A biometric is a measurable, physical characteristic or personal, behavioral trait used to recognize or verify the identity of an individual [Internet #11]. Through a broad category of technologies, biometric identification provides precise confirmation of an individual’s identity through their own physiological or behavioral attributes [Internet #2]. Initially biometrics was seen as strictly an identifying attribute of an individual that could be viewed and verified for accurate identification. Biometrics, in recent years, has been evolving into more than just fingerprints on identification cards. It is evolving into a high tech security measure with all the concerns, advantages and disadvantages of a long-term trend. Biometrics will become a proliferating force used by corporations and the government alike to assist in security, identification and verification for years to come. Its accuracy and distinctiveness are essential to todays and the future’s security needs.

Most people think that biometrics is a space age technology used only by James Bond and that it will come alive when solar cars and non-fossil fuels are the norm. Biometrics, however, has been around for centuries; dating back to prehistory. On a cliff face in Nova Scotia there is a petroglyph showing a hand with exaggerated finger whorls and other ridge markings, presumably created by prehistoric Native Americans. Fingerprints were reportedly impressed on clay tablets from ancient China as well as on Chinese documents of the Tang Dynasty. Each of these impressions was a form of identification for the owner.

The earliest uses of "biometric" identification consisted of inflicting scars, brands, and markings on criminals. The Roman legions reportedly used tattoos to identify mercenary soldiers, who might otherwise have a tendency to desert. Dismemberment was a radical but effective way of marking a thief. But this mutilation, like branding and tattooing died out in most countries as civilizations developed a system of criminal record keeping.

In 1686, Marcello Malpighi, a professor of anatomy at the University of Bologna, noted in his treaties; ridges, spirals and loops in fingerprints. He did not mention the value of these identifying characteristics, but he did open the door to other suspecting individuals. In July of 1858, Sir William Herschel, Chief Magistrate of the Hooghly district in Jungipoor, India, first used fingerprints on native contracts. On a whim, and with no thought toward personal identification, Herschel had Rajyadhar Konai, a local tribesman impressed his handprint on the back of a contract. The idea of the handprint was merely to frighten Konai out of all thought of repudiating his signature. The native was impressed, and Herschel made a habit of requiring palm prints, and later, simply the prints of the right index and middle fingers on every contract made with the locals [Ludas]. Personal contact with the document, they believed, made the contract more binding than if they simply signed it. Thus, the first wide-scale, modern-day use of a biometric identifier was established, not upon scientific evidence, but upon superstitious beliefs. Eventually, as Hershel’s collection of fingerprints grew, he noted that the inked impressions could prove or disprove identity.

During the 1870’s, Dr. Henry Faulds, the British Surgeon-Superintendent of Tsukiji Hospital in Tokyo, Japan, took up the study of "skin-furrows" after noticing finger marks on specimens of "prehistoric" pottery. Dr. Faulds not only recognized the importance of fingerprints as a means of identification, but devised a method of classification as well. In 1880, Dr. Faulds published an article in the Scientific Journal, "Nautre". In the publication, he discussed using ink and obtaining fingerprints as a means of personal identification. Faulds forwarded an explanation of his classification system and a sample of the forms he had designed for recording inked impressions, to Sir Charles Darwin. Darwin, in turn forwarded the information to Francis Galton.

In 1888, Sir Francis Galton, a British anthropologist and a cousin of Charles Darwin began his observations of fingerprints as a means of identification. In 1892, he published his book, "Fingerprints", establishing the individuality and permanence of fingerprints. This was the first published classification system for fingerprints. Galton’s primary interest in fingerprints was as an aid for his explanation of determining heredity and racial background. Soon, however, he discovered that fingerprints offered no firm clues to an individual’s intelligence or genetic history. He was, however, able to scientifically prove what Herschel and Faulds already suspected; that fingerprints do not change over the course of an individuals lifetime, and that no two fingerprints are exactly the same. According to his calculations, the odds of two individual fingerprints being the same were one in sixty-four billion. Galton identified the characteristics by which fingerprints can be identified. These same characteristics (minutia) are still in use today, and are often referred to as Galton’s Details.

