Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and
Trang 1by Peter Gregory, CISA, CISSP and Michael A Simon
Biometrics
FOR
Trang 2Biometrics For Dummies
Published by
Wiley Publishing, Inc.
111 River Street
Hoboken, NJ 07030-5774
www.wiley.com
Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana
Published by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or
by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as
permit-ted under Sections 107 or 108 of the 1976 Unipermit-ted States Copyright Act, without either the prior written
permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the
Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600
Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing,
Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at
http://www.wiley.com/go/permissions
Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the
Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade
dress are trademarks or registered trademarks of John Wiley & Sons, Inc and/or its affiliates in the United
States and other countries, and may not be used without written permission All other trademarks are the
property of their respective owners Wiley Publishing, Inc., is not associated with any product or vendor
mentioned in this book
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO
REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF
THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING
WITH-OUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE NO WARRANTY MAY BE
CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS THE ADVICE AND STRATEGIES
CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION THIS WORK IS SOLD WITH THE
UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR
OTHER PROFESSIONAL SERVICES IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF
A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT NEITHER THE PUBLISHER NOR THE
AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM THE FACT THAT AN
ORGANIZA-TION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITAORGANIZA-TION AND/OR A POTENTIAL SOURCE
OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES
THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT
MAY MAKE FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS
WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND
WHEN IT IS READ
For general information on our other products and services, please contact our Customer Care
Department within the U.S at 800-762-2974, outside the U.S at 317-572-3993, or fax 317-572-4002
For technical support, please visit www.wiley.com/techsupport
Wiley also publishes its books in a variety of electronic formats Some content that appears in print may
not be available in electronic books
Library of Congress Control Number: 2008930830
ISBN: 978-0-470-29288-4
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1
Trang 3About the Authors
Peter Gregory, CISA, CISSP, is the author of several books including IT
Disaster Recovery Planning For Dummies, Blocking Spam & Spyware For
Peter is the security and risk manager at a financial management software company located in Redmond, Washington Prior to this, he held tactical and strategic security positions in large wireless telecommunications organiza-tions He has also held development and operations positions in casino gaming-management systems, banking, government, nonprofit organizations, and academia since the late 1970s He is a member of the Board of Advisors and an occasional lecturer for the NSA-certified University of Washington Certificate Program in Information Assurance & Cybersecurity
Peter can be found at www.peterhgregory.com
Michael A Simon is the author of The Internet Starter Kit for Windows (with
Adam Engst and Corwin S Low) and Blocking Spam & Spyware For Dummies
(with Peter Gregory)
Mike has been working in computer security and policy development since
1985, working at the time for the University of Idaho, a regional pioneer in computer security and one of the first NSA Centers of Excellence in Information Assurance Education
Currently, Mike is an adjunct faculty member for the University of Washington, and occasionally lectures at Seattle University, University of Idaho, and several civic organizations on the subject of information assur-ance and computer security He sits on the advisory board for the Information Assurance certificate program for the University of Washington, the technical advisory board for Goldfish Holdings, Inc., the Advisory Board for the Computer Science Department at the University of Idaho, and on the Founders Board for the Information School at the University of Washington
Trang 4To Becky and Shannon — Peter Gregory
To my teachers: past, present, and future — Mike Simon
Authors’ Acknowledgments
Peter Gregory would like to thank Carole McClendon, his literary agent, and
Tiffany Ma and Amy Fandrei, Acquisition Editors at Wiley, for their support of this project Thank you to Nicole Sholly, Project Editor at Wiley, for your help organizing our work, and to Barry Childs-Helton and John Chirillo for copy and technical editing, respectively Thank you, Mike, I always enjoy working with you on collaborative projects
