TrendThe new face (well, not only face) of biometrics, I

Published 24 September 2008

New biometric technologies must make a compelling business case why business should adopt them over much-improved existing technologies

The field of biometric security is moving beyond mere fingerprint readers and producing more sophisticated devices that are more difficult to dupe. Providers are moving with hardware that senses bloodflow beneath a handprint and software tools that analyze not only the password a user types in, but also how he or she typed it. Technologies such as thumb drive reader devices, eye scanners, and voice pattern recognition, though, still face stiff competition in most enterprise circles, where passwords and user tokens seemingly work well enough and are quicker and cheaper to deploy.

TechNewsWorld’s Jack Germain writes that existing security strategies which grant access only after the presentation of a user’s recognized physical traits are changing. Updated versions of fingerprint, voice, and eye scanners are gaining popularity with IT managers. Newer biometric authentication layers are tightening the security blanket for computer and data access. These innovative devices are making it more difficult for impostors to spoof their way into data they shouldn’t be able to access.

Historically, authentication security involved a combination of passwords, PINs, signatures, and keys. First-generation biometric authentication devices added more choices to the mix. Now these choices are again changing. New strategies for personal identification are providing stronger security to computers and sensitive data. For instance, next-generation fingerprint readers can detect the presence of blood coursing through the tissues to eliminate the threat of a severed finger passing muster. Fujitsu Computer Products of America announced on 9 September a mouse with a built-in palm reader that it claims cannot be duped.

I expect to see even better speed and imaging performance from future [fingerprint] readers. In addition, newer technologies such as IR [infrared] imagers are able to detect thermal signatures of either finger veins, palm or hand veins as well as facial prints. These technologies are starting to appear, but their price points are not where fingerprint sensors are so they are still early in the development cycle. Whether these will become as mainstream as fingerprint biometrics is still unknown, but these technologies look promising,” David Ting, CTO of Imprivata, told TechNewsWorld.

Next-generation biometric authentication devices may offer greater security, but this may not be the most pressing issue for potential enterprise adopters. Are enterprises better off upgrading to the newest versions of biometric solutions? Perhaps they would be better off taking a hands-off approach to these newer biometric-based security strategies. Basic fingerprint readers are becoming so reliable and inexpensive that the level of improved access control they offer is already better. Introducing more costly devices may not be cost effective, Ting suggested.

From a technology perspective, enterprises are starting to see widespread adoption of fingerprint biometrics. A driving factor for this acceptance is the device’s long history of sensor development, image processing and a large population statistics, Ting said. “The devices on mobile devices are starting to benefit from evolution rather than revolutionary changes as they become more usable (to fingerprint and environmental conditions), durable and faster. This, coupled with the reduction in footprint, power consumption and cost, have resulted rapid adoption for mobile and desktop users, as evidenced by the number of users today who are buying them for their notebooks,” he explained.

For different reasons, the security industry has not seen widespread requests for voice or facial recognition, even as microphones and digital cameras become standard equipment on notebooks. Factors like variables in the operating environment and how they affect the recognition rates certainly play a large role in this. “We see companies using technology from the business space and applying it to their own partners. There is no silver bullet with getting security from biometrics. Companies that use biometrics in isolation are finding out that they are getting spoofed. They have to use multiple strategies in concert,” Matt Shanahan, SVP of AdmitOne Security, said.

When deciding whether to buy into new biometric security devices, IT managers should consider the risk factor they face, Shanahan said. They should ask themselves: “What are the most concerning threats and what should they do about it?”

Tomorrow: The technollgical and business choices businesses face