printer friendly version

Choosing a biometric solution

Before choosing a biometric user authentication solution, an organisation should evaluate its needs carefully. The following list includes items that should be considered - the order of importance depends on the environment and level of security needed.

* Level of security required.

* Accuracy.

* Cost and implementation time.

* User acceptance.

Level of security

Voice and signature recognition techniques are generally considered to be appropriate for many non-PC access authorisation uses, but in most cases are not good candidates for PC and network user authentication. Biometric techniques that identify physical features are more accurate; therefore, they offer a higher level of security.

Accuracy

Retinal scanning and iris identification are both highly accurate ways of identifying individuals; however, they are both expensive to implement and most organisations do not need this level of accuracy. Hand, face, and fingerprint authentication techniques offer good accuracy for a smaller investment in scanning hardware.

Physical changes such as cuts, scars and ageing can affect the accuracy of certain types of biometric authentication techniques; however, user identification databases can be updated to overcome most of these problems.

Cost and implementation time

When implementing a biometric user authentication system, an organisation should work with its PC vendor to evaluate the cost and time associated with the following factors:

* Researching, purchasing, and installing PC-compatible authentication hardware and software.

* Biometric capture hardware (readers, cameras, scanners, and so on) and associated software.

* Hardware and software to maintain the user information database.

* Time required to integrate the authentication hardware and software into the existing environment.

* Training IT staff to manage the new system.

* Training users in the new authentication protocol.

* Collecting and maintaining a database of user identification data.

* Updating the database as necessary.

User acceptance

User authentication based on fingerprint recognition does not use a person's complete fingerprint. Instead, the intersections of lines in the finger- or thumb-print, called minutiae points, are captured and used for identification.

Users generally find less intrusive biometric techniques, such as fingerprint, face, or hand identification, most acceptable. However, some users may be reluctant to have their fingerprints recorded in a database. An organisation should provide its employees with information and training on the chosen biometric method, so they have a chance to become familiar with the requirements before the system is implemented.

From: The Biometrics Consortium http://www.biometrics.org

The Biometric Consortium's charter was formally approved on 7 December 1995, by the Facilities Protection Committee, a committee that reports to the Security Policy Board through the Security Policy Forum. The Security Policy Board was established by Presidential Decision Directive/NSC-29 on 16 September 1994, for the coordination, formulation, evaluation, and oversight of US national security policy.

Share this article:

Further reading: