Identity theft, data security, privacy, phishing and fraud are common security themes and concerns. Confidential information is criss-crossing the internet and radiating through wireless networks, while trade secrets are a whisker away from being compromised.

Today’s management boards face a host of legal and regulatory demands, forcing them to get to grips with the control of their sensitive and critical business data and the behaviour and management of their staff. The result is that companies are looking to technology to provide the answers to two big questions: are people who they say they are; and how can sensitive data remain confidential even if it falls into the wrong hands?

A blend of biometrics and quantum cryptography may provide some answers.

Andy Kellet, senior research analyst at Butler Group, says both biometric and encryption technologies are fairly mature. ‘The technology has been in its early-adopter phase for a long time, but they were seen as technologies to secure the environment,’ he says.

‘Things, however, are changing, and this year the issues surrounding data loss and prevention are paramount, which is why they are on the verge of being mainstream.’

Biometrics

Biometrics are measurements of biological characteristics – either physiological or behavioural – that verify the claimed identity of an individual. Physiological biometrics include fingerprints, iris recognition, voice verification, retina recognition, palm vein patterns, finger vein patterns, hand geometry and DNA.

Behavioural biometrics include signature verification, a person’s gait and keystroke dynamics.

Ideally, a biometric is what an individual uniquely holds and another human being should not be able to possess.

But concerns can arise about copies of raw biometrics data – fingerprint, face or iris – obtained by illegal means. Fortunately, obtaining the data is not enough. The imposter has to present the biometric to the systems as well as fool it.

What makes biometrics successful is not its secrecy but its openness – we all carry them around and show them plainly to each other.

If a system includes an ‘aliveness’ test, and is performed in an exposed, supervised area then fingerprints copied onto plastic or faces shown as photographs will be spotted.

An iris recognition system should look for the hippus movement – the constant shifting and pulse that takes place in the eye. The aliveness element ensures that the reading is fresh and a previously recorded impression is not being replayed.

Other forms of user authentication – including passwords, tokens and encryption – all depend on protecting a secret or preventing the theft of an object. Once that secret or device is compromised, so is security until a new one can be established. These methods also require the user to hold different secrets with each and every device, which can be a burden.

If fingerprint data is stolen, it is impossible to change the fingerprint in the same way you would a password. Iris and retinal scans, which are harder to obtain than face scans and fingerprints, are more secure, especially if the biometrics data is supplied in an encrypted, rather than raw, form. Encrypted biometrics data can be revoked simply by changing the encryption and decryption keys, making it more difficult for a thief to acquire the data in a useful form.

Biometrics voice verification is also gaining momentum. Confirming the identity of the speaker is based on numerous vocal characteristics and the fact that each person’s voice is unique because of the distinctive and individual geometry of the person’s vocal tract.

Rapid growth

Voice is also the only biometric that does not require the physical presence of the person, making it ideal for telephone- and web-based applications where remote authentication is required.

Combining your voice – something you are – with a typed or spoken password – something you know – delivers strong two-factor authentication.

The global biometrics voice market is expected to grow rapidly over the next four years, says Frost and Sullivan analyst Sapna Capoor.

‘A primary driver for growth is the increased adoption of voice verification by financial institutions,’ she says. ‘Key drivers will be the need for tighter security, enabling greater use of automated services, end-user convenience and cost reduction.’

Blended biometrics – biometrics information used in conjunction with another form of security, either biometric or physical – offers strong two-factor authentication that significantly increases the security of any system and makes it more difficult for someone else to replicate.