At the same time fingerprints were being explored as a biometric identifier, Alphonse Bertillon was developing his own biometric identification system. By 1870, his methods, known as anthropometry or Bertillonage had taken hold. The Bertillon system was devised to measure and record the dimensions of certain bony parts of the body. These measurements were reduced to formula that, theoretically, would apply only to one person and would not change during his/her adult life. These measurements along with hair color, eye color, and front and side view photographs were recorded on cardboard forms. By dividing each of the measurements into small, medium and large groupings it was possible to place the dimensions of any single person into one of 243 distinct categories. As with fingerprinting, the use of accurate identification in the justice system was paramount. Upon arrest, a criminal was measured, described and photographed. The completed card was indexed and placed in the appropriate category. In a file of 5,000 records, each of the primary categories would hold only about 20 cards. It was therefore not difficult to compare the new record to each of the other cards in the same category. If a match was discovered, the new offense was recorded on the criminal’s card.

The Bertillon system was officially adopted by the Paris Police in 1882 and quickly spread throughout France, Europe and the rest of the world. In 1887 Major R. W. McClaughry, warden of the Illinois State Penitentiary, introduced the system into the United States. Several other states, including New York, also began to record and maintain Bertillon records on convicted criminals. As law enforcement agencies began compiling larger and larger libraries of Bertillon cards, the number of cards in each category grew steadily. Although 243 categories were more than sufficient for a small agency, large institutions like the New York State Department of Prisons found that the time required to search for duplicate cards had increased from minutes to hours. As a result, more and more agencies began using sub-classifications such as hair color to help in the sorting process.

Although the problems of classification and quality control could be dealt with, Bertillonage had another flaw that ultimately led to its eventual abandonment as an identification system. Bertillon measurements were not infallible and in several cases of mistaken identity proved that there were certain common physical characteristics that appeared identical within the limits of accuracy of the system. Although agencies continued to use the Bertillon system until the 1930’s fingerprinting was obviously the biometric identifier of the future.

In order for fingerprinting to gain a majority foothold it had to have a classification system that would be universal and easy to understand and use. Both Galton and Faulds had recognized the classification problem and had begun working on solutions. Galton identified three basic pattern types (loop, whorl, and arch) and developed a classification system based on the distribution of the pattern types among the ten fingers. Galton’s classifications were simply alphabetical expressions of the patterns: for example, LLAWL LWWLL. The system worked but it was destined to be superseded by another classification system.

During the late 1890’s a British official Sir Edward Richard Henry was encountering the same types of problems that had prompted Herschel to begin using fingerprints in the Hooghly District. Henry had a problem with properly identifying criminals in his prisons. Realizing that a fingerprinting system was the answer to his problems, Henry began corresponding with Galton and later visited him in England. On returning to India, Henry ordered that fingerprints and Bertillon measurements be taken of all prisoners in his jurisdiction. Bertillon measurements were the standard at the time, but Henry wanted to verify Bertillon measurements with fingerprinting. As Henry suspected, there were some problems with the Bertillon system. Devoted to find a way to properly and accurately identify a prisoner, Henry developed a classification system that was based on numerical values for each finger and on the presence or absence of whorls in each finger. Henry’s system produced 1,024 primary classifications, and was instituted in Bengal in early 1897. The system worked so well that Henry formally requested that the Government of India consider the possibility of replacing Bertillonage with fingerprinting as the primary means of identification.

The Government of India realized the significance and importance of Henry’s findings, and granted his request. An independent committee met in March 1897 and concluded that fingerprinting was superior to Bertillonage. In June of the same year, the Governor General signed a resolution directing that fingerprinting was to be the official method of identifying criminals in British India. Once the Henry Fingerprint Classification System had proved successful in India, another committee was named to review Scotland Yard’s identification methods. This committee also recommended that Bertillonage be abandoned in favor of fingerprinting. In 1901, Henry was transferred to England, where he established Scotland Yard’s Central Fingerprint Bureau and began training investigators in the use of his system. Within a few years, the Henry system was in worldwide use, and fingerprinting had taken its place as the universally accepted method of personal identification.

