Security

Electronic authentication technology takes off

Before too long, the IT world will be using digital signatures or retinal scans to access networks and domains. How will these new technologies affect the way you work?


Imagine a retinal scan that will allow accountants access to the company’s financial data. Or a process that can so accurately analyze a signature on an online legal contract that no forgery could ever hold up.

These technologies may be readily available sooner than you think. Dennis Quiggle, director of marketing for Cyber-SIGN—a San Jose, CA-based provider of biometric signature verification, signature capture, and display—said electronic authentication will be used regularly within two to five years. “There will be large segments of the populations using this,” he said. “The computer industry can’t proceed to the next level without this.”

As an IT pro, how will the future of electronic authentication affect you? Read more to find out.

What is electronic authentication?
Computerworld defines electronic authentication as the process through which the identity of a computer or network user is verified. Authentication ensures that an individual is, in fact, who he or she claims to be. It's distinct from identification—determining whether an individual is known to the system—and from authorization—granting the user access to specific system resources based on identity.

Quiggle explains that biometrics, which uses the unique physical characteristics of an individual to differentiate that person from any other, is the most accurate form of authentication.

“Biometrics protects privacy instead of invading it." According to Quibble, IT pros and users face the possibility of a "big brother" invasion of privacy whenever personal information is involved. But biometrics will protect information such as your home phone, address, and bank account. “It provides a higher level of security and privacy,” he said

It’s expected that biometrics will find a number of uses in both the business and consumer markets. Here are a few:
  • Conducting online transactions
  • Accessing and verifying medical records and other personal information
  • Security identification, access control, and network protection
  • Accessing cash machines, retail purchasing, and travel and ticketing
  • Law enforcement, military, and government applications
  • Benefits, entitlements, and service delivery

Another benefit of biometrics is its ability to prevent criminals from using false identification to commit a variety of online crimes. The National Fraud Center advocates an increased use of digital certificates and digital signatures, as well as using biometrics as a verification tactic to thwart would-be criminals.

A John Hancock to prove it
On the biometrics front, an individual’s identity can be authenticated through fingerprints, retinal patterns, hand geometry, voice recognition, facial recognition, typing pattern recognition, and signature dynamics.

Most of these forms of authentication are being used on a limited basis. Electronic signatures, for instance, are beginning to replace passwords as a means of entry to networks. The technology used measures the speed and pressure of a signature, not just the outline. Such signatures allow users getting data over electronic networks to determine the origin of the information as well as to determine whether it has been changed.

Because authentication will be such a pervasive part of business and consumer activity, experts say all the various technologies being developed will prove useful.

“In the technology marketplace, it’s going to vary a lot,” Quiggle said. “The billion-dollar transaction is going to need a higher level of authentication than if I’m selling you a book. Each is perfect for certain applications. A signature is perfect for contracts and legal documents; a fingerprint is good for fire safety [and] entry and exit from a building.”

Quiggle also explained that the market will make the determination of which technology becomes dominant for authentication. The government and the industry haven’t yet endorsed one form or another. “It depends on how you define it,” he said. “Non-cryptographic versus cryptographic depends on the level of security.”

Feds close to "signing" off
The biometrics issue has come before the government both in the United States and abroad.

Last December, the European Union telecom ministers approved a law giving digital signatures on contracts agreed upon over the Internet the same legal status as their handwritten equivalents. Likewise, the Australian government is developing a digital signature process for use by businesses in dealing with public sector agencies.

In the U.S., the House of Representatives is deliberating over the Computer Security Enhancement Act of 1999, which sets a policy for agencies’ implementation of electronic authentication.

The bill would allow electronic signatures to bear the same weight as their handwritten equivalents and to be used in legal proceedings; it would also eliminate some of the paper record keeping and notification requirements that certain states impose on financial institutions and insurance companies.

Several federal agencies are already implementing electronic authentication, moving ahead of others. The United States Patent and Trademark Office uses private key infrastructure (PKI) technology to allow users to apply for patents online. And the U.S. Food and Drug Administration, a division of the Department of Health and Human Services, allows use of electronic signatures to accelerate the drug-approval process.

Harris Miller, president of the Information Technology Association of America, said the federal legislation is long overdue.

“The whole digital signature bill…is fundamentally a benefit to individual consumers,” he said. “If you want to be an online trader right now, you can trade online, but you can’t sign up online. In five years, people will wonder why they even signed a piece of paper. It will be commonplace in the business-to-business world to do transactions electronically and to authenticate electronically. It’s going to be a norm.”
Is your organization using electronic authentication? Where do you think the technology is going? Tell us your thoughts by posting a comment below. If you have a story idea you’d like to share, drop us a note.

Editor's Picks

Free Newsletters, In your Inbox