Users may be concerned that the use of biometric authentication will increase the danger that they will find themselves targeted by ruthless criminals who are intent on gaining entry to the assets protected by the biometric. With non-biometric authentication, cards, keys, and passwords could be stolen and used by criminals without the presence of ...

If details of countermeasures employed in biometric systems are publicised, it may help attackers to avoid or defeat them. Similarly, if attackers know what countermeasures are not employed, this will help them identify potential weaknesses in the system, and direct attacks towards those weak areas. The counter-argument is that public exposure of countermeasures and ...

Many encryption algorithms are publicly available to allow cryptographers to analyse and verify the strength of the encryption. Biometric algorithms are not readily available for review and are thus an unknown factor. Biometric algorithms do not generally fulfil the same purpose as cryptographic algorithms. Rather, they represent the encoding rules for the biometric feature ...

This is a sometimes heard expression of concern about the potential misuse of biometric data stored on central databases. It refers to the threat to privacy that such centralised collections of personal data could pose if compromised. Biometric data are regarded as personal data and hence subject to the controls appropriate to personal data. ...

Biometric systems may be initially adequately secure, but become less so with passing time. This could be because critical security parameters such as threshold settings become maladjusted, or sloppy enrolment procedures lead to poor enrolment quality. Some biometric systems are self-adaptive which means that the templates are updated each time a user accesses the ...

This is related to the covert use of biometrics (see “Can my biometric be collected covertly?” previously), and to functional creep in applications. It is important to realise that authentication does not necessarily imply consent, and it is consent which is the issue of concern here. Any application could be affected though the ...

Valuable assets are traditionally protected by secrecy, typically secret passwords. Biometric features are often readily observed and do not possess equivalent secrecy. They may also be captured with varying degrees of difficulty. This is a variation on the spoofing concern. It is certainly true that the source biometric features are not secret, but the ...

IDscan launches world’s first biometric cloakroom and lost property management system Cloakscan is the world’s first biometric cloakroom ticket system. It’s been created by the makers of pioneering ID scanning device Clubscan. Cloakscan quickly registers a fingerprint as customers leave their personal belongings. Simultaneously, it records a video still of the transaction. ...

It is true that the basic biometric features cannot be changed, though in some cases, alternatives may be available (e.g. different fingers). However the simplicity of the headline argument conceals some more complex and subtle issues. We need to understand what can be compromised, examine a number of scenarios where compromise might occur and ...

Template integrity and confidentiality are distinctly different issues related to template data though similar solutions may be employed to deal with both problems. Template integrity is concerned with threats to the authentication process caused by planted or modified templates, whereas template confidentiality relates to the legal and privacy issues around the template data and ...

Latency or residual images are a possible security concern that could occur in 2 forms: § Physical residual biometric image, and § Latency in internal memory. This could occur through a combination of failure to clear memory, and failure to detect and correctly action a “failure to acquire” (resulting in previous biometric image or ...

Technically, the biometric system must be able to detect and reject the use of a copy of a biometric instead of the live biometric. This functionality is usually termed liveness detection, which refers to the ability of the system to distinguish between a sample feature provided by a live human being and a ...