toggle.org, TOGGLE On-line Newsletter

Number 245 - October 2003

Biometrics
by George Harding, Tuscon Computer Society Member
The September 11, 2001 occurrences triggered dramati cally increased interest in security measures. Most of us use and are familiar with user name/password entry as a security device. Some of us are also familiar with how secure that system usually is. Security can be classified according to the various measures of accuracy, cost, user acceptance and installation effort which each system entails. The current systems include fingerprint scan, iris scan, hand scan, retina scan, facial scan, signature scan and voice scan. Combinations of these are occasionally used. Accuracy. As you would expect, the systems that are most intrusive to the user, such as retinal scan, are often the most accurate. Accuracy is rated on both correct identification and false identification. To pass a person incorrectly is bad for security; to not pass a correct person is irritating, at best. Some systems can be beaten; a false finger can beat a fingerprint scan, for example. As time goes on and technology improves, accuracy will improve, but so also with methods for faking. Cost. This covers the cost of physical devices as well as costs of monitoring and repairing them. The cheapest to install may well be the least ineffective. Even the cheapest are expensive to install at every door or workstation.	User acceptance. Users have to deal with the devices and their problems on an everyday basis. This may be necessary, but usually not convenient. Hospital environments involve numerous hand-cleanings and disinfections, which affect the accuracy of fingerprint scans. Office environments involve lotion for women, tar and smoke for smokers, eyestrain for computer users and so on. Each of these produces complications for biometric devices. Installation effort. Someone has to buy, install and hook up the physical devices, train employees how to use them and see that the devices are performing their function properly. This takes time and effort for those trained to do those functions. The importance of effective security varies a lot by industry and company. Recent government requirements for security of patient records by health providers has generated efforts to install better security methods. Government is particularly sensitive these days to the need for better security for the vast array of information kept by federal bureaucracy. Financial institutions, also, have a great interest in restricting access by unauthorized persons to client records. Many others are also investigating and testing biometric security solutions, perhaps even in your company or neighborhood. Check out this web site www.biometricgroup.com for some interesting information on the subject of biometric security.
Number 245 - October 2003