Biometrics
FOR

DUMmIES

‰

by Peter Gregory, CISA, CISSP
and Michael A. Simon


Biometrics For Dummies®
Published by
Wiley Publishing, Inc.
111 River Street
Hoboken, NJ 07030-5774
www.wiley.com
Copyright © 2008 by Wiley Publishing, Inc., Indianapolis, Indiana
Published by Wiley Publishing, Inc., Indianapolis, Indiana
Published simultaneously in Canada
No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or
by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written
permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the
Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600.
Requests to the Publisher for permission should be addressed to the Legal Department, Wiley Publishing,
Inc., 10475 Crosspoint Blvd., Indianapolis, IN 46256, (317) 572-3447, fax (317) 572-4355, or online at
/>Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Man logo, A Reference for the
Rest of Us!, The Dummies Way, Dummies Daily, The Fun and Easy Way, Dummies.com, and related trade
dress are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates in the United
States and other countries, and may not be used without written permission. All other trademarks are the
property of their respective owners. Wiley Publishing, Inc., is not associated with any product or vendor

mentioned in this book.
LIMIT OF LIABILITY/DISCLAIMER OF WARRANTY: THE PUBLISHER AND THE AUTHOR MAKE NO
REPRESENTATIONS OR WARRANTIES WITH RESPECT TO THE ACCURACY OR COMPLETENESS OF
THE CONTENTS OF THIS WORK AND SPECIFICALLY DISCLAIM ALL WARRANTIES, INCLUDING WITHOUT LIMITATION WARRANTIES OF FITNESS FOR A PARTICULAR PURPOSE. NO WARRANTY MAY BE
CREATED OR EXTENDED BY SALES OR PROMOTIONAL MATERIALS. THE ADVICE AND STRATEGIES
CONTAINED HEREIN MAY NOT BE SUITABLE FOR EVERY SITUATION. THIS WORK IS SOLD WITH THE
UNDERSTANDING THAT THE PUBLISHER IS NOT ENGAGED IN RENDERING LEGAL, ACCOUNTING, OR
OTHER PROFESSIONAL SERVICES. IF PROFESSIONAL ASSISTANCE IS REQUIRED, THE SERVICES OF
A COMPETENT PROFESSIONAL PERSON SHOULD BE SOUGHT. NEITHER THE PUBLISHER NOR THE
AUTHOR SHALL BE LIABLE FOR DAMAGES ARISING HEREFROM. THE FACT THAT AN ORGANIZATION OR WEBSITE IS REFERRED TO IN THIS WORK AS A CITATION AND/OR A POTENTIAL SOURCE
OF FURTHER INFORMATION DOES NOT MEAN THAT THE AUTHOR OR THE PUBLISHER ENDORSES
THE INFORMATION THE ORGANIZATION OR WEBSITE MAY PROVIDE OR RECOMMENDATIONS IT
MAY MAKE. FURTHER, READERS SHOULD BE AWARE THAT INTERNET WEBSITES LISTED IN THIS
WORK MAY HAVE CHANGED OR DISAPPEARED BETWEEN WHEN THIS WORK WAS WRITTEN AND
WHEN IT IS READ.
For general information on our other products and services, please contact our Customer Care
Department within the U.S. at 800-762-2974, outside the U.S. at 317-572-3993, or fax 317-572-4002.
For technical support, please visit www.wiley.com/techsupport.
Wiley also publishes its books in a variety of electronic formats. Some content that appears in print may
not be available in electronic books.
Library of Congress Control Number: 2008930830
ISBN: 978-0-470-29288-4
Manufactured in the United States of America
10 9 8 7 6 5 4 3 2 1


About the Authors
Peter Gregory, CISA, CISSP, is the author of several books including IT
Disaster Recovery Planning For Dummies, Blocking Spam & Spyware For
Dummies (with Mike Simon) and CISSP For Dummies.

Peter is the security and risk manager at a financial management software
company located in Redmond, Washington. Prior to this, he held tactical and
strategic security positions in large wireless telecommunications organizations. He has also held development and operations positions in casino
gaming-management systems, banking, government, nonprofit organizations,
and academia since the late 1970s. He is a member of the Board of Advisors
and an occasional lecturer for the NSA-certified University of Washington
Certificate Program in Information Assurance & Cybersecurity.
Peter can be found at www.peterhgregory.com.
Michael A. Simon is the author of The Internet Starter Kit for Windows (with
Adam Engst and Corwin S. Low) and Blocking Spam & Spyware For Dummies
(with Peter Gregory).
Mike has been working in computer security and policy development since
1985, working at the time for the University of Idaho, a regional pioneer in
computer security and one of the first NSA Centers of Excellence in
Information Assurance Education.
Currently, Mike is an adjunct faculty member for the University of
Washington, and occasionally lectures at Seattle University, University of
Idaho, and several civic organizations on the subject of information assurance and computer security. He sits on the advisory board for the
Information Assurance certificate program for the University of Washington,
the technical advisory board for Goldfish Holdings, Inc., the Advisory Board
for the Computer Science Department at the University of Idaho, and on the
Founders Board for the Information School at the University of Washington.


