An assessment of the usability of biometric signature systems using the human-biometric sensor interaction model’

Signature biometrics is a widely used form of user authentication. As a behavioural biometric, samples have inherent inconsistencies which must be accounted for within an automated system. Performance deterioration of a tuned biometric software system may be caused by an interaction error with a biometric capture device, however, using conventional error metrics, system and user interaction errors are combined, thereby masking the contribution by each element. In this paper we explore the application of the Human-Biometric Sensor Interaction (HBSI) model to signature as an exemplar of a behavioural biometric. Using observational data collected from a range of subjects, our study shows that usability issues can be identified specific to individual capture device technologies. While most interactions are successful, a range of common interaction errors need to be mitigated by design to reduce overall error rates

Large-scale Biometrics Deployment in Europe: Identifying Challenges and Threats

With large-scale biometrics deployment in the EU still in its infancy and with stakeholders racing to position themselves in view of the lucrative market that is forecasted, a study to identify challenges and threats that need to be dealt with was launched. This is the result: a report on Biometrics large-scale Deployment in Europe. The report tackles three main issues namely, the status, security / privacy and testing / certification processes. A survey was launched so as to help reveal the actual status of Biometrics large-scale Deployment initiatives in EU. The main outcome of the survey was that an open dissemination of implementation results policy is needed mainly on deployment plans, strategies, barriers and best practices. The security/ privacy challenges study identified a number of issues, the most important of which were related to proportionality and compliance to the existing regulatory framework while at the same time it revealed an important number of related actions aiming at ensuring both data security and privacy. The aim of the Bio Testing Europe study was double: to identify and collect comparable and certified results under different technologies, vendors and environments situations and to feed in this information to animate discussion among the members of a European network which would enhance the European testing and certification capacity. The study presents an integrated picture of the identified issues as well as a number of recommendations. With some of the systems that are being implemented involving millions of individuals as target users it is important for policy makers to adopt some of the options presented so as to address the identified through the study challengesJRC.J.4-Information Societ

Biometrics : An exploration and analysis of user acceptance issues

The security industry has undergone dramatic growth over the last twenty years due to a burgeoning of demand for security products and services. The protection of people, assets and information has been prominent among the concerns of business, industry and the broader community. Crimes against domestic, commercial, and industrial premises, small and large, are a commonplace occurrence and security has therefore become an essential component of any facility\u27s continual operation. The security industry has been quick to respond to these concerns through the rapid development of a wide range of products and services. Growth in security as an academic discipline has paralleled these recent concerns. However. the discipline of security lacks format tools that can be used by security managers, consultants and employees when attempting to create effective security. This is because of security\u27s relative age as a discipline - theories and tools are still being developed. Biometrics is the science of using a measurable physical characteristic or behavioural trait to recognise the identity, or verify the claimed identity, of a person through automated means. When used in conjunction with an access control system, a very high level of security can be achieved. Biometric access control technologies emerged in the late 1950s. The use of biometrics has been repeatedly forecast to dramatically increase, however these predictions have not been realised. The reason for the low growth in biometric technology use has been attributed, in part, to user acceptance problems. The aim of this study was to contribute to the security discipline by exploring and analysing the concept of user acceptance for biometric access control technologies. The study set out to define user acceptance, identify and discuss user acceptance issues, and develop frameworks for the identification and treatment of user acceptance issues. Researching the area of user acceptance, and then testing people\u27s attitudes towards user acceptance issues achieved this. The results of the testing process demonstrated an acknowledgement by the eighty respondents to the Likert test that user acceptance is indeed an issue for biometric technologies. The respondents identified hygiene, ease of use and user reticence as low magnitude user acceptance issues. The intrusiveness of the data collection method, enrolment time, system failure, speed and throughput rate, system control, and biometrics versus other technologies were all identified as issues of high magnitude. This study developed a range of outcomes that can be used for the definition, identification and treatment of user acceptance problems. A definition of user acceptance issues for biometric technologies was developed. A total of nine user acceptance dimensions were identified and described in detail. A framework for the identification of user acceptance issues for any biometric application was created. A framework for the treatment of user acceptance issues was also developed. This study sought to compile a comprehensive picture of user acceptance issues for biometric access control technologies. The growth of biometric technologies will almost certainly depend on an understanding of user acceptance issues. This study has provided a series of tools for that understanding to be accomplished

