Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

It’s in the Finger

October 4, 2006
/ Print / Reprints /
ShareMore
/ Text Size+
Fingerprints were first used for positive personal identification more than one hundred years ago, when it was proven that each finger of every individual has a unique arrangement of ridge detail. Today, organizations have growing requirements for positive identification systems resistant to high technology fraud. Combining biometrics with Enterprise Single Sign-On prohibits unauthorized users from getting to private information.


These days, CEOs have a growing awareness of the risks involved in protecting physical and IT-based resources from identity theft, malicious outside attacks or generally inappropriate use at facilities and online. Strict mandates -- Health Insurance Portability and Accountability Act (HIPAA), Sarbanes-Oxley, GLBA, HSPD-12, FIPS 201 and Basel II -- from government and industry regulators that require enterprises to take significant steps to strengthen defenses against these misuses. As a result, many corporations implement strong multi-factor authentication policies much stronger than the card and password schemes that had been so commonplace in the past.

Enterprise Single Sign-On (ESSO) solutions require a company’s employees to remember and provide just one set of credentials -- a user name and password -- to access the full portfolio of applications, data and services for which that user is authorized. While ESSO technology is not new, existing solutions have been expensive and time consuming, and rarely lived up to expectations. However, there are newer, more cost-effective solutions on the market that help organizations benefit from increased user productivity and reduced security management costs by enabling ESSO to all your enterprise applications.

When examining Single Sign-On technology options, look for an affordable, easy-to-implement appliance without needing to modify applications. To maximize the enterprise-wide benefit, an ESSO solution should fully support multiple strong authentication methods and centralized policies to allow companies to implement levels of security that are appropriate for their environments.

Combining the ease-of-use of a quality ESSO solution with the identity exclusivity of biometrics can help organizations improve employee productivity and adhere to better security practices, while strengthening their overall security posture and minimizing the burden on IT to manage such a central security system.

Any finger biometric solution choice should consider such critical factors as usability/convenience, system performance, security/user privacy and cost.

SIDEBAR
Combining Biometrics with ESSO

A biometric-enabled ESSO solution should adhere to the following key criteria:

Matches each user by correlating against known set of references, taking into account:
  • Variations in pressure and density
  • Aging or dirt induced variations in the print
  • Orientation of finger on the sensor
Utilizes a capture algorithm that:
  • Captures images at higher speeds, resulting in less image blur distortion
  • Normalizes for humidity variations in the finger
  • Is “device neutral,” and not associated with a specific sensor or reader
Credentials are stored centrally, using strong security and privacy safeguards by:
  • Ensuring that each captured fingerprint image is destroyed and cannot be misused
  • Maintaining mathematical descriptions of a print’s landmarks, but not the actual print itself
  • Never shipping a username with the template
  • Storing username in a double-blind alias mechanism on server

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.