Biometric authentication is a process of establishing
the identity of a user by measuring
some aspect of that user's physical self. It is one of three basic
approaches to authentication -- the
others being use of a secret (something the user knows) or a device
(i.e., something the user has).
Examples of biometrics include:
- Finger prints -- i.e., image of the ridges on the skin of a finger.
- Hand print -- same as finger print, but whole hand.
- Finger vein scan -- i.e., image of hemoglobin flowing through blood veins inside a finger.
- Hand vein scan -- same as finger vein, but whole hand.
- Voice print -- i.e., measuring characteristics of the spoken voice.
- Face recognition -- i.e., comparing images of faces.
- Typing cadence -- i.e., comparing the pattern of key-press duration and inter-key time interval.
- Iris and retina images -- i.e., images of features of the human eye.
Biometrics are generally considered to be very convenient to use -- users
do not leave their fingers at home or forget how to use them, for example.
Biometrics are often thought of as quite secure, but there are weaknesses:
- Recordings may be replayed into scanners. For example, a finger
print sample may be acquired using a gummy substance, lifted from a glass
or other surface, and offered to a scanner. A voice print may be
surreptitiously recorded and replayed later. A photograph of a user's
face may be presented to a face scanner, etc.
- Biometrics are not revocable. If a user's biometric has been
compromised, he cannot "take it back."
- Users may fear that parts of their bodies may be physically amputated
in order to attack a system that trusts them.
When considering a biometric system, organizations normally take
- False accept rate (FAR) -- the frequency with which the biometric
system will incorrectly accept the wrong person as a claimed
- False reject rate (FRR) -- the frequency with which the biometric
system will incorrectly reject the right person.
- Inability to register -- the proportion of users who cannot
enroll for whatever reason (smooth skin on fingers, degenerative
eye disease, unable to speak, amputee, etc.).
Typical values for each of the above three rates are on the order of
from 0.1% to 2%.
Return to Identity Management Concepts