By 1902, the first systematic use of fingerprints was being used in the U.S. by the New York Civil Service Commission. Its success was recognized by the New York State Prison, which then implemented the first use of fingerprints in the U.S. for criminals in 1903. The use of fingerprinting began to spread even more in the law enforcement arena. In 1905, the use of fingerprints was implemented for the U.S. Army. Two years later the U.S. Navy started, and was joined by the Marine Corp. As time passed, more and more agencies and public institutions implemented the use of fingerprinting to track and identify individuals. As a result of widespread use, many of these agencies began sending copies of their fingerprint cards to the National Bureau of Criminal Identification, which was established by the International Association of Police Chiefs.

In 1924, an act of congress established the Identification Division of the F.B.I.. The National Bureau and Leavenworth was consolidated to form the nucleus of the F.B.I. fingerprint files. By 1946, the F.B.I. had processed 100 million fingerprint cards in manually maintained files; and by 1971, 200 million cards. With the introduction of Automated Fingerprint Identification System (AFIS) technology, the files were split into computerized criminal files and manually maintained civil files. At present, there are over 30 million criminal files on record, and an undisclosed amount of civil files. Recently, just this year, the F.B.I. has stopped using paper fingerprint cards and is now using a new Integrated AFIS for all of its fingerprint records.

Unknowingly, Herschel, Faulds, Galton and Henry pioneered modern day biometrics. They recognized the significance of proper identification and actually aided in the development of the first classification system. As seen, fingerprinting has been a widely employed biometric technique for well over 100 years. The excitement today is that of ongoing advances in data processing and database technology. This technology has led to the automated measurement of biometric features, digitizing of these measurement results and the computerized comparison with a database where these measurements are concretely associated with specific individuals.

These biometric measurements may be used in two forms: identification and verification. Identification is a one-to-many process that compares a submitted biometric sample against all reference templates on file to determine a match and to determine the identity of the individual. Identification is commonly used in the criminal justice system, where criminals are compared against all templates to confirm a match. Authentication relies on four major functions when identifying an individual. The system must capture a particular feature, extract data from a database, store template data, and compare matches between templates and scan [The Software Battle Has Just Begun]. Verification depends on a one-to-one match of a submitted sample against a specific template to determine an appropriate match [Internet #11]. Verification is used when a sample has already been taken and the identity of the person is being compared against the known sample on file. Most of the biometric technology available today focuses on identification; however with the emerging use of smart cards, cards designed to hold the sample, verification will become more beneficial for recognition systems. These biometric security techniques replace traditional passwords and user logon ID’s with a system that quickly examines unique patterns of the user’s finger, palm, hand, blood vessels, voice, or signature. Gary Lynch, analyst of the Gartner Group, sees biometrics growing 25% in the next 2 years from the $100 million market it holds today [DiDio, Body Parts Securely ID Users]. This estimate may be small considering the recent move to standardize this infant technology.

In an attempt to standardize this technology, IBM, Compaq, Microsoft, Novell and Miros created the BioAPI (Application Program Interface) consortium who, together, developed three camps of biometric applications. BAPI, HA-API, a high level human authentication section, and SVAPI for speaker verification [McCormick, p21]. A separate committee ICSA (International Computer Security Association) has set out to test thirty products per year to ensure accuracy of vendor claims. They have already certified six biometric devices from the following companies: Hi-Key Technologies, Mytec Technologies, National Registry, SAC Technologies, Intelitrak Technologies and Miros [First Biometric Devices Get Certification]. Other associations such as the Immigration Naturalization Service and Army Research Lab look at the interoperability, throughput, level of security, user reaction, and cost of biometric products [Phillips, p111].

