Biometrics is the science of measuring an individual's
physical properties.
Aurama provides hardware and software solutions on biometrics for
clients who require fool-proof solutions for authentication and
security.
Aurama
has tied up with some of the world's leading Biometric H/W manufacturers
and has developed specific applications for the following areas:
PC
Access PC
Net Access (internet, intranet, ...) ID:
company pass, personal identification, club ID, ... ATM/Banking
Access relay control Automation
of hotels (e.g., check-in and room access) Company
vending machines (soft drinks, ...) Attendance
and Time Recording
More
about Biometrics
Biometric Authentication
By determining an individual's physical features
in an authentication inquiry and comparing this data with others'
biometric data, identification for a specific user can be determined
and authentication for access can be granted.
Fundamental methods of authentication Biometrics "Who I am"
Biometrics uses nature's oldest system to identify people -- via
unforgettable and unchanging physical characteristics. From time
immemorial, humans have had to perform recognition tasks themselves.
Today, technology is advanced enough to assist us or even relieve
us of recognition tasks.
Secret Knowledge "What I know"
Here authentication takes the form of (secret!) PINs and passwords,
which the user has to keep track of. The authorized has to share
the secret knowledge with the authenticator. Previously, this was
the simplest method of identification for machines. Secret knowledge
is applied also where several persons have to be authenticated in
a simple way.
Personal Possession "What I have"
Examples for authentication are having a key, ID card, or pass (with
or without a chip), which allows entrance, for example, into a private
room. Essential is the existence of covered or overt but unique
features.
Combination Systems
For security reasons, often two or all three of the above systems
are combined, e.g., a bank card with a PIN. Following the definition
above, a password written down on a sheet of paper exclusively belongs
to the group of "personal possession"; it is no secret
knowledge any more!
Difference
between identification and verification In
an identification, the recorded biometric feature is compared to
all biometric data saved in a system. If there is a match, the identification
is successful, and the corresponding user name or user ID may be
processed subsequently.
In
a verification, the user enters her/his identity into the system
(e.g., via a keypad or card), then a biometric feature is scanned.
The biometric trait must only be compared to the one previously
saved reference feature corresponding to the ID. If a match occurs,
verification is successful.
If
a system has only one saved reference trait, identification is similar
to verification, but the user must not first enter his or her identity,
as for example, access to a mobile phone which should only be used
by its owner.
Advantages of verification over identification Verification
is much faster than an identification when the number of saved reference
features/users is very high.
Verification
is more secure than identification, especially when the number of
reference traits/users is very high.
Is biometrics more "secure" than
passwords?
This question at least poses two problems:
biometrics is not equal to passwords, and the term "secure"
is in fact commonly used, but it is not exactly defined. However,
we can try to collect pros and cons in order to find at least an
intuitive answer.
It is a matter of fact that the security of password protected values
in particular depends on the user. If the user has to memorize too
many passwords, he will to use the same passwords for as many applications
as possible. If this is not possible, he will go to construct very
simple passwords. If this will also fail (e.g., if the construction
rules are too complex), the next fall-back stage is to notify the
password on paper. This would transform "secret knowledge"
into "personal possession". Of course, not every user
will react this way. Rather the personal motivation plays an important
role: is he aware of the potential loss caused by careless handling
of the password? It is easy if the user is the owner. But often
foreign possession (e.g., that of the employer) has to be guarded,
whose value one often can hardly estimate. If motivation is missing,
any password primarily tends to be felt bothersome. In this case,
and that seems to be the normal case, it is clear that biometrics
has considerable advantages.
How enrollment and biometric authentication
work
A prerequisite for authentication is enrollment,
in which a biometric feature is saved as a personal reference either
decentrally on a chip card or PC, or centrally in a data base. Since
the the quality of the enrollment essentially determines the performance
of the authentication, it must be implemented carefully. It is obvious
that enrollment must take place in a secure environment.
During an authentication, a new scanning of the biometric feature
is required. This time it is not saved; instead, it is compared
to the reference feature. If the comparison is positive, access
to the appropriate applications can be granted.
Most biometric systems show the following procedure in detail: Taking
a data set (e.g., image or sound) which includes the features to
be extracted using an appropriate sensor
Examination
of the data quality; if it is insufficient, the data are rejected
immediately or appropriate user guidance is given to improve the
quality
Extraction
of the desired features from the data set and generation of a template
For
enrollment: Storage of the template as "reference template"
in the "reference archive"
For
authentication: Comparison of the actual (request) template with
the reference template using a "matcher" and generation
of a score value which determines the degree of coincidence if the
score value exceeds a predetermined threshold, access is granted,
otherwise the request is rejected
Advantages of biometric systems for authentication Advancing automation and the development
of new technological systems, such as the internet and cellular
phones, have led users to more frequent use of technical means rather
than human beings in receiving authentication. Personal identification
has taken the form of secret passwords and PINs. Everyday examples
requiring a password include the ATM, the cellular phone, or internet
access on a personal computer. In order that a password cannot be
guessed, it should be as long as possible, not appear in a dictionary,
and include symbols such as +, -, %, or #. Moreover, for security
purposes, a password should never be written down, never be given
to another person, and should be changed at least every three months.
When one considers that many people today need up to 30 passwords,
most of which are rarely used, and that the expense and annoyance
of a forgotten password is enormous, it is clear that users are
forced to sacrifice security due to memory limitations. While the
password is very machine friendly, it is far from user-friendly.
There is a solution that returns to the ways of nature. In order
to identify an individual, humans differentiate between physical
features such as facial structure or sound of the voice. Biometrics,
as the science of measuring and compiling distinguishing physical
features, now recognizes many further features as ideal for the
definite identification of even an identical twin. Examples include
a fingerprint, the iris, and vein structure. In order to perform
recognition tasks at the level of the human brain (assuming that
the brain would only use one single biometric trait), 100 million
computations per second are required. Only recently have standard
PCs reached this speed, and at the same time, the sensors required
to measure traits are becoming cheaper and cheaper. Therefore, the
time has come to replace the password with a more user friendly
solution -- biometric authentication.
Components
of a biometric authentication system A basic biometric system is made up of: a
sensor to record the biometric trait
a
computer unit to process and eventually save the biometric trait
an
application, for which the user's authentication is necessary
In
detail, the processing unit comprises a
"feature extraction unit" which filters the uniqueness
data out of the raw data coming from the sensor and combines them
into the request template,
a
"matcher" which compares the request template with the
reference template and delivers a "score" value as result
and
a
"decision unit" which takes the score value (or values)
as well as the threshold to derive a two-valued decision (authorized
or non-authorized).
PC
Access 