks him questions. However, the Court has made it clear that “the person approached need not answer any question put to him; indeed he may decline to listen to the question at all and may go on his way.”
Biometric Technologies
The Americans Civil Liberties Union (ACLU) is only one of many local,
state, federal, and international organizations with legitimate concerns
about the security (privacy) or misuse of the biometric data collected by
the government and private companies (Winter, 2000). It is important to
note that the ACLU does supports the use of biometric technologies for
access to logical assets and physical facilities, providing the technology is
proven to balance the elements of reliability, effectiveness, intrusiveness
level must be balanced with magnitude of risk, and technology must be
applied in a non-discriminatory manner. Having said that, do not forget
119
that the acceptance requirements (elements) expressed by the ACLU are
intrinsically problematic and left to the interpretation of the user.
The aforementioned concerns are of such importance that two
organizations were formed to address the concerns, the first is the
International Biometric Industry Association (www.ibia.org), which is
sponsored by the National Institute of Standards and Technology (NIST)
and the second is the Bioprivacy Organization (www.bioprivacy.org),
which is sponsored by the International Biometric Group (www.biometric
group.com) (Woodlands Online, n.d.).
An attention-grabbing veracity to point out is that it is the
consentaneous consensus of the Biometric Consortium that biometrics
was and will continue to be developed as a method of securing freedom,
protecting data, and ensuring privacy. That is to say that biometric
developers have went to great lengths to all sensitive data is encrypted by
not only one algorithm, but in many cases multiple encryption levels.
Storage Methodologies
Privacy advocates find the establishment of centralized databases via
the traditional client-server architecture to be an abhorrent incubus that
will devour freedom. One might think that the concerns stem from the
perceive lack of ability for institutions both government and corporate to
protect valuable data from hackers. This is, however, not the case, it
120
appears that privacy advocates fears revolve around the perceived notion
that the government will collect this data for the purpose of violating the
civil rights of it’s citizens.
The public perceptions of radio-frequency identification chips is that
they are an invasion of privacy that could theoretically be used to track an
individual's buying habits and the individuals themselves. While the
perception of industry is that RFID tags were never intended to be used in
the tracking of a person or an individual’s buying habit’s.
Clothing manufactures embed RFID tags into the labels of garments to
track the products through the manufacturing and supply chains. The end
result would be a cost savings that could have been passed on to the
consumer (Huff, n.d.).
Despite differences in opinions, the RFID industry does seem to agree
that now is the time to explore all privacy issues related to RFID. AIM
Global (http://www.aimglobal.org/technologies/rfid), is a global trade
association that addresses automatic identification, data collection and
networking in mobile environments, is setting up a committee to look into
privacy issues, make recommendations and build industry consensus.
Smart cards are more secure and would remove much of the data that
pertains to a person from the centralized database. This data would reside
on the smart card. Without protection, however, the data would be ripe for
121
misuse. The protection would come in the form of PKI encryption for
transmissions and biometrics user authentication. For example, software
that generates keys for a PKI encryption system might use data derived
from one or more biometric sensor to generate at least one of the keys.
Private Institutions
Corporations are encroaching further into our private lives, seeking out
new opportunities to sell us products and turning every aspect of life into a
commodity. The use of biometrics and biometric storage technologies in a
corporate setting has been the subject of much debate. Many individuals
do not have a problem using the fore mentioned technologies to monitor
for security risks, sexual harassment, and/or to ensure the acceptable
performance of employees.
The concern of labor unions and employees is that employers will
exploit the technologies to spy on employees in order to facilitate explicit
control over an employee’s every move. These activities may diminish an
employee’s morale, dignity, and increase worker stress.
Advocates of workplace privacy are attempting to have laws
established that specifically call for the purpose, collection limitations,
accuracy of data, limits on retention of data, security, and protections
against the transfer of data. Advocates believe that this level of protections
122
elevates employees to a more equal footing while allowing employers to
monitor for legitimate reasons (Gindin, 1997).
Government Facilities
Government facilities bring into play contrasting beliefs. As
government facilities and records are to be both a place of work and open
to the public. Records are open public so that citizens have the ability to
monitor their government and to ensure accountability in a democratic
society. Yet society demands even greater security and monitoring of the
facility and the employees.
The challenge for lawmakers is to strike a balance between the publics
right to information and the individual's right to privacy. As stated by
Gindin, S. E. (1997), the following are some of those attempted to protect
privacy:
The Electronic Communications Privacy Act of 1986 (ECPA) and the Computer Fraud and Abuse Act contain provisions to protect electronic privacy. The Privacy Protection Act of 1980 restricts governmental seizure of publishers' investigative work product. The Privacy Act of 1974 and the Computer Matching and Privacy Protection Act of 1988 regulate government record-keeping and prevent government agencies from divulging certain personal information without proper authorization.
Public Places
123
Are biometric technologies on public streets and at recreational events
in violation of the Constitution of the United States’ Bill of Rights
(http://www.law.emory.edu/FEDERAL/usconst.html) First Amendment
(freedom of expression/religion), Fourth Amendment (protection against
unreasonable searches and seizures, Fifth Amendment (protection
against self-incrimination), and Fourteenth Amendment (Due Process
Clause protects against personal decisions concerning marriage,
procreation, contraception, family relationship, child rearing, and
education)? If you ask the ACLU the answer to each of these is; Yes
(http://www.aclu.org).
However, the majority of law scholars and ruling do not agree with the
stance of the ACLU. They have instead determined that term privacy in
public is a contradictory concept; as such the expectation of privacy in a
public forum does not exist. This is reinforced by the work of Woodward,
J., Orlans, N., & Higgins, P. (2003) p. 358, that there are no laws
prohibiting the collection of biometric data in public places. Given this one
should have no expectation of privacy in public (Nanavati et al.).
Misuse of Personal Data
In accordance with the work of Gindin, S. E. (1997) the misuse of
personal data for something other then it’s intended purpose is a violation
of the many federal acts and statues.
124
• American Family Privacy Act of 1997 - Prohibits federal officers
from providing access to social security, earnings, benefits & tax
information through the Internet.
• Cable Communications Policy Act of 1984 - Protects cable
television subscriber information.
• Children's Privacy Protection and Parental Empowerment Act of
1999 (H.R. 369) - Prohibits the sale of personal information about
children without their parents' consent.
• Collections of Information Anti-Conspiracy Act (H.R. 354) - Creates
new property rights for owners of databases of public information.
• Consumer Internet Privacy Protection Act of 1997 – Prohibits the
disclosure of personally identifiable information without consent.
• Consumer Internet Privacy Protection Act of 1999 (H.R. 313) -
Regulate the use by interactive computer services of personally
identifiable information provided by subscribers to such services.
• Data Privacy Act of 1997 - Guidelines that limit the collection and
use of personally identifiable information obtained from individuals
through any interactive computer service for commercial marketing
purposes,
• Department of Transportation and Related Agencies and
Appropriations Act, 2000 (H.R. 2084) - Two amendments proposed
125
by Sen. Shelby (R-AL) pertain to privacy. Section 339 eliminates
federal funding for highway projects in states that sell drivers'
license personal information, motor vehicle records, or photographs
from drivers' licenses. Section 348 repeals section 656(b) of the
Omnibus Consolidated Appropriations Act of 1997, which required
social security numbers to be displayed on drivers' licenses.
• Driver's Privacy Protection Act of 1994 - restricts the release of
motor vehicle records.
• Fair Health Information Practices Act of 1997 – disclosure of health
information to non-medical personnel without consent is prohibited.
• Family Educational Rights and Privacy Act of 1974 (FERPA) -
protects student records.
• Federal Internet Privacy Protection Act of 1997 - Prohibits Federal
agencies from making certain confidential records with respect to
individuals available through the Internet.
• Federal Records Act - regulates the disposal of federal records (all
records electronic or otherwise).
• Financial Information Privacy Act of 1999 (S. 187) - Requires FDIC
to set privacy rules.
126
• Financial Services Act of 1999 (H.R. 10) - Major bank, securities
and other financial services merger bill. It requires the FTC to issue
interim reports on consumer privacy.
• H.R. 191 - Creates a tamper-proof Social Security Card (i.e.,
National I.D. Card) used for employment verification.
• Know your Customers Sunset Act (H.R. 516) - Prohibits
government from implementing the "Know Your Customer" rules.
• Patient's Bill of Rights Act of 1999 (S. 6) - Requires health plans
and insurers to protect confidentiality of medical records and allow
patient access.
• Patients' Bill of Rights Act of 1999 (H.R. 358) - Requires health
plans and insurers to protect confidentiality of medical records and
allow patient access.
• Personal Privacy Protection Act (H.R. 97) - Prohibits physical
intrusion into privacy for commercial purposes (i.e., press).
Exempts law enforcement.
• Right to Financial Privacy Act - Prohibits the government agencies,
except for the Internal Revenue Service and agencies supervising
banks from accessing financial records of individuals.
127
• Social Security On-line Privacy Protection Act of 1999 (H.R. 367) -
Limits disclosure of social security numbers by interactive computer
services.
• Telecommunications Act of 1996 - Safeguards customer
information held by telecommunications carriers.
• Video Privacy Act - Protects videotape rental records.
You will notice that the acts and statues have distinctly manifested
boundaries on the collection and/or maintenance of acquired information
be it in paper or electronic (i.e. biometric templates) format. The laws also
require that those requesting information provide proper consent (usually
written) before the information can be disclosed. The challenge is to
ensure that the benefits of biometrics prevail without sacrificing personal
privacy, or worst becoming a big brother society. In spite of the acts and
statues the MSNBC.com published this following chart collection (data
source ‘The Harris Poll’):
Chart 4: Potential Abuses of Power
For this poll, Harris Interactive interviewed by telephone 1,012 adults between Sept. 19-24, 2001 about concerns about increased law enforcement powers in the wake of the September 11 attacks.
The margin of error is plus or minus 3 percentage points.
128
Source: http://www.msnbc.com/news/wld/national/brill/
images/abuse_power_brill_1.gif
Source: http://www.msnbc.com/news/wld/national/brill/ images/abuse_power_brill_2.gif
Source: http://www.msnbc.com/news/wld/national/brill/
images/abuse_power_brill_3.gif
129
Source: http://www.msnbc.com/news/wld/national/brill/ images/abuse_power_brill_4.gif
Source: http://www.msnbc.com/news/wld/national/brill/ images/abuse_power_brill_5.gif
Source: http://www.msnbc.com/news/wld/national/brill/ images/abuse_power_brill_6.gif
130
Source: http://www.msnbc.com/news/wld/national/brill/
images/abuse_power_brill_7.gif
Profiling (Big Brother is Watching)
As technology becomes more robust there is greater concern about the
centralization of a national identity database, for such a database could
set the stage for the practice of unwarranted and/or unlawful surveillance.
Further, it is the trepidation of society that the collection and storage of
biometric data will lead to the prolific profiling a person based on his or her
picture (appearance), ethnicity, religion, age, or gender (unconstitutional).
Given the following scenario, if surveillance of a person was set into
motion based on a persons picture (appearance), ethnicity, religion, or
gender. Then it would most likely be the defense of law enforcement
officers that the person was being watched because he or she looked
suspicious, which could be construed by courts as one of the twelve
exception rules (Intra-Agency Need to Know) to The Privacy Act of 1974
(Woodward, Orlans, & Higgins, 2003). However, if the decision to initiate
131
surveillance were based on profiled data of a discriminatory nature, then
the actions of the law enforcement officer would have been illegal and
unconstitutional. The problem is how can we as a society police our police,
if we cannot be sure of the circumstances surrounding a law enforcement
officers decision to initiate the surveillance.
There are potential solutions to the above scenario, but not all of the
solutions are feasible. The first potential solution would be not to use
biometrics, which is not feasible because the genie is out of the bottle.
Second solution would be to ensure that unconstitutional or profiling data
is not associated to the biometric template, which is not feasible because
biometric like facial geometry require a picture. The most logical solution
would be to decentralize of databases and give control of the biometric
templates to the biometric owner. The decentralization can be
accomplished with a smart card or RFID.
Child Protection Education of America is a nonprofit organization that
offers free digital fingerprinting (all ten) and digital photographing of
children in hopes of protecting children. The question is does the collection
and storing of this data in a centralized database constitute a national
identity database? At this time such issues with respect to the collection of
child’s biometric has not been addressed.
