Future Research Directions

Although companies are using biometrics for authentication in a variety of situations, biometric technologies are evolving and emerging towards a large scale of use. Standards are coming out to provide a common software interface to allow sharing of biometric templates and to permit effective comparison and evaluation of different biometric technologies. One of them is the Common Biometric Exchange File Format, which defines a common means of exchanging and storing templates collected from a variety of biometric devices.

Biometric assurance - confidence that a biometric can achieve the intended level of security - is another active research area. Another interesting thing to be examined is combining biometrics with smart cards and public-key infrastructure (PKI). A major problem with biometrics is how and where to store the user's template. Because the template represents the user's personal characters, its storage introduces privacy concerns. Also storing the template in a centralized database paves for attack and compromise. On the other hand, storing the template on a smart card enhances individual privacy and increased protection from attack, because individual users control their own templates. Vendors enhance security by placing more biometric functions directly on the smart card. Some vendors like Biometric Associates, have built a fingerprint sensor directly into the smart card reader, which in turn passes the biometric to the smart card for verification.

PKI uses public- and private-key cryptography for user identification and authentication. It has some advantages over biometrics as it is mathematically more secure and it can be used across the Internet. The main drawback of PKI is the management of the user's private key. To be secure, the private key must be protected from compromise and to be useful, the private key must be portable. The solution is to store the private key on a smart card and protect it with biometric. There are proposals for integrating biometrics, smart cards and PKI technology for designing Smart Access common government ID cards.

Notes:

PIN (Personal Identification Number) – личный опознава­тельный номер, аналог пароля.

EyeTicket – программное обеспечение для распознавания пассажира по радужной оболочке глаза.

Smart card – пластиковая карта со встроенной микросхе­мой, контролирующей устройство и доступ к объектам па­мяти.

Common Biometric Exchange File Format – единый формат представления биометрических данных.

Point-of-Sales system – программно-аппаратный комплекс, функционирующий на базе фискального регистратора. За системой закреплен типичный набор кассовых функций.

PKI (Public Key Infrustructure) – инфраструктура открытых ключей. Набор средств, распределенных служб и компо­нентов, используемых для поддержки криптозадач на ос­нове открытого и закрытого ключей.

ID (Identifier) – идентификатор, уникальный признак объ­екта, позволяющий отличать его от других объектов.