BIOMETRICS:

Is your body really

your password?
Financial Services
Industry Summit,
London, 20. – 23. 02. 2002,
Dr.-Ing. Artur P. Schmidt,
Communication Director,
aseantic ag, Biel

February 25, 2002 HP Consulting ISE Page 1

 The challenge

As the spectre of Y2K fades the

challenge of maintaining security in
increasingly widely distributed
environments has become
important.

The increasing mobility of the

workforce means you can't be sure
who's really at the other end of the
network link.

It's clear that simple user ID and

password logons are no longer
sufficient.

February 25, 2002 HP Consulting ISE Page 2

 History

The modern science of using the

body to verify a person's identity
dates back to 1882, when
Frenchman Alphonse Bertillion
proposed a forensic system of
identifying people based on the size
of their bodies, heads and limbs.

An alternative method which

succeded was fingerprint analysis
(dactyloscopy) that was described
in the late 1800s by English
scientist Sir Francis Galton and
adopted by Scotland Yard in 1901
after being formally developed by
Sir Edward Henry.

February 25, 2002 HP Consulting ISE Page 3

 Trends

In the past, e-security was handled

with handheld hardware tokens that
provide a one-off, time-limited
code to the login procedure.

However, these tokens are also

one more thing users can lose.

Could the next major standard for

user authentication in corporate IT
environments be biometrics.

February 25, 2002 HP Consulting ISE Page 4

 9/11

The day that changed the world

changed to future of the biometrics
market.

Now investments in biometrics are

seen as key investments to prevent
terrorism.

February 25, 2002 HP Consulting ISE Page 5

 Biometrics stocks skyrocketed

Every crisis brings chances to

markets that have not been
predicted before.

Stocks of security related solutions

were the winners of the tragic
events.

February 25, 2002 HP Consulting ISE Page 6

 Breakthrough ante portas?

Nearly a century later, dactylos-

copy's enduring power as
an investigative technique has
made it a favourite of biometric
vendors seeking to use the unique
characteristics of every fingerprint
as a method for authenticating
users.

As biometric-enabled equipment
closes the price gap with its
conventional security technology,
biometrics is getting more
interesting for every PC-acquiring
corporation.

February 25, 2002 HP Consulting ISE Page 7

 Different opinions:

US-based research firm

International Biometric Group
predicts that the worldwide
biometric market will grow from
$US58.4 million in 1999 to $US594
million by 2003.

Analyst firm Forrester Research

recently reported a glum future for
biometrics in a survey of 50 Global
2500 companies. Less than 5 % of
the companies are expected to use
biometrics to authenticate users
and business partners within two
years.

February 25, 2002 HP Consulting ISE Page 8

 Eye Scanning Technology:

Eye scanning technology is highly

accurate and easy to use, which
has won it particular favour as a
method of authenticating
customers in high-volume
transactional environments such as
ATMs, airline ticketing, mass transit
admission, and as a replacement
for tickets to sporting events.

Users just position their eye a few

centimetres in front of the device
and a pulse of light does all the
measuring instantly. However,
these scanners still cost several
thousand dollars each, making
them impractical for use in large
numbers.
February 25, 2002 HP Consulting ISE Page 9
 Face Recognition:

Identity is also based on

characteristics of the face.

Face Recognition technology is

appealing because it is mainly
software-driven and, therefore,
relatively cheap and can operate
on any sort of live digital image.

It's even being used by UK police to

scan live surveillance feeds for
wanted persons passing any of the
144 video cameras located around
Newham, East London.

February 25, 2002 HP Consulting ISE Page 10

 Voiceprint Recognition:

Another option for biometric

authentication is voiceprint
recognition, where the user says a
particular phrase, which is recorded
and compared to an archived
pattern.

The fact that voice recognition can

be easily implemented in software
has kept its price low.

Since the microphone it requires is

a standard feature of every new
PC, setting up and running
voiceprint matching can be a good
way of introducing biometric
concepts into an enterprise
environment.
February 25, 2002 HP Consulting ISE Page 11
 Is Big Brother watching you?

The issue in the past has been one

where people think that they lose
their privacy if they put their finger
on something.

But it can also enhance privacy.

Considering fingerprints people are
walking around with their PIN on
their finger. All the software does is
use an unique fingerprint, iris shape
or voice to create a number. The
fingerprint is not recorded or stored.

The fingerprint template can be

stored on a smartcard rather than a
corporate database. So may be Big
Brother has to wait.
February 25, 2002 HP Consulting ISE Page 12
 Blade Runner (1982)

How to detect the clone?

In the year 2019, ex-detective Rick
Deckard is called out of retirement
to track down and eliminate a team
of humanoid androids that have
escaped from an outer space
mining colony and have taken
refuge here on Earth.

How can be decide in the future

who is real and who is the clone?