132
Security Issues
The most common standardized encryption method used to secure a
company’s infrastructure is the Public Key Infrastructure (PKI) approach.
This approach consists of two keys with a binary string ranging in size
from 1024-bits to 2048-bits, the first key is a public key (widely known) and
the second key is a private key (only known by the owner). However, the
PKI must also be stored and inherently it too can fall prey to the same
authentication limitation of a password, PIN, or token. It too can be
guessed, lost, stolen, shared, hacked, or circumvented; this is even further
justification for a biometric authentication system (Corcoran et al.).
Because of the structure of the technology industry, making biometric
security a feature of embedded systems, such as cellular phones, may be
simpler than adding similar features to PCs. Unlike the personal computer,
the cell phone is a fixed-purpose device. To successfully incorporate
biometrics, cell-phone developers need not gather support from nearly as
many groups as PC-application developers must.
Biometrics Technologies
Security has always been a major concern for company executives and
information technology professionals of all entities. A biometric
133
authentication system that is correctly implemented can provide
unparalleled security, enhanced convenience, heightened accountability,
superior fraud detection, and is extremely effective in discouraging fraud
(Nanavati et al.).
Controlling access to logical and physical assets of a company is not
the only concern that must be addressed. Companies, executives, and
security managers must also take into account security of the biometric
data (template) (Walder, 1997).
There are many urban biometric legends about cutting off someone
finger or removing a body part for the purpose of gain access. This is not
true… For once you take away the blood supply of a body part the unique
details of that body part starts to deteriorate within minutes. Hence the
unique details of the severed body part(s) is no longer in any condition to
function as an acceptable input for scanners.
Storage Methodologies
Per Walder (1997) the best overall way to secure an enterprise
infrastructure, whether it be small or large is use a smart card. A smart
card is a portable device with an embedded central processing unit (CPU).
The smart card can either be fashioned to resemble a credit card,
identification card, radio frequency identification (RFID), or a Personal
Computer Memory Card International Association (PCMCIA) card
134
(Biocentric Solutions Inc., n.d.). The smart card can be used to store data
of all types, but it is commonly used to store encrypted data, human
resources data, medical data, financial data, and biometric data
(template). The smart card can be access via a card reader, PCMCIA slot,
or proximity reader; it is therefore in compliance with section 508 of the
Americans with Disabilities Act (ADA) (Walder, 1997).
In most biometric-security applications, you don't ask the system to
determine the identity of the person who presents himself to the system.
That is, you don't say to the system, "Of the millions of sets of fingerprints
you have on file, which set contains a print that matches this print?" This
problem is "one-to-many matching." Usually, you supply your identity to
the system, often by presenting a machine-readable ID card, and ask the
system to confirm that you are who you say you are. This problem is "one-
to-one matching." Today's PCs can conduct a one-to-one match in, at
most, a few seconds. One-to-one matching differs significantly from one-
to-many matching. In a system that stores a million sets of prints, a one-
to-many match requires comparing the presented fingerprint with 10
million prints (1 million sets times 10 prints/set).
Image 24: Example of a Biometric Identification Smart Card
135
(Source: www.biometricassociates.com)
A smart card is a must when implementing a biometric authentication
system; only by the using a smart card can an organization satisfy all
security and legal requirements (Biocentric Solutions Inc., n.d.). Corcoran
et al. (1999) stated, “This process irrefutably authenticates the person
presenting the card as the same person to whom the cryptographic keys
belong and provides the necessary tight binding between cryptographic
key storage and the authorized user of the cryptographic keys.” (p. 5).
Smart cards possess the basic elements of a computer (interface,
processor, and storage), and are therefore very capable of performing
authentication functions right on the card. The function of performing
authentication within the confines of the card is known as ‘Matching on the
Card (MOC)’. From a security prospective MOC is ideal as the biometric
template, biometric sampling and associated algorithms never leave the
card and as such cannot be intercepted or spoofed by others (Smart Card
Alliance).
136
The problem with smart cards is the public-key infrastructure
certificates built into card does not solve the problem of someone stealing
the card or creating one. A TTP (Trusted Third Party) can be used to verify
the authenticity of a card via an encrypted MAC (Media Access Control)
(Everett, n.d.).
Assistive Technologies
In the not so distant past, assistive technologies were limited to the
connection of local assets; as such security concerns were satisfied by the
very nature of limited physical (hands on) access to the assistive device.
With the unveiling of networked architectures of both wired and wireless
venue, assistive technologies must now be adaptive to local and
networked devices.
Existing Standards
The security standards were sourced from Woodward, Orlans, &
Higgins (2003) p. 174, the National Institute of Standards and Technology,
and Information Technology Laboratory web sites:
ANS X9.84-2001 (Published TBA): Biometric Information Management
and Security, defines the requirements for managing and securing
biometric information (for example, fingerprint, iris scan, voiceprint) for
use in the financial industry. Published by the American National
Standards Institute (ANSI) standard was developed by the X9.F4
137
Working Group of ANSI Accredited Standards Committee X9, an ANSI
accredited standards organization that develops, establishes,
publishes, maintains and promotes standards for the financial services
industry. X9.84-2000 specifies the minimum-security requirements for
effective management of biometrics data for the financial services
industry and the security for the collection, distribution and processing
of biometrics data. It specifies: (1) the security of the physical hardware
used throughout the biometric life cycle; (2) the management of the
biometric data across its life cycle; (3) the utilization of biometric
technology for verification/identification of banking customers and
employees; (4) the application of biometric technology for physical and
logical access controls; (5) the encapsulation of biometric data; and (6)
techniques for securely transmitting and storing biometric data. The
biometric data object specified in X9.84 is compatible with CBEFF.
CDSA/CSSM Authentication - Human Recognition Service (HRS) API
V2: (Common Data Security Architecture) - API for use with
CDSA/CSSM for authentication using biometric techniques and uses
the EMM (Elective Module Manager) facilities provided in the CDSA’s
CSSM (Common Security Services Manager), to provide a generic
authentication service for CDSA. It provides a high-level generic
authentication model that is suited to use with any form of human
138
authentication, for operation with CDSA. Particular emphasis has been
put on designing it for performing authentication using biometric
technology. CDSA/HRS covers the basic functions of Enrollment,
Verification, and Identification, and includes a database interface to
allow a biometric service provider (BSP) to manage the identification
population for optimum performance. It also provides primitives, which
allow an application to manage the capture of samples on a client, and
the functions of Enrollment, Verification and Identification on a server.
It is designed to support multiple authentication methods, both
singularly and when used in "a combination or "layered" manner. This
API was developed by the" BioAPI Consortium, using earlier work
from several interest groups. It is based on the BioAPI Consortium's
published Version 1.0 8, March 20, 2000.
Cultural Barriers/Perceptions
People as diverse as those of variable abilities (Swanson & Fouad,
1999) are subject to many barriers, theories, concepts, and practices that
stem from the relative culture (i.e. stigma, dignity or heritage) and
perceptions (i.e. religion or philosophical) of the international community.
These factors are so great that they could encompass a study of their
own. To that end, Szymanski and Parker (1996) have theorized that to a
certain degree that the application of diversity factors from current
139
theories, concepts, and practices may be capable of providing a sturdy
framework to the management of employees with disabilities. Moreover,
Hagner and DiLeo (1993) have implied that the term diversity is a
synonymous reflection of the initiatives and objectives of affirmative action
policies. The concept of diversity in the workplace actually refers to the
differences embodied by the workforce members at large (Barnartt &
Altman, 2001). The differences between all employees in the workforce
can be equated to those employees of different or diverse ethnic origin,
racial descent, gender, sexual orientation, chronological maturity, and
ability; in effect minorities (Szymanski & Parker, 1996).
The Elderly (Aging) Paradigm
Even with the medical advances of the 21st century to increase
longevity and improved health among the aging, an elderly person still
runs the risk of developing a chronic functional disability. The elderly have
been stereotyped as unproductive and dependent upon others for their
survival. For instance, that the elderly are too inept to keep mental pace
with rapid-growth of companies. This mindset is unfair and detrimental to
the vitality of society as well as the dignity of the aging individuals.
140
Equality however remains limited in part due to the persistence of
myths and misperceptions by society about the ability of people of variable
abilities in business. More interesting, is that some people of variable
abilities believe the same crippling myths themselves.
Old Disability Paradigm
As our societies and workplaces have changed from that of industrial to
informational, personal computers, telecommunication devices, and other
high-level technologies have become the dominant component of our
national culture and economic system. This has also changed employees
from industrial workers (skilled laborer) to knowledge workers. The result
of this change is that people of variable abilities now have more career
options (National Council on Disability [NCD], 2001).
In retrospect, the post World War I theory or concept of disability was
perceived as a medical condition (mental, physical, or emotional) that lead
to the inability of a person to conduct work, which is commonly referred to
as the medical model (Heldrick, 1999). The medical model concept was
perceived and widely accepted as the most accurate definition up until the
1990’s. In the 1990’s, the medical model concept (old paradigm) started to
shift ever so slightly to what is nowadays known as the disability paradigm
(new paradigm).
New Disability Paradigm
141
The shift in paradigms from the old to the new has lead to the
rethinking of many related theories, concepts, and practices from those
that viewed disabilities under the medical model paradigm to what is now
considered to be that of a social model (new disability paradigm) (Barnartt
& Altman, 2001). Some of the most popular theories, concepts, and
practices are the theory of work adjustment, organizational career theory,
Super’s theory, and the role theory (Szymanski & Parker, 1996).
The theory of work adjustment was developed in the 1960s by the state
of Minnesota and for all intensive purposes the theory of work adjustment
is a person-environment theory model (Hagner & DiLeo, 1993). In
accordance with the work of Szymanski and Parker (1996), the
relationship between the employee and the workplace environment can be
a source of unfathomed strength or profound confusion. Nonetheless,
Szymanski and Parker (1996) have stated that the person-environment
theory model is based on the following paraphrased assumptions (p. 83):
• Individuals seek out and create environments that offer possibilities
of leadership such that they are in charge.
• Degree of fit between the person and environment is associated
with significant outcomes that can substantially affect the
performance, productivity, satisfaction, turnover, and stress.
• The process of person and environment fit is reciprocal.
142
The major presumption in the theory of work adjustment is that
employees seek to maintain a positive relationship with their workplace
environment. Employees therefore bring their individual and/or team
requirements to the workplace environment, and the workplace
environment brings its requirements to the individual employees or the
team (Barnartt & Altman, 2001). The implication is that for work
adjustment to take place the employee and the workplace environment
must achieve some degree of incontrovertible symmetry. In simplistic
terms the employee and the workplace environment are in effect tethered
to each other. The theory of work adjustment does not only apply to
individuals with disabilities, it actually applies to all employees (Swanson &
Fouad, 1999).
When the organizational career theory was first conceived it was
perceived as an economic based theory and did not include employees
with disabilities. This is because the medical model of disability was still
widely accepted and a person with a disability was not thought of as
needing or desiring a career, for he or she was unable to work (Swanson
& Fouad, 1999). The organizational career theory is more of a theoretical
method that can be used by employers in the development of career
planning strategies or to meet company objectives and as a strategic
career management tool for employees. The purpose of this theory is to
143
match the skills and abilities of an employee to the best career fit within
the organization (Szymanski & Parker, 1996). The organizational career
theory favors the established hierarchical bureaucracy of an enterprise as
the idea and most efficient method of deployment. Hence, it is the
responsibility of the employer to seek the best career fit to meet required
organizational personnel objective, in doing so the employee will
subsequently profit (Swanson & Fouad, 1999).
Super’s Theory is a developmental theory that predicates the notion
that there exists a fundamental correlation between the differences of
people and occupations. These differences can be summed up in terms of
abilities and personality traits. In theory, to achieve the most benevolent
outcome it is feasibly possible for employers to translate such differences
into occupational suitability factors for people with disabilities (Swanson &
Fouad, 1999). As stated in the work of Szymanski and Parker (1996), the
Super’s theory encompasses fourteen propositions, of which only three
have practical application to the management of employees with
disabilities (p. 87-89):
• People differ in their abilities and personalities, needs, values,
interests, traits, and self-concepts.
