Biometric technologies measure and analyze human biological and behavioral characteristics. When used for identification and authentication, they compare a live biometric reading with the stored biometric templates of enrolled users to come up with a match. Some of the more common biometric technologies in use today are fingerprint recognition, facial recognition, hand geometry, iris recognition and speaker recognition. A number of other biometrics are just beginning to find their niche in identity assurance applications, and still others remain in the developmental stage. This article will examine a few technologies from both categories.
Dynamic Signature Analysis
Signature recognition authentication, or dynamic signature analysis, authenticates identity by measuring and analyzing handwritten signatures. It does not rely on the physical appearance of the signature, but instead on the manner in which the signature is written. During enrollment, users sign their name multiple times on a pressure-sensitive writing tablet or PDA. This technology measures changes in pressure, position, and velocity of the pen during signing, as well as the overall size of the signature and the quantity and various directions of the strokes in the signature.
While it may be easy to duplicate the visual appearance of a signature, it is very difficult to duplicate the behavioral characteristics of the signer.
Robustness. Dynamic signature analysis devices have proved to be reasonably accurate and lend themselves to applications in which the signature is an accepted identifier. Some systems have difficulties with left-handed people and individuals whose signature changes substantially each time they write it.
Applications. Despite its user friendliness, long history, and lack of invasiveness, signature verification has not become a market leader. The biggest market application for this technology will most likely be in document verification and authorization.
Keystroke dynamics monitors keyboard inputs at thousands of times per second to identify a user by his or her habitual typing rhythm patterns. It examines dynamics such as speed, pressure, the time it takes a user to type particular words, “dwell time”—the amount of time a person holds down a particular key—and “flight time,” the amount of time the user pauses between keys.
Keystroke verification techniques can be classified as either static or continuous. Static verification approaches analyze keystroke verification characteristics only at specific times—usually only when the user types the username and password—while continuous verification monitors the user’s typing behavior throughout the interaction.
Keystroke dynamics is probably one of the easiest biometric technologies to implement and administer, because it is completely software-based; there is no need to install any new hardware. All that is needed is the existing computer and keyboard.
Limitations. Keystroke dynamics-based systems do not replace the username and password. Therefore, they do not eliminate the need to remember multiple passwords, decrease the administrative costs of resetting passwords, nor enhance convenience for the users. Rather, they enhance the security of existing username/password-based systems.
Keystroke dynamics-based systems are only used in one-to-one verification applications and cannot be used in one-to-many applications due to the limitations in the matching accuracy. Additionally, at the time of this writing, keystroke dynamics has not been fully tested in wide-scale deployments.
Applications. One potentially useful application is computer access, where this biometric could be used to continuously verify the computer user’s identity. An ideal scenario: monitoring the keyboard interaction of users while they’re accessing highly restricted documents or executing tasks in environments where they must be alert at all times (for example, air traffic control).