Mike Simon would like to thank Paul Donion for dealing with a business
part-ner with deadlines Thanks to Erin Klunder and Ray Pompon for answering random biometrics questions about law enforcement and finance (respec-tively) Much thanks to Al Gidari and Joseph Cutler of Perkins Coie, LLP for the use of the table of State Data Breach laws in Chapter 3 Thanks, Peter, for making me look good (again)
Trang 5Publisher’s Acknowledgments
We’re proud of this book; please send us your comments through our online registration form
located at www.dummies.com/register/
Some of the people who helped bring this book to market include the following:
Acquisitions and Editorial
Project Editor: Nicole Sholly
Acquisitions Editor: Amy Fandrei
Senior Copy Editor: Barry Childs-Helton
Technical Editor: John Chirillo
Editorial Manager: Kevin Kirschner
Editorial Assistant: Amanda Foxworth
Senior Editorial Assistant: Cherie Case
Cartoons: Rich Tennant
(www.the5thwave.com)
Composition Services Senior Project Coordinator: Kristie Rees Layout and Graphics: Reuben W Davis,
Joyce Haughey, Melissa K Jester, Abby Westcott, Christine Williams
Proofreaders: Dwight Ramsey,
Nancy L Reinhardt
Indexer: Claudia Bourbeau
Publishing and Editorial for Technology Dummies
Richard Swadley, Vice President and Executive Group Publisher Andy Cummings, Vice President and Publisher
Mary Bednarek, Executive Acquisitions Director Mary C Corder, Editorial Director
Publishing for Consumer Dummies
Diane Graves Steele, Vice President and Publisher Joyce Pepple, Acquisitions Director
Composition Services
Gerry Fahey, Vice President of Production Services Debbie Stailey, Director of Composition Services
Trang 6Index
types of biometrics See also comparing
biometric solutions behavioral, 12–13, 200–201 physical properties biometrics, 201–205 physiological, 11–12
typing dynamics
biometric basis for, 112 comparisons, 117, 256–257 described, 13, 111, 275 future technologies, 198 practical considerations, 112–113 uses for, 113–114
• U •
ultrasonic/sonar biometrics,
biometric basis for, 72 comparisons, 73 defi ned, 274, 275
fi ngerprints, 65 future technologies, 187–188 overview, 71–72
practical considerations, 72–73 uses for, 73
Uncertainty Principle, Heisenberg’s, 86–87
uniqueness, 14, 275
United Arab Emirates (UAE), 45, 94
United States See also U.S federal and state
laws Department of Justice, 37, 220 ports of entry, 47–49
use of iris-recognition technology, 94 United States Visitor and Immigrant Status
Indicator Technology (US-VISIT), 48, 56, 275
universality, 14, 275
updating the data, 14, 158, 159
upgrades, hardware, 161
U.S Department of Justice, 37, 220
U.S federal and state laws See also legal
issues data breach disclosure laws, 52–54 Electronic Patient Health Information (EPHI), 54, 271
overview, 46–47 users
accepting biometric technology, 15 behavior changes required of, 144–145 with disabilities, 221–222
enrollment, 13, 138
health issues, 157–158 helpdesk for, 155–156, 250 information published for, 156–157 locked out, 155–156
needed for biometrics system, 132 needs of, 24–25, 122
privacy concerns, 127–128, 226–227 problems with, 153
safety of, 261 sharing/stealing credentials, 10, 170
as stakeholders, 129–130 surveying, 214, 227 training/educating, 17, 137–138, 152–153 workloads, reducing, 250
US-VISIT (United States Visitor and Immigrant Status Indicator Technology), 48, 56, 275
• V •
vendor/manufacturer See also on-site
testing; selecting a biometric system choosing, 139–140
determining biometric requirements and, 131
following up with, 140 on-site testing through, 134–139 reference contacts for, 133–134 stability and support potential of, 139 Web site resource, 222
video surveillance, 193, 266 virus biometrics, 203–204
voice See also speaker recognition
biometrics; speech range and harmonics of, 105 recognition, 13, 27, 102, 275 recording to use as fake credentials, 172 translating into text, 103
vulnerabilities See also attacks; securing
biometric systems; threats database, 168
defi ned, 164, 275 identifying, 163–165 matching fl aws, 170 operating-system, 167 overview, 164–165, 166 physical, 167
replay, 170 re-registration fl aws, 170 software, 168–169
Trang 7Biometrics For Dummies
292
• W •
walking, 13, 109 See also gait-recognition
biometrics Walt Disney World, 10
Web sites
author’s, 5 Biometrics Catalog, 223–224 Central Intelligence Agency (CIA), 41 Electronic Frontier Foundation (EFF), 218–219
European Union (EU), 55
fi ndBIOMETRICS, 222
fi ngerprint misappropriation, 64 International Center for Disability Resources on the Internet (ICDRI), 221–222
John Daugman, 224 National Biometric Security Project (NBSP), 135–136, 219
National Geographic, 217–218
security information, 183–184 Third Factor Biometric Authentication News, 223
U.S Department of Justice, 37, 220 workloads, reducing, 250
• Y •
Young Frankenstein (fi lm), 148