• People are qualified, by virtue of these characteristics, each for a
number of occupations.
144
• Each occupation requires a characteristic pattern of ability and
personality traits, with tolerances wide enough to allow both some
variety of occupation.
Since Super’s theory is a developmental theory it is relevant to make
note that employees progress through seven different stages of career
priority. This progression is most often associated to an employee’s age.
For example, at age 18 an employee may be on a journey of self-
discovery or exploration for the career. The progression of stages
continues from the exploratory stage, to basic training, to early career, to
mid-career, to late career, to disengagement of career focus, to the final
stage of retirement (Hagner & DiLeo, 1993). However, for employees with
disabilities this progression stages most often becomes stuck for an
extended time somewhere in between the early to mid-career stages
(Swanson & Fouad, 1999). As indicated by Barnartt and Altman (2001), it
is important for a manager to recognize such a condition and take action
in the advancement of an employee to the next career stage.
In reference to the role theory, employees fit into a particular career
role and as such they are expected to assume the perceived
characteristics of that role. The career role may be permanent or
temporary and will dictate how each person or employee’ will be perceived
by the employer and society. Under the medical model, a person with a
145
disability is perceived by society as unable to work. Thus, it is very hard
for some people (employers, managers, etc.) to understand why someone
with a disability would desire to work (Barnartt & Altman, 2001).
The role theory is a sociological theory composed of multiple role
concepts. Barnartt and Altman (2001) have listed several of these role
concepts. They are, “role salience, role set, role discontinuity, role strain,
role conflict, role ambiguity and role synchrony” (p. 85).
As per the concept of workplace accommodations, employers with 15
employees or more must make reasonable workplace accommodations
for employees with disabilities. Reasonable accommodations will include
those structural and technological modifications that do not impose an
undue hardship on the employer. The phases ‘reasonable
accommodations’ and ‘undue hardship’ have not been distinctly defined.
However, each can be gauged by the size, revenue, and nature of the
company. For those employers or managers desiring more detail, they can
refer the guidelines outlined by the Americans with Disabilities Act 1990
and current amendments via the Disability Rights Section website (United
States Department of Justice, Civil Rights Division, Disability Rights
Section [USDOJ], 2002).
From the perspective of the manager, some disabilities or impairment
may be hidden or just not obvious. Furthermore, the Americans with
146
Disabilities Act of 1990, precludes the employer from inquiring about a
disability or impairment. It is therefore the obligation of the employee to
furnish the manager or employer with enough selective information to
demonstrate that an employee has a disability or impairment that limits or
restricts his or her ability to perform what is referred to as major life
activities (USDOJ, 2002). Per the National Council on Disability (2001), a
major life activity is the impairment in the performance of manual task,
walking, learning, concentrating, thinking, speaking, breathing, sleeping,
hearing, seeing, interacting with others, or caring for oneself.
The website of the United States Department of Justice, Civil Rights
Division, Disability Rights Section, Section 504 was amended in 2002 to
the Americans with Act of 1990, as such a person with an disclosed
disability or impairment may ask for accommodations to include,
modification of facilities, assistive equipment or devices, part-time work
schedule, modified work schedule, time away for treatment, unpaid leave
of absence, job restructuring, additional education, modification of policy,
or transfer to a vacant position for which the employee is qualified to fill.
However, the United States Department of Labor, Office of Disability
Employment Policy (2002) has legislated that the requesting employee
must also be willing to participate in the process of researching,
determining, developing, and implementing a reasonable accommodation.
147
If the employee does not fully participate he or she may lose their right to
such a reasonable accommodation. In the context of participation, the
employee may voluntarily submit to a medical or psychological
examination, as the resulting documentation may be needed to determine
if the employee has a temporary or permanent disability. As per the United
States Department of Justice, Civil Rights Division, Disability Rights
Section website, a temporary disability may not warrant an
accommodation via the aegis of the Americans with Disabilities Act of
1990 and if the disability is deemed as permanent the documentation may
help to identify the perimeters for the most efficacious accommodation
(USDOJ, 2002).
The concept of assistive technology refers to the belief that assistive
technologies can dissolve the barriers most disability issues. In truth,
assistive technologies are only effective when accompanied by the proper
legislation, policies, and an equitable cultural paradigm in the workplace
(Flippo, Inge, & Barcus, 1995). Assistive technologies can be an electronic
device, a piece of software or a hardware component used to assist the
employee (United States Department of Justice, Civil Rights Division
[USDOJ], 1998). Assistive technology theories and concepts predicate the
tenet philosophy that universal design is tethered directly to the universal
access of all technologies, electronic or not (USDOJ, 2002).
148
As per Flippo, Inge, & Barcus (1995), the fundamental development of
assistive technologies foundations have been dictated by legislation and
federal policy. The aforementioned legislation and policies have also set
the stage for standards associated to the application of communication
technologies, sensory impairment technologies, mobility, and strategies
for the workplace and schools. As implied by Heldrick (1999), the
employment of assistive technologies within companies has also created a
multitude of developmental staffing and creative financing issues.
The organizational concept of culture is the cultural paradigm that
exists within the workplace of every company or enterprise. As coined on
the Department of Labor’s website, the organizational concept is
sometimes referred to as the “Social Theory of Disability” (USDOL, 2002).
An example of this would be the dissimilar social ranking between
management and employees.
The organizational culture is a set of learned attitudes, behaviors, and
the other factoids that comprise a way of conducting business life with co-
workers and management within an organization. While, it is unlikely that
any one employee or manager will share his or her personal culture with
all their co-workers. It is, however, very likely that he or she will choose to
share their personal culture with at least one co-worker, both within the
organization and outside of the organizational confines. With different
149
organizational groups a varied level of comfort is achieved. The practice of
establishing a desired level of comfort is known by most employees as
networking and can be an effective reconnaissance tool for employees
and managers alike (Szymanski & Parker, 1996).
The concept of management functions is a broad plan of attack for
managers on how to influence the organization and employees through
effective planning, organizing, directing, controlling, employee selection,
employee support, employee training and development, and management
style (Hagner & DiLeo, 1993). There are many practices that management
could feasible employ to determine what management functions are best
suited to influence diverse employees with disabilities (Szymanski &
Parker, 1996). The overpowering objective of the theories and concepts
as related to the management functions of employees with disabilities is to
promote or invoke a paradigm shift within the organization, management
ranks, and the workers cultural from the current damning cultural to one
that recognizes the potential abilities of a person (NCD, 2001).
Ability Sequestration of Society
Societies from the beginning of recorded history have made
sequestration of those with variable abilities a legal and moral acceptable
150
practice. Sequestration happens on many levels as those with variable
abilities tend to be generally ignored, forgotten and regard as invisible part
of the society. Even today we sequester the elderly to nursing homes. It
has been even worse for those with disabilities, for in the not to distant
past those with disabilities were perceived as a plaque on society and
were committed to mental institutions or in some case nursing homes.
Society sees the practice of sequestration those with variable abilities
to a nursing home or mental institution as a means of providing care, or it
just may be a method employed by family members to remove the
undesirables (elderly and disabled) from society. In either event the origin
of segregation in society is directly linked to the divergence of abilities
between the bulk of society and those of variable abilities, the elderly and
disabled.
Sequestration of those with variable abilities in our society is not only
practiced by family members, but by governments. This is evident by an
article written by Wilkie, D. (2003, May 17). The article suggests that via
the use of life-cost benefit calculations that the U.S. government places
less value on the lives of seniors, the disabled, and the sick. The author
has alluded to the fact that the government has deemed it more cost-
effective to give more support to policies that care for young people. The
antonym of that is that the elderly, sick, and disabled are not worth saving.
151
Although it is done in a different context, the practice of placing value
on a person’s life or determining cost-effectiveness is not unheard of. This
approach is used everyday by life and health insurance companies. Life
insurance companies have conducted numerous studies on how to
determine the value of a life and what factors may contribute to the ending
of life (http://ideas.repec.org/p/nbr/nberwo/7193.html). Health insurance
companies use such studies to determine the cost-effectiveness of
medical maintenance (http://aee.cas.psu.edu/docs/ 216001246.html).
While many people may deem such practices as acceptable and/or
necessary. There are others that see this as discrimination
(http://www.drc-gb.org).
Biometrics Technologies
No biometric technique is foolproof. People need to be clear on that
issue. Getting objective comparisons of the false acceptance rate (FAR)
and false rejection rate (FRR) of various technologies is just about
impossible. The FAR is the percentage of time that a system grants
access to someone who is misrepresenting himself. The FRR is the
percentage of time that a system denies access to a legitimate applicant.
In general, in any system, the more stringent you make the acceptance
criteria, the lower the FAR becomes and the higher the FRR becomes.
152
Based on the personal communication from Henry J. Boitel, Esq.
(March 20, 2003) and an article from the New York Law Journal. The
weakest link in security is the human factor. The communications go on
further to state that an organization is "vulnerable to security breaches if it
has not taken steps to prevent the exploitation of the human element"
(Toren, 2003). In short, biometrics could be perceived as a socially
regressive technology that excludes the disabled and the elderly.
Biometric Technology Markets
In recent years, many governmental and commercial market sectors
have adopted the use of biometric technologies as a proven method for
authenticating a users access to valuable data or physical structures. The
market sector that have seen the largest increase of implementation are
the law enforcement sector, government sector, financial sector,
healthcare sector, travel sector, and the immigration sector, these market
sectors are referred to as biometric vertical markets (Nanavati et al.).
Law Enforcement
One-to-many matching is typical of fingerprint searches that law-
enforcement authorities conduct with the aid of automatic fingerprint-
identification systems (AFISs). Some proposed iris-scan systems would
also perform one-to-many matching, using only an iris scan to identify an
individual.
153
AFISs are expensive (typically more than $1 million) systems that
incorporate high-speed parallel processors. The systems do not make the
final judgment on which stored fingerprints match the presented print.
Rather, the systems determine which sets of stored prints have a high
likelihood of matching the presented print. Human experts then further
evaluate the AFIS selections to see which are most likely to match the
presented print.
There are many opportunities for biometric technologies to aid law
enforcement professionals in the disbursement of justice.
Corrections - Biometric technologies are currently being used in the law
enforcement market to monitor the movements of prisoners and guards in
prisons (Ashbourn, 2000).
Surveillance – With the availability of facial-scan technologies law
enforcement has sought to place cameras within high crime
neighborhoods, sporting events (Superbowl in Tampa Bay), and
entertainment districts (Nanavati et al.) to name a few.
Tracking – Movement of suspected criminals through airlines, public
places, and government buildings (Woodward, Orlans, & Higgins, 2003)
Locating - The Child Protection Education of America (CPEA)
(http://www.find-missing-children.org) is a nonprofit organization that offers
free digital fingerprinting (all ten) and digital photographing of children in
154
hopes of protecting children. It is notable to acknowledge that CPEA does
not retain images of the fingerprints or photograph. Instead CPEA prints
the digital data to a card for the parents to retain (V. Dinova (CPEA
Director), personal communication, June 11, 2003).
Government Sector
Just about 1,000 city government employees of Oceanside, CA have
been using a biometric authentication system that was installed by at the
workstation level by BioLogon. According to the Information Technology
Director of Oceanside, Michael Sherwood many of the helpdesk calls were
to reset password, since the system was installed the number of helpdesk
calls have dropped by approximately 60%. Additionally, Sherwood has
deemed the biometric authentication system as a timesaver and a worthy
investment (Quintanilla, 2000).
The Department of Defense (DOD) Biometric Management Office
(http://www.defenselink.mil/c3i/biometrics) has been exploring methods of
using biometric technologies to enhance POW and refugee processing,
weapons access, information security, intelligence, coalition operations,
healthcare, force protection and access control, and sensitive areas.
Welfare offices in San Diego and Connecticut (Department of Social
Services) are using digital fingerprint-recognition software to make sure
recipients do not collect benefits more than once.
155
Travel and Immigration
Per the Biometric Consortium INSPASS and PORTPASS were both
developed to track the entry of travelers into the United States. Hand
geometry is the biometric of choice for INSPASS, while voice verification
is the biometric for PORTPASS.
