Upload
duongnga
View
213
Download
0
Embed Size (px)
Citation preview
ENHANCING ASSISTIVE TECHNOLOGIES:
THROUGH THE THEORETICAL ADAPTATION OF
BIOMETRIC TECHNOLOGIES TO PEOPLE OF VARIABLE
ABILITIES
A Dissertation
Presented to the
Faculty of the
School of Business
Kennedy-Western University
In Partial Fulfillment
of the Requirements for the Degree of
Doctor of Philosophy in
Management Information Systems
by
William J. Lawson, Ph.D.
Tampa, Florida
ii
© 2003
William J. Lawson
All Rights Reserved
i
Dedication
This dissertation is dedicated to my Grandmother, Charity
Lawson who passed away September 14, 2000. Following a short
illness her life was taken away unexpectedly. After our biological
mother left when I was 2 years old and my brother Tim was only 3
months old Grandma became the mother to Tim and I.
My Grandma had been a constant source of inspiration and
encouragement in my life. Grandma was born August 25, 1918
near Chicago, Illinois to Romanian Immigrates (Gypsies). She
spent most of her childhood traveling with her parents as a
fortuneteller in a circus.
If you asked me to tell you what about my Grandmother stood
out, I would have to say that she was an extremely proud woman.
She held her head high and kept great faith through the many
trials and tribulations throughout her life. I would also tell you that
I remember her explaining the “Golden Rule” to me when I was 6
years old and I will never forget, she said that it meant to “Do
onto others as you wish done onto you”. I am so very proud of my
Grandmother - a woman endued with courage, strength, and the
will to fight. I am fortunate to have not only loved her, but to have
ii
been loved by her. What a gift she gave me, for as I write this
dedication a tear rolls down my cheek.
I love and miss you Grandma…
Acknowledgements
Without question my family have felt the pain and joy of this
project, and I thank them for their love, support and endurance
of many unique hardships.
This project could not have happened without the enthusiasm
and guidance of so many others. It would be impossible to list
the names of all of those that have encouraged me in the
adaptation of biometrics as an assistive technology. I would
therefore, like to pay homage to the insightfulness and courage
of the one individual whom opened my eyes to the assistive
possibilities of biometric. That person is Michael Burks, Public
Relations Officer of the International Center for Disability
Research on the Internet. Thank you, Michael...
Finally, a thank you to AT&T (my financial sponsor) for their
decision to support this project came from their individual
iii
leadership. They are leaders whom recognize the value and
importance of this study to business and society.
iv
Table of Contents
Page
List of Tables.............................................................xiii
List of Figures............................................................xiv
List of Images............................................................xv
List of Charts.............................................................xvii
Abstract of Dissertation
.................................................................................
xviii
Chapter 1. Introduction.............................................1-35
Proclamation of Problem...........................................1
Foundation of the Study...........................................5
Significance of the Study..........................................6
Scope of the Study..................................................7
Rational of the Study...............................................7
Glossary of Terms...................................................8
Overview of the Study..............................................34
Chapter 2. Review of Related Literature...................36-52
Mainstream Biometric Technologies............................37
Emerging Biometric Technologies...............................37
Radio Frequency Identification (RFID) .........................39
v
Smart Card Technologies..........................................40
Page
Assistive Technologies.............................................42
Cultural Barrier (Disabled & Elderly) ...........................43
Universal Design.....................................................45
Adaptation to People of Variable Abilities......................45
Privacy/Legal Issues.................................................46
Security Issues.......................................................47
Disability Demographics...........................................49
Electronic News Sources...........................................50
Study Associated Standards......................................50
Summarization of Related Literature...........................51
Chapter 3. Applied Research Methodologies.............53-68
Data Gathering Methods...........................................54
Historical Documentation..........................................55
Quantitative Research Tools......................................56
Web-Based Surveys.............................................57
One-on-One Interviews.........................................58
Qualitative Research Tools........................................60
Symposiums ...............................................60
Teleconferences ...............................................63
vi
Page
Technical Committees..........................................63
Electronic Mail Exchanges.....................................64
Communication Participants..................................65
Database of Study...................................................65
Accuracy, Reliability, Validity of Data...........................65
Originality and Limitation of Data...............................67
Methodological Summary.........................................67
Chapter 4. Analysis of Data...................................69-186
What is a Biometric.................................................70
Contrasting Authentication Methods.......................71
Contact Biometric Technologies.................................73
Fingerprint Identification......................................74
Palm Print and Footprint Identification....................77
Hand Geometry ...............................................79
Dynamic Keystroke Authentication.........................80
Dynamic Signature Recognition.............................82
Contactless Biometric Technologies............................83
Facial Geometry ...............................................84
Facial Thermography..........................................85
Page
vii
Iris Scan Recognition...........................................86
Retina Scan Recognition......................................89
Voiceprint Verification.........................................90
Accuracy...............................................................91
Liveness Test.........................................................92
Advantages...........................................................93
Disadvantages.......................................................94
Existing Standards..................................................95
Emerging Biometric Technologies...............................96
Brainwave Biometric...........................................97
DNA Identification...............................................98
Vascular Pattern Recognition................................99
Body Odor Recognition........................................102
Fingernail Bed Recognition...................................103
Gait Recognition ...............................................103
Handgrip Recognition ........................................104
Ear Pattern Recognition.......................................105
Body Salinity Identification...................................106
Infra-Red Fingertip Imaging & Pattern Recognition....107
Page
Storage Methodologies.............................................108
viii
Client-Server Architecture....................................109
Distributed Architecture.......................................109
Radio Frequency Identification (RFID)......................110
Smart Card Technologies.....................................111
Hybrid Architecture.............................................114
Existing Standards..............................................115
Disability Statistics..................................................118
Privacy/Legal Issues.................................................121
Civil Rights ..................................................122
Individual Anonymity...........................................123
Biometric Technologies........................................124
Storage Methodologies.........................................125
Private Institutions..............................................127
Government Facilities..........................................128
Public Places ................................................128
Misuse of Personal Data.......................................129
Profiling (Big Brother Watching).............................136
Page
Security Issues.......................................................138
Biometrics Technologies......................................139
ix
Storage Methodologies........................................139
Assistive Technologies.........................................142
Existing Standards..............................................142
Cultural Barriers/Perceptions.....................................145
The Elderly (Aging) Paradigm................................146
Old Disability Paradigm........................................146
New Disability Paradigm......................................147
Ability Sequestration of Society..............................157
Biometrics Technologies......................................158
Biometric Technology Markets...................................159
Law Enforcement ...............................................160
Government Sector.............................................161
Travel and Immigration........................................162
Corporate Sector ...............................................164
Financial Sector ................................................166
Healthcare Sector...............................................167
Page
Adaptation to People of Variable Abilities......................168
Reasonable Accommodation.................................168
Smart Card Interface...........................................169
x
Control ...............................................171
Universal Design................................................
171
Fused Biometric Solution......................................176
Exoskeleton ...............................................179
Implementation Strategies........................................181
Risk Assessment Methodology (RAM) .....................183
Integration Concerns...........................................184
Enrollment/Administration Practices........................185
Training/Education..............................................185
Alternative Authentication Methods........................186
Auditing ..............................................187
Accountability ...............................................187
Oversight ...............................................187
Chapter 5. Summary, Recommendations and Conclusions
188-xxx
Mainstream Biometric Technology Summary.................188
Emerging Biometric Technology Summary....................189
Page
Summary of Cultural Barriers.....................................189
Assistive Technology Summary..................................193
xi
Universal Design Summary.......................................195
Recommendations for Universal Standard....................195
Recommendations for Adaptation of Biometrics.............196
Recommendations for Storage Methodologies...............197
Recommendations for Fused Biometric Solutions...........198
Conclusions...........................................................201
References............................................................203-
214
Appendices
Appendix 1: To Be Or Not To Be? (Survey Introduction)....A-1
Appendix 2: Online Survey: Use of Biometrics and
Neural Implants...................................A-2
Appendix 3: One-on-One Interview Questionnaire.............A-3
Appendix 4: Final Result Matrix: Online Survey - Per
Question Breakdown............................A-4
Appendix 5: Fused Result: Online Survey – By
Agreement Levels................................A-5
Appendix 6: Aggregated Results of One-on-One
Interview Questions.............................A-6
xii
List of Tables
Page
xiii
Table 1: Twelve Known One-on-One Interview
Participants..................................................................57
Table 2: List of Teleconference Sponsoring
Organizations...............................................................63
Table 3: Standard Biometric Header Followed by the BDB
and
the SB........................................................................177
xiv
List of Figures
Page
Figure 1: Graphical Representation of Employed
Research
Approach.........................................................54
Figure 2: Structure of CBEFF Data Block....................177
xv
List of Images
Page
Image 1: Depiction of Fingerprint Patterns and Minutiae.....75
Image 2: Comparison of an Ultrasonic and Optical
Scanned
Fingerprint Image....................................................77
Image 3: Depiction of Palm Print Patterns and Minutiae.........78
Image 4: Depiction of Hand Geometry Recognition Process.80
Image 5: Example of the Dynamic Keystroke Authentication
Process....................................................................81
Image 6: Depiction of Dynamic Signature............................83
Image 7: Depiction of Facial Geometry Biometric................85
Image 8: Depiction of Facial Thermography Pattern Biometric
.............................................................................................86
Image 9: Depiction of Iris Scan Biometric.............................87
Image 10: Left eye of researcher (Dr. William Lawson)........88
Image 11: Depiction of Retina Scan Biometric.....................90
Image 12: Depiction of Voiceprint Verification Biometric.....91
Image 13: Depiction of EEG Brain waveforms......................98
Image 14: Delineation of Vascular Scan Pattern..................100
xvi
Image 15: Before and After Pictures of Spider Vein Procedure
.............................................................................................101
Image 16: Before and After Pictures of Varicose Vein Procedure
.............................................................................................101
List of Images (continued)
Page
Image 17: Magnification of Human Nail Bed.........................103
Image 18: Identification of Measurable Ear Features...........106
Image 19: Rendering of Fingertip Thermo Mapping Technique
.............................................................................................108
Image 20: Smallest RFID Chip..............................................111
Image 21: Component Parts of Contactless Smart Card.......112
Image 22: Flow of Smart Card Reader/Writer Functions.......113
Image 23: Inductive Coupling for Contactless Smart Card. . .114
Image 24: Example of a Biometric Identification Smart Card
.............................................................................................141
Image 25: INSPASS Station...................................................162
Image 26: Rendering of a Exoskeleton.................................179
Image 27: Example of Neural Interface................................180
xvii
List of Charts
Page
Chart 1: American Disability Statistics, 1999........................120
Chart 2: Canadian Disability Statistics, 1998........................120
Chart 3: European Disability Statistics, 2001.......................121
Chart 4: Potential Abuses of Power....................................133-
136
Chart 5: Fused Biometric Solution Decision Flow Chart........200
xviii
Abstract of Dissertation
ENHANCING ASSISTIVE TECHNOLOGIES:
THROUGH THE THEORETICAL ADAPTATION OF
BIOMETRIC TECHNOLOGIES TO PEOPLE OF VARIABLE
ABILITIES
by
William J. Lawson, Ph.D.
Tampa, Florida
THE PROBLEM
Within the international culture of today’s information age
there exist(s) barriers to the adaptation of a secure access
methodologies to electronic devices and technology for people
of variable abilities. This problem to be addressed is that of a
threefold design, each element is interconnected and of an
iterative nature.
The first element of the threefold problem is the lack of an
international assistive technology interface standard(s) that are
based on universal design philosophies, the second element is
the cultural barriers that have been created by the mindset of
xix
the international society, and the final (third) resulting element
is that the first two have created a shortage of qualified
personnel in the workplace.
There also exists a theoretical assistive technology resolution
that could feasibly be adapted to the environments of schools,
businesses, and the international society at large. Biometric
technologies could be fused with other technologies both
existing and emerging to play a significant role in the
eradication of the threefold problem.
THE METHOD
While the basal premise of this dissertation is that of original
innovation. There is no denying that the supporting elements of
the references have lent themselves to this paper are
fundamentally based on the eternal philosophies of applied
research. It is the first-hand accounts and experiences of those
whom have come before that has lead to the transition of
emerging theories and technologies to origin of what is now
known as historical documentation. It is the historical
documentation that will add credence to the premise and this
dissertation.
xx
The exploration of case studies and technology trails was
invaluable in the research process. The exploration has allowed
for the formation of new case based approaches to address the
validity and redundancy of the research. The descriptive online
surveys, one-on-one interviews, conferences, teleconferences, and
committees brought into play the cultural psyche and philosophies
of the international communities.
The quantification and qualification of the research is based
on the existence of the encompassed commonalities between all
of the acquired data and research methods. The margin for error
is subjective in nature and left to the item-by-item interpretation
of each individual person.
THE FINDINGS
The absolute majority of the research material, findings, and
available technologies predominately tend to support the
feasible adaptation of biometrics to people of variable ability
levels. Currently, with respect to the threefold problem the
findings demonstrate that element one and three can be
eradicated today. However, element two, the shift of the cultural
barrier (paradigm) cannot be accomplished until elements one
and three have been put into effect. Once element one and
xxi
three have been successfully put into effect, it will take several
years or maybe a decade for element two of the threefold
problem to be eradicated or at the very least significantly
transformed.
0
Introduction
Chapter 1
The information age has already revolutionized the way in
which we live our lives from day to day. Each and everyday, a
multitude of labor-intensive tasks are automated via some type
of electronic device or software application. The aforementioned
growth of electronics and technology has resulted in a greater
demand for a rapid and defined technique on how to adapt and
implement emerging technologies to the ever-changing
environment of today. However, businesses and the
international society must not neglect to remember that with
every advance of automation of technology comes the need to
invent a standardized interface in order to properly facilitate the
need for individual access and control.
Proclamation of Problem
Within the international culture of today’s information age
there exist barriers to the adaptation of a secure access
methodology to electronic devices and technology for people of
variable abilities. This problem to be addressed is that of a
1
threefold design, each element is interconnected and of an
iterative nature.
The first element of the threefold problem is the lack of an
international assistive technology interface standard(s) that are
based on universal design philosophies, the second element is
the cultural barriers that have been created by the mindset of
the international society, and the final (third) resulting element
is that the first two has created a shortage of qualified personnel
in the workplace.
There also exist a theoretical assistive technology resolution
that could feasibly be adapted to the environments of schools,
businesses, and the international society at large. Biometric
technologies could be fused with other technologies both
existing and emerging to play a significant role in the
eradication of the threefold problem.
The critical shortage of qualified personnel in the workplace
is partly related to the change of societies from that of an
industrial based workforce to a knowledge based workforce,
partly because the baby boomers have only had about half as
many children as their parents, and partly due to medical
advances (Schaie & Schooler, 1998). As a result the number of
2
20 to 24 year olds entering the workforce continues to fall (NCD,
2001).
This critical shortage has forced employers to rethink their
recruitment strategies and look towards targeting chronological
mature people, and people with disabilities (variable abilities)
(NCD, 2001). It is important to recognize that people with
disabilities are the largest minority group, they cross all ethnic,
racial, gender, chronological groups, and number at around 54
million Americans and growing (U.S. Department of Labor
[USDOL], 2002). Out of the 29 million working age adults with
variable abilities in the U.S., about two thirds are unemployed
and nearly 80 percent of that two thirds would like to work but
have not had the opportunity to do so (USDOL, 2002).
While people with variable abilities may have the desire to
work, they still may have to overcome the formidable attributes
of the cultural barrier or innate characteristics of a disenabling
mental, physical, or emotional barrier. Cultural barriers embody
numerous complex, dynamic, and diverse challenges to be
overcome. These challenges are related to but are not limited to
organizational, management, and worker cultures. In plain
terms, it is discrimination (Hagner & DiLeo, 1993). To overcome
3
the disenabling effects of mental, physical, or emotional
barriers, society at large has looked towards the properties
rewards of assistive technologies for reinforcements.
Assistive technologies persists to grow at a break neck pace,
society has not evolved rapidly enough to maintain pace with
the necessities of a universally conceived access and control
solution. With respect to the threefold problem, the adaptation
or fusion of biometric technologies and smart card technologies
to facilitate access and control is one technique that can be
employed to accomplish such a daunting chore.
Even in the technologically advanced environment of today,
the derivational technologies of biometrics are still considered to
be in the category of emerging technologies. Typically, an
emerging technology inhabits what is referred to as the
development stage and is thereby fundamentally proprietary in
nature. Therefore, national or international adaptation and
implementation standards are traditionally not established until
it is financially worthwhile to do so or until a profound episode
demonstrates the necessity for a particular technological
solution.
The necessity for a particular technology is typically directly
4
related to the desires of the human psyche (élan vital). Factors
surrounding those desires may possibly be demonstrated in the
form of protection (such as self-protection, self-preservation,
self-defense, security, freedom, financial markets…) or public
perception (such as conceit, complacency, personal privacy,
happiness, identity fraud, safety, loss of control, governmental
conspiracy…). Even though an emerging technology may
demonstrate the capacity to be financially rewarding and/or
fulfill a profound need a solution may still not be established,
because the technology does not apply to a large enough
demographic. For instance, the marketing strategy may not
have included disabled individuals (a routinely overlooked
demographic). It is not until such a technology is applicable or
needed by the public at large that an implementation standard
is established.
Since biometric technologies do not currently meet the
perceived needs of the public at large, a standardized
implementation plan has not been conceived. I would however
contend that public perception as related to the cultural
paradigm is the greatest challenge facing businesses, managers,
and society.
5
Foundation of the Study
This study examines the theoretical feasibility of enhancing
assistive technologies through the adaptation and
implementation of biometric technologies. Biometric
technologies could theoretical be applied to all areas of our
earthly environment and may just become the standard
identification interface between man and machine.
