Note: Many topics at this site are reduced versions of the text in "The Encyclopedia of Networking and Telecommunications." Search results will not be as extensive as a search of the book's CD-ROM.

Biometrics adds another dimension to the logon/authentication process. Biometrics identifies some physical trait of the user logging on and uses that information, along with a username and password in most cases, to authenticate the user. Physical traits include fingerprints, voice, and facial and iris/retina features.

In many environments, username/password access is not strong enough to make network administrators feel comfortable that their systems are secure. To improve security, administrators may consider "smart card" token access devices (see "Token-Based Authentication") or biometric access devices, as covered here. Of course, other access methods are available, but they are somewhat esoteric and expensive. Others are just emerging or may only be applicable to certain situations. For example, the GPS (Global Positioning System) can be used to verify that a user is logging on from the location where his or her computer is located.

Biometrics identifies the actual person who has authorized access by his or her physical traits. In contrast, token-based systems are based on an external physical device that is carried by the person. Technically, both systems can be compromised with brute force-literally. For example, an attacker could force an authorized user to reveal his or her secret password, steal the token device, and then attempt to logon from any remote system that accepts the password and token code. In contrast, biometric logon usually only takes in specific locations in which the biometric devices are located. An attacker would need to force the authorized user to scan his or her fingers, eyes, face, and so on, at that location. If guards are posted or other people are around, this could be a little difficult.

Here are four types of biometric identification techniques:

• Face recognition    A camera is used to capture a user's face and match facial features with a database of known users. Cheap video cameras, mounted on computer displays, may make this technology reasonable for every desktop. The cameras may also be used for videoconferencing. Face scanning is also non-intimidating to most users (as opposed to scanning eyes).


• Finger scanning    A light scanner is used to read the unique whorls on fingertips. These devices are relatively inexpensive, but best suited for clean environments. Hand scanners may be more appropriate in dirty environments.


• Hand scanning    This type of scanner scans an entire hand or the palm of a hand, which provides unique identification information without the higher resolutions required in finger scanners. The size and shape of the hand, as well as its unique lines, are used in the identification.


• Iris/retina scanning    Eye scanners may provide the most accurate identification, but users may be apprehensive about using them. They are also the most expensive.


• Signature recognition    Devices that recognize signatures are categorized as behavioral devices because they recognize a nonphysical aspect of a person. Users write their signature on a small tablet-like device and features of the signatures are compared to a user database.


• Voice recognition    Like signature recognition devices, voice print devices are categorized as behavioral. The security system stores unique information about a person's voice that is compared to a phrase the user says when logging on. Voice recognition can be used over phone lines if necessary.

The Web sites listed on the related entries page provide extensive information on biometric technologies. Many new products are emerging, and prices are sure to drop as development costs are recouped and the technologies take hold.

Copyright (c) 2001 Tom Sheldon and Big Sur Multimedia.
All rights reserved under Pan American and International copyright conventions.