home
NEWS       BLOGS       FORUMS       NEWSLETTERS       RESEARCH       EVENTS       DIGITAL LIBRARY       CAREERS  
Network Computing Network Computing Powered by InformationWeek Business Technology Network

IMMERSE YOURSELF:

SOA

  |

Data Center

  |

802.11n

  |

Data Privacy

  |
APO  |

Virtualization

  |

NAC

  |

Security

  |

Network Mgmt

  |

Enterprise Apps

  |

Storage & Servers



  

Buyer's Guide: Biometrically Speaking

August 23, 1999
As PC users became interested in biometrics, so did the standards bodies and biometric consortia. Biometrics got HA-API (Human Authentication API), BioAPI (Biometrics API) and SVAPI (Speaker Verification API). IBM developed its own standard--AIS API--but the company also supports BioAPI and is a member of the BioAPI Consortium. To be truly useful, biometric devices must be integrated with the organization's firewall, NOS and desktops.

Printer Print this Page
E-Mail E-mail this URL
Multiple, competing standards proposals confuse the market and pose a problem for vendors. Which standard should you require in the products you buy? To what API or APIs should vendors port? Fortunately, there appears to be movement toward a single family of APIs (not a single API definition) that will provide compatibility. Unfortunately, as is always the case with standards, progress is slow.

Buying Into Biometrics
Let's say you're looking to purchase a solution for deployment throughout your internal organization to control access to desktops and network servers. Of course, you want to know how easy the device is to use and install.

You also need to find a biometric system that will suit your environment. Retinal scanning is inappropriate if your workers must wear goggles or are in an environment that's subject to a great deal of motion, such as the bridge of a battleship. Facial recognition is not useful if the user sometimes wears a mask (operating room). And voice recognition won't work well on a loud factory floor.

Determining if the system employs user-acceptable devices is a must. Retinal and cornea scanning are two of the most accurate mechanisms for individual identification. But many people are uneasy about putting their eye up against a viewer for scanning.

Does the device work with the applications you intend to use? Integration with intended applications is an absolute must; unfortunately, it's not always clear what solutions work with which products. You must decide which applications are critical and which require strong biometric authentication.

Operating systems must provide the hooks that let biometric systems be used in place of the typical OS authentication. This requires an API. It also requires the ability to replace the standard login screen with another provided by the biometric verification product. Basically, wherever user authentication is supported--access to the OS, access to protected files and local, as well as network (domain) authentication--should have hooks that allow the typical user name and password prompt to be replaced with a biometrics query.

How easily will the intended technology integrate into the computers in use? Will you have to purchase video cameras for every PC? What about finger scanners? Neither are very expensive, but it is important to know if one or both will fit into the work environment. Do the computers have the required communications ports available? Some organizations standardize on two different types of biometric methods--for example voice and finger, or facial and finger. And some workspaces don't have room for other devices. On the other hand, some vendors are rolling out keyboards with integrated finger scanners and most PCs are equipped with sound cards.

You'll also need to consider transaction time. How long will it take for the device to authenticate a user to an application? You don't want to unnecessarily delay your users so you may want to test transaction times before you make a commitment. (See "Six Biometric Devices Point the Finger at Network Security," www.networkcomputing.com/910/910r1.html for the results of our tests of biometric devices.)

What is the security architecture of the biometric product? Find out if it protects all user template and sample data during registration and use. Learn how and where it protects the information as the hardware device communicates with the biometric software. Most vendors do this with encryption, which should be performed along the entire communication path, including along the cable that leads from the device to the PC. Encryption is also important on the database that contains the biometric information. The bottom line is that you need the entire path to be secure, so ask your vendor just to be sure.

And finally, can intruders thwart the authentication device by rebooting the PC or copying a datastream from a fingerprint reader to a server and later replaying it? If getting around your biometric device is this easy, you won't be happy.

Recommendations
Although the biometric market is relatively immature, biometric technology is mature and usable. If you have a business or other operation that requires strong user authentication, you can start testing now. Answer all the questions we've posed here. Read up on the subject further by visiting Web sites dedicated to biometric systems (see "BioBodies: Biometric Industry Organizations," at left). Finally, consult the Association for Biometrics (www.afb.org. uk/); it provides some excellent guidelines for selecting and implementing a biometric system.

Frederick M. Avolio is a computer- and network-security consultant. Send your comments on this article to him at fred@avolio.com.



PAGE: 1 I 2 I 3 I 4 I 5 I NEXT PAGE
 





Ready to take that job and shove it?

Function:

Keyword(s):

State:
SPONSOR
RECENT JOB POSTINGS
CAREER NEWS
Go beyond Google and get vertical. These specialized search sites will help you find the business information you need -- fast.

Ari Balogh was named to the post of chief technology officer as the companys for a "realignment" of employees.










InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Download Today
 
ROLLING RIGHT ALONG
Follow key Network Computing Reviews from conception to completion. This Week: Holistic APM.



Network Computing Reports Emerging Enterprise Podcast Series: Secrets to Success








TechSearch


Microsite of the Week


Powerful Information at Your Fingertips



InformationWeek Business Technology Network
InformationWeekInformationWeek 500InformationWeek 500 ConferenceInformationWeek AnalyticsInformationWeek CIO
InformationWeek EventsInformationWeek ReportsInformationWeek MagazinebMightyByte and SwitchDark Reading
Digital LibraryIntelligent EnterpriseInternet EvolutionNetwork ComputingNo JitterPlug Into The Cloud
space
Techweb Events Network
InteropVoiceConWeb 2.0 ExpoWeb 2.0 SummitEnterprise 2.0 ConferenceMobile Business ExpoSoftware ConferenceCSI - Computer Security Institute
Black HatGTECEnergy CampMashup CampStartup Camp
space
Light Reading Communications Network
Light ReadingLight Reading EuropeUnstrungLight Reading's Cable Digital NewsConstantinopleInternet EvolutionPyramid Research
Heavy ReadingLight Reading Live!Light Reading InsiderEthernet ExpoOptical ExpoTeleco TVTower Technology Summit
space
Financial Technology Network
Advanced TradingBank Systems & TechnologyInsurance & TechnologyWall Street & TechnologyAccelerating Wall StreetBank Systems & Technology Executive SummitBuyside Trading SummitInsurance & Technology Executive Summit
space
Microsoft Technology Network
MSDN MagazineTechNetThe Architecture Journal
space


App Infrastructure   |   Messaging & Collaboration   |   Network & Systems Mgmt   |   Network Infrastructure   |   Security  |   Storage & Servers   |   Wireless   |   Enterprise Apps
About Us  |  Contact Us  |  Site Map  |  Technology Marketing Solutions  |  Advertising Contacts  |   Briefing Centers
Copyright © 2008  United Business Media LLC  |  Privacy Statement  |  Terms of Service  |  Your California Privacy Rights