The information gathered from this study can be absolutely
applied to assistive technologies and in turn can be a powerful
tool to aid in the expansion of knowledge and the creation of
opportunities for all individuals worldwide.
Significance of the Study
The technological underpinnings of biometric technologies
are some have the most promising and life altering
fundamentals in existence today. Barring cultural barriers, the
adaptation and implementation of biometrics technologies could
feasibly bring about a rudimentary shift with respect to security,
access and control. Thereby, giving birth to the creation of many
new assistive technology solutions and launching the world into
a new era, an era where all things are possible and disabilities
as we know them today have been eradicated from existence.
6
Biometric technologies can be adapted to areas requiring
secure access and control. Biometrics can be used to access
logical assets and to potentially facilitate absolute control of
both logical devices and physical components, in both the
realities of the virtual and tangible worlds. In theory, biometric
technologies could be adapted to interface with applications,
personal computers, networks, accounts, human resource
records, telephone system, automotive vehicles, planes, trains,
wheelchairs, exoskeleton, and could be used in the invocation of
customized profiles to enhance the mobility of people with
varied ability levels (Nanavati et al.).
An added benefit of to biometric technologies is that it could
potentially provide society with a feasible resolution to one of
the greatest challenges facing businesses of today. That
problem is the task of business to maintain a qualified
workforce. This is primarily because of the change from an
industrial workforce to a knowledge workforce and because the
baby boomers have only had about half as many children as
their parents.
Scope of the Study
This study will center on the underlining technologies of
7
biometrics and the existence of cultural barriers with respect to
the adaptation of biometric technologies standards within the
workplace and the international society.
All attributes of the underlining technologies and the cultural
barriers will include but not be limited to the positives and
negatives of biometric readers, biometric characteristics, smart
cards, neural interfaces, technology standards, implementation
strategies, legal issues, privacy issues, barriers, workplace
culture, government culture, civilian culture, the elderly, and
people with disabilities (whom have the most to gain).
Rationale of the Study
To overcome the disenabling effects of mental, physical
(mobility), structural (building), or emotional barriers as related
to the access and control of electronic devices and technology
that span the environments of both the virtual and tangible
worlds.
The societies of the world have hence, looked towards the
advantages of assistive technologies for assistance. The reality
of the matter is that while assistive can help to overcome many
mental, physical, and emotional barriers it cannot and will not
ever possess the ability to overcome the reigning number one
8
barriers confronting people with disabilities. The reigning
number one barrier has been created by the international
society and is referred to as the cultural barriers. Cultural
barriers embody numerous complex, dynamic, and diverse
challenges to be overcome. These challenges are related to but
are not limited to cultures of the workplaces and societies of the
international communities (Hagner & DiLeo, 1993).
Biometric technologies will play a significant role in the eradication of
the threefold problem. However, the best rationale of all is that to
do so is the mark of an enlighten people and the right thing to
do.
Glossary of Terms
The following are terms that will be used throughout the study.
Ability to Verify/ATV: Is a combination of the FTE and FNMR.
Abstract Interactor: An interactor that describes the selection,
input, or output for a user interaction, without constraining
the concrete form of the interaction.
Accessibility: The opportunity for people of any ability level to
interface with electronic devices or technology to overcome
all logical and physical barriers.
9
Acoustic Emission: A proprietary technique used in signature
verification. As a user writes on a paper surface, the
movement of the pen tip over the paper fibers generates
acoustic emissions that are transmitted in the form of stress
waves within the material of a writing block beneath the
document being signed. The structure-borne elastic waves
behave in materials in a similar way to sound waves in air
and can be detected by a sensor attached to the writing
block.
Active Impostor Acceptance: When an impostor submits a
modified, simulated or reproduced biometric sample,
intentionally attempting to relate it to another person who is
an enrollee, and the person is incorrectly identified or
verified by a biometric system as being that enrollee.
Compare with 'Passive Impostor Acceptance'.
AFIS (Automated Fingerprint Identification System): A
highly specialized biometric system that compares a single
finger image with a database of finger images, AFIS is
predominantly within law enforcement agencies.
AIAP: Acronym for Alternate Interface Access Protocol.
10
AIAP-URC: Acronym for Alternate Interface Access Protocol
Universal Remote Console.
Algorithm: A sequence of instructions that tell a biometric
system how to solve a particular problem. An algorithm will
have a finite number of steps and is typically used by the
biometric engine to compute whether a biometric sample
and template is a match. See also 'Artificial Neural Network'.
Alternate/Abstract Interface Markup Language (AAIML):
The Alternate & Abstract Interface Markup Language (AAIML)
is a vehicle by which a target conveys an abstract user
interface description to a URC in the control phase, i.e. after
a session has been opened between the URC and the target.
The abstract UI description is presentation independent and
must include all features and functions the target provides
via its default (built-in) user interface.
API (Application Program Interface): A set of services or
instructions used to standardize an application. An API is
computer code used by an application developer. Any
biometric system that is compatible with the API can be
added or interchanged by the application developer. See
11
also Part III Terms Related to Specific Biometric Techniques
for 'SVAPI' under 'Speaker Verification'.
Application Developer: An individual entrusted with
developing and implementing a biometric application.
Aqueous Humor: A transparent liquid contained in the anterior
and posterior chambers of the eye, produced by the ciliary
process it passes to the venous system via the canal of
Schlemm.
Artificial Neural Network: A method of computing a problem.
An artificial neural network uses artificial intelligence to learn
by past experience and compute whether a biometric sample
and template is a match. See also 'Algorithm'.
ASIC (Application Specific Integrated Circuit): An
integrated circuit (silicon chip) that is specially produced for
a biometric system to improve performance.
Attempt: The submission of a biometric sample to a biometric
system for identification or verification. A biometric system
may allow more than one attempt to identify or verify.
Authentication: Is the process of validating that an individual
is in fact the person whom they claim to be.
12
Auto-correlation: A proprietary finger scanning technique. Two
identical finger images are overlaid in the auto-correlation
process, so that light and dark areas, known as Moiré
fringes, are created.
Automatic ID/Auto ID: An umbrella term for any biometric
system or other security technology that uses automatic
means to check identity. This applies to both one-to-one
verification and one-to-many identification.
Backbone: The main wire of a network or the wire to which the
nodes of a network connect.
Behavioral Biometric: A biometric that is characterized by a
behavioral trait that is learnt and acquired over time rather
than a physiological characteristic. See Part III Terms Related
to Specific Biometric Techniques for 'Keystroke Dynamics',
'Signature Verification' and 'Speaker Verification'. Contrast
with 'Physical/Physiological Biometric'.
Bifurcation: A branch made by more than one finger image
ridge.
Binning: A specialized technique used by some AFIS vendors.
Binning is the process of classifying finger images according
to finger image patterns. This predominantly takes place in
13
law enforcement applications. Here finger images are
categorized by characteristics such as arches, loops and
whorls and held in smaller, separate databases (or bins)
according to their category. Searches can be made against
particular bins, thus speeding up the response time and
accuracy of the AFIS search.
Biometric: A measurable, physical characteristic or personal
behavioral trait used to recognize the identity, or verify the
claimed identity, of a living person.
Biometric Application: The use to which a biometric system is
put. See also 'Application Developer'.
Biometric Data: The extracted information taken from the
biometric sample and used either to build a reference
template or to compare against a previously created
reference template.
Biometric Engine: The software element of the biometric
system, which processes biometric data during the stages of
enrolment and capture, extraction, comparison and
matching.
Biometric Identification Device: The preferred term is
'Biometric System'.
14
Biometric Sample: Data representing a biometric
characteristic of an end-user as captured by a biometric
system.
Biometric System: An automated system capable of,
Capturing a biometric sample from an end user; Extracting
biometric data from that sample; Comparing the biometric
data with that contained in one or more reference templates;
Deciding how well they match; and Indicating whether or not
an identification or verification of identity has been achieved.
Biometric Taxonomy: A method of classifying biometrics. For
example, San Jose State University's (SJSU) biometric
taxonomy uses partitions to classify the role of biometrics
within a given biometric application. Thus an application may
be classified as:
Cooperative vs. Non-Cooperative User
Overt vs. Covert Biometric System
Habituated vs. Non-Habituated User
Supervised vs. Unsupervised User
Standard Environment vs. Non Standard Environment
Biometric Technology: A classification of a biometric system
by the type of biometric.
15
Booking: The process of capturing inked finger images on
paper, for subsequent processing by an AFIS.
Capacitance: Finger images capture technique that senses an
electrical charge, from the contact of ridges, when a finger is
placed on the surface of a sensor.
Capture: The method of taking a biometric sample from the
end user.
Central processing unit (CPU): The brains of the computer.
Certificate authority (CA): The third party that issues digital
certificates and vouches for the identity of parties involved in
an online transaction.
Certification: The process of testing a biometric system to
ensure that it meets certain performance criteria. Systems
that meet the testing criteria are said to have passed and
are certified by the testing organization.
Comparison: The process of comparing a biometric sample with
a previously stored reference template or templates. See
also 'One-To-Many' and 'One-To-One'.
Claim of Identity: When a biometric sample is submitted to a
biometric system to verify a claimed identity.
16
Claimant: A person submitting a biometric sample for
verification or identification whilst claiming a legitimate or
false identity.
Clock speed: The speed at which the CPU or microprocessor
executes instructions.
Closed-Set Identification: When an unidentified end-user is
known to be enrolled in the biometric system. Opposite of
'Open-Set Identification'.
CMOS (Complementary Metal Oxide Semiconductor): A
type of integrated circuit used by some biometric systems
because of its low power consumption.
Combinatorial: The branch of mathematics concerned with
analyzing combinations of events and their associated
probabilities.
Commensurability: The universal format and length of Codes.
Concrete Interactor: An interactor that describes the
selection, input, or output for a user interaction, and includes
information on the visual or non-visual realization of that
interaction, for example a list box or a particular speech
grammar.
17
Control Phase: The control phase is the time period in the URC-
target communication exchange when the URC controls the
target via AAIML.
Crossover Rate: Synonym for 'Equal Error Rate'.
D Prime: A statistical measure of how well a biometric system
can discriminate between different individuals. The larger
the D Prime value, the better a biometric system is at
discriminating between individuals.
Deep Web: Refers to a massive trove of information stored in
databases, multimedia files and other formats that don't turn
up on standard search engine services.
Degrees of Freedom: The number of statistically independent
features in biometric data.
Denial of service attack: Occurs when hackers send
thousands or hundreds of thousands of requests to a server
at the same time with the intention of knocking it out of
service.
Discovery Phase: The discovery phase initializes the URC to
locate and identify all available targets.
18
Discriminate Training: A means of refining the extraction
algorithm so that biometric data from different individuals
are as distinct as possible.
DNA: DEOXYRIBONUCLEIC ACID organic chemical of complex
molecular structure that is found in all prokaryotic and
eukaryotic cells and in many viruses. DNA codes genetic
information for the transmission of inherited traits.
DPI (Dots Per Inch): A measurement of resolution for finger
image biometrics.
DSV (Dynamic Signature Verification): Synonym for
'Signature Verification'.
Eigenface: A method of representing a human face as a linear
deviation from a mean or average face.
Eigenhead: The three dimensional version of Eigenface that
also analyses the shape of the head.
Encryption: The act of converting biometric data into a code so
that people will be unable to read it. A key or a password is
used to decrypt (decode) the encrypted biometric data.
End User: A person who interacts with a biometric system to
enroll or have his/her identity checked.
19
End User Adaptation: The process of adjustment whereby a
participant in a test becomes familiar with what is required
and alters their responses accordingly.
Enrollee: A person who has a biometric reference template on
file.
Enrollment: The process of collecting biometric samples from a
person and the subsequent preparation and storage of
biometric reference templates representing that person's
identity.
Enrollment Time: The time period a person must spend to
have his/her biometric reference template successfully
created.
Equal Error Rate: When the decision threshold of a system is
set so that the proportion of false rejections will be
approximately equal to the proportion of false acceptances.
A synonym is 'Crossover Rate'.
Ergodicity: The representative ness of sub samples.
Ethernet: Technology standard used to link computers in local
area networks.
20
Extraction: The process of converting a captured biometric
sample into biometric data so that it can be compared to a
reference template.
Extranet: A network linking different computer networks over
the Internet.
Failure to Acquire: Failure of a biometric system to capture
and extract biometric data.
Failure to Acquire Rate: The frequency of a failure to acquire.
False Acceptance: When a biometric system incorrectly
identifies an individual or incorrectly verifies an impostor
against a claimed identity. Also known as a Type II error.
False Acceptance Rate/FAR: The probability that a biometric
system will incorrectly identify an individual or will fail to
reject an impostor. Also known as the Type II error rate.
False Match Rate/FMR: Alternative to 'False Acceptance Rate'.
Used to avoid confusion in applications that reject the
claimant if their biometric data matches that of an enrollee.
In such applications, the concepts of acceptance and
rejection are reversed, thus reversing the meaning of 'False
Acceptance' and 'False Rejection'. See also 'False Non-Match
Rate'.
21
False Non-Match Rate/FNMR: Alternative to 'False Rejection
Rate'. Used to avoid confusion in applications that reject the
claimant if their biometric data matches that of an enrollee.
In such applications, the concepts of acceptance and
rejection are reversed, thus reversing the meaning of 'False
Acceptance' and 'False Rejection'. See also 'False Match
Rate'.
False Rejection: When a biometric system fails to identify an
enrollee or fails to verify the legitimate claimed identity of an
enrollee. Also known as a Type I error.
False Rejection Rate/FRR: The probability that a biometric
system will fail to identify an enrollee, or verify the
legitimate claimed identity of an enrollee. Also known as a
Type I error rate.
Failure to Acquire/FTA: Represents the probability that the
user biometric characteristic is either damage, flawed,
and/or not presented in the correct manner.
Failure to Enroll/FTE: Represents the probability that a user
failed to enroll into the biometric system.
FAS: Fused Accessible Solution.
22
Field Test: A trial of a biometric application in 'real world' as
opposed to laboratory conditions.
Filtering: A specialized technique used by some AFIS vendors.
Filtering is the process of classifying finger images according
to data that is unrelated to the finger image itself. This may
involve filtering by sex, age, hair color or other distinguishing
factors.
Fixed-Text System: The preferred term is 'Text-Dependent
System'.
Goats: Biometric system end users whose pattern of activity
when interfacing with the system varies beyond the specified
range allowed by the system, and who consequently may be
falsely rejected by the system.
Genetic Penetrance: The degree to which characteristics are
passed from generation to generation.
Hamming Distance: The number of disagreeing bits between
two binary vectors. Used as measure of dissimilarity.
Identification/Identify: The one-to-many process of comparing
a submitted biometric sample against all of the biometric
reference templates on file to determine whether it matches
any of the templates and, if so, the identity of the enrollee
23
whose template was matched. The biometric system using
the one-to-many approach is seeking to find an identity
amongst a database rather than verify a claimed identity.
Contrast with 'Verification'.
Impostor: A person who submits a biometric samples in either
an intentional or inadvertent attempt to pass him/herself off
as another person who is an enrollee.
In-House Test: A test carried out entirely within the environs of
the biometric developer, which may or may not involve
external user participation.
Instant Messaging: A system in which words typed on a
computer appear almost simultaneously on the computer
screens of other people.
Interactor: An abstract or concrete user interface element that
describes a choice for the user to make, some input to obtain
from the user, or some output to convey to the user.
Invisible Web: see DEEP WEB.
Iris Features: A number of features can be found in the iris.
These are named corona, crypts, filaments, freckles, pits,
radial furrows and striations.
24
Linux: An operating system developed by volunteer
programmers around the world as an alternative to Microsoft
Corp.'s Windows. In addition to not being a Microsoft
product, the other big selling point of Linux is that it is open-
source software.
Live Capture: The process of capturing a biometric sample by
an interaction between an end user and a biometric system.
Live Scan: The term live scan is typically used in conjunction
with finger image technology. Synonym for 'Live Capture'.
Local area network (LAN): A computer network with a reach
limited to an office, a building or a campus.
Managed service provider (MSP): Any company that offers
outsourced hosting and management of Web-based services,
applications and equipment.
Match/Matching: The process of comparing a biometric sample
against a previously stored template and scoring the level of
similarity. A accept or reject decision is then based upon
whether this score exceeds the given threshold.
Media Access Control (MAC) Address: On a local area
network (LAN) or other network, the MAC (Media Access
Control) address is your computer's unique hardware
25
number. (On an Ethernet LAN, it's the same as your Ethernet
address.) When you're connected to the Internet from your
computer (or host as the Internet protocol thinks of it), a
correspondence table relates your IP address to your
computer's physical (MAC) address on the LAN. The MAC
address is used by the Media Access Control sub layer of the
Data-Link Layer (DLC) layer of telecommunication protocol.
There is a different MAC sub layer for each physical device
type. The other sub layer level in the DLC layer is the Logical
Link Control sub layer.
Microprocessor: See Central Processing Unit.
Minutiae: Small details found in finger images such as ridge
endings or bifurcations.
Minutiae Points: are local ridge characteristics that occur at
either a ridge bifurcation or a ridge ending.
MOC (Match-On-Card): technology offered in certain smart
cards with which a biometric template comparison is carried
out within the confines of the card.
Morphogenesis: The process of shape formation: the
processes that are responsible for producing the complex
26
shapes of adults from the simple ball of cells that derives
from division of the fertilized egg.
Neural Net/Neural Network: Synonym for 'Artificial Neural
Network'.
OEM (Original Equipment Manufacturer/Module): A
biometric organization (Manufacturer), which assembles a
complete biometric system from parts; or a biometric Module
for integration into a complete biometric system.
One-To-Many: Synonym for 'Identification'.
One-To-One: Synonym for 'Verification'.
Open-Set Identification: Identification, when it is possible that
the individual is not enrolled in the biometric system.
Opposite of 'Closed-Set Identification'.
Open source: Technology with an underlying programming
code that is free for all to use and alter. A band of
programmers, technologists and some companies around
the world are advocating open-source technology. The goal
is to develop technology that is compatible with other
technologies.
Optical: Finger images capture technique that uses a light
source, a prism and a platen to capture finger images.
27
Out Of Set: In open-set identification, when the individual is not
enrolled in the biometric system.
Passive Impostor Acceptance: When an impostor submits
his/her own biometric sample and claiming the identity of
another person (either intentionally or inadvertently) he/she
is incorrectly identified or verified by a biometric system.
Compare with 'Active Impostor Acceptance'.
Patch: Software program used to fix a hole or bug in a software
application. Companies offer "patches" free to customers
when vulnerabilities or problems are discovered in the
products they sell.
Pectinate Ligaments: The network of fibres at the iridocorneal
angle between the anterior chamber of the eye and the
venous sinus of the sclera; it contains spaces between the
fibres that are involved in drainage of the aqueous humor,
and is composed of two portions: the corneoscleral part, the
part attached to the sclera, and the uveal part, the part
attached to the iris.
Performance Criteria: Pre-determined criteria established to
evaluate the performance of the biometric system under
test.
28
Photonics: Technology used to transmit voice, data and video
via light waves over thin strands of glass.
Physical/Physiological Biometric: A biometric, which is
characterized by a physical characteristic rather than a
behavioral trait. See Part III Terms Related to Specific
Biometric Techniques for 'Body Odor', 'Ear Shape', 'Face
Recognition', 'Finger Geometry', 'Finger Image', 'Hand
Geometry', 'Iris Recognition', 'Palm', 'Retina', 'Speaker
Verification' and 'Vein check'. Contrast with 'Behavioral
Biometric'.
PIN (Personal Identification Number): A security method
whereby a (usually) four-digit number is entered by an
individual to gain access to a particular system or area.
Platen: The surface on which a finger is placed during optical
finger image capture.
Plug-in: Software programs that make a Web browser run
better, including allowing the downloading of information on
the Internet.
Presentation-Independent Template: A form of UIID. It
describes a mapping from a user interface socket to a
structured set of abstract interactors. This mapping provides
29
access to all of the commands and readable data points
within the user interface socket.
Privacy: The degree to which an individual can determine which
personal information is to be shared with whom and for what
purpose. Always a concern is when an authorized users pass
confidential information to another vendor or government
agency.
Public key infrastructure (PKI): Refers to the framework,
including digital certificates and certificate authorities, used
to securely conduct and authenticate online transactions.
Reasonable Accommodation: Include those structural and
technological modifications that do not impose an undue
hardship on the employer.
Receiver Operating Curves: A graph showing how the false
rejection rate and false acceptance rate vary according to
the threshold.
Recognition: The preferred term is 'Identification'.
Response Time: The time period required by a biometric
system to return a decision on identification or verification of
a biometric sample.
30
Ridge: The raised markings found across the fingertip. See also
'Valley'.
Ridge Ending: The point at which a finger image ridge ends.
Risk Assessment Methodology (RAM): A three-step method
of assessing the risk of whether to endorse or veto the
relevance of a proposed solution.
Routers: Devices that act as traffic cops for computer data on
the Internet.
Security: The protection of data against unauthorized access.
Programs and data can be secured by employing a carefully
designed and planned authentication method.
Semantic Web: A vision or concept articulated by some
computing leaders -- including Tim Berners-Lee, recognized
as the creator of the World Wide Web -- of how computer
programs and technologies can be used to semantically
structure, describe, search and interpret documents and
data on the Web. This concept envisions the Web evolving
from an HTML-based one to the semantic Web.
Session: A continuous period over which a user is engaged with
the target.
31
Short message service (SMS): Brief text messages that are
transmitted via mobile phones.
Software agent(s): "Intelligent" software programs that
perform tasks, search and retrieve information a user
requires from databases and computer networks.
Supplemental Resources: Interpretation and translation
resources that may be used in building a user interface.
These resources include text for labeling interface elements,
help text, translations into other languages, and icons,
graphics or other multi-media elements.
Target: The target is a device (e.g. VCR) or service (e.g. online
phone directory) that the user wishes to use.
Target-Class Template: A UIID that can be mapped to the user
interface socket of any target of a certain class such as
microwave ovens or televisions.
Technology Access Barriers (TAB): A structure or object that
impedes free bi-directional in parallel access (movement) to
technology.
Template/Reference Template: Data, which represents the
biometric measurement of an enrollee used by a biometric
32
system for comparison against subsequently, submitted
biometric samples.
Thermal: A finger image capture technique that uses a sensor
to sense heats from the finger and thus captures a finger
image pattern.
Third-generation networks): Much-hyped technology that
promises to enable high-speed downloading of data,
including videophone service, and worldwide compatibility.
Third Party Test: An objective test, independent of a biometric
vendor, usually carried out entirely within a test laboratory
in controlled environmental conditions.
Threshold/Decision Threshold: The acceptance or rejection of
biometric data is dependent on the match score falling
above or below the threshold. The threshold is adjustable so
that the biometric system can be more or less strict,
depending on the requirements of any given biometric
application.
Throughput Rate: The number of end users that a biometric
system can process within a stated time interval.
33
Trojan horse: Malicious code that is often hidden in e-mail
attachments that once activated can be used to steal or
destroy programs and data on a computer.
UBID: Acronym for Universal Biometric Identification.
UI: Acronym for User Interface.
UIID: Acronym for User Interface Implementation Description.
Ultrasound: A technique for finger image capture that uses
acoustic waves to measure the density of a finger image
pattern.
Universal Remote Console (URC): The URC is a device or
software through which the user accesses a target. The URC
complies with the AIAP-URC specification and is capable of
rendering any AAIML specified user interface. It is “universal”
in the sense that it can be used to control any AIAP-URC
compliant target. It is assumed that users will choose a URC
capable of meeting their personal interaction requirements.
URC: Acronym for Universal Remote Console.
User: The client to any biometric vendor. The user must be
differentiated from the end user and is responsible for
34
managing and implementing the biometric application rather
than actually interacting with the biometric system.
User Interface Instance: A UIID that completely describes a
user interface and has been built and made available in
advance of the user’s session with the target.
User Interface Instantiation: A UIID that completely describes
a user interface and has been dynamically derived from a
presentation-independent template during the user interface
construction phase of a user’s session with a target.
User Interface Socket: A low level description of a specific
target. It describes the functionality and state of the target
as a set of data points and commands.
Validation: The process of demonstrating that the system
under consideration meets in all respects the specification of
that system.
Valley: The corresponding marks found on either side of a
finger image ridge.
Verification/Verify: The process of comparing a submitted
biometric sample against the biometric reference template
of a single enrollee whose identity is being claimed, to
35
determine whether it matches the enrollee’s template.
Contrast with 'Identification'.
Web bugs: Invisible files hidden on Web pages to help
marketers determine who has seen their ads.
Webcast: Audio, video or both broadcast on the Web.
Web clipping: Shortened versions of Web pages designed to fit
and be displayed on the small screens of handheld devices.
Web services: A catch-all term describing a trend in which
services are delivered over the Internet, or the Internet is
used to automate tasks.
Wide area networks (WANs): Computer networks, spanning
great distances that are connected to each other.
Wi-fi: A wireless technology standard that was formerly called
802.11b. The technology allows people to connect to
networks using simple radio antennas in their laptops or
desktop PCs.
Worm: A computer program that replicates and spreads from
computer to computer via e-mail.
WSQ (Wavelet Transform/Scalar Quantisation): A
compression algorithm used to reduce the size of reference
templates.
36
X Internet: Buzzword coined by Forrester Research Inc., with
the X standing for "executable" or "extended" Internet in
which non-PC devices and consumer products, including cell
phones, televisions, cars and refrigerators, are linked to the
Internet.
Zero Effort Forgery: An arbitrary attack on a specific enrollee
identity in which the impostor masquerades as the claimed
enrollee using his or her own biometric sample.
Overview of the Study
This research paper will attempt to show that within the international
culture of today’s information age there exist a threefold (interconnected)
problem to be addressed with respect to the existence of a secure access
methodology to electronic devices and technology for people with variable
abilities. Furthermore, this study will analyze the theoretical
aspects, concepts, and barriers (logical, physical, cultural, and
tangible) related to the adaptation and implementation of
biometric technologies to people with of variable abilities. This
study must and will embody the characteristics of universal
design philosophies.
37
Review of Related Literature
Chapter 2
From a multi-dimensional perspective there are a multitude
of related theories, concepts, practices (strategies), and
technologies from both printed and electronic mediums that
apply to each individual facet of assistive technologies,
biometric technologies, smart card technologies, universal
38
design, neural control, privacy issues, legal issues, security,
accessibility, and the ever-present cultural barriers of society.
More to the point, the related literature will link the theories,
concepts, and practices of the aforementioned facets to the
adaptation of biometric technologies to people with disabilities.
Thereby, proving that biometric technologies can indeed be
adapted to people with disabilities as the supreme assistive
technology.
The paragraphs that follow will only be a synopsis of the
dominant philosophies as related to the many facets of
implementation and adaptation of biometric technologies to
people with disabilities. Hence, the following paragraphs will
assist to establish a literary framework of cultural theories,
societal concepts, implementation practices, and technology
standards.
Mainstream Biometric Technologies
The function of a biometric technologies authentication
system is to facilitate controlled access to applications,
networks, personal computers (PCs), and physical facilities. A
biometric authentication system is essentially a method of
establishing a person’s identity by comparing the binary code of
39
a uniquely specific biological or physical characteristic to the
binary code of an electronically stored characteristic called a
biometric. The defining factor for implementing a biometric
authentication system is that it cannot fall prey to hackers; it
can’t be shared, lost, or guessed. Simply put, a biometric
authentication system is an efficient way to replace the
traditional password based authentication system (Ashbourn,
2000).
Emerging Biometric Technologies
The neural waves emanate from a subject’s brain in the form
of brainwaves or bioelectrical impulses. To further iterate this,
please refer to an article called “Monkey Brain Operates
Machine” published on the BBC News website
(http://news.bbc.co.uk/hi/english/sci/tech/
newsid_1025000/1025471.stm). This is not the first article or
paper of this type, to promote the attributes of neural control.
On the contrary, there have been countless papers and articles
released from multiple universities and colleges in an attempt to
document their research.
IBVA Technologies (www.ibva.com) is the first company to
commercialize the distribution of a neural control device.
40
Essentially, a neural control device is a system that is designed
to sense and analyze a persons’ neural waves and then
interfaces with a computer to allow the user to navigate
(control) with brainwaves; neural control would be analogous to
the use of a human hand. The problem is that the technology
must be customized for each user and is therefore not easily
adaptive to each individual. The researcher has speculated that
brainwaves are unique and could emerge from neural devices as
the newest biometric. The title of the paper is "Let Me In!!!
(Biometric Access & Neural Control)” and was published
(November 2001) at
http://www.icdri.org/biometrics/let_me_in.htm by the
International Center for Disability Resources on the Internet.
Republished (March 2002) at
http://www.nextinterface.net/biometricsandsecurity and (June
2002) at http://www.findbiometrics.com/Pages/letmein.html.
Corporate and university website are of a tremendous source
of information on emerging technologies. The corporate website
of PosID, Inc. (http://www.posidinc.com) is an excellent source of
information on an emerging biometric technique known as
"Infrared Imaging And Pattern Recognition" and it should be as
41
they hold the patented (#5,351,303).
Radio Frequency Identification (RFID)
As indicated by the white paper composed by Accenture
(2001), a RFID employs radio frequency communications to
exchange data between a portable memory device and a host
computer. An RFID typically consists of a tag, label, or PCB for
storing data, an antenna to communicate, and a controller.
RFID’s can either be active (battery) or passive (no battery) and
can be produce with read/writer (two-way) or read only (one-
way) capabilities. Additionally, an RFID is a suitable method of
replacing bar code.
Clark Richter (1999) of Intermec Technologies Corporation
author of a white paper titled “RFID: An Educational Primer” he
has in general terms explained basic RFID concepts with respect
to RFID technology, markets and applications.
Editor Chris Corum (2002) of AVISAIN Inc., authored “Why
RFID is the right choice for personal ID”. In this newsletter the
author declares that an RFID card is the best and most secure
method of identification. An RFID card is a bare bones version of
a contactless smart card.
42
Smart Card Technologies
The most common standardized encryption method used to
secure a company’s infrastructure is the Public Key
Infrastructure (PKI) approach. This method consists of two keys
with a binary string ranging in size from 1024-bits to 2048-bits,
the first key is a public key (widely known) and the second key is
a private key (only known by the owner). However, the PKI must
also be stored, and inherently, it too can fall prey to the same
authentication limitation of a password, PIN, or token. It too can
be guessed, lost, stolen, shared, hacked, or circumvented; this is
even further justification for a biometric authentication system
(Corcoran et al.).
Per Walder (1997), the best overall way to secure an
enterprise infrastructure, whether it be small or large is use a
smart card. A smart card is a portable device with an embedded
central processing unit (CPU). The smart card can either be
fashioned to resemble a credit card, identification card, radio
frequency identification (RFID), or a Personal Computer Memory
Card International Association (PCMCIA) card (Biocentric
Solutions Inc., n.d.). The smart card can be used to store data of
all types, but it is commonly used to store encrypted data,
43
human resources data, medical data, and biometric data
(template). The smart card can be access via a card reader,
PCMCIA slot, or contactless proximity reader; it is therefore in
compliance with section 508 of the Americans with Disabilities
Act (ADA) (Walder, 1997).
A smart card is the best storage medium to use when
implementing a biometric authentication system; only by the
using a smart card can an organization satisfy all security and
legal requirements (Biocentric Solutions Inc., n.d.). Corcoran et
al. (1999) stated, “This process irrefutably authenticates the
person presenting the card as the same person to whom the
cryptographic keys belong and provides the necessary tight
binding between cryptographic key storage and the authorized
user of the cryptographic keys.” (p. 5).
Smart Card Alliance (http://www.smartcardalliance.org) is a
not-for-profit organization that is known among the smart card
industry as the premiere source of smart card research data and
reports. The mission of the Smart Card Alliance is to promote the
acceptance of smart card technologies. The mission of the Smart
Card Alliance would be analogous to the mission of the
44
Biometrics Consortium, which is to promote acceptance of
biometrics.
The premiere expert on the use of RFIDs and smart cards as
assistive technology to aid people with disabilities is Dr. John Gill,
OBE FIEE of the Royal National Institute for the Blind. Dr. Gill has
participated in numerous studies and published multiple papers
that are of great significance to this study. Other than the
historical documentation that has been contributed by Dr. Gill, the
research has also been participating in a one-on-one conversation
with Dr. Gill via email exchange.
Assistive Technologies
Assistive technologies play a major role in school, work, and
the society at large. With respect to authors of assistive
technology books, the quantity of material is scarce; on the
other hand the quality of the available material is supreme.
“Assistive technology: A resource for school, work, and
community”, was composed by Flippo, Inge, & Barcus (1995) and
is one such artistic production.
The fundamental development and foundation of assistive
technologies are dictated by legislation and federal policy. The
legislation and policies have also set the stage for standards
45
associated to the application of communication technologies,
sensory impairment technologies, mobility, and strategies for
schools, the workplace, and society (Flippo, Inge, & Barcus, 1995).
While published books are scarce, there are many more
source of literature related to assistive technologies from
government and nonprofit organizations, both domestic to the
United States and international. The accessible future was
authored by the National Council on Disability [NCD] (2001, June
21) and is a publication that attempts to establish that an
assistive technology framework is a civil rights concept.
As implied by Heldrick (1999), the employment of assistive
technologies within companies has also created a multitude of
developmental staffing and creative financing issues.
Cultural Barrier (Disabled & Elderly)
The post World War I theory or concept of disability was
perceived as a medical condition (mental, physical, or
emotional) that lead to the inability of a person to conduct work,
which is commonly referred to as the medical model (Heldrick,
1999). The medical model concept was perceived and widely
accepted as the most accurate definition of a person with a
disability up until the 1990’s.
46
In the 1990’s, the medical model concept (old paradigm)
started to shift ever so slightly to what is nowadays known as
the disability paradigm (new paradigm). This shift in paradigm
has lead to the rethinking of many related theories, concepts,
and practices from those that viewed disabilities under the
medical model paradigm to what is now considered to be that of
a social model (the disability paradigm) (Barnartt & Altman,
2001). Some of the most popular are the theory of work
adjustment, organizational career theory, Super’s theory, and
the role theory (Szymanski & Parker, 1996).
As stated in the proclamation of problem of this research
paper, the critical shortage of qualified personnel in the
workplace, is partly related to the change of societies from that
of an industrial based workforce to a knowledge based
workforce, partly because the baby boomers have only had
about half as many children as their parents. As a result the
number of 20 to 24 year olds entering the workforce continues
to fall (NCD, 2001). And partly because, medical advances has
contributed to the rapid growth of an aging society, as such the
aging seniors are having to working longer in order to prepare for
retirement (Schaie & Schooler, 1998).
47
The elderly paradigm is not so dissimilar from that of the old
disability paradigm. For as people age, their vision, hearing,
cognitive, and mobility abilities start to diminish. Charness, Parks
& Sabel (2001) have stated that, “If technology is not equipped to
deal with these natural human changes, it is poorly designed, and
further disenfranchises segments of the society” (p. 47). The
societies that Charness, Parks & Sabel (2001) are referring to
are those people of variable abilities.
Universal Design
Why is universal design important? A white paper titled
“Business Benefits of Access-for-All Design”, which was penned by
Steve Jacobs (2002, November 22) puts forward the concept that,
universal design is not only a good idea, it is an absolute must for
companies. Publications from many other authors, university
researchers (TRACE Center), companies (Microsoft; AT&T; and
EDS), non-profit organizations (International Center for Disability
Resources on the Internet [ICDRI]; Center for Applied Special
Technology [CAST]; The Biometric Foundation, and BioAPI
Consortium), and international government agencies all agree
with conclusions of Steve Jacobs, that in order to remain
48
competitive in the dynamic environment of today, companies
must endorse universal design standards.
Adaptation to People of Variable Abilities
The International Center for Disability Resources on the
Internet (ICDRI) has within the grasp of it’s website and experts a
theoretical account of numerous theories, concepts, and practices
with respect to people with disabilities. By no means is this
complete list of dedicated and prestigious organizations; it is only
a few. But, the same can be said of the following nonprofit and
governmental organizations; the National Organization on
Disability, the United States Department of Justice, Civil Rights
Division, and the United States Department of Labor.
Dr. John Gill, the Chief Scientist for the Royal National Institute
for the Blind has addressed numerous issues surrounding the
adaptation of assistive technologies to the elderly and people with
disabilities. Dr. Gill is well respected and he has published many
papers (Design of smart card systems to meet the needs of
disabled and elderly persons) and conducted studies (SATURN
Project).
49
Privacy/Legal Issues
The Americans Civil Liberties Union (ACLU) is only one of
many local, state, federal, and international organizations with
legitimate concerns about the security (privacy) or misuse of the
biometric data collected by the government and private
companies (Winter, 2000). The aforementioned concerns are of
such importance that two organizations were formed to address
the concerns, the first is the International Biometric Industry
Association (www.ibia.org), which is sponsored by the National
Institute of Standards and Technology (NIST) and the second is
the Bioprivacy Organization (www.bioprivacy.org), which is
sponsored by the International Biometric Group
(www.biometricgroup.com) (Woodlands Online, n.d.).
Attorney Susan Gindin of the San Diego Law Review has
authored an extraordinary paper that details numerous
informational privacy and legal issues of the Internet age. Even
though her paper “Lost and found in cyberspace: Informational
privacy in the age of the Internet” was published in 1997 much of
the content is still applicable today.
50
Security Issues
Security has always been a major concern for all information
technology professionals. To that end, many countries have
conducted studies; the Information Assurance Technical
Framework (IATF) is one such study that was sponsored by the
National Security Agency (NSA).
However, it is important to note that there exist a commonality
in security guidelines between all countries and private
institutions. Identification and Authentication (I&A) methods
consist of three common category types, a password (something
you know), a physical token (something you have), and a
biometric (something you are). The most recommended I&A
method involves combining two of the three I&A category types
(i.e. physical token and a biometric). The most common
standardized encryption method used to secure a company’s
infrastructure is the Public Key Infrastructure (PKI) approach (NSA,
2000).
The PKI approach consists of two keys with a binary string
ranging in size from 1024-bits to 2048-bits, the first key is a public
key (widely known) and the second key is a private key (only
known by the owner). However, the PKI must also be stored and
51
inherently it too can fall prey to the same authentication limitation
of a password, PIN, or token. It too can be guessed, lost, stolen,
shared, hacked, or circumvented; this is even further justification
for a biometric authentication system (Corcoran et al.).
Controlling access to logical and physical assets of both the
virtual and tangible worlds are not the only concerns that must
be addressed. Security managers must also take into account
security of the biometric data (template) (Walder, 1997).
The biometric data can be stored in a number of ways, either
in a centralized database or in a distributed system. Examples of
a distributed system would be an optical card, memory card,
proximity card, token, or a smart card. No matter what storage
method is used, the biometric data must be encrypted to ensure
that security requirements are met (Biocentric Solutions Inc.,
n.d.).
A biometric authentication system that is correctly
implemented can provide unparalleled security, enhanced
convenience, heightened accountability, superior fraud
detection, and is extremely effective in discouraging fraud
(Nanavati, S., Thieme, & Nanavati, R., 2002).
52
Disability Demographics
William P. LaPlant Jr. has and continues to aid people with dis-
abilities by volunteering his expertise to those organizations in
need of assistance. As such, he has served in multiple positions
to include serving as the Chairman of the International Center
for Information Technology Standards, Information Technology
Access Interfaces Technical Committee (INCITS/V2). It is, how-
ever, Mr. LaPlant’s income producing position as a computer sci-
entist for the U.S. Census Bureau that has aid to establish cur-
rent disability demographics. Mr. LaPlant has researched and
composed an excellent and detailed reference paper titled, “Dis-
ability Statistics & Policy in the United States of America and the
World” that clearly brings together all disability demographics.
The research paper has been published by the International Cen-
ter for Disability Resources on the Internet (ICDRI).
Additional sources of literature relating to demographics can
be found via Individuals with Disabilities: Enabling Advocacy Link
(IDEAL) and the National Organization on Disability (NOD) to name
a few.
53
Electronic News Sources
Electronic news sources provide timely notification of trends
and have aided to spread the word of biometric technologies that
have been successful and/or unsuccessful implemented within
various international market sectors of law enforcement,
government, travel and immigration, corporate, financial, and
healthcare. Here is a small indefinite quantity of those sources,
New York Times (http://www.nytimes.com), Washington Post
(http://www.washingtonpost.com), Macon Wire Service
(http://www.macon. com), The Register
(http://www.theregister.co.uk), Business Week
(http://www.businessweek.com), Newsweek/MSNBC
(http://www.msnbc.com/ news), British Broadcasting Corporation
(http://www.bbc.co.uk.com), Los Angeles Times
(http://www.latimes.com), American for Civil Liberties Union
(http://www.aclu.org/news), Find Articles
(http://www.findarticles.com), Contactless News
(http://www.contactlessnews. com), and Government Computer
News (http://www.gcn.com).
54
Study Associated Standards
The Architectural and Transportation Barriers Compliance
Board (2002); have published the Electronic and Information
Technology Accessibility Standards in the Federal Register on
December 21, 2000. This document was crafted as a directed
study in response to the technology barriers and accessibility
guidelines contained within section 508 of the Rehabilitation Act
Amendments of 1998. The sections of the Rehabilitation Act
Amendments of 1998 are to all intents and purposes amendments
to the Americans with Disabilities Act of 1990. Additionally,
standards committees like the International Committee for
Information Technology and Standards (INCITS) and other non-
profit organizations have aid in addressing the concept of
universal design as relative to assistive technologies.
Summarization of Related Literature
The work of authors such as Szymanski and Parker (1996)
have alluded to the fact that before people with disabilities could
not be fully integrated into the workplace until the culture of the
workplace becomes more welcoming. This is because the
medical model did not perceive people with disabilities as
potential workforce assets. Hence, not much emphasize had
55
been placed on resolving the workplace barriers. The shift of
paradigms from that of the medical model to the disability
model has fostered a change in the perceptions of society and
the workplace culture. Additionally, the National Council on
Disability believes that the only way to shift the culture is to
establish legislation (NCD, 2001). Still, Hagner and DiLeo (1993)
advocate a middle ground approach of legislation and
accessibility standards.
The related literature will add credence to the threefold
problem and will demonstrate that there exist a theoretical
resolution that could feasible be adapted to the environments of
schools, businesses and society at large.
56
Applied Research Methodologies
Chapter 3
The purpose of this chapter is to present the research methods
used to address the elements of previously described threefold
problem of establishing a secure access methodology of electronic
devices and technology for people with variable abilities. The gen-
eral research methodologies employed in this chapter are to a
greater extent conducive to the exploration and grouping of quali-
tative commonalities. Commonalities will be the key.
A mixed-method research strategy of integrating different ele-
ments is likely to produce better results in terms of quality and
scope. This is a practical and an ideally more monolithic way to
conceptualize and instigate the evaluation process. The mixed-
method puts forth a genuine effort to be reflexive and offers a
more critical evaluation of case studies. It is a practical and ideally
more useful means of ensuring accountability to broader audi-
ences (Yin, 1994). The researcher has combined both quantitative
and qualitative research methods.
Figure 1 is a graphical representation of the aforementioned
research approach that has been employed in this paper by the
57
researcher:
Figure 1: Graphical Representation of Employed Research
Approach
Data Gathering Methods
Though regression-discontinuity of the mixed-method research
strategy is strong in internal validity and can parallel other non-
equivalent designs in terms of validity threats, interpretation of
results might be difficult. Outcomes might be the result of com-
bined effects of factors that are not exactly related. Per Greene,
58
Caracelli, and Graham (1989) here are five major reasons to use
the mixed-method:
Triangulation - will increase chances to control, or at least as-
sess, some of the threats or multiple causes influencing our
results.
Complementarily - clarifies and illustrates results from one
method with the use of another method to add information
and qualify results (i.e. committee involvement).
Development - partial results from the results might suggest
that other assessments should be incorporated.
Initiation - stimulates new research questions or challenges
results obtained through one method (i.e. in-depth inter-
views). May provide new insights on how focus study.
Expansion - integration of procedures will expand the breadth
of the study and likely enlighten the study.
Historical Documentation
Applying historical documentation (a.k.a. lessons learned) to
this research paper is not only practical; it would have been neg-
ligent not to do so. Historical documentation will help to estab-
lish the concept of commonalities, identify concerns, link data to
propositions, and lead to the unveiling of potential solutions. His-
59
torical documents for the research paper are derived from both
printed and electronic online sources and are of domestic and in-
ternational origin. The documents are comprised of published
books, news articles, government publications, white papers,
university websites, corporate websites, and the websites of not-
for-profit organizations.
Quantitative Research Tools
The research tools consist of a combination of web-based sur-
vey (questionnaire) and one-on-one interview. Both the web-
based survey and the one-on-one interview were conceived as
quantitative research methods and are were administered to a
diverse demographic of participants. There are one hundred and
thirty-seven participants of the web-based survey. Participants
of both the web-based survey and the one-on-one interviews are
individuals that span all age groups, gender, economic status,
ability level, race, and experience level, no one group was ex-
cluded.
The one-on-one interview participants consist of thirty-five in-
dividuals of which, twelve out of the thirty-five participants are
known to the researcher. The remaining twenty-three are of ran-
dom occurrence and remain totally unknown to the researcher.
60
A list of the twelve known participants is included in Table 1.
61
Table 1: Twelve Known One-on-One Interview Participants
Name Title Organization Email AddressMichael R. Burks
Public Information Officer
ICDRI and AT&T Worldnet
[email protected] Allenby VP-Environment,
Health & SafetyAT&T Corporate [email protected]
Jose L. Par-dos, Ph.D.
Ambassador of Spain at Special Mission for IT’s
Ministry of Foreign Affairs
David DeVin-ney
Manager – EOM and CSP
AT&T Global Net-work Services
[email protected] Bunge Architect Narchitects [email protected] Pettit System Engineer AT&T Global Net- [email protected]
Wade Wilkins Project Manager Consultants In Busi-ness, Engineering, and Research
Dr John Gill Chief Scientist Royal Institute for [email protected] P. La-Plant, Jr.
Computer Scien-tist and Chair-man, INCITS/V2
U.S. Census Bu-reau/INCITS
Charles L. Sheppard
Research Coordi-nator
National Institute for Standards and Technology
Steven Trubow
Chief Technology Officer
Tal Digital [email protected]
Matthew S. Hamrick
Sr. Engineer Cryptonomicon [email protected]
Web-Based Surveys
A descriptive survey method was administered via the World
Wide Web with the cooperation and support of the International
Center for Disability Resources on the Internet (www.ICDRI.org).
The goal of the survey was to better understand how people
viewed the adaptation of biometrics to other emerging technolo-
gies. The participants were engaged via the telephone and mul-
tiple email requests that were distributed via reflector sites and
group lists. It is important to note that confidentiality is intact, as
62
the identity of the participants has remained totally obscured.
The complete survey consists of an explanation paper enti-
tled “To Be Or Not To Be (http://www.icdri.org/biometrics/
to_be_or_not.htm)” and a detailed survey (questionnaire)
(http://www.icdri.org/biometrics/ survey_biometric.htm). The ex-
planation paper served as an introduction to the survey. The ex-
planation paper is included as Appendix 1 and the detailed sur-
vey is Appendix 2.
The hope was that the survey would provide assistance in de-
termining if the international citizenry were accepting of emerg-
ing technologies. For example, were they accepting of adapting
biometrics and/or neural implants as an assistive technology, or
did they just fear the unknown?
One-on-One Interviews
The interviews averaged thirty minutes in length and were
administered from January 15, 2002 to January 15, 2003. As
many of the subjects were extremely busy people, their conve-
nience and availability were the major factor that determined
the length of the interviews. A few of the interview subjects,
however, had quite a lot to say, and these interviews were
longer. The interviews were semi-structured, and subjects were
63
encouraged to express their thoughts freely. At the beginning,
the researcher briefly explained the purpose of my study to each
subject. The researcher then, told the subject that he was ex-
ploring the possibility of adapting biometric technologies to peo-
ple of variable abilities (disabled & elderly). Usually, the subject
immediately replies with the question, why? The researcher
would then explain in further detail, that it is believed that by
fusing biometric technologies with other established and emerg-
ing technologies that it would be theoretical possible to break-
down the vast majority of access barriers. The end result is that
people would become more self-sufficient thereby causing a cul-
tural paradigm shift; hence there would be scores more of quali-
fied people available for employment. The absolute majority of
the interviews were conducted face-to-face. However, five of the
interviews were conducted via telephone and three were con-
ducted via electronic mail (total of eight).
Interviews were conducted until it became apparent in the re-
searcher’s judgment that the incremental new information from
each additional interview was minimal.
A sampling of typical and scripted open-ended questions that
were discussed has been included as Appendix 3. The hope was
64
that the interview would yield that which first-line supervisors,
middle-level managers, and senior executives believed to be
productivity barriers, attitude towards assistive technologies,
perceived technology barriers, and general management issues
they have encountered when seeking people of variable abilities
for employment. It is important to make mention that many of
the one-on-one interview participants are extremely intelligent
and of high prominence within the international community at
large. In most cases they are published authors in their own
right.
Qualitative Research Tools
The researcher’s purpose for participating in a variety of as-
sorted meeting types and electronic mail exchanges was in
some cases to share the researcher’s concept of adapting bio-
metrics to people of variable abilities. In most cases it was to sit
quietly by in order to obtain a greater understanding of technol-
ogy employment strategies from the experts (worldwide). It was
the hope of the researcher to a greater number of in person
meetings. Unfortunately, due to lack of financial sponsorship this
was not feasible.
65
Symposiums
From May 2001 to January 2003, the researcher has partici-
pated in three symposiums. The first symposium was the User
Experience Symposium 2001 that was sponsored by AT&T Labs
at the Red Bank Inn, Red Bank, New Jersey. The researcher’s
contribution to the symposium was a paper titled “Biometric
Technologies”. At this stage the assistive qualities of biometric
technologies were still in it infancy and had not been fully ex-
plored by the researcher. Overall the paper was well received
and sparked the interest of the International Center for Disability
Resources on the Internet.
By the second symposium the researcher was better prepared
to explain and answer questions pertaining to the assistive as-
pects of biometric technologies. The researcher made a presenta-
tion to three hundred plus members of the Internet Society at the
INET 2002 Symposium, Washington D.C. The paper entitled “The
New Wave” was published at http://www.icdri.org/biometrics/
new_wave.htm by ICDRI. The presentation was extremely well re-
ceived and was praised by members of he international commu-
nity. According to Jose Luis Pardos, Ph.D. the Ambassador at Large
for Spain, the techniques profiled in the ISOC presentation were
66
influential in the implementation of several projects that the Uni-
versity Murcia is working on in Spain at them moment. Below is a
direct quote from Dr. Pardos whose work is profiled at: Universi-
dad Y Discapacidad (http://www.um.es/undis) at the University of
Murcia:
It happens that I was in Washington DC. last 19th of June for INET'2002 and I had a Panel on Disabilities and beyond on Web accessibility with my long stand-ing good friends Mike Burks, Mark Urban, and some others. I did have the chance of hearing Bill Lawson *important* contribution to our Panel on Biometrics. I think he is an outstanding thinker and innovator. I have read and listen to his Presentation and I am deeply thankful for the many ways he has enlight-ened me with his many writings and deep thoughts. I also think Bill well deserves any kind of official recog-nition and I am strongly supporting it.
The 10th Plenary of the InterNational Center for Information
Technology Standards, Information Technology Access Inter-
faces Standards Development Technical Committee (INCITS/V2)
was the third symposium. The symposium was held at the Radis-
son Hotel in Orlando, Florida from January 19-20, 2003. The work
of the researched came to the attention of the Co-Chairman of
the Biometric Consortium/M1 and Chairman of INCITS/V2. Conse-
quently the researcher was invited to present at the symposium.
It was the intent of the researcher to make a persuasive presen-
67
tation to the plenary that a sub-committee must be established
in order to develop technology access standards for biometrics
that embodied the aspects of security, accessibility, and privacy.
The presentation was a huge success and the researcher is now
the Chairman of the INCITS/V2.1 Sub-committee. The researcher
expects to have a fused biometric prototype available within the
next two years. Furthermore, it is the intent of the researcher to
elaborate on the elements of the fused biometric prototype as
part of another doctoral dissertation in the very near future.
Teleconferences
The researcher has participated in dozens teleconferences re-
lated to all aspects of biometric technologies, smart card tech-
nologies, civil rights/bio-privacy initiatives, assistive technolo-
gies, and standards. The teleconferences were conducted over a
period of eighteen months and included participants from the in-
ternational community. Of the dozens of teleconference, the
same small group of organizations repeatedly sponsored the
majority of the teleconferences. A listing of the small group of
sponsoring organizations numbering at seven can be viewed in
Table 2:
68
Table 2: List of Teleconferece Sponsoring Organizations
Content Organization URLBiometric Tech-nologies
The International Biometric Group, LLC.
www.biometric-group.com Biometric Market-
ingInternational Biometric Indus-try Institute
www.ibia.org Biometric Imple-mentation
The Biometric Foundation www.biometricfoun-dation.org Biometric Privacy Bio-Privacy Organization www.bioprivacy.org
Smart Cards Tech-Smart Card Alliance www.smartcardal-Biometric Stan-dards
International Committee for In-formation Technology Stan-dards (INCITS)/M1
www.incits.org
Interface Stan-dards
International Committee for In-formation Technology Stan-
www.incits.org
Technical Committees
The researcher has participated as a contributing member in
the creation of Section 508 amendment to the American with
Disabilities Act from November 2001 to March 2002. From Sep-
tember 2001 to July 2002 the research worked with the Biomet-
ric Consortium (http:// www.biometrics.org ) (a.k.a. INCITS/M1) to
craft the first biometric template format. The biometric template
format is known as the Common Biometric Exchange File Format
(CBEFF) V1.0, which was later revised to version 1.1.
Current the researcher is working with the International Cen-
ter for Information Technology Standards (INCITS), Information
Technology Industry Council (ITI), V2 (http://www.incits.org/
tc_home/v2.htm), B10 (http://www.incits.org/tc_home/b10.htm),
T4 (http://www.incits.org/tc_home/t4.htm), and M1 (http://www.in-
69
cits.org/tc_home/m1.htm) as the Chairman of the INCITS/V2.1
Subcommittee to develop technology standards for the adapta-
tion of biometric to people of variable abilities. The standards
that come from this venture will be released as part of a new
component (field) within CBEFF V2.0.
Electronic Mail Exchanges
Given that the adaptation of biometric technologies to people
of variable abilities is theoretical in nature and in many cased
consider by some to be an emerging technology this research
method was absolutely critical to the research paper. This
method allowed the researcher to communicate with some of
the foremost experts of biometric technologies, privacy con-
cerns, legal issues, security techniques, universal design and ac-
cessibility for all methodologies.
Communication Participants
The participants were representative of all diversity factors to
include age, race, ability level, gender, culture, religion, etc…
and representative of the international community. In some case
the participant’s identity were known to the researcher and in
other cases the participant’s identity was and still remains
anonymous. The participants were as diverse as the universe
70
and as worldly as any great explorer.
Database of Study
Exploring prior case studies can reduce the need to test theo-
retical boundaries or concepts. Furthermore, the exploration of
biometric, smart card, assistive technology, and public opinion
case studies has allow the research to gain a valuable non-bias
insight into thought process and implementation strategies that
have been completed.
Accuracy, Reliability, and Validity of Data
Typically the value of research is evaluated based on its ac-
curacy, reliability, and validity, which for all meticulous purposes
equates to the notion of trustworthiness. In the quest to gain a
better understanding of the barriers relevant to the adaptation
of biometric technologies to people of variable abilities, special
attention was paid to the issue of trustworthiness. For all one-
on-one interviews the participant determined the course of his
or her interview, while the researcher asked follow-up questions
in an effort to clarify and explore certain details more thor-
oughly. Allowing the participants to determine the direction of
the interview minimized the researchers bias and increased the
extent to which the data represented the opinions of the partici-
71
pants.
To check for saturation, after the first fifteen participants
were interviewed and data was analyzed for commonalities, two
additional interviews were conducted with someone that had not
previously been interviewed. The identities of the participants
were and are still unknown to the researcher as the participants
were approached in a hospital waiting room and a coffee shop.
What is known of the participants is that they represent the dif-
ferent generational views. The formats of the interviews were
similar to the previous interviews that have been conducted, in
that they were of an open forum. After the participants had free
shared their opinions, the researcher shared the thoughts and
opinions that have been identified from the other interview and
survey participants.
Originality and Limitation of Data
Given that the focus of the research study is conceive on the
adaptation of emerging technologies to a rapidly shifting culture
it is fair to conclude that the over whelming majority of the
source material and data is of original content.
Limitations of data with respect to research methodologies
and the availability of employed tools to conduct this study are
72
riddled with intrinsic limitations. Creep of the researcher’s bias
and bias of other assistive technology supporter were an ex-
tremely limiting factor during the collection and analysis phase
of the study. The reason for this phenomenon as perceived by
the researcher is that there are many advocates of assistive
technologies and no opponents. With respect to this study the
only opponents are those of biometric technologies, not assis-
tive technologies in general.
Methodological Summary
When exploring management and adaptation of information
systems the mixed-method approach is the best method to
utilize (Greene & Caracelli, 1997). The methods and tools that
were used allowed the researcher conduct a predominately
qualitative analysis of each study unit and at same time the
study was of a predominately interpretative nature with some
aspects of positivist influences (Yin, 1994).
73
Analysis of Data
Chapter 4
Pattern matching of all evidence relative to the theoretical
adaptation of biometric technologies to people of variable
abilities will be the dominant mode of analysis to be employed
by this study (Yin, 1994). An additional consideration is that the
study will borrow a small number of the research concepts
74
and/or methodologies from chapter 3, in order to wholly
accomplish the analysis phase for this chapter.
Even though it was the intent of Greene, Caracelli, and
Graham (1989) for the following approach to be applied as a
research concept and/or methodologies. The researcher has
endeavored to transition a prominent research approach of
Greene, Caracelli, and Graham (1989) into an analysis approach
in order to identify the element of the evidence that embody the
constructs of triangulation, complementarily, development,
initiation, expansion and last but not least to aid in the unbiased
presentation of the evidence.
To help ensure validity of the analysis phase, there are four
principles that should be adhered to in order to achieve a high-
quality analysis of the evidence. As stated by Yin (1994), the
analysis ought to rely on “all relevant evidence”, “include all
major rival interpretations”, “address the most significant
aspect” of the case study, and bring to bear the researcher’s
“prior experience, expert knowledge”. Whilst conducting the
analysis phase of this study, it will be the intent of the
researcher to adopt the recommendations of Yin and other
75
research experts as fact and endeavor to adhere to such
guidance.
What is a Biometric
When this question 3 of Appendix 6 was proposed to the
participants of the one-on-one interviews the results were that
only six of the thirty-five participants were even familiar with
biometrics.
A biometric authentication system is essentially a pattern
recognition system that establishes a person’s identity by
comparing the binary code of a uniquely specific biological
(physical) or behavioral characteristic (trait) to the binary code
of a stored characteristic. This is accomplished by acquiring a
live sample (the characteristic) from a petitioner (individual who
is requesting access). The system then applies a complex and
specialized algorithm to the live sample; it is then converted into
a binary code. Once the live sample has been converted into a
binary code, it is compared to the reference sample (previously
stored binary code) to determine the petitioner’s access or not.
If we were to breakdown the word biometric we would find
that ‘bio’ simply means ‘biological (living)’ and that ‘metric’
refers to ‘measurement’. However, it is a little more complex
76
then that. A biometric is a physical body measurement of a
biological characteristic or pattern recognition of behavioral
traits (i.e. voice, signature or keyboard dynamics). Both the
biological characteristic and/or the behavioral trait must be
unique to an individual and able to be repeatedly acquired by an
electronic device.
The function of a biometric is to facilitate controlled access to
applications, networks, personal computers (PCs), and physical
facilities. Simply put, a biometric is an efficient way to replace
the traditional password based authentication system
(Ashbourn, 2000).
Contrasting Authentication Methods
There are three methods of resolving a person’s identity. The
first is verification, which involves confirming or denying a
person’s claimed identity (Am I whom I claim to be?). For now,
the consensus is that dynamic signature verification, voiceprint
verification, hand geometry, keystroke dynamics, facial
geometry recognition, thermo graphic recognition, and vein
recognition are generally considered to be verification
biometrics and are best suited for a low security area.
77
Identification is the second method of resolving a person’s
identity. With this method one has to establish a person’s
identity (Who am I?). Identification biometrics commonly include
those biometrics which have been thoroughly tested and proven
to be near to 100 percent effective in real life environments. A
fingerprint identification, palm print identification, retina scan
recognition, and iris-scan recognition are considered to be
positive identifiers. As technology evolves, the boundary
between a verification and identification biometric will be
blurred in some cases and in other cases biometrics will traverse
the boundary.
For virtually unassailable confirmation of an individual’s
identity, the third method of a multi-modal hybrid identification
method has been highly recommended (Nanavati et al, 2002).
An automatic personal identification system based solely on
fingerprints or faces is often not able to meet the system
performance requirements of the consumer. Facial recognition is
fast but not reliable; while fingerprint verification is reliable
there are many external factors that can lead to a false rejection
of a users authentication (i.e. dry finger, dirt, oil, improper
positioning, cut or abrasion).
78
Implementing a multi-modal hybrid strategy will overcome
the limitations of face recognition systems as well as fingerprint
verification systems. The identity established by the system is
more reliable than the identity established by a face recognition
system. In addition, the multi-modal fusion schema enables
performance improvement by integrating multiple cues with
different confidence measures (International Journal of
Biometrics).
For example, the Pentagon has implemented a fingerprint
and facial recognition solution within the military to identify its’
members (Washington Post, October 29, 2001).
Contact Biometric Technologies
For the purpose of this study, a biometric technology that
requires an individual to make direct contact with an electronic
device (scanner) will be referred to as a contact biometric. Given
that the very nature of a contact biometric is that a person
desiring access is required to make direct contact with an
electronic device in order to attain logical or physical access.
Because of the inherent need of a person to make direct
contact, many people have come to consider a contact biometric
to be a technology that encroaches on personal space and to be
79
intrusive to personal privacy (International Biometric Group LLC:
BioPrivacy Initiative).
An intrusive biometric is usually considered to be one which
requires undesirable contact with the subject in order to acquire
the electronic data sample of the biological characteristic in
question. An example of an intrusive biometric could be retina-
scan because of the close proximity to the eye, facial scanning
because of cultural or religious reasons (not allow to show face),
and fingerprint or palm scanning due to hygiene concerns.
Fingerprint Identification
According to Woodward, Orlans & Higgins (2003),
“Fingerprints were used as personal marks or signatures in part
of Asia as early as the third century B.C.”. The fingerprint is an
established biometric and are classified into five categories:
arch, tented arch, left loop, right loop, and whorl. The fingerprint
classification system was invented in 1892 by Azizul Haque for
Sir Edward Henry (Inspector General of Police in Bengal, India).
Up until 1926 it was thought that Sir Edward Henry invented the
fingerprint classification system. The fingerprint classification
system consequently came to be known as the Henry System.
80
A fingerprint image classification is based on the number and
location of the detected minutia (singular) point or minutiae
(plural) points. The "Henry System" is still used today to
categorize fingerprint cards. However, the fingerprint scanners
of today are much more capable of identifying more details then
just arches, tented arches, left loops, right loops, whorls. As
demonstrated by Image 1, you can clearly see the patterns and
the depiction of minutiae (Ashbourn, 2000).
Image 1: Depiction of Fingerprint Patterns and MinutiaeTop row (left to right): loop, composite (double loop), spiral, or shell whorl. Middle row
(left to right): target whorl, simple arch, tented arch. Bottom row: minutiae.
81
Source: http://www.hit.co.kr/ehomepage/solution/ Fingerprint%20Identification%20Technology.files/image002.jpg
It has been reported by many news source (i.e. The Baltimore
Sun) that there are some shortcomings related to the use of
fingerprint scanners. Fingerprint scanners work well for
fingerprint imaging of many people, but there is a percentage of
the population that cannot be adequately imaged. They include
senior citizens and laborers because their fingertips are worn
down, women and Asian’s because their prints are not well
defined (O’Brien, 2003). Finger abrasions, user errors, and
maintenance issues are attributed to this rise. In addition, many
fingerprint scanners frequently encounter problems when
attempting to image:
* Very dry finger * Irregular ridge structures * Very oily finger * Contaminated finger * Very low humidity * Contaminated platen * Finger abrasions * Improper positioning
All of these problems are the result of the inability of the
sensors that are used in those products, to penetrate through air
gaps or through contaminant material on the finger or platen. All
of these shortcomings can be overcome by way of an ultrasonic
scanner. Ultrasonic scanners can easily pass through many
82
materials to include the air gap between the scanner and user.
The below images clearly demonstrate that the fingerprint
quality of the ultrasonic scanner has been greatly enhanced.
Most importantly, while the use of a fingerprint biometric is
accessible to the majority of the population it is not accessible to
all. Fingerprint scanners require a level of mobility, coordination,
dexterity, and accuracy of finger placement that not all people
possess, especially those of variable or limited abilities.
Image 2: Comparison of an Ultrasonic and Optical Scanned Fingerprint
Optical Scanner Ultrasonic ScannerSource: http://www.ibm.input.optical.com
Palm Print and Footprint Identification
83
Whether it is palm prints or footprints, the evolution of the
human blueprint has allowed them both to share virtually all of
the same detectable characteristics as fingerprints. The major
difference is that the palm and foot are larger and can therefore
yield a greater number of minutiae points to be used for
comparison of the sample biometric to the stored biometric
template.
The parallels between the characteristics of fingerprints and
palm prints (footprints) can easily be observed by comparing
Image 1 (above) to Image 3 (below). You can clearly see the
patterns and the identification of the minutiae points on the left
side of Image 3.
Image 3: Depiction of Palm Print Patterns and Minutiae
84
Source:
http://www.jyhoriba.co.uk/jy/forensic/images/6pointsm.jpg
Just like fingerprint or palm prints, footprints can be scanned
using the same techniques as fingerprints or palm prints. The
obvious draw back is that the use of footprints as an
identification method is not sanitary, convenient or practical for
public use.
Hand Geometry
85
Hand geometry was bestowed to the populace at the
Shearson Hamill investment bank on Wall Street nearly 20 years
ago. The biometric is essentially based on the fact that every
individual's hand is shaped differently than another and over the
course of time the shape of the person's hand does not
significantly change. Unlike fingerprint imaging systems, hand
geometry readers are not affected by natural and environmental
surface details, such as lines, scars, dirt, and fingernails. The
basic operating principle is to measure and/or record the
physical geometric characteristics of an individual's hand.
There are numerous hand geometry scanning devices in
existence and they all (currently) fall into one of two detection
categories, mechanical or image-edge detection. Both methods
are used to take over 90 measurements of the length, width,
thickness, depth of fingers/thumb, and the surface area of a
person’s hand and fingers. With the technology of today all 90
measurements of a subject’s hand can be processed within one
second.
To capture the measurements of a person’s hand, a charge-
coupled device (CCD) digital camera is used to record the hand's
three-dimensional shape (Zunkel, 1998).
86
Image 4: Depiction of Hand Geometry Recognition Process Step 1 (Place Hand) Step 2 (Scanning)
Step 3 (Measurements are processed)
Source:
http://bias.csr.unibo.it/research/biolab/graphics/hand1.gif
Dynamic Keystroke Authentication
Dynamic keystroke authentication technologies is a behav-
ioral biometric that can provide a strong security and cost-effec-
tive access solution to users. Additionally, dynamic keystroke
authentication technologies are easy to deploy and maintain.
87
This is because dynamic keystroke authentication technologies
only require the purchase of proprietary software, as the re-
quired equipment, the keyboard already exist as part the users
system.
Keystroke authentication technologies look at the way a per-
son types at a keyboard (typing rhythms) and measures the
"dwell time", which is the amount of time a user holds down a
particular key and "flight time", which is the amount of time it
takes a user to transition between keys. Refer to Image X below
for an example of how the calculations transpire:
Image 5: Example of the Dynamic Keystroke Authentica-tion Process
Source: http://globalservices.fujitsu.com/fj/CATALOG/AD05/05-00023/IMAGE
88
As with any biometric there are advocates and antagonists,
and dynamic keystroke authentication technologies are no dif-
ferent. Other than the realism that a dynamic keystroke biomet-
ric is one of verification and not of identification; it is neverthe-
less the fundamental claim advocates that both enrollment as
well as authentication can occur without being detected by the
user that has antagonists concern.
One of the foremost advocates of the dynamic keystroke
recognition is Net Nanny (http://www.netnanny.com). Net Nanny
advocates the use of dynamic keystroke recognition as a
method of exacting Internet parental control in order to protect
children from Internet predators.
Dynamic Signature Recognition
No personal attribute is as common for identification as the
use of a signature. Unfortunately, a signature is one of the least
reliable methods of identification. Forgers have a myriad of ways
to reproduce a signature that looks similar to the owner.
Dynamic signature recognition technologies can foil the forgers.
When a biometric sensor captures a signature, it captures more
than just the appearance of the signature. A biometric signature
89
capture device measures such variables as the speed and
direction of your hand movements as a signature is formed.
Some units also measure the force with which you press the pen
against the paper and the angle at which you hold the pen. The
devices often consist of a pad that contains a resistive grid or a
2-D array of ultrasonic sensors. Signature-capture units can't
validate a signature already affixed to a document that was
received by mail or fax.
Image 6: Depiction of Dynamic Signature
Source: http://www.buysec.no/Produkter/Klient/SGPDAPRI/bio_logon_klein.jpg
90
Contactless Biometric Technologies
A contactless biometric can either come in the form of a
passive (biometric device continuously monitors for the correct
activation frequency) or active (user initiates activation at will)
biometric. In either event, authentication of the user biometric
should not take place until the user voluntarily agrees to present
the biometric for sampling. A contactless biometric can be used
to verify a persons identity and offers at least two dimension
that contact biometric technologies cannot match. A contactless
biometric is one that does not require undesirable contact in
order to extract the required data sample of the biological
characteristic and in that respect a contactless biometric is most
adaptable to people of variable ability levels.
Facial Geometry
Facial recognition systems are one of the fastest growing
biometric technologies. A facial geometry system measures such
characteristics as the distance between facial features (from
pupil to pupil, for instance) or the dimensions of the features
themselves (such as the width of the mouth).
In principle, the analysis of the face seems to be the best way
to perform identity authentication and also the most acceptable
91
to the public at large; for this is the most natural way for human
beings to identify someone and we do it everyday. Not to
mention, it is passive/non-intrusive. However, due to the
perception of phantasmagoric privacy and the fear of big
brother’s all seeing pineal eye this has not been the case
(further discussion to follow).
Image 7: Depiction of Facial Geometry Biometric
Source:
http://www.safe-travel.com/spids/v3/images/tech_pic1.jpg
Facial Thermography
92
Employs the use of an infrared camera to capture the
emission of heat patterns that are generated by the vascular
system of the face. Heat that passes through facial tissue of a
human being produce a unique and repeatable pattern (aura).
The captured aura is converted into data and then compared to
stored auras of authorized individuals, at which point possible
matches are generate along with probability percentages. The
facial print does not change over time and is accurate than facial
geometry identification technologies.
Image 8: Depiction of Facial Thermography Pattern Biometric
Source: www.msu.edu
93
Iris Scan Recognition
The iris (colored portion of eye) is a protected internal organ
of the eye, behind the cornea and the aqueous humor, yet
readily visible externally at a comfortable distance. The iris is
composed of elastic connective tissue, with traceable meshwork,
whose prenatal morphogenesis is completed by the 8th month
of pregnancy. It consists of pectinate ligaments adhering into a
tangled mesh revealing striations, ciliary processes, crypts,
rings, furrows, a corona, sometimes freckles, vasculature, and
other features. During the first year of life a blanket of
chromatophore cells usually changes the coloration of the iris,
but the available clinical evidence indicates that the trabecular
pattern itself is stable throughout the lifespan (Daugman, n.d.).
Image 9: Depiction of Iris Scan Biometric
Source: http://www.cnn.com/2000/TECH/computing/07/24/iris.explainer/iriscode.jpg
94
The original concept was developed by Dr. Leonard Flom and
Dr. Aran Safir, and the original software patents were developed
by Dr. John Daugman. IriScan, Inc. acquired the patent rights
from Dr. Daugman and licensed the rights for banking and
government kiosk applications to Sensar, Inc. While both Sensar
and IriScan use the same underlying technology, Sensar has
enhanced the acquisition process.
Being that the iris is an internal organ of the eye, the iris is
immune (unlike fingerprints) to environmental influences, except
for its pupillary response to light. Pupillary motions, even in the
absence of changes in illumination, and the associated elastic
deformations it creates in the iris texture, provide one test
against photographs, glass eyes, or other resemblance of a
living iris. Other tests involve changing infrared LED light
sources which should cause corresponding changes in their
specular reflections from the cornea; detecting the properties of
contact lens which might contain a printed fake iris pattern
riding upon the spherical surface of the cornea, rather than in an
internal plane within the eye; testing for the properties of living
tissue under varying wavelengths of both visible and infrared
illumination; and so forth.
95
Image 10: Left eye of researcher (Dr. William Lawson)
Left Eye Before Lasik Procedure Left Eye After Lasik Procedure
However, with the advent of laser procedures such has LASIK
to correct myopia. It is now possible to reshape of the corena,
thereby altering the keratometic (refractive) values and
thickness of the eye. While laser procedures do not alter the iris
itself, it does alter the cornea and that alone may be enough to
provoke a FTA (Failure to Acquire) or a FR (False Reject) error in
the matching process. Above is an attempt to demonstrate the
effects of Lasik, the subject is William Lawson (Courtesy of Lasik
Plus).
Retina Scan Recognition
96
The retina is the surface inside the back of the eye, upon
which images that have passed through the pupil are focused. In
order to use a retinal scanner, the user places her eye relatively
close (between 1 and 2 inches) to the reader and focuses on a
rotating green light. In order to enroll, five scans of good quality
are recommended; to verify, a single scan is needed. This
technology is generally used for physical security applications
rather than for data security applications.
Despite its relative sophistication, retina scan is actually one
of the oldest biometrics. As far back as the 1930's, research
suggested that the patterns of blood vessels on the back of the
human eye were unique from person to person. With the
exception of some types of degenerative eye diseases, or cases
of severe head trauma, retinal patterns are stable enough to be
used throughout one's life.
Image 11: Depiction of Retina Scan Biometric
97
Source: http://www.retinaltech.com/Twin2l.jpg
Voiceprint Verification
With existing voice-transmission technology, voice
recognition can work over long distances via ordinary
telephones. A well-conceived and properly implemented voice-
based security system could provide major enhancements to the
safety of financial transactions conducted over the telephone
(Voice Security Systems).
98
Image 12: Depiction of Voiceprint Verification Biometric
Source: http://www.cnn.com/1999/TECH/computing/12/27/wap.voice.idg/story.voice.cellphone.jpg
Accuracy
Accuracy of a biometric is measured in the terms of FR (False
Rejection), FAR (False Acceptance Rate), FRR (False Rejection
Rate), FMR (False Match Rate), FNMR (False Non-match Rate),
FTA (Failure to Acquire), FTE (Failure to Enroll), EER (Equal Error
Rate), ATV (Ability to Verify) (Woodward, Orlans, & Higgins,
2003).
Noting that for each biometric the interpretation of accuracy
is variable. But, even if a legitimate biometric characteristic is
presented to a biometric-based authentication system correctly,
authentication cannot be guaranteed. This could be because the
99
sensor(s) are subjected background noises, limitations of the
processing methods, changes in the environment, faulty liveness
test, and more importantly, the variability of both the biometric
characteristic as well as its presentation. And then it could be
that the biometric system was not correctly implemented or the
user was not correctly enrolled (Nanavati et al, 2002).
Liveness Test
There is not one standardized liveness test in existence
today. The reason for this is that manufactures of biometric
technologies tend to keep the details of a liveness test
confidential. Some consider liveness test to be the most critical
step in both the accuracy of the biometric and the well being of
the user.
A liveness test that is correct applied can avail itself as
another method of ensuring accuracy and security, by
eliminating the potential use of faked biometric characteristics
(i.e. the gummy finger). The liveness test addresses the urban
myth that someone can steal another’s identity by using the
severed finger to gain access to personal assets, financial or
otherwise. Once a finger or any body part is severed from the
100
body the presence of oxygen, heat, and melanin in the body
part rapidly fall towards depletion or unacceptable levels.
Advantages
Biometric technologies can be applied to areas requiring
logical access solutions, and it can be used to access
applications, personal computers, networks, financial accounts,
human resource records, the telephone system, and invoke
customized profiles to enhance the mobility of the disabled
(Nanavati et al.).
In a business-to-business scenario, the biometric
authentication system can be linked to the business processes
of a company to increase accountability of financial systems,
vendors, and supplier transactions; the results can be extremely
beneficial (Ashbourn, 2000).
The global reach of the Internet has made the services and
products of a company available 24/7, provided the consumer
has a user name and password to login. In many cases the
consumer may have forgotten his/her user name, password, or
both. The consumer must then take steps to retrieve or reset
his/her lost or forgotten login information. By implementing a
biometric authentication system consumers can op to register
101
their biometric trait or smart card with a company’s business-to-
consumer e-commerce environment, which will allow a
consumer to access their account and pay for goods and
services (e-commerce). The benefit is that a consumer will never
lose or forget his/her user name or password, and will be able to
conduct business at their convenience (Nanavati et al.).
A biometric authentications system can be applied to areas
requiring physical access solutions, such as entry into a building,
a room, a safe or it may be used to start a motorized vehicle.
Additionally, a biometric authentication system can easily be
linked to a computer-based application used to monitor time and
attendance of employees as they enter and leave company
facilities (Nanavati et al.).
In short, contactless biometrics can and do lend themselves
to people of all ability levels.
Disadvantages
Some people, especially those with disabilities may have
problems with contact biometrics. Not because they do not want
to use it, but because they endure a disability that either
prevents them from maneuvering into a position that will allow
them to make use the biometric or because the biometric
102
authentication system (solution) is not adaptable to the user.
For example, if the user is blind a voice biometric may be more
appropriate.
Existing Standards
As with any ascendant computer technology, standards and
software must precede ubiquitous deployment. The biometric
standards were sourced from Woodward, Orlans, & Higgins
(2003) pp. 173-179, National Institute of Standards and
Technology, and Information Technology Laboratory web sites:
ANSI/NIST-CSL 1-1993: Specifies a common data format for
the interchange of fingerprint information. Published by the
American National Standard for Information
Systems/National Institute of Standards and Technology –
Computer System Laboratory.
ANSI/NIST-ITL 1a-1997: Specifies a common data format for
the interchange of fingerprint, facial, scars, mark, and tattoo
information. Published by the American National Standard
for Information Systems/National Institute of Standards and
Technology – Information Technology Laboratory.
ANSI/INCITS 358-2002: Is the BioAPI Specification Version 1.1.
It defines an open source standard API that provides a set of
103
high-level abstractions for software applications to
communicate across-platforms (for example, Enroll, Verify,
Identify), a set of primitive functions, (for example, Capture,
Process, Match, Create Template) and a common data
structure called the Biometric Information Record (BIR) used
by an application as the input and output to the Biometric
Service Provider (BSP). The BioAPI V1.1 was developed by
the BioAPI Consortium (www.bioapi.org) and published by
the American National Standard for Information
Systems/International Committee for Information Technology
Standards.
NISTIR 6529-2001: Is the Common Biometric Exchange File
Format (CBEFF) describes a set of data elements necessary
to support biometric technologies in a common way
independently of the application and the domain of use (e.g.,
mobile devices, smart cards, protection of digital data,
biometric data storage). CBEFF facilitates biometric data
interchange between different system components or
between systems, promotes interoperability of biometric-
based application programs and systems, provides forward
compatibility for technology improvements, and simplifies
104
the software and hardware integration process. Published by
the National Institute of Standards and Technology –
Information Technology Laboratory.
Emerging Biometric Technologies
Many inventors, companies, and universities continue to
search the frontier for the next biometric that shows potential of
becoming the ‘one’ (to borrow a cliché from ‘The Matrix’). An
emerging biometric is a biometric that is in the infancy stages of
proven technological maturation. Once proven, an emerging
biometric will evolve in to that of an established biometric.
Brainwave Biometric
Keep in mind that brainwaves resolve into nothing more then
recognizable patterns. If we could identify at least one pattern
that was unique, unchanging, and monotonous, then we would
have a security protocol of peerless supremacy (J. Gunkleman,
personal communication, May 1, 2002). Such a solution could
not be stolen or easily duplicated and could theoretical be
applied to all people, to include mobility challenged individuals
(i.e. amputees, paraplegics, quadriplegics).
While it is true that a person has the ability to alter most of
their own brain wave patterns, through the use of drugs or other
105
external elements. It is hypothesized that they cannot alter what
is referred to as their baseline brain-wave pattern (Woodward,
Orlans, & Higgins, 2003).
Image 13: Depiction of EEG Brain waveforms
Source: www.eegspectrum.com
There are major privacy and perceived mind reading
concerns about using brainwaves as a biometric that must be
addressed (H. Boitel, personal communication, March 29 and
August 7, 2002).
DNA Identification
DNA is an abbreviation of deoxyribonucleic acid. DNA is a
unique and measurable human characteristic that is accepted by
106
society as absolute evidence of one’s identity. In reality DNA
identification is not absolute but it has come to be considered as
the best method of confirming someone’s identity with a near
perfect probability of 99.999% accuracy (http://genetic-
identity.com).
The chemical structure of everyone's DNA is the same. The
only difference between people (or any animal) is the order of
the base pairs, which there are many millions of base pairs in
each person's DNA. Using these sequences, every person can be
identified based on the sequence of their base pairs.
However, because there are so many millions of base pairs,
the task of analyzing them all would be extremely time-
consuming. Hence scientists use a small number of sequences of
DNA that are known to greatly vary among individuals in order
to ascertain the probability of a match.
The major issues with DNA identification revolve around the
realistic ability of capturing and process the sample of a person
in a controlled and lawful manner that does not violate civil
rights.
Vascular Pattern Recognition
107
The system identifies a person using the patterns of veins in
the back of the hand, face, or for that matter any body part with
visible veins. A persons vein patterns are in fact highly stable
throughout their life. They are developed before birth and even
differ between twins of all types.
Vascular pattern recognition technology has been developed
to minimize the disadvantages of commercially available
biometric systems and to provide users with impeccable
security, usability, reliability, accuracy, and user acquiescence.
Image 14: Delineation of Vascular Scan Pattern
Source: www.neusciences.com/biometrics/images/Techno9.gif
108
A note of speculative caution, this is an emerging biometric
technology and as such there is not a great deal of factual data
that speaks to the prospect of shifting veins from their original
path. With the advancing growth of laser technologies and pro-
cedures it may be possible today or in the near future to alter
the path of veins. Doing so may render a vein recognition based
biometrics as void of physical mutability and hence nullify the
validity of this technology.
The conjecture of this theory was derived from the mani-
fested data and images found via the Ideal Image website
(www.idealimage.com). Images 15 and 16 are graphical depic-
tions of both the before and after results of a spider vein and a
varicose vein procedure.
Image 15: Before and After Pictures of Spider Vein Proce-dure
109
Source: http://www.idealimage.com/photos/veins.htm
Image 16: Before and After Pictures of Varicose Vein Pro-cedure
Source: http://www.idealimage.com/photos/veins_varicose.htm
This hypothesis is further substantiated by a personal
communication with Joe Rice (CEO Brite-Sparks Engineering
110
Ltd.). Who had this to say (J. Rice, personal communication,
March 27, 2003):
Yes I think you can, one could certainly shut down some small capillary structures, however shutting down too much may lead to circulation problems and gangrene. However, I bet it's possible to alter most physical biometrics with laser surgery including, irises, retinas, fingerprints, faces, voice etc.
In fact laser surgery would probably have an impact on a behavioral trait as well, depends how radical the surgery is!
Laser surgery could be used to add or remove (write or erase) information but it's likely to have more impact on surface feature biometrics, interior feature biometrics may be more difficult to write to.
Body Odor Recognition
Body odor recognition is a contactless physical biometric that
attempts too confirm a person’s identity by analyzing the
olfactory properties of the human body scent. According to the
University of Cambridge (http://www.cam.ac.uk) the sensors that
they have developed are capable of capturing the body scent
from non-intrusive body parts, such as the hand. Each chemical
of the human scent is extracted by the biometric system and
converted into a unique data string.
111
Fingernail Bed Recognition
AIMS (http://www.nail-id.com) is a U.S. based company that
has been developing a system which scans the dermal structure
under the fingernail. The human nail bed is a unique longitudinal
structure that is made up of nearly parallel rows of vascular rich
skin with parallel dermal structures in between narrow channels.
Image 17: Magnification of Human Nail Bed
Source: http://www.nail-id.com/Media/nailgroves.gif
Gait Recognition
Is a behavior biometric that attempts to recognize people by
the manner in which they walk and/or run. Gait recognition or
gait signature as it is sometime referred to; it uses a radar
system to capture the subject in motion (gait cycle).
112
An explanation to the gait cycle can be found via the ISIS
research group at the Department of Electronics and Computer
Science at the University of South Hampton
(http://www.gait.ecs.soton.ac.uk). The gait cycle refers to angles
of the rotation formed by the thigh and lower leg rotation while
the subject is in motion. The gait cycle is divided into three
phases, stance, swing, and float. The period of time that the foot
is in contact with terra firma is the stance phase, the swing
phase is the period of time the foot is in forward motion while off
the ground, and the float phase during which time that neither
foot is on the ground. The final step is to perform a canonical
analysis using the Fourier algorithm to produce the gait
signature.
Georgia Tech Research Institute (GTRI) is considered to have
in their mist some of the foremost experts of this technology.
GTRI claim that they are building a new radar system that can
identify people from up to 500 feet away during the day, night,
and all-weather conditions.
Handgrip Recognition
Advanced Biometrics Incorporated invented this technology,
with hope of it one day being used to prevent unauthorized use
113
of handguns. Many handgun manufactures like Smith & Wesson
and Colt have invested millions in the exploration and
adaptation of this technology. It is the hope of handgun
manufactures to create a smart handgun that will only recognize
authorized users (JUSTNET).
Handgrip technology does not take measurements, nor does
it rely on external features of the hand. It focuses on the internal
part of the hand by analyzing the unique subcutaneous tissues,
blood vessel patterns, veins, arteries and fatty tissues of a hand
in a gripped position.
Ear Pattern Recognition
The shape of the outer ear, lobes, bone structure and the size
are unique to each person. Ear pattern recognition is employed
as a physical contactless biometric (Carreira-Perpinan & Sanchez-
Calle, 1995) and uses an Optophone to verify the shape of the
ear. A French company, ART Techniques, developed the
Optophone and the process. It is a telephone type handset,
which is comprised of two components (lighting source and
cameras).
114
Much like the minutiae points of a palm print or fingerprint the
outer ear has many detailed features that can be measured and
compared to a biometric template.
Image 18: Identification of Measurable Ear Features
115
Source: http://www.dcs.shef.ac.uk/~miguel/papers/ps
Body Salinity Identification
An individual’s salinity level of salt in the body is believed to
be unique. This technology passing a tiny electrical current
through the body in order to analysis the salt content. The more
salt in the body, the more conductive the body becomes to
electricity.
An unexpected benefit of this technology is that as the
electrical current passes through the body it can also carry data
at a transfer rates equivalent to a 2400-baud modem. Many
researchers Michigan State University, Indiana University,
Purdue University) have speculated that this technology could
be used to facilitate communication between devices (i.e.
watches or cell phones).
Infrared Fingertip Imaging and Pattern Recognition
The technology concepts imposed for this biometric is very
similar in most respects to the concepts that are used by facial
thermography. With both facial thermography and infrared
fingertip imagine use thermal mapping to identify patterns. The
primary difference the way in which the thermal mapping is
116
acquired. Facial thermography involves the taking of a picture
with an infrared camera, while the infrared fingertip imaging and
pattern recognition biometric involves the comparing the
relative differences in thermal energy being observed by an
infrared detector. A further contrasting comparison is that the
infrared fingertip imaging and pattern recognition biometric is a
contact biometric, while facial thermography is contactless (M.
Wilmore, personal communication, February 5, 2003)
Image 19: Rendering of Fingertip Thermo Mapping Technique
Source: http://www.posidinc.com/images/concept.jpg
117
Storage Methodologies
The biometric data can be stored in a number of ways, either
in a centralized database, in a distributed system, or on a user
owned portable storage device. Many of the methods used to
store the biometric data is done so in a cross-methodology
fashion. No matter what storage method is used, the biometric
data must be encrypted to ensure that security requirements
are met (Biocentric Solutions Inc., n.d.).
Client-Server Architecture
The client-server architecture is most commonly associated
to a centralized database approach. This approach is a one-to-
many matching process as the centralize database stores all
associated data in one location that is accessible via
telecommunications assets.
Distributed Architecture
A distributed architecture is when a database is distributed to
remote servers. In this scenario a centralized biometric database
does exist and could have been fractured into geographical data
segments using an ad hoc algorithm. The segmented data is
then forced to geographically remote servers in a distributed
118
fashion; the reason for this approach is to foster a one-to-a-few
match of biometric users to small dataset.
An example of one-to-a-few matching is an entry-control
system for the restricted-access work area of a small work group
(of, say, 20 people or fewer). In this example, the workers might
not need access cards; they might need to present only a facial
biometric to a sensor at the point of entry. A modest computer
could determine within a few seconds whether the presented
print matched one of the biometrics in the database.
Radio Frequency Identification (RFID)
A RFID is essential an inductively or capacitively coupled
electronic UPC (Universal Product Code) bar code that is part of
a distributed architecture. The RFID tag was originally developed
and attached to cattle as a method of tracking them. The herder
would use a hand held device to read the RFID. Today RFID tags
can communicate to a networked system and so that businesses
can electronic track every product as it moved through the sup-
ply chain.
Some biometric developers have proposed using attaching
RFIDs to a card for storage of biometric templates, which in itself
is not unreasonable. Other developers have proposed the im-
119
plantation of RFIDs into humans. It is possible to use RFID tech-
nology to identify and track human being, as RFIDs are currently
being used to identify and track (tag) non-humanoid animals
(RFID Journal).
Image 20: Smallest RFID ChipSmallest RFID Chip (Hitachi) is 0.3 millimeter square
Source: http://www.rfidjournal.com/ezimagecatalogue/catalogue/phpSnTWUU.jpg
Smart Card Technologies
Smart cards possess all of the advantages of RFIDs, with the
added advantages of extended computing and extended storage
space. One of application of smart cards is to decrease the
dependence on centralized databases for storing personal data
and to replace RFIDs and magnetic-stripe cards, which are not
120
smart. Smart cards may provide access to important personal
data, but the data resides on a remote storage device.
Smart cards come in two basic varieties, contact and
contactless. If not for the interchanging of two parts a contact
and contactless smart cards would be virtually identical. A
contactless smart card consist the basic parts depicted in Image
X (card body, contacts, chip, and antenna).
Image 21: Component Parts of Contactless Smart Card
Source:
http://www.swats.se/images/swats/3/swats_kortritningar.gif
Both the contactless and contact smart cards share many of
the same parts. The primary differences between a contactless
and contact smart card is that the contactless smart card has an
121
antenna and no battery, while the contact smart card is
reversed. The contact card is void of an antenna and has a
battery.
Contact smart cards use the battery as the energy source
and rely on physical contact in order to convey data. Contactless
smart cards do not have a battery as the energy source, nor
does it require contact in order convey data. In a contactless
smart card the antenna serves a dual purpose. The antenna is
used to convey the data to a remote device and it is the power
source.
Image 22: Flow of Smart Card Reader/Writer Functions
Source: http://edevice.fujitsu.com/fj/CATALOG/
122
AD05/05-00023/IMAGE/p39_e.gif
Just like an RFID the contactless smart card uses the antenna
to derive power from inductive coupling. Inductive coupling is
the process of generating a strong, high frequency electro-
magnetic field, which penetrates the cross-section of the coiled
antenna area. By inducting an electro-magnetic field voltage is
generated in the smart card's antenna coil. The voltage within
the coil reaches a maximum due to resonance step-up in the
parallel resonant circuit. This voltage is rectified and serves as
the power supply for the card functions.
Image 23: Inductive Coupling for Contactless Smart Card
123
Source: http://edevice.fujitsu.com/fj/CATALOG/AD05/05-00023/IMAGE/p37_2_e.gif
Hybrid Architecture
A hybrid-architecture schema uses a truly distributed
database (e.g. RFID or smart card) and will normally be
comprised of a TTP (trusted third party) that could be elicited via
a client-server network. The difference is that the mission of the
TTP is to verify the genuineness of the card via a security
certificate(s) and/or the MAC (Media Access Control) address. By
employing this strategy the TTP does not store user specific data
or the biometric templates and therefore does not have explicit
knowledge of the user’s identity.
Existing Standards
Standards relating to storage methods are well defined,
established and accepted by the international communities.
AAMVA Fingerprint Minutiae Format/National Standard
for the Driver License/Identification Card DL/ID-2000:
The purpose of the American Association for Motor Vehicle
Administration (AAMVA) Driver’s License and Identification
(DL/ID) Standard is to provide a uniform means to identify
issuers and holders of driver license cards within the U.S.
124
and Canada. The standard specifies identification
information on drivers’ license and ID card applications. In
the high-capacity technologies such as bar codes, integrated
circuit cards, and optical memory, the AAMVA standard
employs international standard application coding to make
additional applications possible on the same card. The
standard specifies minimum requirements for presenting
human-readable identification information including the
format and data content of identification in the magnetic
stripe, the bar code, integrated circuit cards, optical
memories, and digital imaging. It also specifies a format for
fingerprint minutiae data that would be readable across
state and province boundaries for drivers’ licenses. DL/ID-
2000 is compatible with the BioAPI specification and CBEFF.
ISO/IEC 7810 (Published 1985): Identification cards: Physical
characteristics – This standard outlines characteristics
relative to different sizes of cards. ID-1 has become the
standard size for contact and contactless cards (dimensions:
54 mm x 85.6 mm x 0.76 mm (2.125 in x 3.370 in x 0.03 in).
ISO/IEC 10373 (Published 1993): Identification cards: Test
Methods – The standard has seven parts, Part 1: General
125
characteristics tests, Part 2: Cards with magnetic stripes,
Part 3: Integrated circuit(s) cards with contacts and related
interface devices, Part 4: Close coupled cards, Part 5: Optical
memory cards, Part 6: Proximity cards, Part 7: Vicinity cards.
ISO/IEC 10536 (Published 1996): Identification cards:
Contactless integrated circuit(s) cards: Close coupling
contactless cards (operating distance less than 2 millimeters)
– The standard has three parts, Part 1: Physical
characteristics, Part 2: Dimension and location of coupling
areas, Part 3: Electronic signals and reset procedures.
ISO/IEC 14443 (Published 2001): Identification cards:
Contactless integrated circuit(s) cards: Proximity contactless
cards (operating distance up to 10 centimeters) – The
standard has four parts, Part 1: Physical characteristics, Part
2: Radio frequency power and signal interface, Part 3:
Initialization and anti-collision, Part 4: Transmission protocol.
ISO/IEC 15693 (Published 2001): Identification cards:
Contactless integrated circuit(s) cards: Vicinity contactless
cards (operating distance up to 1 meter) – The standard has
three parts, Part 1: Physical characteristics, Part 2: Air
126
interface and initialization, Part 3: Anti-collision and
transmission protocol.
ISO/TC204 Transport Information and Control Systems
(http://www.sae.org/technicalcommittees/gits.htm): Deals
with Human Factors and Man-Machine Interface issues, and
U.S. Working Advisory Groups to ISO/TC204/WGs 3, 10, 11
and 13. Standardization efforts of ISO/TC204 are harmonized
with the ongoing efforts of CEN/TC278, Road Transport and
Traffic Telematics, resulting in parallel development of global
standards.
JTC 1/SC 17 Identification Cards and related devices
(http://www.sc17.com): In 1988 the International
Organization for Standardization (ISO) and the International
Electro technical Commission (IEC) created a Joint Technical
Committee on Information Technology (ISO/IEC JTC1). JTC1
comprises of some 19 sub-committees covering the area of
Information Technology. Sub-Committee 17 (SC17) has
responsibility for developing standards for Identification
Cards and personal identification.
JTC 1/SC 31 Automatic Identification and Data Capture
Techniques (http://www.uc-council.com/sc31/home.htm):
127
ISO (International Organization for Standardization) and IEC
(International Electro-Technical Commission) jointly sponsor
Joint Technical Committee number one, JTC 1, to address
subjects of interest to both organizations. JTC 1 in turn
created several subcommittees to address specific issues.
Among those subcommittees is SC 31.
Disability Statistics
Unlike other statistical data, that which relates to people of
variable abilities is not concrete. The reasons for such variances
lie in how we as a society define the term disability, and how we
group disabilities into those that affect hearing, speech, vision,
mobility, agility, learning, memory, and psychological.
Additionally, as per the content of both the formal and
informal interviews that the researched has conducted it had
been communicated that while society may conclude that a
person to has a disability. The person in question may not
consider himself or herself to have a disability, merely just
challenged. Case in point, one of the interviewees suffers from a
hearing lost.
With respect to disability statistics, the question that we as a
society have to ask is, “at what point should we consider a loss
128
of physical or mental abilities to be a disability? Is it when a
physician has determined that the percentage of loss ability has
reached a tacit level or is when the person in question states
that he or she has a disability?”
Historically, the accumulation of disability statistic from those
countries which are considered to be less developed, is either
difficult to come by or non-existent. The following charts are an
attempt to paint a graphical picture of statistical data from the
three most predominant disabilities and their sources:
U.S. Census Bureau (http://www.census.gov):
5.7% of Americans are vision impaired 5.9% of Americans have a hearing loss 17.7% of Americans have reduced mobility
Chart 1: American Disability Statistics, 1999
129
Canadian Statistical Reference Centre
(http://www.statcan.ca/start.html):
17.4% of Canadians are vision impaired 30.4% of Canadians have a hearing loss 71.7% of Canadians have reduced mobility
Chart 2: Canadian Disability Statistics, 1998
Royal National Institute for the Blind (http://www.tiresias.org):
1.9% of Europeans are vision impaired 6% of Europeans have a hearing loss 23.1% of Europeans have reduced mobility
Chart 3: European Disability Statistics, 2001
130
Just by glancing at the charts above one can’t help to see
that there are more people whom experience reduced mobility,
than any other group.
Privacy/Legal Issues
Privacy and legal issues will almost surely delay and
complicate the introduction of biometrics into your daily routine.
If society is to realize the technology's full potential, changes are
necessary in many laws. For example, laws that require your
signature or photograph on certain documents will have to allow
(though probably not require) the substitution of biometric
identity-verification techniques.
By means of numerous personal communications, surveys
(Appendix 4, Question 3), and interviews the researcher has
concluded that by opting to use a single biometric (e.g.
fingerprint scanning) without the presence of an alternative
authentication method, that biometric technologies cannot be
applied to all groups of people. Hence, the purchaser has
ultimately chosen a solution that will surely increase the
likelihood of discrimination against specific diverse groups (i.e.
people of variable abilities).
Civil Rights
131
One of the most consistent and prolific constraint towards the
implementation of many new technologies is the controversy
over civil rights, namely privacy (physical or informational)
issues. It is a consensus of opinions that opponents of
newfangled emerging technologies such as biometrics are
necessary to the developmental and implementation processes
for emerging technology. Opponents of emerging technologies
urge all technology maestros to improve designs, refine
processes, and safeguard the things we hold most dear, our
freedom and humanity.
Furthermore, it is believed that the majority of civilized
people are compassionate and recognize the supreme need for
new assistive technologies. Therefore, both advocates and
opponents alike must do everything possible as civilized human
beings to bestow freedom to everyone in need. To accomplish
such a monumental task, society must harness the creativity
and innovation of our society to develop new theories and
assistive technologies.
Individual Anonymity
Many individuals are concern that the ubiquitous proliferation
of biometric technologies into our societies would be the catalyst
132
that leads to the destruction of individual anonymity. The
reasoning behind this fear is that the supposed lost of individual
anonymity can discourage spontaneous and free behavior (i.e.
speech). The underlining concept here is the perceived loss of
freedom or losing oneself.
Still, there are other individuals that believe that anonymity
has already gone astray. This group of individuals believes that
if the omnipresence of ‘Big Brother’ (government) wanted to
track down an individual that it could be easily accomplished via
credit card transactions, cell phones, pagers (two-way), GPS
(Global Positioning Satellites) and surveillance of the subject
and/or acquaintances.
An interesting tidbit about the concept of individual
anonymity with respect to the Fourth Amendment as explained
by Woodward, J., Orlans, N., & Higgins, P. (2003), p. 358 is that
based on:
Florida v. Royer, 460 U.S. 491, 497-498 (1983), a law enforcement officer does not violate the Fourth Amendment when he approaches an individual in a public setting and asks him questions. However, the Court has made it clear that “the person approached need not answer any question put to him; indeed he may decline to listen to the question at all and may go on his way.”
133
Biometric Technologies
The Americans Civil Liberties Union (ACLU) is only one of
many local, state, federal, and international organizations with
legitimate concerns about the security (privacy) or misuse of the
biometric data collected by the government and private
companies (Winter, 2000). It is important to note that the ACLU
does supports the use of biometric technologies for access to
logical assets and physical facilities, providing the technology is
proven to balance the elements of reliability, effectiveness,
intrusiveness level must be balanced with magnitude of risk, and
technology must be applied in a non-discriminatory manner.
Having said that, do not forget that the acceptance
requirements (elements) expressed by the ACLU are intrinsically
problematic and left to the interpretation of the user.
The aforementioned concerns are of such importance that
two organizations were formed to address the concerns, the first
is the International Biometric Industry Association
(www.ibia.org), which is sponsored by the National Institute of
Standards and Technology (NIST) and the second is the
Bioprivacy Organization (www.bioprivacy.org), which is
134
sponsored by the International Biometric Group (www.biometric
group.com) (Woodlands Online, n.d.).
An attention-grabbing veracity to point out is that it is the
consentaneous consensus of the Biometric Consortium that
biometrics was and will continue to be developed as a method of
securing freedom, protecting data, and ensuring privacy. That is
to say that biometric developers have went to great lengths to
all sensitive data is encrypted by not only one algorithm, but in
many cases multiple encryption levels.
Storage Methodologies
Privacy advocates find the establishment of centralized
databases via the traditional client-server architecture to be an
abhorrent incubus that will devour freedom. One might think that the
concerns stem from the perceive lack of ability for institutions
both government and corporate to protect valuable data from
hackers. This is, however, not the case, it appears that privacy
advocates fears revolve around the perceived notion that the
government will collect this data for the purpose of violating the
civil rights of it’s citizens.
The public perceptions of radio-frequency identification chips
is that they are an invasion of privacy that could theoretically be
135
used to track an individual's buying habits and the individuals
themselves. While the perception of industry is that RFID tags
were never intended to be used in the tracking of a person or an
individual’s buying habit’s.
Clothing manufactures embed RFID tags into the labels of
garments to track the products through the manufacturing and
supply chains. The end result would be a cost savings that could
have been passed on to the consumer (Huff, n.d.).
Despite differences in opinions, the RFID industry does seem
to agree that now is the time to explore all privacy issues
related to RFID. AIM Global
(http://www.aimglobal.org/technologies/rfid), is a global trade
association that addresses automatic identification, data
collection and networking in mobile environments, is setting up
a committee to look into privacy issues, make recommendations
and build industry consensus.
Smart cards are more secure and would remove much of the
data that pertains to a person from the centralized database.
This data would reside on the smart card. Without protection,
however, the data would be ripe for misuse. The protection
would come in the form of PKI encryption for transmissions and
136
biometrics user authentication. For example, software that
generates keys for a PKI encryption system might use data
derived from one or more biometric sensor to generate at least
one of the keys.
Private Institutions
Corporations are encroaching further into our private lives, seeking out
new opportunities to sell us products and turning every aspect of life into a
commodity. The use of biometrics and biometric storage
technologies in a corporate setting has been the subject of much
debate. Many individuals do not have a problem using the fore
mentioned technologies to monitor for security risks, sexual
harassment, and/or to ensure the acceptable performance of
employees.
The concern of labor unions and employees is that employers
will exploit the technologies to spy on employees in order to
facilitate explicit control over an employee’s every move. These
activities may diminish an employee’s morale, dignity, and
increase worker stress.
Advocates of workplace privacy are attempting to have laws
established that specifically call for the purpose, collection
limitations, accuracy of data, limits on retention of data,
137
security, and protections against the transfer of data. Advocates
believe that this level of protections elevates employees to a
more equal footing while allowing employers to monitor for
legitimate reasons (Gindin, 1997).
Government Facilities
Government facilities bring into play contrasting beliefs.
As government facilities and records are to be both a place of
work and open to the public. Records are open public so that citizens
have the ability to monitor their government and to ensure accountability
in a democratic society. Yet society demands even greater security
and monitoring of the facility and the employees.
The challenge for lawmakers is to strike a balance between the publics
right to information and the individual's right to privacy. As stated by
Gindin, S. E. (1997), the following are some of those attempted to
protect privacy:
The Electronic Communications Privacy Act of 1986 (ECPA) and the Computer Fraud and Abuse Act contain provisions to protect electronic privacy. The Privacy Protection Act of 1980 restricts governmental seizure of publishers' investigative work product. The Privacy Act of 1974 and the Computer Matching and Privacy Protection Act of 1988 regulate government record-keeping and prevent
138
government agencies from divulging certain personal information without proper authorization.