Image 25: INSPASS Station
Source:
http://www.panynj.gov/aviation/inspassguysm.jpg
INSPASS was designed to be utilized by travelers entering the United
States via airports and/or foot. While, PORTPASS was developed to be
employed at point of entry for travelers via the conveyance of automotives
(i.e. dedicated commuter lanes between port of entry) into the United
States. Additionally, both INSPASS and PORTPASS predicate a one-to-
one biometric match philosophy. To accomplish the one-to-one match the
traveler will be issued a smart card containing the traveler’s biometric
156
template. In the case of PORTPASS the traveler’s biometric template is
stored via a RFID that is attached to the travel’s vehicle.
Governments around the world have implemented biometric
technologies to protect live, civil liberties, individual privacy. The Otay
Mesa, CA border crossing between Mexico and the United States employs
a facial geometry biometric to authenticate the crossing of 3,000
commuters. The Sheriff’s Department in Los Angeles, CA uses facial
geometry to compare a composite sketch to a database of 350,000 mug
shots (Woodlands Online, n.d.).
New York's JFK airport uses hand scanners, but the purpose is to
speed frequent flyers through customs. London’s Heathrow airport has
started directing selected international passengers to bypass immigration
agents and instead look into a iris scanner to see if the passengers’ iris
sampling matches the passengers’ frequent flier iris template and
numbers.
Physical access for employees to secure areas of airports in San
Francisco, Hawaii, O’Hare’s in Chicago, Charlotte/Douglas International
and Frankfurt, Germany are controlled by a biometric authentication
system. All reports describe the system as being highly effective (Nanavati
et al.).
Corporate Sector
157
Ever since the implementation of the first enterprise network,
organizations have continuously searched for the most impregnable
method(s) available to keep corporate knowledge and personal privacy
(data) secure from the unauthorized intrusion, violation, or destruction of
prying eyes. Traditionally, the most dominant methods of securing a
companies’ infrastructure is to merge an employee’s username with a
password, personal identification number (PIN), or a secure token
(Nanavati et al.).
The function of a biometric authentication system is to facilitate
controlled access to applications, networks, personal computers (PCs),
and physical facilities. A biometric authentication system is essentially a
method of establishing a person’s identity by comparing the binary code of
a uniquely specific biological or physical characteristic to the binary code
of an electronically stored characteristic called a biometric template. The
defining factor for implementing a biometric authentication system is that it
cannot fall prey to hackers; it can’t be shared, lost, or guessed. Simply put,
a biometric authentication system is an efficient way to replace the
traditional password based authentication system (Ashbourn, 2000).
Therefore, it is reasonable to conclude that PCs, cell phones, and other
wireless (mobile) devices would be the first mass-market products to
incorporate biometrics. Compared with desktop units, notebooks and other
158
mobile devices are more subject to theft, tampering, been lost and has a
shorter lifespan of usefulness (as technology rapidly evolves).
Today, most information-technology (IT) managers would probably pay
a modest premium for an easy-to-use alternative to password protection of
such machines. But, many of these managers expect to wait several years
before they consider widespread deployment of biometrics on desktop
PCs and workstations.
The prolific increase of cell phone (voice), laptops (fingerprint), PDAs
(fingerprint), and other mobile devices have prompted security agencies
throughout the world to issue a warning that mobile devices are becoming
even more of a security risk to corporations. A great number of the mobile
devices wireless access to a corporate network with very little security,
and have become the weak link in the corporate infrastructure. The
newest solution of mobile device manufactures is to design biometric
authentication system into their platform (Van Impe, 2002).
Even the entertainment industry is no stranger to biometric
technologies. Orlando's Disney World uses hand recognition to prevent
visitors from sharing season passes. Casinos across the country routinely
use facial recognition technology to identify known cheaters.
A potential application of conjecture would be the function of biometrics
to protect the copyright privileges of music, movies, and software creators.
159
It is the hypothesis of the researcher that a biometric algorithm could be
employed to encrypt and decrypt media stored on a multitude of mediums
(i.e. CD-R/RW, DVD-R/RW, flash memory, etc.). The end result would be
that only the legitimate owner of might access the work of art. It is the
sincere expectation of the researcher to explore this hypothesis in greater
detail within the near future.
Financial Sector
Fraud and identity theft cost consumers and financial institutions of
dollars billions in loss revenue each year. Many people do not realize how
easily criminals can obtain our personal data without having to break into
our homes. In public places a theft can watch you from a nearby location
as you punch in your telephone calling card number, credit card number,
or ATM PIN. They can use various electronic communication devices to
ease drop on your telephone conversation while you give your credit-card
number to another business. The thief can go dumpster diving at your
home or office to obtain copies of your checks, credit card or bank
statements, or other records that typically with your name, address, and/or
telephone number. Criminals can also spoof the Internet to acquire
identifying data, such as passwords, banking information, or other
confidential identity data (http://www.consumer.gov/idtheft).
160
To counter identity theft and fraud a growing number of banks,
including Texas-based Bank United, the Bank of America and Wells
Fargo, are using biometric technology to improve the security of online
banking and replace PINs and bankcards at ATMs.
Healthcare Sector
Health care centers must comply with what is referred to as the HIPPA
legislation and one of the principles of HIPPA is to safeguard access to
patient data. Health care centers like New York State Office of Mental
Health, St. Vincent Hospitals, and Health Care Centers have adopted a
biometric authentication system as the preferred method (Nanavati et al.).
Adaptation to People of Variable Abilities
Think of biometrics as a key! Yes… A key, it can open doors for you and
provides security to keep others out. It is a key that can be customized to an
individual’s access needs. You can use a biometric to access your home,
your account, or to invoke a customized setting for any secure
area/application.
Reasonable Accommodation
Would the adaptation of biometrics to people of variable abilities be
considered a reasonable accommodation? To answer this, the concept of
reasonable accommodation must be revisited to determine if the biometric
161
solution meets qualification factors. For the purposes of convenience the
definition of ‘Reasonable Accommodation’ has been restated below:
Reasonable accommodations will include those structural and
technological modifications that do not impose an undue
hardship on the employer. The phases ‘reasonable
accommodations’ and ‘undue hardship’ have not been distinctly
defined. However, each can be gauged by the size, revenue,
and nature of the company. For those employers or managers
desiring more detail, they can refer the guidelines outlined by
the Americans with Disabilities Act 1990 and current
amendments via the Disability Rights Section website (United
States Department of Justice, Civil Rights Division, Disability
Rights Section [USDOJ], 2002).
It is the conclusion of the researcher that the adaptation of biometric
technologies to people of variable abilities would absolutely meet
reasonable accommodation guidelines.
Smart Card Interface
While contact smart cards can provide an excellent storage platform
they do not easily adapt to people of variable abilities. The interfaces
available to contactless smart cards are well suited and easily adaptable
to people of all ability levels.
162
Contactless smart card technologies provide the ideal interface access
and control of physical facilities and logical assets. Per the Smart Card
Alliance web site, contactless smart card technologies provide:
High speed access and throughput, as wireless provides immense
bandwidth.
The interface is useable in harsh or dirty environments, because it
is sealed from the elements.
User friendly and simple to use.
Less intrusive, because direct contact is not required.
Does not require insertion of card into a reader.
No issues with orientation of card.
Card may be kept in wallet or pursue for personal security during
use.
Encryptions and encryption protocols provide excellent security.
Protection of privacy, as MOC can be used.
Flexibility of application interoperability.
Reduced maintenance cost of readers for there are no moving
parts and direct contact is not required.
Reduced vandalism to readers for it can be hidden from sight
and/or direct physical access.
163
Durable and reliable, because all elements of the card are self-
contained.
Established international standards (ISO/IEC).
When using a contactless platform (i.e. two-way radio, Wi-Fi, etc.),
encryption and a triple acknowledgement certificate is best method of
ensuring secure bi-directional communications. Even with this the method
the biometric templates are not accessible to external communications as
all matching is still processed within the confines of the card (MOC).
Control
Can either be logical or physical in nature. Logical involves the granting
a user access to information technology systems such as a network or
database. Physical control refers to the ability to affect ingress of a user to
an entryway. The medium for such control can be acquired via the
Internet, infra-red (IR), radio frequencies, microwaves, or via another
wireless technology.
Universal Design
The methodology behind the concept of universal design is to establish
a standard or technology that can be applied to people of all ability levels.
A pioneer of the universal design concept for technology is Dr. Gregg
Vanderheiden, Ph.D. (Director, Trace R&D Center, University of
Wisconsin) and his team.
164
The methodologies of universal design are not limited to only
technology. An organization know as “The Center for Universal Design” is
comprised of architects, product designers, engineers, and researchers
have made it their mission to ride the world of physical barriers. The
Center for Universal Design has crafted a formidable list of principles and
guidelines that can be applied to technology and physical structures alike.
The principles and guidelines are displayed below in the same context as
they appear at The Center for Universal Design website,
http://www.design.ncsu.edu/cud/univ_design/princ_overview.htm:
PRINCIPLE ONE: Equitable Use - The design is useful and
marketable to people with diverse abilities.
Guidelines:
1a. Provide the same means of use for all users: identical
whenever possible; equivalent when not.
1b. Avoid segregating or stigmatizing any users.
1c. Provisions for privacy, security, and safety should be
equally available to all users.
1d. Make the design appealing to all users.
PRINCIPLE TWO: Flexibility in Use - The design
accommodates a wide range of individual preferences and
165
abilities.
Guidelines:
2a. Provide choice in methods of use.
2b. Accommodate right- or left-handed access and use.
2c. Facilitate the user's accuracy and precision.
2d. Provide adaptability to the user's pace.
PRINCIPLE THREE: Simple and Intuitive Use - Use of the
design is easy to understand, regardless of the user's
experience, knowledge, language skills, or current concentration
level.
Guidelines:
3a. Eliminate unnecessary complexity.
3b. Be consistent with user expectations and intuition.
3c. Accommodate a wide range of literacy and language
skills.
3d. Arrange information consistent with its importance.
3e. Provide effective prompting and feedback during and
after task completion.
PRINCIPLE FOUR: Perceptible Information - The design
communicates necessary information effectively to the user,
166
regardless of ambient conditions or the user's sensory abilities.
Guidelines:
4a. Use different modes (pictorial, verbal, tactile) for
redundant presentation of essential information.
4b. Provide adequate contrast between essential
information and its surroundings.
4c. Maximize "legibility" of essential information.
4d. Differentiate elements in ways that can be described
(i.e., make it easy to give instructions or directions).
4e. Provide compatibility with a variety of techniques or
devices used by people with sensory limitations.
PRINCIPLE FIVE: Tolerance for Error - The design minimizes
hazards and the adverse consequences of accidental or
unintended actions.
Guidelines:
5a. Arrange elements to minimize hazards and errors: most
used elements, most accessible; hazardous elements
eliminated, isolated, or shielded.
5b. Provide warnings of hazards and errors.
5c. Provide fail safe features.
5d. Discourage unconscious action in tasks that require
167
vigilance.
PRINCIPLE SIX: Low Physical Effort - The design can be used
efficiently and comfortably and with a minimum of fatigue.
Guidelines:
6a. Allow user to maintain a neutral body position.
6b. Use reasonable operating forces.
6c. Minimize repetitive actions.
6d. Minimize sustained physical effort.
PRINCIPLE SEVEN: Size and Space for Approach and Use -
Appropriate size and space is provided for approach, reach,
manipulation, and use regardless of user's body size, posture,
or mobility.
Guidelines:
7a. Provide a clear line of sight to important elements for
any seated or standing user.
7b. Make reach to all components comfortable for any
seated or standing user.
7c. Accommodate variations in hand and grip size.
7d. Provide adequate space for the use of assistive devices
or personal assistance.
168
All though universal design of technology is a critical concept, not even
one of the one-on-one interview participants considered universal design
to be relevant, as per question 4 of Appendix 6.
Fused Biometric Solution
In the context of this research paper a fused solution involves
combining the enabling attributes of contactless biometrics with those of
contactless smart cards will produce a solution that is fully autonomous,
programmable and has the capability of storing at least 16mb of data (i.e.
other biometric templates, financial records, medical records, etc…). The fused solution is a one-to-one matching (MOC) schema, for
example at an ATM the user would still have a card (contactless smart
card). The user’s profile will prompt the user to key in his or her password,
or press their finger against a fingerprint sensor, or speak a predetermined
phrase into a microphone, or look at a facial camera, all contained on an
autonomous smart card. An ulterior addition of the contrived fused solution
would in due course directly lead to the creation of a universal
international standard.
Most importantly as part of the fused solution is the storage of the
Accessibility Level Field (ALF) and user’s profile can be stored on the
smart card. Complied with the ALF the profile can theoretically allow
169
technology to adapt to a user's special needs by prioritizing the user’s
choice of authentication, access requirement, challenge and response.
Currently the ALF does not exist and would have to be crafted by
adding what the research has named as the Accessibility Level Field
(ALF) to the Common Biometric Exchange File Format (CBEFF). To
accomplish this the researcher has convinced Dr. Fernando Podio, the
Co-Chairman of the Biometric Consortium to reserve twelve hexadecimal
digits from the Payload Field and two hexadecimal digits from the
Challenge-Response Field of the CBEFF. The theory is that such a
modification to the CBEFF would allow manufactures and vendors to
promote interface interoperability between biometrics technologies and
assistive technology.
Both the Payload and the Challenge-Response Fields fall under the
Standard Biometric Header (SBH) Element of the CBEFF as optional
fields (see image and table below).
Figure 2: CBEFF Data Block
Standard Biometric Header Biometric Data Block Signature Block
Table 3: Standard Biometric Header Followed by the BDB and the SB Field Name Required
or Optional
Notes
170
SBH Security Options
Required ‘00’ = plain Biometric ‘10’ = with Privacy (Encryption) ‘20’ = with Integrity (Signed or MACed) ‘30’ = with Privacy and Integrity
Integrity Options Optional ‘01’ = MACed ‘02’ = Signed This field only exists if Integrity is used (i.e. SBH Options=’20’ or ‘30’).
CBEFF Header Version
Optional Version of the CBEFF header. Currently set to: Major: ‘01’, Minor: ‘00’
Patron Header Version
Version of header (of a patron format specification or standard)
Biometric Type Optional Indication of biometric type Biometric Feature Optional Indicate a choice within a
biometric type Record Data Type Optional Indication of record data type.
Currently set to ‘02’ (Processed, the default). This field doesn’t exist if the default is used.
Record Purpose Optional Intended use of the data. Currently set to ‘04’ (Enroll for Verification Only, the default). This field doesn’t exist if the default is used.
Record Data Quality
Optional Indication of the quality of the biometric data
Creation Date Optional Creation date and time of the biometric data
Validity Optional Valid From and until Dates Creator (PID) Optional Unique identifier of the entity
that created the biometric data (also known as a Product Identifier – PID).
Index Optional Unique identifier for the biometric reference (enrollment) data
Challenge/Response Optional Information used to present a challenge to a user of system.
Payload Optional Reference data captured during enrollment and used in conjunction with the biometric data.
Subheader/Basic Structure Count
Optional Number of CBEFF Structures that follow this header. Used to help process nested structures.
BDB Format Owner Required ID of the Group or Vendor which defined the BDB
BDB Format Type Required Type as specified by the Format
171
Owner Biometric Data Block (BDB)
Required Defined by the Format Owner
Signature Optional Signature or MAC. Only present if the SBH value is ‘20’ or ‘30’
Excluding the ALF requirement, to the researchers knowledge there is
only one smart card that even comes close to embodying the requirement
of the proposed fused solution. However, as this time a Non-Disclosure
Agreement (NDA) is currently preventing the researcher from divulging
specific details relative to the smart card solution.
Exoskeleton
Creating an exoskeleton is relatively ease, controlling the exoskeleton
is another matters altogether. The most desirable method of facilitating
control is to use a neural control interface.
Image 26: Rendering of a Exoskeleton
Source: http://www.metamotion.com/mocap/ Gypsy-motion-capture-system.jpg
172
Neural waves emanate from the brain in the form of brainwaves or
bioelectrical impulses. To further iterate read this article called “Monkey
Thoughts Control Computer” published on the BBC News website
(http://news.bbc.co.uk/hi/english/sci/tech/newsid_1871000/1871803.stm).
This is not the first article or paper of this type, to promote the abilities of a
neural control interface. On the contrary there have been countless papers
and articles released from multiple universities, colleges, and companies
in an attempt to document their research. However, IBVA (www.ibva.com)
is on the cutting edge, and the first website to commercialize the
distribution of neural control interface devices.
Image 27: Example of Neural Interface
Source: Image is from the IBVA Technologies, Inc website
(www.ibva.com)
Per question 2, 4, and 7 of Appendix 4, an average of 75.0075 percent
of all those surveyed agreed to a certain extent that this technology was
feasible and could be of benefit to people of variable abilities. Additionally,
173
Appendix 4 also demonstrates that 89.78 percent would agree to be a
recipient of a neural implant (question 1).
Implementation Strategies
If a biometric authentication system is properly implemented and
managed effectively the cost savings benefits, related to the help desk,
administration, increased convenience, productivity of users, decreased
fraud, reduction of stress, and increased security can far out weigh the
cost of implementation (Biocentric Solutions Inc., n.d.).
When implementing a biometric authentication system, the managers
of a company must take into account many elements related to the
company’s infrastructure. Some of these elements will be easily
identifiable, while others may be as illusive as the fountain of youth. The
easiest elements of the infrastructure to identify are those that are heavily
used and would most likely have been a commercially purchased product,
such as the hardware and software of the biometric authentication system
itself. Whereas the illusive elements of the company’s infrastructure may
be seldom used and may or may not have been commercially purchased.
For example, a legacy system may have been purchased commercially,
yet seldom used. We must also take into account issues related to the
environment in which the system will be deployed (logical, physical or
both), system integration, platform, distributed systems, biometric trait,
174
front-end devices, front-end processing, back-end devices, back-end
processing, level of security required, user education, remote access
users, initial productivity losses, scalability, and exception processing
(Ashbourn, 2000).
The BioNetrix Corporation (2001) has composed a paper in which it
has cited reports from the Gartner Group, META Group, Network
Applications Consortium (NAC), Security Industry Association, Computer
Security Institute (CSI), and the Federal Bureau of Investigations (FBI).
The report from the Gartner Group proclaims that it will cost from $14 to
$25 for a corporate helpdesk to reset an employee’s password, further
more an employee is most like to forget his/her password an average of
four times in a year. When the cost of resetting a password is applied to
thousands of employees it becomes astronomical is combined with notion
that on the average, a user spends 12.5 hours a year logging onto just
one application a day. When you multiple these by the total number of
application access by a user it is easy to see the cost savings. A
welcomed side effect is increased user convenience and productivity
(BioNetrix Corporation, 2001). The increased security of a biometric
authentication system will directly contribute to the reduction of financial
losses due to fraud and security breaches. CSI reported in a survey they
conducted that 50% of the 186 companies that responded claim to have
175
10-20 incidents per year, with an average per year cost of $142 thousand
per incident (BioNetrix Corporation, 2001).
Risk Assessment Methodology (RAM)
Before implementing a biometric solution the implementer does not just
need to know what benefits the solution will bring, but also what potential
risks the solution will bring to their organizations. To identify potential risk
many integrators (i.e. ComGuard.net, RSASecurity.com) recommend that
a risk analyze be conducted. You will notice a trend. The trend is that all of
the risk is associated to the acceptance of the solution by the users.
At the top of the list of risk are privacy concerns that an organization
maybe inclined to distribute a user’s identity sensitive data or misuse the
data for purposes other than the purpose for which it was originally
intended. And, there is still the issue of the individual anonymity that is of
concern. The common factor here is not necessary one of trust, but one of
user control.
When choosing a biometric you must take into account concerns about
hygiene, disease (i.e. SARS), and religious taboos (i.e. exposure of face)
that may inhibit the use of select biometrics.
The system must be accessible to people of all ability levels as certain
groups (i.e. the disabled) many not have the body needed the ability (i.e.
the disabled and/or elderly) to present the biometric in order to access the
176
system. If users do not voluntarily accept the solution, then it is doomed to
collide with reality of consumer confidence.
Integration Concerns
The integration concerns are fairly simple and intuitive. Implementers
should require the solution to be convenient to use, delivered and installed
fast, compatible with existing infrastructure and/or network systems,
interoperable with other IT security solutions, and to promote a cost
savings.
Nevertheless, before biometric products can embark on widespread
solution deployment, developers of biometric products must wait for
representatives of dozens of companies to work out the details of a
generalized biometric application-programming interface (API). This work
requires the cooperation of biometric vendors, operating-system vendor,
add-on security-hardware vendors, and developers of applications that
must recognize the security features. Currently, in the biometric
technology industry, at least four efforts are under way to develop
biometric APIs (BioAPI Consortium, 2001).
Enrollment/Administration Practices
The largest purchasers of the new technologies are IT managers of
medium and large companies. An important consideration of a purchase is
easy of enrollment and administration. Although some devices, such as IC
177
fingerprint sensors, may eventually cost less than $5 in quantity, the total
cost of installing biometric sensing is several times the sensing unit's cost.
Moreover, much of the initial crop of sensing units uses USB interfaces.
As a result, biometric sensing on PCs may become cost-effective only
when IT managers replace the installed base of computers with USB-
compliant PCs.
The essential element to the enrollment/administration process is to
establish protocol that can be easily adapted to cover any situation.
Training/Education
Currently, there exist a gap between the number of feasible biometric
projects and knowledgeable experts in the field of biometric technologies.
The post September 11th, 2002 attack (a.k.a. 9-11) on the World Trade
Center has gave rise to the knowledge gap. Post 9-11 many government
agencies has recognized the need for increased security and identification
protocols of both domestic (U.S.) and international fronts.
This is however, changing as studies and curriculum associated to
biometric technologies are starting to be offered at more colleges and
universities. One of the most predominant universities to offer biometric
curriculum is the University of California, Los Angeles (UCLA)
(www.UCLA.edu). A method of closing the biometric knowledge gap is for
178
knowledge seekers of biometric technologies to participate in biometric
discussion groups and biometric standards committees.
The solutions only needs the user to possess a minimum of require
user knowledge and effort. A biometric solution with minimum user
knowledge and effort would be very welcomed to both the purchase and
the end user. But, keep in mind that at the end of the day all that the end
users care about is that their computer is functioning correctly and that the
interface is friendly, for users of all ability levels.
Alternative Authentication Methods
Alternative methods of authenticating a person’s identity are not only a
good practice for making biometric systems accessible to people of
variable ability level. But it will also serve as a viable alternative method of
dealing with authentication and enrollment errors.
Auditing
Auditing processes and procedures on a regular basis during and after
installation is an excellent method of ensuring that the solution is
functioning within normal parameters.
Accountability
179
A well-orchestrated biometric authentication solution should not only
prevent and detect an impostor in instantaneous, but it should also keep a
secure log of the transaction activities for prosecution of impostors. This is
especially important, because a great deal of ID theft and fraud involves
employees and a secure log of the transaction activities will provide the
means for prosecution or quick resolution of altercations.
Above is one meaning of accountability. The other meaning of
accountability is to ensure that guidelines are well documented for an
oversight committee.
Oversight
Oversight refers to a method of ensuring that all aspects relative to
auditing and accountability have been correctly enforced. Those with
responsibility of overseeing that accountability guidelines and protocols
have not been violated.
Summary, Recommendations and Conclusions
Chapter 5
It is the general conclusion of the researcher that the adaptation of
biometric technologies to people of variable abilities would absolutely
feasible. The following will aid to reinforce the researchers theory and
180
conclusions. Additionally, the chart of Appendix 5 also demonstrates that
83.95 percent overall would agree to that the adaptation of biometrics is
feasible.
Mainstream Biometric Technology Summary
Passwords and PINs can be hacked, shared, or guessed; and secure
tokens can be lost (Corcoran, Sims, & Hillhouse, 1999). It is therefore not
uncommon for employees of large companies to have numerous, long,
and unbelievably complicated passwords to remember. Many times the
passwords are so ambiguous that the employees become stressed and
the passwords are easily forgotten. To add to the frustration, an employee
must then contact the helpdesk or network administrator to have the
encrypted password reset or changed (Quintanilla, 2000).
While some biometrics may be technical sound in theory, they may not
be sound in application. For instance the use of a footprint biometric is not
practical, image having to take of your shoes off in a restaurant to pay for
dinner or at an ATM machine to conduct a financial transaction.
