Biometrics Technology Charlie Ahrens Director, DigitalPersona December 12, 2002.

Slides:



Advertisements
Similar presentations
CS898T Mobile and Wireless Network Handheld Device Security By Yuan Chen July 25 th, 2005.
Advertisements

INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Building a Wide Area Public Safety Network Technologies Used, Lessons Learned EMS Summit October 2, 2003 William E. Ott, MS, Paramedic.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
Data Security for Healthcare Facilities Debbie Abbott Health Information Consultant Resolutions (Int) Pty Ltd.
By Aidan Summerville.  The process inn which a person’s unique physical and other traits are detected and recorded by an electronic device or system.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Company Confidential WiFiSPARK Limited The Benefits of Wireless Networking Matt O’Donovan WiFiSPARK Limited Tel :
McGraw-Hill/Irwin ©2009 The McGraw-Hill Companies, All Rights Reserved CHAPTER 4 ETHICS AND INFORMATION SECURITY Business Driven Information Systems 2e.
Unit 9 Network Fundamentals. Describe a network Explain the benefits of a network Identify risks in computing Describe the roles of clients & servers.
BUSINESS PLUG-IN B6 Information Security.
Copyright © 2015 McGraw-Hill Education. All rights reserved. No reproduction or distribution without the prior written consent of McGraw-Hill Education.
Security+ Guide to Network Security Fundamentals
BIOMETRICS AND NETWORK AUTHENTICATION Security Innovators.
Polytechnic University of Tirana Faculty of Information Technology Computer Engineering Department Identification of on-line users and Digital Signature.
8.1 © 2007 by Prentice Hall 8 Chapter Securing Information Systems.
FIT3105 Security and Identity Management Lecture 1.
Secure communications Week 10 – Lecture 2. To summarise yesterday Security is a system issue Technology and security specialists are part of the system.
Security Week 10 Lecture 1. Why do we need security? Identify and authenticate people wanting to use the system Prevent unauthorised persons from accessing.
Business Data Communications, Fourth Edition Chapter 10: Network Security.
Chapter 9 Information Systems Ethics, Computer Crime, and Security
Security Overview. 2 Objectives Understand network security Understand security threat trends and their ramifications Understand the goals of network.
NETWORK SECURITY.
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
The Internet. What is the internet? a vast network designed to transfer data from one computer to another.
Security Measures Using IS to secure data. Security Equipment, Hardware Biometrics –Authentication based on what you are (Biometrics) –Biometrics, human.
OV Copyright © 2011 Element K Content LLC. All rights reserved. System Security  Computer Security Basics  System Security Tools  Authentication.
Security. If I get 7.5% interest on $5,349.44, how much do I get in a month? (.075/12) = * 5, = $ What happens to the.004? =
Chapter 10: Authentication Guide to Computer Network Security.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module E Network Basics.
The Internetworked E-Business Enterprise
Mike Hager Enterprise Security Advisor Unisys Corporation It’s All About The Data.
CHAPTER 3 Information Privacy and Security. CHAPTER OUTLINE  Ethical Issues in Information Systems  Threats to Information Security  Protecting Information.
Securing Electronic Commerce: Identification & Authentication Douglas Graham UK Channel Technical Manager Security Dynamics Technologies, Inc.
1 Deployment of Computer Security in an Organization CE-408 Sir Syed University of Engineering & Technology 99-CE-282, 257 & 260.
Joseph Ferracin Director IT Security Solutions Managing Security.
BUSINESS B1 Information Security.
Internet Security for Small & Medium Business Week 6
Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin Business Plug-In B6 Information Security.
 INADEQUATE SECURITY POLICIES ›Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA.
1 Figure 2-11: Wireless LAN (WLAN) Security Wireless LAN Family of Standards Basic Operation (Figure 2-12 on next slide)  Main wired network.
Chapter 4 McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved.
Information Systems Security
Security Issues and Strategies Chapter 8 – Computers: Understanding Technology (Third edition)
G53SEC 1 Authentication and Identification Who? What? Where?
Data Security Overview. Data Security Periphery –Firewalls –Web Filtering –Intrusion Detection & Prevention Internal –Virus Protection –Anti Spy-ware.
Lecture 7 Page 1 CS 236, Spring 2008 Challenge/Response Authentication Authentication by what questions you can answer correctly –Again, by what you know.
A Practical Comparison of Modern Authentication Mechanisms.
McGraw-Hill/Irwin ©2008 The McGraw-Hill Companies, All Rights Reserved INFORMATION SECURITY SECTION 4.2.
Identification Authentication. 2 Authentication Allows an entity (a user or a system) to prove its identity to another entity Typically, the entity whose.
Enterprise Data Solutions A Better Network. A Better ROI. Martin Matthews Technical Sales Engineer.
Authentication What you know? What you have? What you are?
Introduction to Computers Lesson 8B. home Ways to Connect to the Internet Direct connection Remote terminal connection Gateway connection LAN Modem High-speed.
Securing Online Banking By Ben White CS 591. Who Federal Financial Institutions Examination Council What To authenticate the identity of retail and commercial.
LEARNING AREA 1 : INFORMATION AND COMMUNICATION TECHNOLOGY PRIVACY AUTHENTICATION VERIFICATION.
1 Lesson 24 Network Fundamentals Computer Literacy BASICS: A Comprehensive Guide to IC 3, 3 rd Edition Morrison / Wells.
 Encryption provides confidentiality  Information is unreadable to anyone without knowledge of the key  Hashing provides integrity  Verify the integrity.
 client  client/server network  communication hardware  extranet  firewall  hacker  Internet  intranet  local area network (LAN)  Network 
Securing Interconnect Networks By: Bryan Roberts.
An Introduction to Biometrics
UNIT V Security Management of Information Technology.
Understand User Authentication LESSON 2.1A Security Fundamentals.
BUSINESS DRIVEN TECHNOLOGY
Introduction to Computers
INFORMATION SECURITY The protection of information from accidental or intentional misuse of a persons inside or outside an organization Comp 212 – Computer.
Unit 9 Network Fundamentals
Security in Networking
The Art of Deception.
Check Point Connectra NGX R60
Presentation transcript:

