to Biometrics Australia.
"Biometrics...it's the way of the future!"
What is Biometrics?
The word biometrics comes from the Greek words bio and metric, meaning ``life measurement''. By measuring something unique about an individual and using that to identify them, we can achieve a dramatic improvement in security of the key store. Newer biometric measurements include DNA from tissue samples, voice pattern, face pattern or even the arrangement of blood vessels in the retina or pattern of coloration in the cornea of the eye. The oldest and most widely accepted biometric is the fingerprint. The tip of every finger has a characteristic called ``friction ridges''. While generally similar, no two friction ridges are exactly the same. By imaging the ridges of the fingertips, we get the fingerprint.
How secure is it?
Integrating smart cards, biometrics and public key cryptography provides a solid foundation for developing secure applications and communications. The highest level of security uses three-factor authentication:
An individual gains three-factor authentication by combining a smart card, biometric and PIN. If the user loses the smart card, the card is inoperable without the biometric. Forged fingerprints are weeded out with use of the PIN.
In a smart-card-secure world, you are not locked into one form of authentication, such as a password or key.
Smart Cards and Biometrics
There is a large growth of ID-card based biometric authentication for use in public services applications. The Philippines and Spain are two countries where card-based authentication is being implemented on a very large scale. These cards are used for multiple things such as digital parking meters, telephone, vending machines and identification. There is increasing interest in Australia and the U.S. in card-based, particularly smart card based, biometric authentication. Smart cards can offer new levels of flexibility to existing authentication infrastructures, and can allow for more secure access to private information. The growth of smart cards, and the combined use of smart cards and biometrics, could have a distinct effect on human services organisations over the next few years.
Why Smart Cards?
There are two key aspects of most biometric authentication projects: identification and authentication. The process of identification tells you who an individual is, or in the negative sense tells you who they are not. In public service applications such as benefits and entitlements, biometric identification deters fraud by indicating that a new enrollee "is" someone already enrolled in a database, based on matching a biometric template. Negative identification indicates that the enrollee "is not" someone already in the database, as there is no near-identical template, and he or she can be safely enrolled.
Authentication is simpler - it is the process of affirming or rejecting a claimed identity by matching a live template to an enrolment template. This half of the identification/ authentication process is more amenable to smart card usage. The process flow of approving and processing candidates and current clients - the bulk of case management - could be significantly streamlined through use of smart cards. Secure storage of medical, health, employment history, or other personal records necessary for application for public services, as well as secure access to such information, could have a far-reaching impact on domestic public services. Biometric authentication has proven to be an effective means of deterring fraud; in conjunction with smart cards, biometrics can also allow for controlled, portable access to personal information.
Biometrics and Guns
Mytec Technologies is working with U.S. gun maker Smith & Wesson on a ``smart gun'' intended to prevent anyone other than authorised users from shooting the weapon. The idea of a handgun that can be programmed to prevent accidental shootings is part of the weapons' industry response to gun control efforts in the United States and Canada. Mytec technology uses the Infineon silicon Finger Tip sensor according to a product engineering representative at Smith and Wesson.
The technology involves a scanner on the gun handle that reads the fingerprint, converting it into a digital representation. Within milliseconds, the scanner checks the fingerprint against an authorised one stored inside. If it matches, the gun unlocks and can be fired. Company officials indicate that a "smart gun" could reach the market by 2002.
Military sources are rumoured to be developing similar authentication into just about everything thing that requires security.
Biometrics and Computers
With security an increasing concern for government and corporate businesses, biometric access to computers is going to become very common.
Products already on the market include finger print scanner units, key board and mouse scanners, touch screen monitors that scan the finger print, and voice activated software.
Portable Device Protection
In the next few years you will see just about every thing come with biometric protection. Mobile phones, MP3 players, cars, laptop computers, building access, locker access.
PKI - The Central Public Key Database
PKI stands for Public Key Infrastructure. Governments and security companies world wide are addressing the complex problem of setting up a directory service that will play an essential role in the setting up of any PKI system. Applications must be able to verify the certificate authority of the public key contained on the smart card. The certificate authority is the organisation that initially issued the encryption keys and smart card. The certificate authority verifies that the person is who they claim to be. If privacy concerns can be overcome, public keys (for the certificate authority and for the individual) should be available to all applications that need cross verification.
PKI at the office
An individual has a smart card containing cryptographic keys secured with biometrics and validated by a government agency. If the person applies for a job in the private sector, the company would verify that the government signature is valid. The person's public key could then be used for employment verification. The smart card is essentially reusable as identification.
This application makes a binding between the application, the public cryptographic key and personal data stored in an employee directory. Again, the original single identity token is reused. Directory services and biometrically secured cryptographic key storage would truly enable electronic commerce. Such a scheme, if widely adopted, would allow an individual to carry a single convenient smart card to authenticate themselves to applications anywhere.