Emerging Biometric Technology Summary
Biometrics is an emerging and ever changing field of technology that
can be implemented into just about anything that requires a security
protocol. While the initial cost of implementation is high the benefits of
increased security, peace of mind, lessening of man-hours, and of course
181
the increase of accessibility by people of variable abilities may justify the
cost.
Indeed, the reliance on the latest technology may make a company
even more vulnerable by creating the illusion of security. This is why
governmental agencies and commercial companies must remain eternally
vigilant and continually seek out the most up-to-date method of securing
the technological assets of an enterprise. But, let us not forget that as we
seek to secure, hackers seek to invade.
Summary of Cultural Barriers
In order for employers to capitalize on the ability differences of
employees with disabilities in the workforce they have sought out solutions
from many sources. Some of the solutions are complex and other are
simple, they may require a shift in the workplace paradigm, the use of
assistive technologies, the development of management strategies, or a
change in work location philosophies. The overwhelming justification is
that it is the most beneficial, ethical and humane thing to do Hagner &
DiLeo (1993).
The work of authors such as Szymanski and Parker (1996) have
alluded to the fact that before people with disabilities could not be fully
integrated into the workplace until the culture of the workplace becomes
more welcoming. This is because the medical model did not perceive
182
people with disabilities as potential workforce asset. Hence, not much
emphasize had been placed on resolving the workplace barriers. The shift
of paradigms from that of the medical model to the disability model has
fostered a change in the perceptions of society and the workplace culture.
Additionally, the National Council on Disability believes that the only way
to shift the culture is to establish legislation (NCD, 2001). Still Hagner and
DiLeo (1993) advocate a middle ground approach.
Workplace strategies can vary from company to company and can
potentially consist of thousands of concepts or notions. The basic
objective of workplace strategies as applied to employees of variable
abilities is to promote productivity (Hagner & DiLeo, 1993). There are
many strategies available to ponder from many sources (Hagner & DiLeo,
1993; Heldrick, 1999; Szymanski & Parker, 1996; United States
Department of Labor, Office of Disability Employment Policy
[USDOL/ODEP], 2002; USDOL, 2002; NCD, 2001). Hagner and DiLeo
(1993) have suggested a few strategies that managers can implement or
modified to make the workplace culture more positive, nurturing, and
accommodating to people with disabilities or new employees. Managers
could reexamine or modify their leadership style to include, but not limited
to their tone of interaction, vary gathering (meeting) places, celebrate
special events, educate the staff on disability, form a disability support
183
group, keep in touch with employees, create pride by reinforcing the
company image, and standardize required task (USDOL/ODEP, 2002). A
required task could be as simple as standardizing the location of a stapler
for the vision impaired or as complicated as the standardization of a
password authentication system (Hagner & DiLeo, 1993).
Effective planning strategies for diverse employees with disabilities may
consist of a detailed strategic business plan for the near and distant future.
The plan must be accurate, timely, easy to find, identify information
sources, communicate with other employees who do similar work, talk to
the employee, examine job descriptions, or call the Job Accommodation
Network at 800-JAN-7234 (USDOJ, 2002). Plans are frequently
threatened with obsolescence of technology changes and economic
turbulence before the ink on the paper is even dries. The reality is that
even the best-laid business plan may still go astray, especially as
managers try to predict a company's technology requirements, staffing
needs, and work processes (Szymanski & Parker, 1996).
Nonetheless, a good business plan can effectively communicate the
company’s vision, provide direction, establish time management
procedures and facilitate methods of control to all employees, whether
disabled or not.
For additional examples, the Workforce Investment Act of 1998 refers
184
to strategies, as principles of which there are seven (Heldrick, 1999). From
the seven principles, there are only two that apply to diverse employees
with disabilities (p. 6):
• Services must be streamlined, by coordinating multiple employment
and training programs, must be accessible to people with
disabilities.
• The system should empower individuals with the information and
resources they need to manage their own careers. Assistive Technology Summary
There are many types of assistive technologies available for many
types of disabilities. Flippo, Inge, & Barcus (1995) have authored a book
that details the many different types of assistive technologies available to
employers and people with disabilities. Unfortunately, as demonstrated by
the results of question 2 of Appendix 6 only ten of the thirty-five one-on-
one interview participants had knowledge of assistive technologies.
Hence, Flippo, Inge, & Barcus (1995) have outline adaptation
strategies for the workplace, such as career planning, education, redesign,
mobility assistance, universal design of low-tech and high-tech devices, to
name a few. The use or deployment of assistive technologies is not just a
feasible resolution strategy. It may be also allow the employer to remain in
compliance with rehabilitation and assistive technology legislation of the
185
past century. For example the Vocational Rehabilitation Act of 1918,
Americans with Disabilities Act of 1990 (ADA), to include the 2002
amendment of Section 508 to the ADA (USDOJ, 2002). The assistive
technologies of today can help people with visual impairments or
blindness, hearing impairments or deafness, mobility impairment or
paralyze, or a combination of multiple impairments at varying levels of
severity (Flippo, Inge, & Barcus, 1995).
It has been recommended via the United States Department of Labor
website that managers become familiar with the various type of assistive
technologies that are available for people with disabilities. Here is a brief
list of possible assistive technologies (USDOL, 2002):
• Vision (sight) – screen readers, speech synthesizers, Braille
systems, scanner systems, TeleBraille, and large format displays.
• Hearing/speech – visual redundancy systems, telecommunication
device for the deaf (TDD), speech amplification device, telephone
signaling device, and caption systems.
• Mobility – keyboard macros, sequential keystroke input, alternative
keyboards, infrared pointing device, and a speech recognition
system.
Telecommuting, which is sometimes referred to as teleworking, can be
a highly effective and extremely flexible solution for employees of all ability
186
levels. For those employees who cannot easily make it into the traditional
workplace because of physical disabilities, as telecommuting eliminates
the need to commute and may be the only viable alternative (Joice, n.d.).
As stated in a report from the United States Department of Labor (2002,
July 26), “telecommuting can be useful in solving business problems by
decreasing certain overhead costs, satisfying fluctuating demands for
additional office and parking space, and increasing employees’ loyalty,
productivity, and retention by helping them balance work and family
demands” (p. 43).
Universal Design Summary
Universal design of biometric technologies will do for the biometric
industry what the Universal Serial Bus (USB) has done for the computer
industry. Accordingly, to successful accomplish universal design of
biometric technologies developers must also consider factors related to
but not limited to economics, engineering capabilities, cultural stigmas,
politics, age, gender, market, environmental issues and abilities.
Recommendation for Universal Standards
To foster universal standards the principles and guidelines located on
The Center for Universal Design website (http://www.design.ncsu.edu/
cud/univ_design/princ_overview.htm) are excellent and should be adapted
to overcome the barriers of logical and physical realms.
187
To further demonstrate the need for a universal standard, let's say that
a government issued universal biometric identification (UBID) contactless
smart card is issued to the public. The UBID would ultimately become the
standard means of proving your identity, when using an ATM, purchasing
goods, buying services, and gaining access to facilities. Furthermore, the
CBEFF would comply with legal statues/laws throughout the international
communities (i.e. sections 504 & 508 of the ADA).
If the ALF were not established as a universal international standard,
then the adaptation of biometrics as a fused solution to people of variable
abilities will not be possible.
Recommendations for Adaptation of Biometrics
Implementing a biometric authentication system is a very efficacious
method of galvanizing the technological assets and data against the
fanatical onslaught of internal and external threats. When implementing a
biometric authentication system enterprises must be ecologically aware
that as the required level of authentication increases, so does the cost. In
short too much security can be just as hazardous as too little security,
choose the right biometric to accomplish the task and avoid overkill.
While many of those in the biometric industry would take exception to
the forthcoming statements, the evidence nevertheless supports it.
188
The strategy for deploying a biometric authentication system should
almost always be deployed with a one-to-one or one-to-a-few
matching methodology in mind.
Biometric manufactures should make every attempt to address
concerns and/or issues related to cultural diversity, hygiene,
privacy, usability, and of course accessibility.
Recommendations for Storage Methodologies
All things considered (evidence), the only storage method (platform)
that would even remotely embody the elements of security, accessibility,
and privacy would be the smart card. While it is true that biometric
templates can be deployed on all storage platforms, the smart card would
have the best chance of been accepted by all parties of advocates and
opponent.
The only exception to this would be use of centralized criminal
database in high treat areas, such as ports-of-entry. However, deploying
such a database would meet resistance by the ACLU and other privacy
organizations. To counter such resistance the purpose of the database
must clearly established and a legal strategy to ensure that database is
not misused by official must be established to police the police.
Additionally, TTP should never be allowed to store biometric templates of
189
any form. A TTP only need to verify the authenticity of the card to ensure
that tampering has not occurred.
Recommendations for Fused Biometric Solutions
Although there are twelve available hexadecimal digits available for use
from the Payload Field, it is the assumption of the researcher that only two
hexadecimal digits from the Payload Field would be required to identify an
individual’s ability limitations and/or access requirements and two
hexadecimal digits from the Challenge-Response Field to determine which
biometric out of the biometrics available to the individual would have
priority. What's more, given that the recommendation calls for the ALF to
be incorporated into the CBEFF it would therefore automatically be part of
the biometric template.
Additionally, I would recommend that a two-stage interface process be
adopted. What is meant by a two-stage interface process? Stage one is
that the individual’s access requirements are established by the logical or
physical barrier that user is attempting access. Stage two is that the
proper biometric authentication challenge or response is presented to the
person requesting access.
For example, if a vision impaired individual were attempting to gain
access to a public facility. He or she would approach the entrance of the
facility where a series of strategically placed proximity sensor would
190
acquire the Accessibility Level Field (ALF). If at this point authentication
would not be required, hence the doors would automatically open and the
individual may be presented with an audible greeting (i.e. Welcome to the
public court house). This would be the completion of stage one. To
continue with the scenario, as the individual transverses through the
facility he or she may come upon an entry point where authentication of a
persons identity is required. At this point stage-one will be repeated
whereas the Accessibility Level Field (ALF) would be acquired. In stage-
two the Challenge-Response Field will trigger the appropriate
biometric application. For this scenario a vision impaired individual could
be issued an audible challenge and the user could then reply in the same
fashion (voice verification biometric). There are many more scenarios and
a multitude of other biometric applications.
191
Chart 5: Fused Biometric Solution Decision Flow Chart
192
Conclusions
Presently, policies and/or concepts such as the concept of workplace
accommodations, assistive technology concept, organizational concept of
culture, and the concept of establishing solid management functions are
not well defined within the structure of companies. In fact policies and/or
concepts are for the most part dictated to society by federal and state laws
or regulations (Barnartt & Altman, 2001; Hagner & DiLeo, 1993; Swanson
& Fouad, 1999; Szymanski & Parker, 1996).
The fused solution combines the benefits of biometrics, ALF, other
versatile technologies, and implementation strategies will result in a
secure, accessible, and privacy promoting solution that can be applied to
people of all ability levels. The fused solution is a universal key that can
open physical doors, provides logical security to data, and keep others
out. It is a key that can be customized to an individual’s access needs or it
can be used to invoke a customized profile to aid physically challenged
individuals. The fused biometric solution must be implemented whenever
and wherever possible.
I would like to close with a quote from Microsoft’s Bill Gates’ in PC
WEEK Online October 8, 1997 stated, “Biometric technologies – those
that use human characteristics such as fingerprint, voice and face
193
recognition – will be the most important IT innovations of the next several
years”.
194
References
Accenture. (2001, November 16). White paper: Radio Frequency
Identification (RFID). Retrieved December 3, 2002 from http://
www.accenture.com/xdoc/en/services/technology/vision/
RFIDWhitePaperNov01.pdf
American Association of Motor Vehicle Administrators (AAMVA).
(2000, June 30). AAMVA national standard for the driver license/
identification card. Retrieved December 3, 2002 from http://www.
aamva.org/Documents/stdAAMVADLIDStandrd000630.pdf
Architectural and Transportation Barriers Compliance Board. (2002,
December 21). Electronic and Information Technology Accessibility
Standards. Retrieved December 20, 2002 from http://www.access-
board.gov/sec508/508standards.htm
Ashbourn, J. (2000). Biometrics: Advanced identity verification.