A significant part of the verification and identification process for biometrics depends on the false rejection rate (FRR) and false acceptance rate (FAR). A FRR is the probability that a biometric system will fail to identify or verify the legitimate identity of a user, or Type I error. A FAR, or Type II error, is the probability that a biometric system will incorrectly identify an individual or will fail to reject an imposter [Davies, vol.7 no.4]. A FAR of 1% means that 1 out of 100 users trying to break into the system will be successful [Willis, p122]. Biometrics, one of the top ten emerging technologies of 1998, is earning revenues of over $100 million. Due to the increased integration with personal portable computers and workstations, this revenue is rising daily. Today, biometrics technology is meeting the challenges of lower cost, smaller size and better performance. When used with smart cards or additional scanning, biometric measures can be extremely accurate [Sibley, p22]. As an automated measurement of unique biological characteristics, biometrics can distinguish one person from another by very minute factors.

Long used by law enforcement officials, fingerprinting methods have been expanded to provide greater accuracy for other organizations. Such products as American Biometrics’ BioMouse Desktop Fingerprint Scanner, I/O Software’s Puppy Secure Logon System, and Oracle & Identix’s fingerprint system use fingerprint scanning as their method of identification. Most of this software authenticates fingerprints with proprietary matching algorithms that do not store the prints. Files are based on grayscale images that are not compatible with police systems to protect individual privacy. These systems can use 1-10 fingers and take up to one-megabyte hard disk space as well as needing 16 megabytes of memory. The software can detect live fingers and can adapt to scars, abrasions, dry skin and dirt [Brown, p60]. The fingerprint method captures the image and creates a digital representation from points or minutiae (coordinates where ridges terminate and loops converge). The average finger has 70 minutiae points, which corresponds to 490 data elements to extract. Some algorithms get more data by combining minutiae points with vectors for relationships or entire sections of the image itself [The Software Battle has Just Begun, p84]. The New York Welfare Service Department saved $250 million in three years with fingerprinting software. The San Diego County Welfare Social Services Department using a Bioware Unisys Corp. system, saved $110,000 in benefits fraud in eight districts offices with a combination facial recognition and fingerprinting [DiDio, Body Parts Securely ID Users]. Disney World fingerprints pass holders for quicker entrance to the park. Most fingerprint systems cost approximately $500+. Veridicom makes a stamp size fingerprint system for filing cabinets, cars, laptops and cell phones.

KeyTronic uses a built-in fingerprint device in keyboards. These systems are tuned to account for aging and wounds. They also register turgidity and electrical charges to spot fake access attempts [Florh, p87].

The fingerprinting method works by a system called options. A prism and multiple lenses with an internal light source, refract air against the lens to distinguish finger ridges. They may also use electrical silicone chips, light emitting polymers and ultrasound [Willis, p122]. The actual fingerprinting process uses a microprocessor coupled to RAM (Random Access Memory) and ROM (Read Only Memory) and then to a terminal for data input. First an analog representation of the fingerprint image is generated by video camera as a finger is presented on an "image propagating surface" of prism or platen. A camera takes a snapshot of the image during the rolling action. An analog output of the video camera is fed to an eight-bit converter changing the input to digital format. This produces a two dimensional array of digital pixel values and represents the intensity of the finger images at corresponding discrete pixel locations. The digitizer output is read by the microprocessor and stored in RAM as image array data structures. The system determines the extent and intensity of each pixel as it varies from the average intensity. The greater variance of pixels, the greater probability that the pixel is an actual representation. The microprocessor compares the threshold values to determine the boundaries of the fingerprint. The data plus boundaries make a composite array that is stored as the final fingerprint image. An active fingerprint is correlated by mathematical function to the stored images. The systems require a minimum overlap of eight pixels; otherwise a mismatch alarm is sounded [Internet #10].

