Cryptography Reference
In-Depth Information
and high accuracy of eye biometrics make it vastly superior to the fingerprinting
biometric. Once costs descend, this must surely be the medium of choice, if for
no other reason than the key factor in selection of an appropriate biometric is
its accuracy. At the bottom of the list are face geometry, followed by finger
geometry, and voice patterning.
Verification vs. Identification
We discussed the use of smart cards and biometrics for
verification
of indi-
viduals above, where verification means the following.
Verification
The individual's identity is entered into the system, via a smart card, say,
then a biometric feature is scanned. If that scanned trait matches the one
previously stored in the card, then verification is successful. This kind of
“verification” is also often called “authentication” of the individual.
The notion of verification must be separated from the issue of
identification
,
given as follows.
Identification
An individual's recorded biometric feature is compared to
all
the correspond-
ingbiometrics in the database. If there is a match, then the individual is
identified, and the user's ID may be processed later for verification.
Identification is very useful in fighting crime. For instance, if an individual's
fingerprint or DNA, say, is lifted from a crime scene, and a match is made
to it after searchinga database, this provides crime fihters with evidence to
prosecute.
In order for biometrics to be effective, there must be an
enrollment process
,
where an individual consents to havinga biometric imae captured, such as
a fingerprint or eye scan, from which the characteristics are extracted. This
allows the creation of the user's biometric template, which is stored centrally,
in a database, or locally, on a smart card, say. Think of verification as a one-
to-one comparison, which confirms that the credential belongs to the individual
who is presentingit. The authenticatingdevice need only have access to the
individual's enrolled biometric template, which may be stored locally or in a
database. Identification, on the other hand, is a one-to-many comparison. It
verifies that the given entity exists within a given population and is not enrolled
with another ID. Moreover, it will verify that the individual is not on a list of
prohibited entities. In this case, the database must contain a set of all entities
applyingfor the access, say, to enter a country, and their biometric templates.
As shown in Diagrams 9.8 and 9.9, the acceptance or rejection will be based
upon some threshold value derived from the security policy of the system being
accessed.
Search WWH ::
Custom Search