Dedication
To Becky and Shannon. — Peter Gregory
To my teachers: past, present, and future. — Mike Simon

Authors’ Acknowledgments
Peter Gregory would like to thank Carole McClendon, his literary agent, and

Tiffany Ma and Amy Fandrei, Acquisition Editors at Wiley, for their support of
this project. Thank you to Nicole Sholly, Project Editor at Wiley, for your help
organizing our work, and to Barry Childs-Helton and John Chirillo for copy
and technical editing, respectively. Thank you, Mike, I always enjoy working
with you on collaborative projects.
Mike Simon would like to thank Paul Donion for dealing with a business partner with deadlines. Thanks to Erin Klunder and Ray Pompon for answering
random biometrics questions about law enforcement and finance (respectively). Much thanks to Al Gidari and Joseph Cutler of Perkins Coie, LLP for
the use of the table of State Data Breach laws in Chapter 3. Thanks, Peter, for
making me look good (again).


Publisher’s Acknowledgments
We’re proud of this book; please send us your comments through our online registration form
located at www.dummies.com/register/.
Some of the people who helped bring this book to market include the following:
Acquisitions and Editorial

Composition Services

Project Editor: Nicole Sholly

Senior Project Coordinator: Kristie Rees

Acquisitions Editor: Amy Fandrei

Layout and Graphics: Reuben W. Davis,
Joyce Haughey, Melissa K. Jester,
Abby Westcott, Christine Williams

Senior Copy Editor: Barry Childs-Helton

Technical Editor: John Chirillo
Editorial Manager: Kevin Kirschner

Proofreaders: Dwight Ramsey,
Nancy L. Reinhardt

Editorial Assistant: Amanda Foxworth

Indexer: Claudia Bourbeau

Senior Editorial Assistant: Cherie Case
Cartoons: Rich Tennant
(www.the5thwave.com)

Publishing and Editorial for Technology Dummies
Richard Swadley, Vice President and Executive Group Publisher
Andy Cummings, Vice President and Publisher
Mary Bednarek, Executive Acquisitions Director
Mary C. Corder, Editorial Director
Publishing for Consumer Dummies
Diane Graves Steele, Vice President and Publisher
Joyce Pepple, Acquisitions Director
Composition Services
Gerry Fahey, Vice President of Production Services
Debbie Stailey, Director of Composition Services


Index
types of biometrics. See also comparing
biometric solutions

behavioral, 12–13, 200–201
physical properties biometrics, 201–205
physiological, 11–12
typing dynamics
biometric basis for, 112
comparisons, 117, 256–257
described, 13, 111, 275
future technologies, 198
practical considerations, 112–113
uses for, 113–114

•U•
ultrasonic/sonar biometrics,
biometric basis for, 72
comparisons, 73
defined, 274, 275
fingerprints, 65
future technologies, 187–188
overview, 71–72
practical considerations, 72–73
uses for, 73
Uncertainty Principle, Heisenberg’s, 86–87
uniqueness, 14, 275
United Arab Emirates (UAE), 45, 94
United States. See also U.S. federal and state
laws
Department of Justice, 37, 220
ports of entry, 47–49
use of iris-recognition technology, 94
United States Visitor and Immigrant Status

Indicator Technology (US-VISIT), 48, 56,
275
universality, 14, 275
updating the data, 14, 158, 159
upgrades, hardware, 161
U.S. Department of Justice, 37, 220
U.S. federal and state laws. See also legal
issues
data breach disclosure laws, 52–54
Electronic Patient Health Information
(EPHI), 54, 271
overview, 46–47
users
accepting biometric technology, 15
behavior changes required of, 144–145
with disabilities, 221–222
enrollment, 13, 138

health issues, 157–158
helpdesk for, 155–156, 250
information published for, 156–157
locked out, 155–156
needed for biometrics system, 132
needs of, 24–25, 122
privacy concerns, 127–128, 226–227
problems with, 153
safety of, 261
sharing/stealing credentials, 10, 170
as stakeholders, 129–130
surveying, 214, 227

training/educating, 17, 137–138, 152–153
workloads, reducing, 250
US-VISIT (United States Visitor and Immigrant
Status Indicator Technology), 48, 56, 275

•V•
vendor/manufacturer. See also on-site
testing; selecting a biometric system
choosing, 139–140
determining biometric requirements and,
131
following up with, 140
on-site testing through, 134–139
reference contacts for, 133–134
stability and support potential of, 139
Web site resource, 222
video surveillance, 193, 266
virus biometrics, 203–204
voice. See also speaker recognition
biometrics; speech
range and harmonics of, 105
recognition, 13, 27, 102, 275
recording to use as fake credentials, 172
translating into text, 103
vulnerabilities. See also attacks; securing
biometric systems; threats
database, 168
defined, 164, 275
identifying, 163–165
matching flaws, 170

operating-system, 167
overview, 164–165, 166
physical, 167
replay, 170
re-registration flaws, 170
software, 168–169

291


292

Biometrics For Dummies

•W•
walking, 13, 109. See also gait-recognition
biometrics
Walt Disney World, 10
Web sites
author’s, 5
Biometrics Catalog, 223–224
Central Intelligence Agency (CIA), 41
Electronic Frontier Foundation (EFF),
218–219
European Union (EU), 55
findBIOMETRICS, 222
fingerprint misappropriation, 64
International Center for Disability
Resources on the Internet (ICDRI),
221–222


John Daugman, 224
National Biometric Security Project (NBSP),
135–136, 219
National Geographic, 217–218
security information, 183–184
Third Factor Biometric Authentication
News, 223
U.S. Department of Justice, 37, 220
workloads, reducing, 250

•Y•
Young Frankenstein (film), 148