Читать книгу The Official (ISC)2 SSCP CBK Reference - Mike Wills - Страница 142
Type III: Something You Are
ОглавлениеHuman memory has limitations as a reliable, unique, and secure authentication factor. Physical characteristics of a human being, however, remain reasonably constant over time and are not prone to being lost, stolen, or counterfeited in quite the same way that Type I or Type II authentication factors can be. Biometric identification systems make real-time measurements of a select set of physical characteristics of a person, which an authentication process can then compare with measurement data taken during the provisioning process.
Using personal recognition as part of an identity verification process is nothing new. Human beings have identified each other by face and by voice for millennia. Footprints have helped to implicate or rule out criminal suspects for centuries. Fingerprints have been acceptable as evidence in a court of law since 1910, and the use of human DNA in criminal proceedings became accepted in 1988. In all cases, it was the development of automated measurement, characterization, storage, comparison, and retrieval systems to make any of these or other biometric identification means become practical and affordable.
Biometric methods offer a wide range of choices for the security architect, each with different degrees of reliability, practicality, and cost considerations. End-user acceptance and ease-of-use factors may also need to be taken into account, as well as any legal or cultural constraints (real or perceived) pertaining to a particular biometric method. These methods can be either static methods, which characterize the subject at a particular moment in time, or behavioral methods, which measure the subject as they perform a sequence of actions.
Static biometric methods include the following:
Body Weight Measuring a subject's body weight provides a simple, noninvasive, and oftentimes affordable second authentication factor. Although an individual's body weight does vary seasonally, with age, and with health and fitness conditions, day by day these variations are slight. Simple body weight biometric systems compare one moment's weight measurement with the value established during identity provisioning; more advanced systems trend measurements across recent history and flag anomalous changes as potentially worthy of investigation prior to granting access. Weight measurement is often used in high-security environments, in conjunction with mantrap, turnstile, or other single-person entry and exit control techniques (for example, when a second person tries to “tailgate” through a mantrap with the subject). Weight measurement devices can easily be built into the floors or floor coverings in entry vestibules or corridors, where they can be an unobtrusive, often-unnoticed component of physical area access control processes.
Fingerprint More than 100 years of experience supports our use of fingerprints as reliable and repeatable forms of identification. Fingerprint recognition technologies now are built into many consumer-grade smartphones, phablets, laptops, and other devices. Fingerprint scanning and verification is routinely done as part of immigration (and emigration) checks at airports and other border control points. The complexities of the science of fingerprint measurement, characterization, and matching have been commoditized at this point, although individual scanning units can need frequent cleaning or wipe-down between users.
Palm Print Palm prints are at least as old as fingerprints as an authentication method and may actually be older. The larger surface area makes possible more detailed differentiation, and palm prints do have some technical advantages over fingerprints. Still, palm prints have never been as popular for everyday authentication. Today, two relatively new technologies have brought the palm back into the mainstream as an authentication element. Palm vein recognition is a biometric method that uses near-infrared illumination to see (and record for comparison) subcutaneous vascular patterns, which are the pattern of blood vessels beneath the skin that is unique to each individual. Palm scans are fast, passive, and painless. Perhaps because palm vein recognition may seem more invasive, some people placing their hand onto a scanner would prefer the alternate older approaches of palm topography and hand geometry.In these methods, features of the hand such as finger and palm length and width (and perhaps the ridges of the palm) are scanned, recorded, and compared. In the one-hand geometry method, you would be asked to place your palm on a flat metal plate. The plate has small round metal stanchions sticking up out of it; they are there to guide your placement so that the stanchions are nestled up against the places where the webbing of your fingers come together. With your palm properly placed, the device can register an image of your hand and develop a set of measurements sufficient to authenticate you in the future.
Iris or Retina Scan Biometric measurements of the eye proceed similarly. The iris is the colorful part of the eye that surrounds the pupil, which is the dark circle in the middle. Gradations of color and patterns of light and dark are distinctive for any individual. These colors and these patterns persist throughout a lifetime, with little change due to age or illness, making the iris one of the most reliable forms of biometric measurement.Biometric scans using the retina are even more individualistic than those of the iris. The retina, a thin segment of light-sensitive tissue at the back of the eye, contains both arteries and veins. The structure of the inner retinal vasculature is unique to each human eye, differing even for identical twins. It can be recorded for biometric use by means of infrared light. To acquire a good picture of the back of the eye, it is necessary for the individual being measured to place their eye directly up against a viewpiece similar to that of a microscope; some people find this experience physically or psychologically uncomfortable. Another drawback of retinal scans is that the appearance of the retina can be affected by diseases of the eye such as glaucoma and cataracts or even the progression of diseases such as diabetes.
Facial Recognition Facial recognition uses measurements of the external geometry of the face, such as the positions, sizes, and relative orientations of the eye sockets, nose, mouth, chin, and ears, as its basis for comparison, typically using visible light measurements. It can also use infrared measurements to identify and map the subcutaneous (below the skin) blood vessels and structures. All of this data about the subject is first collected during identity provisioning and then measured again as part of authentication. Minor changes in facial hair, skin tone or tan, health, and even the changes due to aging can be accommodated by the measurement and comparison technologies now widely in use.