Who Goes There?Biometrics to protect your data If you missed it, last month, we started examining the basics of securing your personal computer (PC). Much of what was presented was pretty basic, including the common sense approach of simply restricting physical access to the PCs in your office to those staff members who are authorized to use them. Also discussed were the uses, and problems, of passwords, both at the system and application level. It's these problems, such as the need to choose a password that's unintuitive, and to change your passwords frequently, that keep many users from implementing even basic security. There is an alternative to passwords that provides as great a level of access control as a password, yet doesn't require that you memorize an arcane or obscure phrase or jumble of letters and numbers. This alternative uses one or more biometrics to provide user authentication See authentication. . Biometrics is a relatively new application. However, the notion that people are unique in some way or another is far from new. Using these differences to formally identify a person did not start to take place until the mid-1950s, when Alphonse Bertillion, a French policeman whose father was an anthropologist interested in cataloging the differences in physical traits, saw a way to use this information to identify criminals. Bertillion came up with a multiple measurement approach that was used to identify and convict more than 800 criminals. Eventually, however, the fingerprint identification system, developed by Sir Richard Edward Henry Sir Edward Richard Henry,1st Baronet GCVO KCB CSI KPM (26 July, 1850 – 19 February, 1931) was the Commissioner of Police of the Metropolis (head of the Metropolitan Police of London) from 1903 to 1918. of Scotland Yard Scotland Yard, headquarters of the London Metropolitan Police. The term is often used, popularly, to refer to one branch, the Criminal Investigation Department (CID). Named after a short street in London, the site of a palace used in the 12th cent. , proved to be more accurate. This system is still in use today Fingerprint analysis remains a primary identification technique because no two people, even identical twins identical twins pl.n. Twins derived from the same fertilized ovum that at an early stage of development becomes separated into independently growing cell aggregations, giving rise to two individuals of the same sex, identical genetic makeup, and , have exactly the same fingerprint patterns. In the intervening years since fingerprint identification was introduced, other biometrics have been identified and developed for authentication purposes. Facial characteristics, such as the shape of the mouth, nose, jaw line, distance between the eyes, eye color, and earlobe ear·lobe or ear lobe n. The soft, fleshy, pendulous lower part of the external ear. shape, while not as precise as fingerprints, are also useful in identification. Another unique identification technique, the voice print, was developed in the 1950s. Because every person's vocal tract vocal tract n. The airway used in the production of speech, especially the passage above the larynx, including the pharynx, mouth, and nasal cavities. is unique, the precise pitch, timbre timbre Quality of sound that distinguishes one instrument, voice, or other sound source from another. Timbre largely results from a characteristic combination of overtones produced by different instruments. , and intonation of a person's voice is also unique, and can be used to identify a specific individual. Until very recently, the use of biometrics as an authentication application was reserved for large companies. During the past few years, however, prices on biometric hardware and software have dropped to the point where they make economic sense for many users. Exactly which method you use is a choice that will depend upon your particular preferences. Assume the position Getting a biometric authentication See biometrics. device installed is easy. The most popular type of biometric device biometric device - biometrics is a fingerprint scanner such as Digital Persona's U.are.U models (www.digitalpersona.com). All of these are simple USB USB in full Universal Serial Bus Type of serial bus that allows peripheral devices (disks, modems, printers, digitizers, data gloves, etc.) to be easily connected to a computer. devices, a small box about 2 x 2.5 inches, you simply plug in. Digital Persona Digital Persona (DP) is the electronic representation, an information model, of an individual's public personality based on and maintained by transactions or secondary information, and is intended for use as a proxy for the individual. makes several models, for workstation or network use. U.are.U costs about $150 and includes software that performs up to three levels of authentication. You can use the device to simply log into the system when it boots, use your fingerprint in almost any application that requires a password, or use the "Private Space" utility. This last feature provides the capability of encrypting or decrypting. files, applications, and even entire subdirectories; all using your fingerprint to authorize the task. For the same level of protection on a laptop, there are even more choices in fingerprint readers. You can use the U.are.U device on a laptop's USB port A USB socket on a computer or peripheral device into which a USB cable is plugged. See USB. , but a growing number of vendors are using fingerprint scanners that fit on a PC Card, and are inserted into one of the laptop's PC Card slots. This gives you an additional level of assurance; as if you remove the fingerprint scanner card, the laptop will be impossible to boot. Fingerprint scanner PC Cards cost between $150 and $200, and are available from vendors such as identix (www.identix.com), ethentica (www.ethenica.com), and Kingston Technology Kingston Technology Co. is an American producer of memory products. It is located in Fountain Valley, California with manufacturing and logistics facilities in the United States, United Kingdom, Ireland, Malaysia, China and Taiwan. (www.kingston.com). Kingston also offers its IdentiGuard reader in a USB version. Once the hardware and software are installed, you'll need to "register" each authorized user authorized user Radiation physics A person who, having satisfied the applicable training and experience requirements, is granted authority to order radioactive material and accepts responsibility for its safe receipt, storage, use, transfer and disposal . This is done in an administrator mode that's the default when the software is first installed. Once you've authorized yourself as a user, you'll want to change the password for administrator status so that others can't tamper with your settings. Registration varies slightly from product to product. With most of the PC Card-based fingerprint scanners, you can only set the device up to recognize a single finger. Digital Persona's U.are.U allows you to register three different fingers, which lets the device be used even if you get a bad paper cut on the primary finger that you use for identification. That face, that voice Fingerprint recognition is a primary means of biometric identification and authorization, but it's not the only method available. Assuming that you have the appropriate input devices, you can purchase software to let you perform biometric authorization using facial characteristics and/or voice printing. To use these methods, however, you'll need a small video camera attached to your PC, such as the WebCams that are increasingly popular, or a microphone for performing voice print identification. Two software products that perform both facial and voice print identification are BioID SOHO Soho (sōhō`, sə–), district of Westminster, London, England, known for its continental restaurants. Once a fashionable quarter, it became popular among writers and artists in the 19th cent. , from Dialog Communications Systems, AG (www.bioid.com) and WhoIsIt? from Qvoice (www.qvbiometrics.com). Both of these programs cost less than $100. Both pieces of software will perform facial and voice authentication, but WhoIsIt? also can perform fingerprint identification, if you have a compatible fingerprint sensor, In fact, Acer's new TravelMate 739LTV LTV See: Loan-to-value ratio laptop has a built-in sensor and uses WhoIsIt? for security. With both applications, you can set the amount of reliance that should be placed on each biometric so that a potential user has to pass all or part of the total identification process to gain access to the system. So even if you have a and-Aid on your face, a cold, or a cut on you finger, you still have the assurance of biometric authenticaion. Nothing is foolproof One thing to keep in mind is that while biometric security is convenient, it is far from foolproof. It's doubtful that anyone will go as far as trying to fool the sensors with a picture of you, or phony fingerprints. That's really just done in the movies. However, all biometric security approaches do use a password as a backdoor See trapdoor. . That's backup in case the biometric sensor stops working, you cut the finger that's used as identification, or you are using a voiceprint A sample of a person's voice to be used for voice recognition or security systems. , and develop a cold. As with any password, this needs to be something unintuitive, and secured so that an intruder cannot easily find and use it. Ted Needleman is the former associate publisher and editor-in-chief of Accounting Technology magazine. He is now a technology consultant and writer based in Stony Point, N.Y. |
|
||||||||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion