Current TC List
PKI Forum News
FOR IMMEDIATE RELEASE
For further information:
Visit the PKI Forum in Booth 3053 at Cardtech/Securtech 2001
PKI Forum Publishes New Paper Exploring Biometrics As Complementary Technology
Combination of Biometrics
and PKI Enhances
WAKEFIELD, Mass., May 15, 2001 - The PKI Forum, Inc., a multi-vendor and end-user industry consortium created to accelerate the adoption of public-key infrastructure (PKI) technologies, (www.oasis-pki.org), today announced the public release of a new paper entitled Biometrics at Cardtech/Securtech 2001 in Las Vegas.
The Biometrics paper, the latest in a series of PKI Notes published by the PKI Forum, was created by the Business Working Group and is intended to describe how two diverse technologies, PKI and biometrics, combine to produce a stronger security alternative for e-business applications. The PKI Note is available to the public on the PKI Forum Web site at www.oasis-pki.org./resources.html.
"The information security industry is making great strides toward merging different technologies and creating stronger hybrid products," said Jeff Stapleton, Manager with KPMG LLP-s Information Risk Management practice, member of the PKI Forum-s Business Work Group and author of the paper. "As biometric technologies are further refined and PKI becomes more prevalent as the way to secure biometric information, market adoption will begin to widen and we will begin seeing more widespread deployment in a number of industries."
Biometric technology uses a measurable biological or behavioral characteristic to reliably distinguish one person from another. These user characteristics are derived from an individual-s fingerprint, voice, iris, face or handwriting and comprise a biometric sample. Once the sample is obtained, it is used alone or in tandem with another sample to make a biometric template. An individual is authenticated when a current sample is found equivalent to, or "matches," the template. When combined with PKI technologies such as encryption and digital signatures, biometrics adds an extra level of authentication for access-restricted areas.
Due to the expansion of e-commerce, corporate networks are being deluged with requests for access. However, as traffic increases, so does vulnerability. The combination of biometrics and PKI can dramatically increase the security of sensitive information. Since biometric information distinguishes one person from the next, hacker-prone data once guarded with only a password becomes virtually impenetrable by adding an iris scan, fingerprint or voiceprint into the security mix.
For example, the integrity and authenticity of a financial transaction can be preserved if the end-user digitally signs the message with a private key. The financial institution then validates the digital signature using the end-user-s public key. The integrity and authenticity of the end-user-s public key is preserved in a digital certificate that is issued by a trustworthy Certification Authority (CA). In addition, the financial institution can increase the degree of assurance that the end-user really did sign the message if access to the private key is protected using a biometric.
About Public-Key Infrastructure
About the PKI Forum, Inc.
# # #
Copyright © OASIS Open 2006. All rights reserved.