Australia has used such a fingerprinting system since 1987. Recognition can occur in 2 seconds on PC’s and 1 second on workstations with a claimed accuracy of 99.9%. Ontario, Canada uses thumb scans in their social welfare departments [Davies, vol.7 no.4]. Digital Persona’s U. are U. is considered to be one of the best overall fingerprinting devices with a fast reader, simple installation and low false rejection rate. Sony’s FIU is also lightweight, small, fast, secure and stores encrypted templates onboard [Lee, p84]. The downside to these applications is the traditional fingerprint stigma associated with "big brother" and law enforcement. Companies are making sure fingerprints cannot be constructed from scans and that latent fingerprints taken from crime scenes cannot be matched to corporate databases. Also, encrypted fingerprints can’t be used as forged actual fingers [Internet #9]. In an ORC survey (Opinion Research Corp. of New Jersey), taken in July 1996, 55% of the American public has been fingerprinted. More men, West Coast residents, and Hispanics have been fingerprinted than woman, eastern U.S. residents, or other ethnic groups. The higher the income and education levels – the greater chance of being fingerprinted [Internet #5]. A final fingerprinting method is the DNA fingerprint. DNA is isolated from body cells or tissue, cut, sized and sorted with enzymes and electrophoresis. Then the DNA is transferred to a nylon sheet as radioactive colored probes are added like bar codes [Internet #7]. This method is of course more obtrusive to the user and not acceptable for many security requirements.

The evolution of biometrics has expanded into many different types of recognition and identification systems other than fingerprinting to include facial recognition, hand geometry, retina and iris scans and signature and voice dynamics. The last to focus on behavioral traits while the others are physical attributes [Internet #8]. This evolution has also resulted in the arousal of concerns and issues in regard to implementing biometrics in the workplace and in public forums. Biometrics is a growing field in corporations, becoming a predominant security method. Many of the forms of biometrics are just now becoming known and are being tested and applied to real situations.

Looking into the various forms of biometrics and specific products for each, facial recognition is led by Miros’s TrueFace and Visionic’s FaceIt. Used with a video camera and a capture card, this software can even capture facial images from moving figures. Facial recognition software is able to discriminate masks or photographs by holding images as a template. Taking 16 MB RAM, these applications cost under $100 for a personal computer [Brown, p60]. They work by taking statistical correlation’s between the mouth and pupils, or by neural networks, which recognizes in context the eyes, hair color, and nose length. Some systems store several images to account for aging and light conditions [Florh, p87]. Although facial recognition systems are not for general public use due to the vast template storage and searching time, they are good for smaller office populations. Facial recognition systems are being used at DMV’s (Department of Motor Vehicles) in conjunction with Polaroid to offer driver license face prints that are resistant to changes in light, skin tone, eyeglasses, expression or hairstyle. FaceIt is being used in West Virginia’s DMV as well as in the NSA, US Army Research Lab, and the National Institute of Justice. INS’s Sentri project along the Mexican and U.S. border uses frequency tags in cars to match driver faces for speedier border crossings [DiDio, Body Parts Securely ID Users]. By far the most well known facial recognition system is the one used by Mr. Payroll in ATM machines all across the U.S. A national check cashing company from Massachusetts, Mr. Payroll uses TrueFace from Miros to identify users at more than 42 cash machines nationwide. In the first 12 months and 140,000 transactions, TrueFace and Mr. Payroll claimed zero false positive identifications [DiDio, These ATM’s Never Forget a Face]. However, facial recognition systems have few actual cases to prove their reliability and must be used with exceptional picture quality to ensure accuracy. As with most biometric measurements, facial recognition systems must also take into account end user resistance and user’s ever changing bodies [Internet #1].

Using hand geometry as a biometric measure, security personnel at the Atlanta Olympic Games were able to restrict access to specific athlete areas. Recognition System’s hand geometry software is used on 90% of U.S. nuclear reactor doors and claims a 99.9% accuracy rate. The system digitizes a 3-D image, with a nine character code for palm shape and finger length. This method must overcome problems with user’s dry hands and people with poor ridge definition (Asians) [Garber, p110]. However, users may be less resistant to this form due to the traditional custom of shaking hands in greeting, an unobtrusive habit. Sandia Research Group reports that hand geometry measures are the preferred biometric method by users [Internet #12]. Using the scan of the entire hand shape and characteristics, the Colombian legislature, the San Francisco International Airport and a Los Angeles sperm bank have incorporated hand geometry in their daily functions. At New York’s JFK airport, INS authorities use a project called INSPASS (Immigration and Naturalization Service Passenger Accelerated Service System) to read the palms of travelers which allows them faster access through customs and immigration lines. The contours of the hand are converted into measurements and stored on a smart card that can be presented to customs personnel. Twenty-six cooperating countries are now looking into the same system for their airports [Davies, vol.7 no.4].