February 25, 2002 HP Consulting ISE Page 13

 Never Say Never again (1983)

How to avoid transplantation?

Getting into a military plant is only
allowed by eye scan. To overcome
this burden an eye transplantation
can help.

Reality or fiction:
Olympic Winter Games 1998 in
Nagano: Biathlets can only enter
the weapon room if their eye
corresponds with a pattern saved
before

February 25, 2002 HP Consulting ISE Page 14

 Terminator 2 (1991)

Hasta la vista Baby!

Sarah Connor is the mother of the
future leader of human resistance
against machines. The movie
shows the battle between Arnold
and the android killer T-1000 to
decide the fate of John Conner.

Can mankind really survive in a

computer age?

February 25, 2002 HP Consulting ISE Page 15

 Sneakers (1992)

A computer hacker heads a team of

renegade hackers including a
former CIA employee who are
routinely hired to test security
systems. They are hired to retrieve
a "black box" that will break into
any security system.

The spread of a virus is depending

on the level where the destruction
happens.

February 25, 2002 HP Consulting ISE Page 16

 Johnny Mnemonic (1995)

In the 21st century, information is

the ultimate commodity. In a world
where cyberspace is a workaday
reality and outlaw hackers thrive,
the most valuable information must
sometimes be transported by
mnemonic couriers -- professionals
like Johnny who offer the ultimate in
security and confidentiality.

How can we avoid data overloads

in our brain?

February 25, 2002 HP Consulting ISE Page 17

 The Net (1995)

Freelance computer analyst Angela

Bennett is in danger to be killed.
Her keys, passport, and all
identification papers are lost. She
soon learns that using the Internet,
someone has altered every record
of her life and given her a new
name, identity, and a falsified police
record. Angela fights the seemingly
unbeatable forces determined to
silence her.

How to change the identity of a

person?

February 25, 2002 HP Consulting ISE Page 18

 Hackers (1995)

Two New Yorkers spend their days

cracking computer codes but with
completely opposite intentions. One
donates services to the FBI while
working with computers on Wall
Street; the other prefers criminal
ventures.

„The international association of

hackers was the first community
without membership fees“

Anonymous

February 25, 2002 HP Consulting ISE Page 19

 First Contact (1996)

The Borg, an insidious race of half-

machine, half-organic aliens, have
entered Federation Space and are
on a direct course for Earth. After
the attack on Earth fails, the Borg
institute a plan to go back in time to
Earth at its most vulnerable time in
history, the dark age after the Third
World War. The borgs want to
prevent the first contact with
humans.

„The social practices of one

generation tend to get codified into
the game of the next“

Marshall McLuhan
February 25, 2002 HP Consulting ISE Page 20
 The Matrix (1999)

Neo is a young software engineer

and part-time hacker who is singled
out by some mysterious figures
who want to introduce them into the
secret of 'the matrix'. The cops also
seem to be after him, and he takes
a chance on discovering what he
has always suspected: that the
world is not quite what it seems to
be and a sinister conspiracy is at
work.

Where is the exit?

February 25, 2002 HP Consulting ISE Page 21

 Hollow Man (2000)

Sebastian Caine is a brilliant yet

arrogant scientist working on a top
secret mission for the U.S.
government -- to unlock the secret
to human invisibility. After creating
a serum that induces invisibility in
laboratory animals, he disobeys
Pentagon orders by trying the
serum on himself. Though it works,
the effects are irreversible. Caine
remains invisible.

Do we need biometrics if we are

invisible?

February 25, 2002 HP Consulting ISE Page 22

 Conclusions A:

Virtually any corporate document or

application, and even dividual web
pages or areas of web sites, can be
secured so that only authorised
personel can access sensitive files.

Biometrics can also be used to

create and maintain an ongoing log
file showing which employees have
accessed a particular company
resource, data file or physical
location.

Integrating biometric scanners into

corporate environments has
become far less difficult than it used
to be.

February 25, 2002 HP Consulting ISE Page 23

 Conclusions B:

As the technology becomes

pervasive, users will quickly
become used to it and will most
likely appreciate its benefits — one
of which is that they no longer need
to remember various passwords.

As the formerly fiction technology is

demystified through everyday
contact, enterprises will find their
users rapidly moving beyond the
actual hesitancy that Forrester
predicted would hinder the
adoption of biometrics.

February 25, 2002 HP Consulting ISE Page 24

 Conclusions C:

As secure, biometric-enabled data

storage and access tracking
become the rule of the day,
companies will be able to expand
coverage of the technology to their
business partners.

This helps to facilitate e-business

because the identity of a
transaction in collaborative extranet
environments is clear.

Today's early adopters will have

earned a leg up on their
competitors by solving security
problems as soon as possible.

February 25, 2002 HP Consulting ISE Page 25

HP Consulting ISE