The ability to authenticate the identity of a user of an information system is a cornerstone of effective security. There is a variety of authentication types employed to protect information systems from unauthorized access. A personal identification number (PIN) or a password represents a type of authentication based on a fact that only the proper individual knows. Another type of authentication is based on a thing that only the proper person owns. Keys, either physical or electronic, are an example of authentication based on a thing that only the proper person owns. As sensor technology has advanced, a new authentication based on properties of the person’s body has emerged. The American Heritage Dictionary defines the word “biometrics” as “the measurement of physical characteristics, such as fingerprints, DNA, or retinal patterns, for use in verifying the identity of individuals.” (“The American Heritage Dictionary,” 2007) Biometric authentication relies on a trait or property that is unique to a person. In the context of the previous examples of authentication types, biometrics is based on something the person is.
There are many types of biometrics ranging from fingerprints to retinal patterns, from voice to face recognition, from genetics to gait. Any human attribute that is unique from person to person may be usable as a biometric. A nefarious person might guess a password or steal a key, but he will have much greater difficulty subverting a biometric. The primary advantage of biometrics is that they are unique to a specific human. (Sukhai, 2004) The certainty of identity provided by biometrics has the potential to be much greater than traditional authentication methods.
Biometrics is an emerging technology and there are some disadvantages to their use, which have resulted in slow adoption. One disadvantage associated with biometrics is the difficulty of gaining acceptance by users. (Sukhai, 2004) In an era concerned with swine flu epidemics, no one wants to put their eye up to a shared retinal scanner. Similarly, having one’s retina scanned by a laser, while demonstrably safe, can be uncomfortable to some. (Sukhai, 2004) Another challenge with biometrics is the reliability of the sensors that collect the data. Biometric sensors are not perfect and each of the different technologies has a rate of false positives and false negatives that must be understood and mitigated. (Sukhai, 2004) Finally, cost can be a factor, depending on the biometric being used, as fingerprint readers or retinal scanners or cameras must be purchased and deployed and maintained. Patent licensing can be an expensive part of a biometric deployment. (Sukhai, 2004)
Biometrics research is a rich area of study with many outstanding problems to be solved. One area of particular interest to the author is the challenge of human affect, or emotion, in biometric systems. Compensating for affect when designing biometric systems may enable better acceptance of the technology. Swindells et al have reported on influencing human behavioral response to systems through design with affect in mind. (Swindells, MacLean, Booth, & Meitner, 2006) Affect recognition plays and important part in facial recognition, where the system should recognize individuals regardless of whether they are smiling or frowning. Similarly, someone who contorts their face to appear like an authorized person should not be able to defeat facial recognition systems. While affect recognition systems will improve the accuracy of facial authentication systems, the ability to recognize and distinguish different geometries within one face enables interesting new possibilities. For example, Bullington suggests detecting when bus or train drivers are getting tired as a future application. (Bullington, 2005)
The aerospace and defense industries are one area where early-adoption of biometrics is occurring. Defense contractors are often entrusted with secrets that pertain to national security. As with most companies, users of information systems at these companies will utilize passwords. For access to more sensitive data, digital keys and passwords are utilized together. For access to the most sensitive data, digital keys, passwords, and a biometric like fingerprints are combined to ensure the identity of the person accessing the data. Implementing biometric authentication at one defense contractor required deploying fingerprint scanners as a computer accessory for all information systems accessing the most sensitive data types.
The American Heritage Dictionary. (2007) (Fourth ed.). Boston: Houghton Mifflin.
Bullington, J. (2005). ‘Affective’ computing and emotion recognition systems: the future of biometric surveillance? Paper presented at the Proceedings of the 2nd annual conference on Information security curriculum development.
Sukhai, N. B. (2004). Access control \& biometrics. Paper presented at the Proceedings of the 1st annual conference on Information security curriculum development.
Swindells, C., MacLean, K. E., Booth, K. S., & Meitner, M. (2006). A case-study of affect measurement tools for physical user interface design. Paper presented at the Proceedings of Graphics Interface 2006.