March 13, 2001, 11:16 AM — In the race to improve security infrastructures faster than hackers can invent methods to penetrate firewalls, it is important to ascertain a user's identity before permitting access to protected data. Given the pervasive use of passwords and personal identification number codes for user authentication across all aspects of our daily life, attackers have developed powerful password-cracking tools.
New technologies that aim to directly strengthen user authentication include the use of tokens and smart cards combined with digital certificates. The most compelling and intriguing authentication technologies involve biometrics matching -- the measurement of physical and behavioral characteristics such as facial structures, voice patterns and fingerprints.
In the past few years, biometrics technology has rapidly pushed through barriers that have slowed its adoption in mainstream environments. Performance, accuracy and reliability have increased among all types of biometrics methods, and prices for capture devices have plunged, making biometrics an attractive addition to security systems. The remaining challenge for biometrics is to address the requirements for large-scale deployments in complex governmental, institutional and commercial systems.
To gain widespread acceptance in businesses, multiple individual biometrics methods must coexist in a single system solution, and the underlying architecture must better support conditions of interoperability, scalability and adaptability that govern total cost of ownership calculations. A multitiered authentication system built around these notions is one solution.
At the center of the authentication system, a server orchestrates interaction among clients devices, an authentication validation policy system, multiple authentication matching engines and databases housing user information. Applications and transaction systems request a centralized authentication server to confirm or deny a user's identity. The server receives incoming requests for authentication and directs actions to gather appropriate user credentials and evaluate them against a set of validation criteria.
The policy system might maintain extensive rules to meet security requirements that may differ depending on the user, application or transaction task.
The authentication security policy may require many biometrics for validation. Thus, the validation system must be able to layer biometrics approaches, balance matching scores from each matching process and interpret these results in light of preset policies. This process is computationally expensive. It's critical that companies scale with system demand. Because each biometrics method requires a different matching process engine, the authentication system should distribute the matching task to the correct algorithm and thread the processes across a farm of processors.