Biometric Authentication Var 2
Biometric Authentication Var 2
Biometric Authentication Var 2
A recent study from Juniper Research predicts that mobile biometrics will authenticate $2 trillion
in remote and in-store payments in 2023, up from an estimated $124 billion in 2018. The study
also estimates that over 80% of smartphones will have some form of biometric hardware by
2023.
High Security
The main advantage of biometrics is that they allow you to prove your identity using
characteristics that make you unique. Since the data is “something you are,” it’s much less likely
to be forgotten, stolen or forged, in contrast to using something you possess (like a document or
card) or something you know (like a password or secret phrase).
For some, the future can’t get here soon enough. In fact, according to Visa’s recent survey of
1,000 adult Americans who use at least one credit or debit card and/or mobile pay, consumers
are really looking forward to the widespread adoption of this technology. Sixty-seven percent
say they are interested in making payments using fingerprint technology in the future, and more
than 50% advised that they would switch away from a card network or bank that didn’t offer
biometric authentication at some point down the road.
It looks like the future may just be a step . . . or rather, a fingerprint away.
https://www.globalpaymentsintegrated.com/en-us/blog/2020/06/30/biometrics-the-future-of-
payments
Biometric authentication involves using some part of your physical makeup to authenticate you.
This could be a fingerprint, an iris scan, a retina scan, or some other physical characteristic. A
single characteristic or multiple characteristics could be used. It all depends on the infrastructure
and the level of security desired. With biometric authentication, the physical characteristic being
examined is usually mapped to a username. This username is used to make decisions after the
person has been authenticated. In some cases, the user must enter the username when
attempting to authenticate; in others, a lookup is done on the biometric sample in order to
determine the username.
Biometric authentication is performed by doing a comparison of the physical aspect you present
for authentication against a copy that has been stored. For example, you would place your
finger on a fingerprint reader for comparison against the stored sample. If your fingerprint
matches the stored sample, then the authentication is considered to be successful.
In order to set up biometric authentication the appropriate infrastructure must be in place. Once
the infrastructure is set up we register users. Some products allow users to register directly
while others require a registration agent to perform the registration for the user. Let’s take the
example of fingerprint-based authentication. During the registration process, the system will ask
the user to submit a sample, in actual fact it will create multiple samples. The user places their
finger on the fingerprint reader. The system will record images of the user’s fingerprint. The
system will use the multiple images to determine a point pattern to identify the user’s fingerprint.
These points are basically dots placed on different areas of the fingerprint. These dots are used
to denote the pattern made by the fingerprint. Once a sufficient number of samples have been
taken to form a consistent point pattern, the pattern is stored and used as the basis for later
comparison during authentication.
A second potential concern with biometrics is security. Part of setting up a biometric solution
includes configuring the sensitivity level for the sample. The sensitivity level determines how
close a match you need for authentication to be successful. Configuring the sensitivity level can
be somewhat tricky. If it’s set too low, one recorded sample could potentially match multiple
physical samples. If it’s set too high, you could block access to someone who is legitimately
authorized to access the system.
There have also been cases where people have been able to break biometric authentication.
The main issue here is that in many cases, biometric authentication relies only on the image
presented during authentication, so it can be tricked by a forged image (we see plenty of
examples of this in modern-day spy films). In order to combat this, some biometric
manufacturers have been adding other requirements to their biometric authentication solution.
For example, a fingerprint reader may also check the temperature of the finger used to supply
the fingerprint. If the temperature is not within a normal range for the human body, the system
assumes the fingerprint is being supplied by some bogus method and the authentication fails.
For these reasons, we do not see a lot of Internet-based applications using biometric
authentication. We see it more in corporate settings and, many times, it’s used just for certain
applications or under special circumstances.
Biometric Authentication
Biometric authentication devices rely on physical characteristics such as a fingerprint, facial
patterns, or iris or retinal patterns to verify user identity. Biometric authentication is becoming
popular for many purposes, including network logon. A biometric template or identifier (a sample
known to be from the authorized user) must be stored in a database for the device to compare
to a new sample given during the logon process. Biometrics is often used in conjunction with
smart cards in high-security environments. The most popular types of biometric devices are the
following:
▪
Fingerprint scanners These are widely available for both desktop and portable computers from a
variety of vendors, connecting via a Universal Serial Bus (USB) or PCMCIA (PC Card) interface.
▪
Facial pattern recognition devices These devices use facial geometry analysis to verify identity.
▪
Hand geometry recognition devices These are similar to facial pattern devices but analyze hand
geometry.
▪
Iris scan identification devices Iris scanners analyze the trabecular meshwork tissue in the iris,
which is permanently formed during the eighth month of human gestation.
▪
Retinal scan identification devices Retina scanners analyze the patterns of blood vessels on the
retina.
A large number of physiological characteristics can be used as identifiers, and devices have
been developed that verify identity based on knee scans, ear geometry, vein pattern
recognition, and even body odor recognition. In addition, some devices analyze and compare
behavioral traits using methods such as voice pattern recognition, signature verification,
keystroke pattern recognition, breathing pattern recognition, gait pattern recognition, and even
brainwave pattern recognition, although many of these are only in experimental stages.
Biometrics is considered to be among the most reliable authentication methods possible.
On the Scene
Even supposedly “foolproof” biometric methods aren't foolproof. This is because the biometric
data must be analyzed by a software program, and everyone who has worked with computers
knows that there is no such thing as a software program that works perfectly. Thus, the vendors
of biometric solutions establish fault-tolerance limits that are based on a certain level of false
rejection and false acceptance rates (called FRRs and FARs, respectively). False rejection
occurs when an authorized user is rejected by the system, and false acceptance occurs when
an unauthorized user is “passed” by the software and is allowed access. In fact, fingerprint
scanners have been defeated by such simple methods as blowing on the sensor surface to
reactivate a fingerprint previously left there or by dusting a latent fingerprint on the sensor with
graphite and then applying adhesive film to the surface and pressing on it gently. These
techniques are examples of latent image reactivation. In a well-publicized case in May 2002, a
cryptographer in Japan was able to create a phony fingerprint using gelatin, which he claimed
fooled fingerprint scanners approximately 80 out of 100 times.
https://www.sciencedirect.com/topics/computer-science/biometric-authentication