Retinal, iris and vascular pattern scans are still primarily in prototype stages. However, the data collected so far rate retinal and iris scans as the most accurate biometric methods. Error rates have been shown to be 1 in 10 million [Internet #3]. Although retinas may change during one’s lifetime, irises do not [Internet #1]. This technology creates some user resistance as most people are sensitive about their eyes and find such scanning too intrusive. A retinal scan is taken by beaming light into the eye and recording the blood vessel pattern on the retina. The software involved can adapt to contacts and eyeglasses but not to cataracts or blindness. Iris scanners read the color and unique markings from up to three feet away and with no bright light. An iris code is made from the colored ring of tissue around the pupil and recorded in 256 bytes. Sensar’s IrisIdent by IriScan is allied with GTE to create a digital certificate method for cyberspace, as well as for Citicorp’s ATM machines [Florh, p87]. This less intrusive, non-contact biometric measurement is more expensive but can be used for access control, point-of-sales, and data protection [Coyle, p26]. Another method uses vascular patterns to identify blood vessels in various parts of the body; such as the veins on the back of the hand or in wrists [Davies, vol.7 no.4].

The last two types of biometric identification rely on behavioral traits. Signature authentication uses digitizing tablets to analyze typing rhythm for passwords and access control. CyberSign, the package receiving signature system, for $100, is used by the U.S. Postal Service [Phillips, p95]. Signature verification is the cheapest product, however, its acceptance rate and high error rate do not lend it to all applications. One in fifty signatures and voice measurements may be falsely identified. However, in a test by Siemens, more than 1000 autograph samples were taken. The false acceptance rate was only 3% for skilled forgers and 1% for unskilled subjects [Internet #3]. Voice verification focuses on different speech characteristics. Ximpersonation, Qvoice’s Who Is IT, and T-netix’s VoiceEntry II are several software makers of voice verification systems. These applications may be used as parental blocks on selected programs. They are adapted to colds and background noises but are also the easiest to fool [Florh, p87].

In order for corporations and government agencies to effectively implement these biometric identification methods as a security strategy, they must accurately understand the benefits and concerns of a biometric implementation. The benefits of a biometric implementation are abundant. Biometric requirements are physical or behavioral human traits; therefore they cannot be lost, observed, duplicated, left at home or stolen as tokens for passwords [Lee, p84]. They offer a highly effective method of secure, accurate, and reliable identification. Biometrics can be used to control fraud, increase administrative efficiency, decrease human error, and can be operated unattended in some cases [Internet #8].

As a result of biometrics personal nature, some people are concerned that databases will be linked to form "dossiers" containing all their personal information. In order to combat this concern, biometrics must be controlled to restrict the use and purpose and to store personal data separately from identification data. A court order should be issued before external access is given to such information. All data must be encrypted for privacy, and used as authentication of eligibility, not control or surveillance [Internet #9]. Data input must be protected from input to storage [Willis, p122]. A bill before the California Assembly seeks to regulate biometric identification devices and data so that it will be a crime to buy or sell biometric information [Slator, pA1]. Some of the identification methods require the user to put up with "Big Brother" while standing in bright light or placing their body parts in places that many others have touched [Florh, p87]. For many, this is too intrusive and demanding.

Meanwhile corporations are still getting by using reusable passwords and swipe cards. Biometric ID measures have been picked up more readily outside the U.S. and also in health care organizations where patient privacy is very strict [Aragon, p77]. Dangers of biometric methods are caused by greater system complexity, which increase the probability of system failure. Power outages, coping with exceptions, claims of database error, and organizational power over users must be dealt with. User fears include being de-humanized and losing their individuality. While a flawed identity check results in unnecessary duplication, fraud, higher costs, and client disruption, a rigorous identification procedure is invasive and unpopular with users.

