Handbook of Information Security Management:Access Control

Previous Table of Contents Next


System Currently Available

Identix’ TouchSafe™ provides verification of enrolled persons who log on or off the computer. It comes with an IBM-compatible plug-in electronics card and a 5.4” × 2.5” × 3.6” fingerprint reader unit with cable. This unit can be expected to be even more accurate than the normal fingerprint access control systems previously described because of a more controlled operating environment and limited user list. However, it does not provide for a continuing or transparent identification. Every time that identification is required, the operator must stop activity and place a finger on the reader.

Systems Being Developed

Only a camera-based system can provide the necessary continuing and transparent identification. With a small video camera mounted on a top corner of the computer monitor, the system could be programmed to check operator identity every 30 or 60 seconds. Because the operator can be expected to look at the screen frequently, a face or iris identification system would be effective without ever interrupting the operator’s work. Such a system could be set to have a 15-second observation window to acquire an acceptable image and identify the operator. If the operator did not look toward the screen or was not present during the 15-second window, the screen would be cleared with a screen saver. The system would remain in the observation mode so that when the operator returned to the keyboard or looked at the screen and was identified, the screen would be restored. If the operator at the keyboard was not authorized or was unidentified, the program and files would be saved and closed.

The first development system that seems to have potential for providing these capabilities is a face recognition system from Miros Inc. Miros is working on a line of products called TrueFace. At this time, no independent test data are available concerning the performance and accuracy of Miros’ developing systems. Face recognition research has been under way for many years, but no successful systems have yet reached the marketplace. Further, the biometric identification industry has a history of promising developments that have failed to deliver acceptable results in field use. Conclusions regarding Miros’ developments must wait for performance and accuracy tests by a recognized independent organization.

IriScan Inc. is in the initial stages of developing an iris recognition system capable of providing the desired computer or information access control capabilities. IriScan’s demonstrated accuracy gives this development the potential to be the most accurate information user identification system.

SUMMARY

The era of fast, accurate, cost-effective biometric identification systems has arrived. Societal activities increasingly threaten individual’s and organization’s assets, information, and, sometimes, even their existence. Instant, positive personal identification is a critically important step in controlling access to and protecting society’s resources. Effective tools are now available.

There are more than a dozen companies manufacturing and selling significant numbers of biometric identification systems today. Even more organizations are conducting biometric research and development and hoping to break into the market or already selling small numbers of units. Not all biometric systems and technologies are equally effective in general, nor specifically in meeting all application requirements. Security managers are advised to be cautious and thorough in researching candidate biometric systems before making a selection. Independent test results and the reports of current users with similar applications are recommended. On-site tests are desirable. Those who are diligent and meticulous in their selection and installation of a biometric identification system will realize major increases in asset protection levels.


Previous Table of Contents Next



The CISSP Open Study Guide Web Site

We are proud to bring to all of our members a legal copy of this outstanding book. Of course this version is getting a bit old and may not contain all of the info that the latest version are covering, however it is one of the best tool you have to review the basics of security. Investing in the latest version would help you out in your studies and also show your appreciation to Auerbach for letting me use their book on the site.