London: Springer-Verlag London Limited.
Barnartt, S. N., & Altman, B. M. (Eds.). (2001). Exploring theories and
expanding methodologies: Where we are and where we need to go.
London: Elsevier Science Ltd.
BioAPI Consortium. (2001, March 16). BioAPI specification version 1.1.
Retrieved July 19, 2002 from http://www.bioapi.org/bioapi1.1.pdf
195
Biocentric Solutions Inc. (n.d.). White paper: Why use a biometric and a
card in the same device?. Retrieved July 3, 2002, from http://www.
biocentricsolutions.com/media/whitepaper.pdf
BioControl Systems, http://www.biocontrol.com (October 10, 2001)
Biometrics ID issued to 4 million military. Washington Post
Online, October 29, 2001. http://www.washintonpost.com/wp.srv/
aponline/20011029/aponline173744_000.htm (November 5,2001).
Biometric Consortium. http://biometrics.org
BioNetrix Corporation. (2001, June 18). BioNetrix authentication suite:
Cost justification for implementing an enterprise-wide authentication
management infrastructure. Retrieved July 3, 2002, from http://
www.bionetrix.com
British Broadcasting Corporation (BBC) News. (2000, November 15).
Monkey brain operates machine. Retrieved March 14, 2002 from
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1025000/
1025471.stm
Carreira-Perpinan, M., & Sanchez-Calle, A. (1995): A connectionist approach
to using outer ear images for human recognition and Identification. The
University of Sheffield Website:
http://www.dcs.shef.ac.uk/~miguel/papers/
ps/ear-abstract.pdf
196
Center for Applied Special Technology, Inc., http://www.cast.org
Charness, N., Parks, D., & Sabel, B. (Eds.). (2001). Communication,
technology and aging: Opportunities and challenges for the future.
New York: Springer Publishing Company, Inc.
Corcoran, D., Sims, D., & Hillhouse, B. (1999, March 1). Smart cards
and biometrics: Your key to PKI. Linux Journal. Retrieved July 3,
2002 from http://www.linuxjournal.com/article.php?sid=3013
Corum, C. (2002, December 1). Why RFID is the right choice for
personal ID. ContactlessNews. Retrieved December 3, 2002, from
http://www.contactlessnews.com
Daugman, J. (n.d.). Iris Recognition. The International Center for Disability
Resources on the Internet (ICDRI). Retrieved December 12, 2002, from
http://www.icdri.org/biometrics/iris_biometrics.htm
EEG Spectrum, http://www.eegspectrum.com (November 21, 2001)
Everett, D. (n.d.). Smart card technology: Introduction to smart cards.
Smart Card News Ltd. Retrieved January 1, 2003 from http://www.
smartcard.co.uk/resources/articles/intro2sc.html
Flippo, K. F., Inge, K. J., & Barcus, M. (1995). Assistive technology: A
resource for school, work, and community. Baltimore: Paul H.
Brooks Publishing Co.
Georgia Tech Research Institute (GTRI). http://www.gtri.gatech.edu
197
Gill, J.M. (2003). eEurope smart card Trailblazer 8 on user
requirements: User requirements for cardholder identification,
authentication and digital signatures. Retrieved February 3, 2003
from Royal National Institute for the Blind. http://www.tiresias.org/
reports/user_requirementsv2-2.htm
Gill, J.M. (2002). Design of smart card systems to meet the needs of
disabled and elderly persons. Retrieved January 3, 2003 from Royal
National Institute for the Blind. http://www.tiresias.org/reports/
ecart.htm
Gill, J.M. (1994) (Ed.). Proceedings of the COST 219 seminar on smart
cards and disabilities. Retrieved January 3, 2003 from Royal
National Institute for the Blind. http://www.stakes.fi/cost219/
smartc94.doc
Gill, J.M. (2002). Smart cards: Interfaces for people with disabilities.
Retrieved January 3, 2003 from Royal National Institute for the
Blind. http://www.tiresias.org/reports/urcai.htm
Gindin, S. E. (1997). Lost and found in cyberspace: Informational
privacy in the age of the Internet. Retrieved August 28, 2002 from
http://www.info-law.com/lost.html
Greene, J., & Caracelli, V. (1997). (Eds.). Advances in mixed-method
evaluation: The challenges and benefits of integrating diverse
198
paradigms. New Directions for Program Evaluation, No. 74, San
Francisco: Jossey-Bass.
Greene, J., Caracelli, V., & Graham, W. (1989). Toward a conceptual
framework for mixed-method evaluation design. Educational
Evaluation and Policy Analysis, 11(3), pp. 255-74.
Hagner, D. C., & DiLeo, D. (1993). Working together: Workplace
culture, supported employment, and persons with disabilities.
Cambridge, MA: Brookline Books.
Heldrick, J. J. (1999). The Workforce Investment Act of 1998: A primer
for people with disabilities. Retrieved September 12, 2002, from
University of Iowa Website: http://www.its.uiowa.edu/law/lhpdc/
rrtc/workforce.html
Huff, C. (n.d.). An escort memory system case study: RFID in the textile
industry. Retrieved January 12, 2003, from The Association for Automatic
Identification and Data Capture Technologies (AIM) Global website:
http://www.aimglobal.org/technologies/rfid/casestudy/MaldenMillsEMS.pdf
IBVA Technologies, Inc. http://www.ibva.com. (April 21, 2002)
INCLUsion of Disabled and Elderly people in telematics (INCLUDE).
(n.d.). SATURN Case Study. Retrieved January 3, 2003 from
http://www.stakes.fi/include/cases.html
Individuals with Disabilities: Enabling Advocacy Link (IDEAL). (n.d.).
199
Statistics on disabilities. Retrieved February 5, 2003 from
http://www.attideal.org/Statistics.asp
International Biometric Group LLC: BioPrivacy Initiative.
http://www.bioprivacy.org
International Center for Disability Resources on the Internet (ICDRI).
http://www.icdri.org
International Journal of Biometrics. http://www.optel.com.pl/avanti/avanti.htm
Jacobs, S. (2002, November 22). Business benefits of access-for-all
design. Retrieved November 27, 2002, from http://www.
biometricgroup.com/a_press/office/office.htm
Joice, W. (n.d.). Federal telework topics. United States General Services
Administration. Retrieved September 14, 2002, from
http://www.gsa.gov/attachments/GSA_PUBLICATIONS/extpub/
DOL_Paper_Final.doc
JUSTNET. Justice Technology Information Network.
http://www.nlectc.org/justnet.html
LaPlant, W.P. (n.d.). Disability Statistics & Policy in the United States of
America and the World. Retrieved January 3, 2003 from
http://www.icdri.org/Statistics/mainstats.htm
Nanavati, S., Thieme, M., & Nanavati, R. (2002). Biometrics: Identity
verification in a networked world. New York: John Wiley & Sons,
200
Inc.
National Council on Disability. (2001, June 21). The accessible future.
Retrieved September 12, 2002, from http://www.ncd.gov/
newsroom/publications/accessiblefuture.html
National Institute of Standards and Technology, Information Technology
Laboratory (NIST-ITL). http://www.itl.nist.gov/div895/biometrics/
standards.html
National Institute of Standards and Technology (NIST). (n.d.). Common
Biometric Exchange File Format (CBEFF) Website. Retrieved July 23,
2002, from http://www.itl.nist.gov/div895/isis/bc/cbeff
National Organization on Disability (NOD). http://www.nod.org
(November 20, 2001)
National Security Agency (NSA). (2002, September). Information
Assurance Technical Framework (IATF). Retrieved December 15,
2002 from http://www.iatf.net
O’Brien, D. (2003, May 5). Scanning for security: Biometrics: Fraud, terror
attacks and privacy laws have many seeking more foolproof ways to
identify people. The Baltimore Sun. Retrieved May 5, 2003 from
http://www.sunspot.net/news/printedition/bal-te.biometrics05may05,0,
7980825.story?coll=bal%2Dpe%2Dasection
Office of Homeland Security. (2002, July). National strategy for
201
homeland security. Retrieved July 17, 2002 from http://www.
whitehouse.gov/homeland/book/nat_strat_hls.pdf
O’Hanlon, M., Orszag, P., Daalder, I., Destler, I., Gunter, D., Litan, R.,
& Steinberg, J. (2002). Protecting the American homeland: A
preliminary analysis. Washington, D.C.: Brookings Institution Press.
Retrieved May 5, 2002 from http://www.brook.edu/dybdocroot/fp/
projects/homeland/fullhomeland.pdf
PosID, Inc., http://www.posidinc.com.
Quintanilla, F. (2000, July 5). Fingerprint as password: Your fingerprint
could be your one password for life. Retrieved July 3, 2002 from
http://www.biometricgroup.com/a_press/office/office.htm
Radio Frequency Identification (RFID) Journal.
http://www.rfidjournal.com
Richter, C. (1999, September 13). RFID: An educational primer.
Retrieved December 12, 2002, from Intermec Technologies
Corporation website: http://epsfiles.intermec.com/eps_files/eps_wp/
rfid_wp.pdf
Schaie, K., & Schooler, C. (Eds.). (1998). Impact of work on older
adults. New York: Springer Publishing Company, Inc.
Smart Card Alliance. http://www.smartcardalliance.org.
Stapleton, J. (2001). Biometrics. PKI Forum. Retrieved January 6,
202
2003, from http://www.pkiforum.org/pdfs/biometricsweb.pdf
Swanson, J. L., & Fouad, N. A. (1999). Career theory and practice:
Learning Through case studies. Thousand Oaks, CA: Sage
Publications.
Szymanski, E. M., & Parker, R. M. (Eds.). (1996). Work and disability:
Issues and strategies in career development and job placement.
Austin, TX: Pro-Ed, Inc.
The Biometric Foundation. (n.d.). Why Biometrics? Retrieved January
10, 2003 from http://www.biometricfoundation.org/
whybiometrics.htm
Thieme, M. (n.d.). Biometric usage on a privacy continuum. International
Biometric Group LLC. Retrieved January 10, 2003 from
http://www.bioprivacy.org/continuum.htm
Thieme, M. (n.d.). Privacy concerns and biometric technologies.
International Biometric Group LLC. Retrieved January 10, 2003 from
http://www.bioprivacy.org/privacy_fears.htm
Toren, P. J. (2003, March 20). From the mind of a hacker. New York Law
Journal. Retrieved March 20, 2003 from
http://www.law.com/jsp/article.jsp?
id=1046833592378
TRACE Center. http://www.trace.wisc.edu. (December 6, 2002)
203
United States Department of Justice, Civil Rights Division, Disability
Rights Section. http://www.usdoj.gov/crt/ada/adahom1.htm.
United States Department of Justice, Civil Rights Division. (1998).
Workforce Investment Act of 1998 (WIA). Retrieved September 24,
2002 from http://www.usdoj.gov/crt/508/508law.html
United States Department of Labor. (2002, July 26). People with
disabilities: Strengthening the 21st Century workforce. Retrieved
September 23, 2002 from http://www.dol.gov/sec/programs/
ptfead/2002rpt/ 2002_PTFEAD_Report.pdf
United States Department of Labor, Office of Disability Employment
Policy. (2002). New freedom initiative 2002: Independence through
employment. Retrieved September 24, 2002, from http://www.dol.
gov/odep/pubs/nfi02/finalnfi_71802.pdf
Van Impe, M. (2002, September 5). New Voice Biometric Security for mobile
phones. Mobile CommerceNet. Retrieved January 10, 2003, from
http://www.mobile.commerce.net/print.php?story_id=2129
Voice Security Systems. http://www.voice-security.com/flash/index.html.
(November 3, 2002)
Walder, B. (1997). Smart cards: The use of “intelligent plastic” for
access control. Bedford, England: NSS Group Network House.
Westin, A. (2002). Public attitudes toward the uses of biometric
204
Identification technologies by government and the private sector:
Summary of survey findings. Opinion Research Corporation (ORC)
International. Retrieved January 9, 2003 from http://www.search.
org/policy/bio_conf/Biometricsurveyfindings.pdf
Wilkie, D. (2003, May 17). White House may put less value on seniors,
disabled. Copley News Service: Union-Tribune Publishing Co. Retrieved
May 17, 2003, from http://www.signonsandiego.com/news/uniontrib/sat/
news/news_1n17value.html
Winter, C. (2000, October 29). Biometrics: Safeguard or invasion of
privacy. Sun-Sentinel. Retrieved July 3, 2002, from http://www.
biometricgroup.com/a_press/SunSentinelarticle_Oct2000.htm
Woodlands Online. (n.d.). Biometric emerges as a solution for security.