Due to biometrics infant stage, the lack of standardization is also a concern. Many systems are vendor specific and require higher levels of software to abstract the necessary details. Most vendors’ only support a Microsoft Windows environment, only two of six support UNIX. Some software only generates a yes or no to state a match or non-match leaving many "gray" matches undefined. BAPI is trying to combat that problem by storing confidence scores on smart cards. Another problem is that software is external to the operating system. Windows NT now offers great integration, as templates are stored directly to the security account manager, which eliminates the need for an external database [The Software Battle Has Just Begun]. Biometrics is making an entry into security systems because of cheaper technology, greater PC processing power and a more security-conscious society. These benefits and concerns must be balanced in any corporate security strategy.

To implement such a corporate security strategy, several factors must be examined in detail. Security of systems, buildings, equipment, personnel and information are important to a business. Often this issue is overlooked until existing security protection is breached. Then, security becomes a focal point for management and business owners. In order to combat security weak points, biometrics is being used to identify and verify individuals, users and customers. Biometrics, in an ideal form, automatically identifies someone, ensuring that the user is not an impersonation. Therefore, most systems will identify from a given token; such as a badge, card, password or PIN.

The first step when implementing a biometrics program is to assess the current level of security in the company. All business and operational requirements must be identified as well as current problems and compatibility issues. Some areas are measurable: number of enrollees, distribution of transactions, environmental considerations, availability of system operators, time to enroll an individual into the system, time for individual to use the application, the percentage of false rejections and false acceptances, and the uniformity of performance across population groups (ethnic, disabled, etc.). A second area to inspect is the architecture and future requirements of any security application. Next, the operating methodology and user interfaces may be designed. Finally, the biometric technology may be purchased and interfaced with the system. When choosing this technology, management must consider how suitable and convenient the application is to the user. Price, size and practicality will also play a role especially in budget considerations. A reliable and reputable manufacturer must be found, still a difficult issue for this infant industry. Particular attention must also be given to how easily the application may be cheated or forged. Testing is performed next, first within the biometrics system, then within the entire house system. Last, full-implementation takes place with system operators fully trained in the biometrics system application [Internet #4, #6].

Obviously, biometrics is alive and growing in application areas. When care is taken to ensure the validity of use and the accuracy of such systems, biometrics can be a formidable security strategy. However, governments and corporations must also ensure that individual privacy is not forsaken and that the system is applicable to all users. As an information technology professional, one must almost guarantee the security of interior and exterior systems, employees, contracts and information. To do so accurately, corporations may require the use of biometric technology.

Choosing biometrics as a corporate security strategy may be a very profitable and stable investment for a business. Using biometric measures, especially in combinations of various forms, brings ease and accuracy to user identification and verification. From this security, management can be more assured that systems and individuals are protected, a major concern of any company today.

Future issues deal with transportation issues and smart buildings – taking smart card technology, biometrics, engineering and architecture to new levels. AVI (Automated Vehicle and Driver Identification) uses biometrics and frequency tags to track fleets of trucks, in parking lot security and gated communities, and in alarm management [Program #1]. RFID (Radio Frequency Identification) can penetrate harsh environments, and track moving objects such as cargo containers, office equipment (laptops), and hospital inhabitants (babies, Alzheimer’s patient, doctors and livestock) [Internet #13]. For more indoor operations, smart buildings can control environments, workstations, incoming and outgoing personnel and guests, and offer increased security to building occupants. As in Philip Kerr’s novel, The Grid, a building computer system may become almost a living, thinking object – capable of deciding that humans aren’t necessary for company operations. Perhaps it will be best to leave some basic duties for secretaries and janitors and leave identification tasks to a simple biometric system [Kerr].

