Biomedical Engineering Reference
In-Depth Information
security for biotech companies for protection of tangible assets such as invalu-
able samples and expensive instruments such as mass spectrometers.
Logical security must assure authentication, authorization, confi dentiality,
integrity, protection of privacy, nonrepudiation, and availability. One aspect of
security alone does not assure the needed protection. All three aspects of
security, that is, physical, logical, and operational security provisions, must be
enforced. The e-business solutions need to provide integrated security infra-
structure to address all the logical security services in conjunction with the
applications that provide authorization services and privacy.
Identity management is a critical functionality to establish a trusted envi-
ronment for collaboration in a virtual workplace. The IT term for this is
authentication for positive identifi cation and validation
of an entity, an indi-
vidual in this case. The traditional method of authentication based on what
you know (e.g., password) is vulnerable because the shared secret can be
exposed to unauthorized users. The new authentication mechanism based
on what you have (e.g., seal, smartcard) has a challenge in distribution and
revocation of the entities. This mechanism has been used for centuries. For
example, personal seals are used in many countries for business transactions,
and government and academia are using the institutional seals to issue
certifi cates.
The method of identifi cation and validation of an entity based on the
unique physical attributes of individuals has been around for a long time. For
example, thumbprints have been used in many countries for many years. What
is new is that a similar method is being adopted for electronic transactions.
The IT industry is moving toward a new mechanism of authentication based
on what you are, or what you are born with, which is referred to as
biometrics.
We use face recognition for identifi cation of a person or voice recognition
in our daily lives. We use signatures for business transactions. The U.S. INS
(Immigration and Naturalization Services) uses palm prints for the border
crossing at airports.
There are three approaches for validation of identity, which is referred to
as authentication: (1) based on what they know (e.g., user id and password),
(2) based on what they have (e.g., seal, badge, smartcard), and (3) based on
what they are, (e.g., facial geometry, voice pattern, fi ngerprint). Signatures
are commonly used for our business transactions for nonrepudiation of com-
mercial or legal transactions. Seals are commonly used to certify offi cial
documents.
The new industry trend is to use a combined approach of smartcards acti-
vated with biometrics for leverage of the advantages of both technologies. For
example, smartcards are used in some countries in place of health insurance
cards, where the smartcard needs to be activated by the owner's fi ngerprint
along with detection of body temperature.
It is critical for an institution to conform to the statutory requirements
associated with protection of privacy, especially for customer/consumer profi l-
Search WWH ::
Custom Search