Optimising multimodal fusion for biometric identification systems

Biometric systems are automatic means for imitating the human brain’s ability of identifying and verifying other humans by their behavioural and physiological characteristics. A system, which uses more than one biometric modality at the same time, is known as a multimodal system. Multimodal biometric systems consolidate the evidence presented by multiple biometric sources and typically provide better recognition performance compared to systems based on a single biometric modality. This thesis addresses some issues related to the implementation of multimodal biometric identity verification systems. The thesis assesses the feasibility of using commercial offthe-shelf products to construct deployable multimodal biometric system. It also identifies multimodal biometric fusion as a challenging optimisation problem when one considers the presence of several configurations and settings, in particular the verification thresholds adopted by each biometric device and the decision fusion algorithm implemented for a particular configuration. The thesis proposes a novel approach for the optimisation of multimodal biometric systems based on the use of genetic algorithms for solving some of the problems associated with the different settings. The proposed optimisation method also addresses some of the problems associated with score normalization. In addition, the thesis presents an analysis of the performance of different fusion rules when characterising the system users as sheep, goats, lambs and wolves. The results presented indicate that the proposed optimisation method can be used to solve the problems associated with threshold settings. This clearly demonstrates a valuable potential strategy that can be used to set a priori thresholds of the different biometric devices before using them. The proposed optimisation architecture addressed the problem of score normalisation, which makes it an effective “plug-and-play” design philosophy to system implementation. The results also indicate that the optimisation approach can be used for effectively determining the weight settings, which is used in many applications for varying the relative importance of the different performance parameters

Casino exclusion technique exploration: Framework development.

Thesis (MBA)-University of Natal, Durban, 2003.The new National Gambling Bill introduces a system of voluntary and court-ordered exclusion of problem gamblers from casinos. A wide range of exclusion techniques for access control could be applied to South African casinos. However, there are no clear criteria on which to base the decision of which system is to be implemented. Various role players need to be considered to determine what can be deployable in casino applications. A framework, from a business perspective, is proposed which allows multiple role players and varied criteria to effectively evaluate a range of possible solutions. The framework is applied to the role players affected by the proposed exclusion of problem gamblers from gambling. The main role players evaluated a number of possible exclusion techniques according to a range of important criteria. The current solution of a security guard at the entrance is superior according to the casino operations department. The casino marketing division places a high emphasis on ease of use for the pUblic. Of the alternative solutions, comparison-based solutions (using an identity book) were preferred by Gambling Anonymous while card-based solutions (proximity card) was found to be preferable by the public. The casino surveillance department preferred non-contact, overt, biometric acquisition (such as iris recognition). Covert biometric acquisition (face recognition) is found to be the most acceptable to all the role players, with fingerprint recognition being the least acceptable. The application of the framework allowed multimodal exclusion techniques (face recognition linked to casino loyalty cards) to emerge as a promising way forward.Pages 27, 28, 60, 89, 90-93 are unclear.Please refer to the print copy if you have difficulty understanding the text

The power of credit card numbers and enhanced CVVs

O roubo de informação respeitante a cartões de crédito é uma ameaça ao comércio electrónico. Os sistemas de pagamento introduziram o conceito do CVV2 como forma de mitigar o risco baseado no princípio de que estes valores não deveriam ser armazenados uma vez completa a transação. Sistemas, comunicações e bases de dados comprometidos resultam na captura ilícita desta credencial de autenticação frustrando assim o seu propósito inicial. Este estudo propõe a criação de CVVs dinâmicos (enhanced CVVs) como forma de contrariar estes ataques. Desta forma, o compromisso de todos os elementos presentes numa ou mais transações não são suficientes para garantir o sucesso na autenticação de transações subsequentes. É essencial que qualquer novo método de pagamento tome em conta os factores determinantes para que seja aceite por todas entidades participantes. Este estudo propõe dois métodos de CVVs dinâmicos: Matriz de CVVs e CVVs Longos. Os métodos propostos baseiam-se na infraestrutura atual de pagamentos baseados em cartões, com o objectivo de mitigar as maiores ameaças atuais, tendo o cuidado de manter o delicado equilíbrio dos factores determinantes para todos os participantes. Ambos os métodos são analisados na vertente da segurança de forma a avaliar, e comparar, o nível de resistência perante situações de compromisso de transações. Questões relativas à implementação e à migração são igualmente analisadas de forma a determinar os impactos respeitantes à adoção dos métodos propostos.Theft of credit card information is an increasing threat to e-commerce. Payment systems introduced CVV2 as a method to mitigate the threat based on the principle that these values would not be stored once the transaction has completed. Compromised systems, communications and databases result in the unlawful capture of this authentication credential and therefore thwart its initial purpose. This study proposes the creation of dynamic CVVs (enhanced CVV2s) in order to counter these attacks. Thus a compromise of all the elements in one or more transactions will not be sufficient to guarantee successful authentication of subsequent payments. It is essential for success, that any new payment scheme take into account the key factors determinant for the acceptance of each of the participating parties. Two implementation schemes of enhanced CVVs are proposed: Matrix CVVs and Long CVVs. The proposed methods build upon the current card based e-payment infrastructure with the objective of mitigating present day threats whilst maintaining the delicate equilibrium of key factors for all participating parties. Both schemes are analysed at a security level so as to evaluate, and compare, the level of resistance function of the number of previously compromised transactions. Implementation and migration issues are equally analysed so as to determine the impacts of adoption of the proposed schemes