Emerging BiometricApplicationsExpectations and Reality(in 25 minutes or less!)

An Emerging Technology

What are Biometrics?The term biometrics refers to a science involving the standard analysis of biological characteristics.

A biometric is a unique, measurable characteristic or trait of a human being for automatically recognising or verifying identity.

Who are you?No, who are you, really???

Authentication Methods in Network & Internet SecuritySomething you areBiometrics Positive identificationNever lost or stolenSomething you knowPasswordsPINsMothers maiden name Something you haveATM cardSmart cardDigital certificate

BiometricsInnateIrisRetinaEarFingerprintPalm / handFace (visual & heat)Skin detail / veinsDNA / Blood / Saliva / anti-bodiesHeart rhythmFootprintLipsBehavioralGaitSignatureTyping style

MixedVoiceBody odour

Why Biometrics?Biometric identification (e.g., fingerprints, face and voice) will emerge as the only way to truly authenticate an individual, which will become increasingly important as security and privacy concerns grow.

- Gartner Group 26th April 2000

How do Biometrics Work?Enrolment: Add a biometric identifier to a database

Fingerprint, Voice, Facial or IrisVerification: Match against an enrolled record

Fingerprint Image Identification

Randomness

Accuracy v. Affordability v. Acceptability01234Accuracy >>Affordability >>Courtesy, Veridicom Corp.

Benefits for the Consumer

Benefits of BiometricsBiometrics link a particular event to a particular individual, not just to a password or token, which may be used by someone other than the authorized user

Business ScenariosThe password problemRemote accessWho is using our fee-based web-site?Challenge-response tokensToo many physical-access devicesProtecting the single-sign-on vault

The Password ProblemTheyre either too easy or theyre written down somewhere!

Users forget them!

Help Desk has to sort out the mess!

The Password Problem

Write it Down4728816% of respondentsNeverOccasionallyOftenAlwaysSource: CCH

The Password Problem

Resets per YearSource: CCH

The Password ProblemIdentifiable costsLost productivityFlow-on productivity lossesSupport teamManagement and infrastructure

US research - $340 per incident*

Anecdotal some incidents over $AU10,000*BioNetrix Corp - www.bionetrix.com/inserts.pdf

Choosing Technologies and Partners

Privacy Concerns and EthicsCriminal stigma3rd party use of dataSold or given for other than intended purposeProvided to law enforcementUnauthorized accessIdentity theftTracking of actions through biometricsReligious objections - Mark of the Beast

Australian Privacy ActNPP 4 Data Security

An organisation must take reasonable steps to protect the personal information it holds from misuse and loss and from unauthorised access, modification or disclosure.

Privacy Policy Recommendations5 basic principlesNotice disclose ALL data capturedAccess anyone can view their stored dataCorrection MechanismInformed Consent no 3rd-party involvementReliability & Safeguarding

Who would use BiometricsStrong identification and authenticationMedium high data securityNon-repudiation (I didnt do it!)

Who would use BiometricsThe last metreFee-for-service web sites e-Commerce transaction verification

Selecting Biometric TechnologiesUser / environment considerations

Technology factors

Technology Comparison

AccuracyFalse rejection rateMeasures how often an authorized user, who should be recognized by the system, is not recognized.I am not recognised as me!

False acceptance rateMeasures how often a non-authorized user, who should not be recognized by the system, is falsely recognized.You are pretending to be me!

Matching vs. Non-Matching Prints

Selecting a Biometric SolutionWho can help?

Your Vendor / ConsultantExisting relationshipAbility to integrate biometrics into existing platformAbility to draw on other experience

Australian Biometric Testing OrganisationRecently incorporatedImpartial testerEducation sourceGovernment & industry funded

www.biomet.org/abtoabto@biomet.org

Introduction to Biometrics 1-day course August 30th

What problem are we solving?If biometrics is the answer, whats the question?

Evaluation StrategyDefine the requirementsTesting & trialingManagement buy-inInternal champion (not the IT Manager)

Who is using it?Connecticut Dept Social WelfareHealth ApplicationABN-AMRO

What are some of the products?

Give Passwords the Finger!