Skip main navigation

New offer! Get 30% off one whole year of Unlimited learning. Subscribe for just £249.99 £174.99. New subscribers only T&Cs apply

Find out more

Biometric Considerations

In this video, you will learn about biometric considerations and factors that can influence its effectiveness.
When we’re considering biometrics, we need to consider the false acceptance rates. How unique the template is informs both the false acceptance rate and the false rejection rate. This also goes to the quality of the implementation. So sometimes with smartphones, what we see is, where we have inappropriate rejections, you can fall back to a password. So biometrics are more analog than something like a password. With a password, it is either correct or incorrect. There’s nothing in between. With biometrics, we are looking at a degree of accuracy.
What’s the threshold that we set for the number of points that we’re measuring as part of our template and the number of points matching that we require before we process the authentication as being successful. So if we take 15 points when generating a fingerprint template, how many of those do we need to match the template before we say that the authentication template is a successful match with the register template. We also see concerns here with privacy and tracking. Where you submit your biometric details to an enterprise or to a government. We see people worrying about whether or not this can be misused or reused for other purposes. And we’ve also started to see outline biometric data sharing.
Biometric data templates, typically, for things like smartphones, are stored locally, and they are destroyed when your phone is wiped or you remove your details from that phone. It is, however, possible to consider biometric data sharing. And there are examples now of biometric federation with passport data. So many countries, including the United States, are planning to share biometric data with other nations relating specifically to passport data. So this was reported in an unclassified report of the United States Defence Science Board on Defence biometrics. And they thought it was wise to protect and sometimes even to disguise the true and total extent of national capabilities relating to biometric data.
Among low to middle income countries, around 1.2 billion people have already received identification through a biometric identification process. So this isn’t something that is a potential future use. This isn’t just restricted to a small number of countries. Just among low to middle income countries, we have one seventh of the world’s population using biometric already. We have, as I mentioned, India’s national ID card, which is the largest biometric database now in the world. And this holds a biometric-based digital identity for a person’s entire life. Verifiable online. And very, very widely adopted across the country. This holds the name, the age, the gender, the address, parents’ and spouse’s name.
So a lot of this identity information linked to a biometric credential can be very, very strong in terms of ensuring accuracy, in terms of preventing fraud. So just some considerations than when we’re selecting an appropriate biometric authentication type.
The biometric choice should be universal. Everybody participating within the scheme should possess this biological trait. So we want something that is as inclusive as possible to make sure that everybody can use it. So anybody potentially using our system has to possess whatever trait we’re looking to measure. We want a high degree of uniqueness. The trait should be different for the individuals participating within the process to allow for the individuals to be distinguished from one another. We have measurability. We need the trait to be easily measurable in order to be able to process an authentication request. If we can’t measure it, very difficult to use that as part of a process.
We want a good level of performance to allow for the registration and the authentication processes. We want the capability to allow for a good implementation. Acceptability. We mentioned acceptability when we looked at the comparison table of biometric types. We want something that the potential users of the system are going to find to be acceptable. And again, the type of environment may influence what is and is not acceptable. If you work for a military organization, you may expect and be willing to accept, something like iris scanning or retinal scanning. They have a higher degree of uniqueness, a higher degree of accuracy.
If we are a citizen performing a normal day to day transaction with an online retailer, that is probably not going to be acceptable for us as a customer. So what we choose, a good strategic fit should be aligned with our requirements and should support the operation of the business. We also want an inability for people to circumvent the process. We want people not to be able to work around the process. There may be given situations where the biometric trait can no longer be measured for some reason. This happens. If you take a bath, you’ll notice your fingerprint becomes wrinkled, and you may not be able to log on using your fingerprint. How do we manage that exception process?
Is it OK to default back to a single factor authentication? Possibly. Again, depends on your environment. But we need to understand what our approach is going to be if the biometric process fails. If a user is outside the organization, can they work around that requirement in a different way? Can they use different factors of authentication? Can they drop back to something you have and something you know instead of something you are? And again, these are choices we have to make up front when we’re considering the authentication process.
So this represents the end of the first part of section 3. We’ll continue with the second part of section 3 in the next chapter of the course. Thanks for your time.

In this video, you will learn about biometric considerations and factors that can influence its effectiveness. The following biometric considerations will be covered:

  • universality
  • uniqueness
  • measurability
  • performance
  • acceptability
  • circumvention
This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Reach your personal and professional goals

Unlock access to hundreds of expert online courses and degrees from top universities and educators to gain accredited qualifications and professional CV-building certificates.

Join over 18 million learners to launch, switch or build upon your career, all at your own pace, across a wide range of topic areas.

Start Learning now