TrendThe new face (well, not only face) of biometrics, II
Next-generation enterprise biometric solutions will evolve toward being able to work both with centralized, distributed as well as mobile devices, such as smartcards or contractless smartcards
The field of biometric security is advancing fast, forcing corporate IT security managers to make a decision: Should existing but improving technologies such as fingerprinting be retained, or should the organization invests in new biometric technologies to enhance its security? TechNewsWorld’s Jack Germain discusses the question and offers useful insights.
He notes that collusion and corporate social engineering are two typical ploys hackers use to break through security barriers. Biometric devices need to identify the right user, not just a user that appears to be right. The devices, however, do not always reach this goal. “The rise of new threats is causing people to rethink biometrics. Then they have to decide if they should rely on physical, which is more intrusive, or behavioral, which is less intrusive,” said Matt Shanahan, SVP of AdmitOne Security.
In many cases, advancements made in software-based behavioral biometrics can be 95 percent effective, he added. With physical biometrics, users need new hardware on their PCs, and the upgrades can be expensive.
With behavioral biometrics in place on the network end, no external devices are needed. AdmitOne’s biometric product captures the typing cadence of the approved users, so whatever keyboard they use, their typing behavior will not change. In addition, behavioral biometrics provides for multiple levels. For instance, banks using behavioral biometrics first require customers to get the password right. For that same customer to do a transaction online, he or she will have to re-enter the password or answer pre-set security questions.
Another layer can be applied by using risk-based methods. Customers will have to answer different levels of challenges depending on their interactive behavior on line. With risk-based strategies, the degree of strength needed is determined by the amount of risk assessment the access requires, said Shanahan.
One’s behavior biometric software relies on multiple sets of factors. For instance, it determines if the log-on attempt comes from the same IP (Internet protocol) address as it usually comes from. A log-on attempt coming from a different geographic region is given special consideration. “The assessment of risk combines the observable factors with the requested responses. This makes for a reliable pattern of use. Depending on the behavioral assessment, additional levels can be applied, such as calling out to the customer’s cell phone. Using these strategies, 99 percent of people won’t be challenged at higher levels,” Shanahan said.
One innovative physical biometrics device to come down the pike is Fujitsu’s mouse and palm