Accueil > Blog > Biometrics, not the alpha and omega of security

Biometrics, not the alpha and omega of security

Week 10, 2009

Then biometrics madehuge progress to the extent they arenow at the core of both government IDand enterprise security projects.Biometrics are also used in othermarket segments, such as payment,especially in India.

Biometrics are a core method foridentifying individuals, be it in acompany with fingerprint readers onPCs, face recognition or with handshape recognition devices on physicalaccess control systems. Securityexperts push for a larger adoption ofbiometric technologies, for instance infinancial institutions, in order to trackall access to ERP or sensitive systems.Biometric systems can even beimplemented at application level totrack each piece of data (an amountfor instance) entered in a field.

Biometrics are always under scrutinyas they deal with intrinsic features ofa person. Also, a decision to accept orreject a person’s identification basedon biometrics is the result of definedthreshold specifying limits in a seriesof parameter similarities. Recentpapers delivered at a Black HatConference in Washington DCdemonstrated there was means to foolfacial recognition technology onlaptops using a simple low-qualityphotograph (cf. Smart Insights #09-09). Previously, it had beendemonstrated a fingerprint readercould be fooled with a simple gel copyof a fingerprint.

Let’s not jump to the wrongconclusion! This does not demonstratebiometrics are useless. It just showsthey are to be used sensitively. And ofcourse, there are different levels ofsecurity associated with biometrictechnologies depending on thepurpose. But the most important thingto have in mind is that there is nosingle solution for securing a system.Security is based on a combination ofdifferent technologies.

Good security is based on multiplefactor authentication: thecombination between something youare (biometrics), something you know(a password), and even moreimportant given the convenience in itslogistics and its resistance toduplication, something you own: asmart card. This is where our industryis in a central position to supply theappropriate level of security. Assecure transactions experts, we havethe right understanding of securityneeds, so we are able to propose themost appropriate combination ofmultiple factor authentication foreach situation.

Thierry Spanjaard
Chief Editor
Smart Insights