The uses of biometric identification and verification are boundless. From its very beginning on the walls of prehistoric Native Americans, it was recognized as a form of personal identification. Through the years, fingerprint uniqueness was classified and utilized for contract verification, personal identification and judicial applications. As biometric technology evolved, corporations and government institutions implemented the technology to assist security measures and accurately and efficiently identify individuals. Today, these technologies have become more public. Not only corporations, but also private individuals are beginning to use this technology for personal security. As the use of biometrics expands, so do the concerns about personal privacy and technological security of biometric identifiers. As biometrics continues to evolve, government intervention and regulation will occur. This regulation will ensure a higher level of personal security and privacy. The day will come when biometrics will be the only true form of identification and verification. Biometrics will become a proliferating force used by corporations and the government alike to assist in security, identification and verification for years to come.

Aragon, Lawrence. "Show Me Some ID", PC Week. 12 Jan, 1998: 77.

Armitage, Peter, Herbert David. Advances in Biometry : 50 Years of the International

Biometric Society. New York: John Wiley & Sons, July 1996.

Brown, Bruce. "Anatomically Correct", PC Magazine. 21 April, 1998: p 60.

Coyle, Dan. "Security for Your Eyes Only", Byte. May 1998: p 26.

Davies, Simon G. "Touching Big Brother", Information Technology & People. 1994: vol.

7 no. 4.

DiDio, Laura. "Body Parts Securely ID Users", Computer World. 25 May 1998: p 39.

DiDio, Laura. "These ATM’s Never Forget a Face", Computer World. 1 June 1998: p 33.

"First Biometric Devices Get Certification", Newsbytes. 27 Apr. 1998.

Florh, Udo. "Computers with Attitude", Byte. July 1998: p 87.

Garber, Joseph R. "We Know Who You Are", Forbes. 10 August 1998: p 110.

Internet #1 "http://www8.zdnet.com/pcweek/news/0414/14bio/html"

Internet #2 "http://www.afmi.wpafb.af.mil/public/organizations/HO-AFMC/LG/LSO/LOA/Bio.htm"

Internet #3 "http://www.biometric-consulting.com/bio.htm"

Internet #4 "http://www.biometrics.org/reports/bioref.html"

Internet #5 "http://www.camacdonald.com/smarlink.htm"

Internet #6 "http://www.fcw.com/pubs/fcw/1997/0120/feature.htm"

Internet #7 "http://www.gene.com/ae/index.html"

Internet #8 "http://www.idat.com/tbio.html"

Internet #9 "http://www.ipc.on.ca/web_site.eng/whatsnew/newsrel/biom.htm"

Internet #10 "http://www.law.emory.edu/fedcircuit/july98/97-1208.wpd.html"

Internet #11 "http://www.pacbio.com"

Internet #12 "http://www.raycosecurity.com/biometric/Sandia.htm"

Internet #13" http://www.speble.co.za/RFIDtechn.autojm.ID.apps"

Kerr, Philip. The Grid. Warner Books: New York, 1995.

Lee, Henry C. Advances in Fingerprint Technology. New York: CRC Press, January 1994.

Lee, Mike and Willis, David. "Six Biometric Devices Point the Finger at Security",

Network Computing. 1 June, 1998: p 84.

Ludas, Joseph M. Fingerprint Discoveries : The illustrated Textbook of Fingerprint

Identification. Connecticut: Forensic Press, March 1996.

McCormick, John. "Keep Networks Sage with Body Language", Government Computer

News. 27 April 1998: p 21.

Phillips, Ken. "New Options in Biometric Identification", PC Week. 7 September, 1998:

p 95.

Phillips, Ken. "Standards Coming to Biometric Market", PC Week. 25 May 1998: p 111.

Program #1 "Avilongr.exe"

Slator, Eric. "Not All See Eye to Eye on Biometrics", LA Times. 29 April 1998: p A1.

Sibley, Kathleen. "Finger-Scanning Gets Thumbs Up", Computing Canada. 21

September 1998: p22.

"The Software Battle Has Just Begun", Network Computing. 1 June, 1998: p 84.

Willis, David. "Let Your Fingers Do the Logging In", Network Computing. 1 June, 1998: p 122.