Retrieved July 3, 2002, from http://www.biometricgroup.com/
a_press/woodland.htm
Woodward, J., Orlans, N., & Higgins, P. (2003). Biometrics: Identity
assurance in the information age. Berkeley, CA: McGraw-
Hill/Osborne
Yin, R. K. (1994). Case study research: Design and methods (Applied
social research methods (Vol. 5, 2nd ed.). Beverly Hills, CA: SAGE
Publications, Inc.
Zunkel, R. (1998). Hand geometry based authentication in biometrics:
205
Personal identification in networked society. New York: Kluwer Academic
Publishers.
APPENDICIES
A1-1
Appendix 1
To Be Or Not To Be? (Survey Introduction)
Introduction
On November 26th, 2001 my wife and I had our paper “Let Me In!!!” published on the to ICDRI website. The paper drew much interest and is due to be republished at www.nextinterface.net. It also promoted many questions and inquires, about feasibility and mostly about the security of personal data.
Feasibility
Let us first address the issue of feasibility, which is the easiest to address. Refer to an article called “Monkey Thoughts Control Computer” published by the BBC News (http://news.bbc.co.uk/hi/english/sci/tech/newsid_1871000/1871803.stm). This is not the first article of this type, but I believe it to be the most significant. Because, this prototype demonstrates the potential to be universal and useable by the majority of the disabled people. Why? Well it stands to reason that if a monkey can be trained to use the device, then training a human would imply orders of magnitude with respect to ease. Yes, we can use biology’s logic of self-preservation to merge the electronic and biological worlds. In the opinion of Dr. Lawson the neural-interface evolution of man and machine will come in a three-phases. The first will be oriented towards control of appliances (i.e. primarily the Internet), the second will be mobility (i.e. automobiles, exoskeleton, etc.), and the third will be bionic systems (i.e. cyborg). However, we would like to point out that there are primarily two schools of thought about how to deploy a neural interface device. One is that it must be directly implanted in the brain and the other is that brain waves can be sensed via an external device worn on the head much like headset can be worn. There are real factors to consider and many thresholds to cross.
A1-2
Appendix 1 (Continued)
To Be Or Not To Be? (Survey Introduction)
Privacy
The questions and concerns on this issue were fierce. As with any new technology issue privacy or misuse of information comes to the forefront. Well the questions and concerns are justified; in fact the people of the world are vulnerable. Yes, vulnerable to many forms of misuse, such as the snooping eyes of Big Brother or identity theft. Which leads to a host of many of crimes; for example, financial fraud, passport theft, and more than we can conceive. However, Biometrics itself was designed as a method to ensure that sensitive information is protected. It is my belief that only biometric that is feasible for use with a neural control interface and that is a Neural (EEG) Fingerprint. But the question is does it exist? I believe it does. Why a biometric? Keep in mind that a neural control interface is wireless and it allow an individual to control remote devices. So access is not an issue when that ability is limited to one are two individuals. But, keep in mind that technology transfer is real and this technology can also work for people whom are not disabled. Therefore, security is needed… How do you address such a security issue? I’ll say it again a Neural Fingerprint, before accessing a device remote or otherwise your Neural Fingerprint is compared those whom do have access. Let’s use and everyday task as an example, you have and neural implant and you want to call for an elevator. You approach the elevator and user your neural implant to call for the elevator, the elevator comes down and you get on. O.K. you’re rich and so you live in the penthouse, once again you use your neural implant to select the penthouse, then you unlock your door.
A1-3
Appendix 1 (Continued)
To Be Or Not To Be? (Survey Introduction) Great, home sweet home, where is that butler? Now a criminal with a neural implant calls for the elevator, goes to the penthouse, and unlocks your door. If we used a biometric his access would have been restricted, for example he could have never even called for the elevator, been restricted from the penthouse, and security could have been notified. We are not saying that biometrics is the answer, just one tool. It is not the supreme Maginot Line.
Survey
We are Americans and in many cases we find ourselves forgetting that the issue of privacy is global, not just something in America. In many cases Americans refer to the Bill of Rights or the Constitution, well if you are not an American you may have no idea what they are. Therefore, I respectfully ask that members of the international community take a moment to complete a survey and please feel free to send additional comments to [email protected]. Link to Survey: http://www.icdri.org/biometrics/survey_biometric.htm Ultimately whether technology is to be or not be, is up to the people of the world. Copyright © William J. Lawson 2002
Copyright © 1998, 1999, 2000, 2001, 2002 International Center for Disability Resources on the Internet
A2-1
Appendix 2
Online Survey: Use of Biometrics and Neural Implants
Below is a survey on Neural Implants. There are no cookies on this site and ICDRI does not in any way track individual users. If you wish to fill this survey out, it would be greatly appreciated. Please feel free to send any comments to [email protected]. We thank you in advance for filling out the survey and helping us to understand these issues better.
Please use the below guide to rank your responses.
They appear in the field of the drop down box as listed below: 1 = Strongly Disagree 2 = Somewhat Disagree 3 = Don't Care 4 = Somewhat Agree 5 = Strongly Agree 6 = It Depends on the Circumstances (Unsure) Please select the answer that most nearly expresses your response to the question. Each question has a combo box from which you can select one of the six choices above. Please note, choice number six has been added to account for circumstances that you might feel would warrant a neural implant when you might not normally agree to this. 1. If you were physically disabled, would you agree to be a recipient of a neural implant?
Please Choose One 2. It is our opinion that a Biometric Access and Neural Control solution can benefit everyone, disabled or otherwise. Do you agree?
Please Choose One
A2-2
Appendix 2 (Continued)
Online Survey: Use of Biometrics and Neural Implants
3. Would you be concern that the information provided to the hospital, doctors, insurance companies, or government might be misused?
Please Choose One 4. Do you agree with the paper?
Please Choose One 5. Do you agree with the theory that an EEG or Neural Fingerprint exists?
Please Choose One 6. If such a solution was available, do you think insurance companies should pay for the procedure?
Please Choose One 7. Based on the two schools of thought from the survey paper. Would you still agree to have neural interface directly implanted in your brain?
Please Choose One
Submit
Reset
Copyright © William J. Lawson 2002
Copyright © 1998, 1999, 2000, 2001, 2002 International Center for Disability Resources on the Internet
A3-1
Appendix 3
Sampling of Typical One-on-One Interview Questions
1. Do you manage challenged employees?
2. Do you know what assistive technologies are?
3. Do you know what biometric technologies are?
4. As a manager, what would you consider to be the greatest barrier for employees of variable abilities?
5. Do you feel that challenged employees are as capable as non-challenged employees?
6. In your opinion do challenged employees miss more or less work, then their non-challenged counterparts?
7. Have you heard of the Americans with Disability Act?
8. Are you familiar with Section 504 and/or 508 of the ADA?
9. Do you feel that the interfaces used by your company are accessible to everyone?
10. Do you feel that biometric technologies could assist to breakdown barriers?
A4-1
Appendix 4
Final Result Matrix: Online Survey - Per Question Breakdown
Legend: TNS = Total Number Surveyed SD = Strongly Disagree SWD = Somewhat Disagree DC = Don't Care SWA = Somewhat Agree SA = Strongly Agree UNK = It Depends on the Circumstances
Question # 1 Answer: # %
SD 1 0.73SWD 2 1.46DC 1 0.73SWA 20 14.60SA 103 75.18UNK 10 7.30
If you were physically disabled, would you agree to be a recipient of a neural implant?
TNS 137 100 Question # 2 Answer: # %
SD 2 1.46SWD 11 8.03DC 3 2.19SWA 33 24.09SA 85 62.04UNK 3 2.19
It is our opinion that a Biometric Access and Neural Control solution can benefit everyone, disabled or otherwise. Do you agree?
TNS 137 100 Question # 3 Answer: # %
SD 2 1.46SWD 7 5.11DC 6 4.38SWA 97 70.80SA 22 16.06UNK 3 2.19
Would you be concern that the information provided to the hospital, doctors, insurance companies, or government might be misused?
TNS 137 100
A4-2
Appendix 4 (Continued)
Final Result Matrix: Online Survey - Per Question Breakdown
Question # 4 Answer: # % SD 1 0.73SWD 1 0.73DC 5 3.65SWA 73 53.28SA 52 37.96UNK 5 3.65
Do you agree with the paper?
TNS 137 100 Question # 5 Answer: # %
SD 3 2.19SWD 2 1.46DC 5 3.65SWA 43 31.39SA 69 50.36UNK 15 10.95
Do you agree with the theory that an EEG or Neural Fingerprint exists?
TNS 137 100 Question # 6 Answer: # %
SD 1 0.73SWD 2 1.46DC 1 0.73SWA 23 16.79SA 99 72.26UNK 11 8.03
If such a solution was available, do you think insurance companies should pay for the procedure?
TNS 137 100 Question # 7 Answer: # %
SD 13 9.49SWD 8 5.84DC 2 1.46SWA 35 25.55SA 51 37.23UNK 28 20.44
Based on the two schools of thought from the survey paper. Would you still agree to have neural interface directly implanted in your brain?
TNS 137 100.0
A5-1
2.40%
3.44%
2.40%
33.79%
50.16%
7.82%
0.00%
10.00%
20.00%
30.00%
40.00%
50.00%
60.00%SDSWDDCSWASAUNK
Appendix 5
Fused Results: Online Survey – by Agreement Levels
The follow chart was produced by totaling the responses of all (137)
online survey participants via their agreement levels.
SD = Strongly Disagree SWD = Somewhat Disagree DC = Don't Care SWA = Somewhat Agree SA = Strongly Agree UNK = It Depends on the Circumstances
A6-0
Appendix 6
Aggregated Results of One-on-One Interview Questions
The data was derived by aggregating the open-ended responses of all
(35) interviewees.
1. Do you manage challenged employees?
Results: 24 out of 35 have managed challenged employees at some point during their career. 10 out of 35 have never managed challenged employees, but had received instruction on managing challenged employees. 1 out of 35 has done neither.
2. Do you know what assistive technologies are?
Results: 10 out of the 35 have knowledge of assistive technologies. 25 out of 35 had no practical knowledge of assistive technologies.
3. Do you know what biometric technologies are?
Results: 6 out of 35 were familiar with biometrics. The other 29 confused biometrics with biotechnology.
4. As a manager, what would you consider to be the greatest barrier for employees of variable abilities?
Results: 20 out of the 35 believe that cultural stereotyping by co-workers was the greatest barrier. 5 out of the 35 believed that accessible interfaces were the greatest barrier. 9 out of the 35 named transportation as the greatest barrier. 1 out of 35 had no opinion.
5. Do you feel that challenged employees are as capable as non-challenged employees?
A6-1
Appendix 6 (Continued)
Aggregated Results of One-on-One Interview Questions
Results: 32 out of 35 felt that challenged employees were just as capable. 2 out of 35 felt that challenged employees were not as capable. 1 out of 35 felt as if challenged employees should not be in the workforce.
6. In your opinion do challenged employees miss more or less work, then their non-challenged counterparts?
Results: 23 out of the 35 believed that challenged and non-challenged employees were equal. 9 stated that challenged employees did miss 1-4 days more work per year than their non-challenged counterpart. 3 have not noticed.
7. Have you heard of the Americans with Disability Act?
Results: 17 out of 35 stated that they have heard of the ADA, but only 12 were able to define the purpose of the ADA.
8. Are you familiar with Section 504 and/or 508 of the ADA?
Results: 10 out of 35 were familiar with Section 508. Only 2 out of 35 were familiar with both Section 504 and 508.
9. Do you feel that the interfaces used by your company are accessible to everyone?
Results: 31 out of 35 answered, yes. 3 out of 35 answered, no. 1 out of 35 had no idea.
10. Do you feel that biometric technologies could assist to breakdown barriers?
Results: 5 out of 35 believed the answer to be, yes. 1 out of 35 stated, no. 29 out of the 35 did not know.