Biometrics Technology Charlie Ahrens Director, DigitalPersona December 12, 2002

Increasingly Networked World Intranets WAN Extranets Remote access and VPN Last mile broadband (DSL / cable modems) Wireless networking Mobile wireless (PDAs / cell phones) ASPs

Computer and Network Security SSL, VPNs, Digital Certificates, S/MIME, PGP, RAS, Databases, network logon Each has a foundation in the use of cryptographic keys bit private keys, 128 bit symmetric keys, and password hashes Theory shows that it would take longer than the age of the universe to crack any of these keys…so it must be secure?

Shifting Security Threat Previous decade focused on perimeter security Securing entry points into the network and applications that had weak access controls. Firewalls, VPN’s, Cryptography… Proliferation of Access Control (and points of access) Today’s threat model revolves around end users Perimeter security has increased, raising the difficulty of breaking through access controls Other areas of attack are now the highest risk Social engineering attacks are gaining recognition as a path of least resistance for hackers leading to corporate “identity theft”

The Art of Deception… "The biggest threat to the security of a company is not a computer virus, an unpatched hole in a key program or a badly installed firewall… The weakest link in the chain is the people“ - Kevin Mitnick; Oct 2002, BBC Interview

Passwords Security is actually left in the hands of the users. People cannot remember 1024 bit keys, so a password encryption or access mechanism is used. People forget passwords, write them down on post-it notes, tell them to colleagues, choose ones that are easy to remember. Open to social engineering attacks Expensive to administer, inconvenient for users, and a big security hole.

User Authentication The ‘Achilles Heel’ of Network Security Server Security Intrusion Detection Strict Access Controls Digital Certificates Server Security Intrusion Detection Strict Access Controls Digital Certificates Network Security Firewalls, DES, SSL encryption Network Security Firewalls, DES, SSL encryption PC Security Secure OS’s TCPA PC Security Secure OS’s TCPA User Authentication Passwords User Authentication Passwords

Corporate Identity Theft Passwords- the Achilles heal of security 71% of computer fraud is due to unauthorized insider activity; 2000 CSI/FBI Computer Crime Survey 4 out 5 workers will disclose their passwords to someone in the company, when asked. PentaSafe Security Technologies; Cnet News, 2002 Largest database of Corporate Passwords = Adult content sites Password issues cost between $ per user per year Morgan Keegan, 2001; Gartner Group/Forrester Research. Current employees pose 2x greater threat to company technology infrastructure than external, non-employees. CSO Magazine Survey, 2002; CXO Media Inc. Password polices are ineffective and expensive Password security policies rely on end-user cooperation Strict policies motivate users to compromise security Those who comply will generate higher support costs… Catch 22; stricter policies can actually lower security

Digital Certificates Require Secure User Authentication Digital Certificates are electronic tokens / keys used in many high security environments … Digital Certificate USER AUTHENTICATION They can be stored on a PC, a smart card, or a server. Use of the key requires secure user authentication!

Biometrics as the Primary Credential A fingerprint match becomes the key building block for user authentication More secure Easier to use Less costly to support Add additional credentials as necessary Multi-factor authentication for higher security Passwords, tokens, other biometrics…

Biometrics Security & Convenience Biometric technology options: Voice Face Iris Hand Fingerprint Telephone ID Surveillance High speed identification Difficult environments Low cost, embeddable

Fingerprint recognition Has been studied for 100+ years Tens of millions invested in R&D and processes. Constrained environment We have 10 fingers Easily cost and size reduced High user acceptance

Fingerprint Technology Rapidly Securing IT Environments $99-$149 (today) PRICE MARKET $12M / yr (‘98) $600M/yr (‘03) $6,000 (‘94) Market Forecast Source: International Biometric Group

Case Studies City of Glendale Glendale, California Centre Hospitalier Laurentien Montreal, Canada

Demonstration

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.