Identity Management: Open Biometrics

May 6, 2006
/ Print / Reprints /
ShareMore
/ Text Size+
Dore Scott Perler


Providing a solution to a problem for an individual situation is simple. Providing a solution to a problem for the entire United States is an order of magnitude. Providing a solution for which the entire world can share in, and has their individual needs meet, is monumental.

This is exemplified by the current state of biometrics technology. Outside of the AFIS database shared by multiple nations there is no biometrics repository of any kind. In order to effectively track, catch or even slow down terrorists, this is exactly what will be required. Several companies currently provide their version of border control, biometrically enabled identity management solutions. However each company’s software requires registration of the user and storage into their proprietary architecture. This may work for a single country to register all persons entering and exiting at the borders, but how does this relate to providing a comprehensive blanket of protection for the world?

Get specific

In order for that to happen, a consortium of world technology leaders must outline their specific requirements for what is tracked, how alerts are delivered, how information is shared, what information is shared and several other factors. This is all after-the-fact information, accessible after the system knows who is requesting access or departure. Ideally, travelers would go to an authorized registration point within any of the participating countries and register their biometric and other related information. These registrations would then be shared across the globe to all participants.

The sharing of registrations provides not only a single point of convenience to the traveler but also aids in detecting potential circumvention of the system.

For this to work effectively, multiple biometric technologies must be utilized within the system. Since no one biometric works for everyone, a layered approach to biometric implementation should be required. Should a traveler fail to register with a fingerprint they could use iris, voice, face or any of the other biometric technologies. The system would track what has passed and what has failed for further detection of circumvention.

Even if fingerprint registration is not possible, images of the traveler’s fingerprints should be taken. This would provide a wealth of information for development of richer algorithms as well as human visual inspection.

Once this repository is under way, smaller applications could also use the repository for use within their applications. This would eliminate the individual registration for each biometric application. Once installed, the application for time and attendance or access control could download the registrations from the repository. This would also help track suspected terrorist hiding within small towns.

Events management

Short of having a national repository of biometrics, smart cards offer an excellent method for a portable database. The current state of smart cards has proven to be less than stellar for security. But the technology will get better, and over time should become a proven leader for portable applications.

Technology grows by leaps and bounds, so while it is common for first-world countries to expect high-speed wireless connection at McDonalds, much of the world’s population has yet to incorporate the Internet into their daily lives. When taken on a global scale, a common denominator must be found. Contactless smart cards are a low-cost solution to a less-than-perfectly connected world. As the world becomes more interested in securing public venues from terrorist threats, the time to act is now. Smart cards provide the means to increase security with valid credentials instantly.

A large problem with smart card deployment in a large community is the cooperation from vendors on how their data is stored and located on the card. In a university setting a smart card may be employed as a debit system at the campus store. The campus store application uses location A on the smart card for storage of its information. The university library also has a smart card application that tracks which books are checked in and out of the library, and also uses location A on a smart card. The current solution is to issue two smart cards to each student or have the vendors of the applications change their application so that they could both share the same card. But security companies have developed a software abstraction layer for smart cards that allow multiple vendors to work with a single smart card. The universal card engine (UCE) allows a single smart card to support multiple vendor independent applications. By implementing UCE, each vendor could simply change the logical location of storage on the card without recompiling a single line of code.

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.

Multimedia

Videos

Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.

Podcasts

Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security December 2014 issue cover

2014 December

This issue of Security Magazine covers our 12th annual Top Guarding Firms list. Check out the best of the best as of December 2014. The 21st century has brought with it new types of security threats. Read how to combat and protect against these threats.

Table Of Contents Subscribe

Security Emergency Preparedness Training

Which security personnel emergency preparedness training is the top priority to you and your enterprise?
View Results Poll Archive

THE SECURITY STORE

comptiahighriseproductphoto
CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.

STAY CONNECTED

Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.