Types of biometric authentication technologies:
Retina scans produce an image of the blood vessel pattern in the light-sensitive surface lining the individual's inner eye
Iris recognition is used to identify individuals based on unique patterns within the ring-shaped region surrounding the pupil of the eye.
Finger scanning, the digital version of the ink-and-paper fingerprinting process, and works with details in the pattern of raised areas and branches in a human finger image.
Finger vein ID is based on the unique vascular pattern in an individual's finger.
Facial recognition systems work with numeric codes called face prints, which identify 80 nodal points on a human face.
Voice identification systems rely on characteristics created by the shape of the speaker's mouth and throat, rather than more variable conditions.
Once seen mostly in spy movies (where it might be used to protect access to a top-secret military lab, for example), biometric authentication is becoming relatively commonplace. In addition to the security provided by hard-to-fake individual biological traits, the acceptance of biometric verification has also been driven by convenience: One can’t easily forget or lose ones biometrics.
Biometric devices and systems
There are a plethora of biometric devices available -- including fingerprint scanners, face and voice recognition, iris scans and keystroke dynamics -- and it is important for an enterprise to choose a device that fits and addresses its specific needs, such as business infrastructure, system vulnerabilities and user access. Below is a brief description of some of the most popular biometric authentication devices and systems to help security managers learn the pros and cons and how to know if they are right for an organization.
Fingerprint scanners are one of the oldest forms of biometrics and have been largely reliable when is comes to authentication. These systems are easy to use, which makes them favorable among users, "Sophisticated fingerprint readers also measure heat or electrical conductivity to establish that the finger is "alive."" multispectral imaging takes two images of the fingerprint, one from the top layer and one from beneath the skin to measure liveness of the print. This is done by looking for capillary beds and other sub-dermal structures containing oxygenated blood flow. ievo fingerprint readers are by far the most reliable and robust biometric using multispectral imaging sensors.
Face and voice recognition systems are similar to fingerprint scanners. Their ease of use makes them favorable, but a user's voice can be recorded and a face can be copied from a photograph, in some cases enabling third-party malicious access to systems.
Iris and retinal scans are considered to be a more secure form of biometric authentication, since copying a person's retinal pattern is a much more difficult task than copying a fingerprint.
Implementation of biometric systems can be tricky and expensive, requiring corporate spending on hardware and software. The implementation and deployment processes varies for different biometric systems, so organizations must first carefully consider which type of system to deploy, and then meticulously plan the process.
Biometrics is an advanced technology intended to protect extremely sensitive data, so it should only be considered for highly sensitive material. Using biometrics for any other type of data would be a waste of time and money. Organizations should do a thorough risk analysis of their systems to determine what information is in need of protection via biometric technology, i.e. a customer's credit card information.
Organizations must also ensure secure transmission and storage of biometric data. Although biometric systems are considered one of the most advanced forms of authentication, they do have certain flaws. For instance, some people think it is impossible to duplicate a user's biometric information, but when it is converted into digital data, it can be stolen by a hacker as it transmitted through insecure networks and later replayed.
As stated earlier, organizations can decrease the likelihood of hackers gaining access to a users' biometric information by using data that is more difficult to copy, but the risk is still there. Considering, it is essential that enterprises take several precautions to ensure that the data is transmitted, gathered and stored properly.
Organizations must make sure that all information transmitted from the biometric reader to the authenticating server is gathered on a secure device, sent over an encrypted channel and stored in an encrypted database. Both Active Directory and LDAP can perform these actions. Finally, any servers running biometric applications must be patched and hardened.