Bridging the log-in gap

Although not yet mainstream, biometrics are steadily gaining ground within the federal government as a means of network authentication. The use of biological characteristics to authenticate users offers a level of security unmatched by passwords and tokens because biological traits cannot be forgotten, lost or stolen, and they are very difficult to mimic.

Increased security concerns, maturing technology and falling costs are playing a large role in the growth rate. The attitudes of end users are another factor allowing the growth of biometrics. Since the terrorist attacks on Sept. 11, 2001, many people have accepted security measures that they previously thought were unacceptably invasive.

For network access, most agencies are interested in layered security, meaning more than one means of authentication is required to gain access. Layered security can mean two biometrics, such as a fingerprint and iris scan, but more often it means a biometric combined with a token, such as a smart card or radio frequency ID badge. Biometrics are also often combined with a public-key infrastructure.

Layered biometric authentication requires policy-based software that can manage the different devices and tokens, if necessary, on a network. This type of software integrates with the log-in process to replace passwords with biometric authentication.

Agencies should ask several questions before purchasing biometric management software. First, how well does the product integrate with the existing network infrastructure? Does the system utilize existing data storage, or do separate databases for biometric information need to be created? Scalability should also be questioned: Will the product be able to accommodate future needs?

Biometric device compatibility is also an important factor. Not all management packages are compatible with all devices. You should determine which devices you'll initially be using and also which ones you might want to use in the future.

When considering devices, check to see which, if any, industry standard the device complies with. The federal government mandates use of devices that comply with the Biometric Application Programming Interface. BioAPI is an American National Standards Institute standard and is more current than the Human Authentication Application Programming Interface (HA-API), an older standard that is not as common.

We compare the two highest-profile biometric authentication management systems, SAFLink Corp.'s SAFsolution Enterprise Edition and Computer Consultants and Merchants (CC&M) Inc.'s Trusted Space. Both products can also be used for physical access, but here we focus on network access.

SAFLink: Perfect for Windows

Trusted Space: Layered security

2014 Rising Star Awards

Help us find the next generation of leaders in federal IT.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above