AuthenticationWorld.com
The business of authentication
- Authentication Categories
- Password Authentication
- Single Sign On Authentication
- Access Control Authentication
- Authentication - Enterprise Security
- Authentication Strength
- Authentication Transaction
- Authentication Management
- User Authentication
- Authentication Federation
- Authentication-Biometric
- Fingerprints vs. Fingerscan
- Iris Authentication
- Voice Authentication
- PKI Authentication
- Token Authentication
- Wireless Authentication
- Document Authentication
- Authentication -Outsourcing
Biometric Authentication - Iris
The iris parallels fingerprints in its uniqueness. The statistical probability that two irises from different would be exactly the same is estimated at 1 in 1072. Thus use of the iris in authentication is one of the best ways of meeting high risk situations.
Iris recognition software is currently in wide use at Canadian-US airport borders. It is also widely used at many airports in Europe and the Middle East as well as many other industries for doing authentication access. There are however several challenges when deploying iris biometrics for authentication.
The implementation cost of biometric authentication is high to very high. Specialized iris scanners need to be installed at each access point. User registration can take time to accomplish. The distance between the user and the iris scanner is critical, often times creating frustrated users who misjudge the distance. User wariness often increases when asked for an eye scan since they are worried about what the scanner might do to their eyes. Maintenance of the iris scanners can often be expensive too.
Iris biometric authentication should be considered for high risk situations. Low to medium risk authentications should probably use other biometric and multi-factor authentication methods.
When the iris scan is done in the presence of an enterprise employee, the chance that the person is who they claim to be is very high. However, if the iris scan is done remotely, then the certainty the enterprise can apply to the authentication is lower. The reason for this is the enterprise is not in direct control of the authentication hardware, watching the person authenticate and not neceassarily in control of the network connection. Therefore, in remote situations, multi-factor authentication is required.
Finally, the issue of what happens if someone "steals" your iris biometric needs to be addressed. Unlike movies where the iris is pulled out and then used to gain entrance to a building or system, the greater risk is having the digital version of your iris stolen. At this point, what recourse does a user have to protect their biometric data from being fraudulently used? The answer today is not much legal recourse or government laws apply to these new situations.
A recommended vendor for iris scanners is Viisage Corporation.
Voice Authentication
Password Authentication Single Sign On Authentication Access Control Authentication Authentication-Enterprise Security Authentication Strength Authentication Transaction
Authentication Management User Authentication Authentication Federation Biometric Authentication PKI Authentication Token Authentication Wireless Authentication Document Authentication Authentication - Outsourcing