Public Places
Are biometric technologies on public streets and at
recreational events in violation of the Constitution of the United
States’ Bill of Rights
(http://www.law.emory.edu/FEDERAL/usconst.html) First
Amendment (freedom of expression/religion), Fourth
Amendment (protection against unreasonable searches and
seizures, Fifth Amendment (protection against self-
incrimination), and Fourteenth Amendment (Due Process Clause
protects against personal decisions concerning marriage,
procreation, contraception, family relationship, child rearing, and
education)? If you ask the ACLU the answer to each of these is;
Yes (http://www.aclu.org).
However, the majority of law scholars and ruling do not agree
with the stance of the ACLU. They have instead determined that
term privacy in public is a contradictory concept; as such the
expectation of privacy in a public forum does not exist. This is
reinforced by the work of Woodward, J., Orlans, N., & Higgins, P.
(2003) p. 358, that there are no laws prohibiting the collection of
139
biometric data in public places. Given this one should have no
expectation of privacy in public (Nanavati et al.).
Misuse of Personal Data
In accordance with the work of Gindin, S. E. (1997) the misuse
of personal data for something other then it’s intended purpose
is a violation of the many federal acts and statues.
American Family Privacy Act of 1997 - Prohibits federal
officers from providing access to social security, earnings,
benefits & tax information through the Internet.
Cable Communications Policy Act of 1984 - Protects cable
television subscriber information.
Children's Privacy Protection and Parental Empowerment
Act of 1999 (H.R. 369) - Prohibits the sale of personal
information about children without their parents' consent.
Collections of Information Anti-Conspiracy Act (H.R. 354) -
Creates new property rights for owners of databases of
public information.
Consumer Internet Privacy Protection Act of 1997 –
Prohibits the disclosure of personally identifiable
information without consent.
140
Consumer Internet Privacy Protection Act of 1999 (H.R.
313) - Regulate the use by interactive computer services
of personally identifiable information provided by
subscribers to such services.
Data Privacy Act of 1997 - Guidelines that limit the
collection and use of personally identifiable information
obtained from individuals through any interactive
computer service for commercial marketing purposes,
Department of Transportation and Related Agencies and
Appropriations Act, 2000 (H.R. 2084) - Two amendments
proposed by Sen. Shelby (R-AL) pertain to privacy. Section
339 eliminates federal funding for highway projects in
states that sell drivers' license personal information, motor
vehicle records, or photographs from drivers' licenses.
Section 348 repeals section 656(b) of the Omnibus
Consolidated Appropriations Act of 1997, which required
social security numbers to be displayed on drivers'
licenses.
Driver's Privacy Protection Act of 1994 - restricts the
release of motor vehicle records.
141
Fair Health Information Practices Act of 1997 – disclosure
of health information to non-medical personnel without
consent is prohibited.
Family Educational Rights and Privacy Act of 1974 (FERPA)
- protects student records.
Federal Internet Privacy Protection Act of 1997 - Prohibits
Federal agencies from making certain confidential records
with respect to individuals available through the Internet.
Federal Records Act - regulates the disposal of federal
records (all records electronic or otherwise).
Financial Information Privacy Act of 1999 (S. 187) -
Requires FDIC to set privacy rules.
Financial Services Act of 1999 (H.R. 10) - Major bank,
securities and other financial services merger bill. It
requires the FTC to issue interim reports on consumer
privacy.
H.R. 191 - Creates a tamper-proof Social Security Card
(i.e., National I.D. Card) used for employment verification.
Know your Customers Sunset Act (H.R. 516) - Prohibits
government from implementing the "Know Your Customer"
rules.
142
Patient's Bill of Rights Act of 1999 (S. 6) - Requires health
plans and insurers to protect confidentiality of medical
records and allow patient access.
Patients' Bill of Rights Act of 1999 (H.R. 358) - Requires
health plans and insurers to protect confidentiality of
medical records and allow patient access.
Personal Privacy Protection Act (H.R. 97) - Prohibits
physical intrusion into privacy for commercial purposes
(i.e., press). Exempts law enforcement.
Right to Financial Privacy Act - Prohibits the government
agencies, except for the Internal Revenue Service and
agencies supervising banks from accessing financial
records of individuals.
Social Security On-line Privacy Protection Act of 1999 (H.R.
367) - Limits disclosure of social security numbers by
interactive computer services.
Telecommunications Act of 1996 - Safeguards customer
information held by telecommunications carriers.
Video Privacy Act - Protects videotape rental records.
You will notice that the acts and statues have distinctly
manifested boundaries on the collection and/or maintenance of
143
acquired information be it in paper or electronic (i.e. biometric
templates) format. The laws also require that those requesting
information provide proper consent (usually written) before the
information can be disclosed. The challenge is to ensure that the
benefits of biometrics prevail without sacrificing personal
privacy, or worst becoming a big brother society. In spite of the
acts and statues the MSNBC.com published this following chart
collection (data source ‘The Harris Poll’):
Chart 4: Potential Abuses of PowerFor this poll, Harris Interactive interviewed by telephone 1,012 adults between Sept. 19-24, 2001 about concerns about increased law enforcement powers in the wake of the September 11 attacks. The margin of error is plus or
minus 3 percentage points.
Source: http://www.msnbc.com/news/wld/national/brill/images/abuse_power_brill_1.gif
Source: http://www.msnbc.com/news/wld/national/brill/images/abuse_power_brill_2.gif
Source: http://www.msnbc.com/news/wld/national/brill/images/abuse_power_brill_3.gif
Source: http://www.msnbc.com/news/wld/national/brill/images/abuse_power_brill_4.gif
Source: http://www.msnbc.com/news/wld/national/brill/images/abuse_power_brill_5.gif
Source: http://www.msnbc.com/news/wld/national/brill/images/abuse_power_brill_6.gif
Source: http://www.msnbc.com/news/wld/national/brill/images/abuse_power_brill_7.gif
Profiling (Big Brother is Watching)
144
As technology becomes more robust there is greater concern
about the centralization of a national identity database, for such
a database could set the stage for the practice of unwarranted
and/or unlawful surveillance. Further, it is the trepidation of
society that the collection and storage of biometric data will lead
to the prolific profiling a person based on his or her picture
(appearance), ethnicity, religion, age, or gender
(unconstitutional).
Given the following scenario, if surveillance of a person was
set into motion based on a persons picture (appearance),
ethnicity, religion, or gender. Then it would most likely be the
defense of law enforcement officers that the person was being
watched because he or she looked suspicious, which could be
construed by courts as one of the twelve exception rules (Intra-
Agency Need to Know) to The Privacy Act of 1974 (Woodward,
Orlans, & Higgins, 2003). However, if the decision to initiate
surveillance were based on profiled data of a discriminatory
nature, then the actions of the law enforcement officer would
have been illegal and unconstitutional. The problem is how can
we as a society police our police, if we cannot be sure of the
145
circumstances surrounding a law enforcement officers decision
to initiate the surveillance.
There are potential solutions to the above scenario, but not
all of the solutions are feasible. The first potential solution would
be not to use biometrics, which is not feasible because the genie
is out of the bottle. Second solution would be to ensure that
unconstitutional or profiling data is not associated to the
biometric template, which is not feasible because biometric like
facial geometry require a picture. The most logical solution
would be to decentralize of databases and give control of the
biometric templates to the biometric owner. The
decentralization can be accomplished with a smart card or RFID.
Child Protection Education of America is a nonprofit
organization that offers free digital fingerprinting (all ten) and
digital photographing of children in hopes of protecting children.
The question is does the collection and storing of this data in a
centralized database constitute a national identity database? At
this time such issues with respect to the collection of child’s
biometric has not been addressed.
146
Security Issues
The most common standardized encryption method used to
secure a company’s infrastructure is the Public Key
Infrastructure (PKI) approach. This approach consists of two keys
with a binary string ranging in size from 1024-bits to 2048-bits,
the first key is a public key (widely known) and the second key is
a private key (only known by the owner). However, the PKI must
also be stored and inherently it too can fall prey to the same
authentication limitation of a password, PIN, or token. It too can
be guessed, lost, stolen, shared, hacked, or circumvented; this is
even further justification for a biometric authentication system
(Corcoran et al.).
Because of the structure of the technology industry, making
biometric security a feature of embedded systems, such as
cellular phones, may be simpler than adding similar features to
PCs. Unlike the personal computer, the cell phone is a fixed-
purpose device. To successfully incorporate biometrics, cell-
phone developers need not gather support from nearly as many
groups as PC-application developers must.
147
Biometrics Technologies
Security has always been a major concern for company
executives and information technology professionals of all
entities. A biometric authentication system that is correctly
implemented can provide unparalleled security, enhanced
convenience, heightened accountability, superior fraud
detection, and is extremely effective in discouraging fraud
(Nanavati et al.).
Controlling access to logical and physical assets of a
company is not the only concern that must be addressed.
Companies, executives, and security managers must also take
into account security of the biometric data (template) (Walder,
1997).
There are many urban biometric legends about cutting off
someone finger or removing a body part for the purpose of gain
access. This is not true… For once you take away the blood
supply of a body part the unique details of that body part starts
to deteriorate within minutes. Hence the unique details of the
severed body part(s) is no longer in any condition to function as
an acceptable input for scanners.
Storage Methodologies
148
Per Walder (1997) the best overall way to secure an
enterprise infrastructure, whether it be small or large is use a
smart card. A smart card is a portable device with an embedded
central processing unit (CPU). The smart card can either be
fashioned to resemble a credit card, identification card, radio
frequency identification (RFID), or a Personal Computer Memory
Card International Association (PCMCIA) card (Biocentric
Solutions Inc., n.d.). The smart card can be used to store data of
all types, but it is commonly used to store encrypted data,
human resources data, medical data, financial data, and
biometric data (template). The smart card can be access via a
card reader, PCMCIA slot, or proximity reader; it is therefore in
compliance with section 508 of the Americans with Disabilities
Act (ADA) (Walder, 1997).
In most biometric-security applications, you don't ask the
system to determine the identity of the person who presents
himself to the system. That is, you don't say to the system, "Of
the millions of sets of fingerprints you have on file, which set
contains a print that matches this print?" This problem is "one-
to-many matching." Usually, you supply your identity to the
system, often by presenting a machine-readable ID card, and
149
ask the system to confirm that you are who you say you are.
This problem is "one-to-one matching." Today's PCs can conduct
a one-to-one match in, at most, a few seconds. One-to-one
matching differs significantly from one-to-many matching. In a
system that stores a million sets of prints, a one-to-many match
requires comparing the presented fingerprint with 10 million
prints (1 million sets times 10 prints/set).
Image 24: Example of a Biometric Identification Smart Card
(Source: www.biometricassociates.com)
A smart card is a must when implementing a biometric
authentication system; only by the using a smart card can an
organization satisfy all security and legal requirements
(Biocentric Solutions Inc., n.d.). Corcoran et al. (1999) stated,
“This process irrefutably authenticates the person presenting
the card as the same person to whom the cryptographic keys
belong and provides the necessary tight binding between
150
cryptographic key storage and the authorized user of the
cryptographic keys.” (p. 5).
Smart cards possess the basic elements of a computer
(interface, processor, and storage), and are therefore very
capable of performing authentication functions right on the card.
The function of performing authentication within the confines of
the card is known as ‘Matching on the Card (MOC)’. From a
security prospective MOC is ideal as the biometric template,
biometric sampling and associated algorithms never leave the
card and as such cannot be intercepted or spoofed by others
(Smart Card Alliance).
The problem with smart cards is the public-key infrastructure
certificates built into card does not solve the problem of
someone stealing the card or creating one. A TTP (Trusted Third
Party) can be used to verify the authenticity of a card via an
encrypted MAC (Media Access Control) (Everett, n.d.).
Assistive Technologies
In the not so distant past, assistive technologies were limited
to the connection of local assets; as such security concerns were
satisfied by the very nature of limited physical (hands on) access
to the assistive device. With the unveiling of networked
151
architectures of both wired and wireless venue, assistive
technologies must now be adaptive to local and networked
devices.
Existing Standards
The security standards were sourced from Woodward, Orlans,
& Higgins (2003) p. 174, the National Institute of Standards and
Technology, and Information Technology Laboratory web sites:
ANS X9.84-2001 (Published TBA): Biometric Information
Management and Security, defines the requirements for
managing and securing biometric information (for example,
fingerprint, iris scan, voiceprint) for use in the financial
industry. Published by the American National Standards
Institute (ANSI) standard was developed by the X9.F4
Working Group of ANSI Accredited Standards Committee X9,
an ANSI accredited standards organization that develops,
establishes, publishes, maintains and promotes standards for
the financial services industry. X9.84-2000 specifies the
minimum-security requirements for effective management of
biometrics data for the financial services industry and the
security for the collection, distribution and processing of
biometrics data. It specifies: (1) the security of the physical
152
hardware used throughout the biometric life cycle; (2) the
management of the biometric data across its life cycle; (3)
the utilization of biometric technology for
verification/identification of banking customers and
employees; (4) the application of biometric technology for
physical and logical access controls; (5) the encapsulation of
biometric data; and (6) techniques for securely transmitting
and storing biometric data. The biometric data object
specified in X9.84 is compatible with CBEFF.
CDSA/CSSM Authentication - Human Recognition Service
(HRS) API V2: (Common Data Security Architecture) - API for
use with CDSA/CSSM for authentication using biometric
techniques and uses the EMM (Elective Module Manager)
facilities provided in the CDSA’s CSSM (Common Security
Services Manager), to provide a generic authentication
service for CDSA. It provides a high-level generic
authentication model that is suited to use with any form of
human authentication, for operation with CDSA. Particular
emphasis has been put on designing it for performing
authentication using biometric technology. CDSA/HRS covers
the basic functions of Enrollment, Verification, and
153
Identification, and includes a database interface to allow a
biometric service provider (BSP) to manage the identification
population for optimum performance. It also provides
primitives, which allow an application to manage the capture
of samples on a client, and the functions of Enrollment,
Verification and Identification on a server. It is designed to
support multiple authentication methods, both singularly and
when used in "a combination or "layered" manner. This API
was developed by the" BioAPI Consortium, using earlier work
from several interest groups. It is based on the BioAPI
Consortium's published Version 1.0 8, March 20, 2000.
Cultural Barriers/Perceptions
People as diverse as those of variable abilities (Swanson &
Fouad, 1999) are subject to many barriers, theories, concepts,
and practices that stem from the relative culture (i.e. stigma,
dignity or heritage) and perceptions (i.e. religion or
philosophical) of the international community. These factors are
so great that they could encompass a study of their own. To that
end, Szymanski and Parker (1996) have theorized that to a
certain degree that the application of diversity factors from
current theories, concepts, and practices may be capable of
154
providing a sturdy framework to the management of employees
with disabilities. Moreover, Hagner and DiLeo (1993) have
implied that the term diversity is a synonymous reflection of the
initiatives and objectives of affirmative action policies. The
concept of diversity in the workplace actually refers to the
differences embodied by the workforce members at large
(Barnartt & Altman, 2001). The differences between all
employees in the workforce can be equated to those employees
of different or diverse ethnic origin, racial descent, gender,
sexual orientation, chronological maturity, and ability; in effect
minorities (Szymanski & Parker, 1996).
The Elderly (Aging) Paradigm
Even with the medical advances of the 21st century to
increase longevity and improved health among the aging, an
elderly person still runs the risk of developing a chronic
functional disability. The elderly have been stereotyped as
unproductive and dependent upon others for their survival. For
instance, that the elderly are too inept to keep mental pace with
rapid-growth of companies. This mindset is unfair and
155
detrimental to the vitality of society as well as the dignity of the
aging individuals.
Equality however remains limited in part due to the
persistence of myths and misperceptions by society about the
ability of people of variable abilities in business. More
interesting, is that some people of variable abilities believe the
same crippling myths themselves.
Old Disability Paradigm
As our societies and workplaces have changed from that of
industrial to informational, personal computers,
telecommunication devices, and other high-level technologies
have become the dominant component of our national culture
and economic system. This has also changed employees from
industrial workers (skilled laborer) to knowledge workers. The
result of this change is that people of variable abilities now have
more career options (National Council on Disability [NCD],
2001).
In retrospect, the post World War I theory or concept of
disability was perceived as a medical condition (mental,
physical, or emotional) that lead to the inability of a person to
conduct work, which is commonly referred to as the medical
156
model (Heldrick, 1999). The medical model concept was
perceived and widely accepted as the most accurate definition
up until the 1990’s. In the 1990’s, the medical model concept
(old paradigm) started to shift ever so slightly to what is
nowadays known as the disability paradigm (new paradigm).
New Disability Paradigm
The shift in paradigms from the old to the new has lead to
the rethinking of many related theories, concepts, and practices
from those that viewed disabilities under the medical model
paradigm to what is now considered to be that of a social model
(new disability paradigm) (Barnartt & Altman, 2001). Some of
the most popular theories, concepts, and practices are the
theory of work adjustment, organizational career theory, Super’s
theory, and the role theory (Szymanski & Parker, 1996).
The theory of work adjustment was developed in the 1960s
by the state of Minnesota and for all intensive purposes the
theory of work adjustment is a person-environment theory
model (Hagner & DiLeo, 1993). In accordance with the work of
Szymanski and Parker (1996), the relationship between the
employee and the workplace environment can be a source of
unfathomed strength or profound confusion. Nonetheless,
157
Szymanski and Parker (1996) have stated that the person-
environment theory model is based on the following
paraphrased assumptions (p. 83):
Individuals seek out and create environments that offer
possibilities of leadership such that they are in charge.
Degree of fit between the person and environment is
associated with significant outcomes that can substantially
affect the performance, productivity, satisfaction,
turnover, and stress.
The process of person and environment fit is reciprocal.
The major presumption in the theory of work adjustment is
that employees seek to maintain a positive relationship with
their workplace environment. Employees therefore bring their
individual and/or team requirements to the workplace
environment, and the workplace environment brings its
requirements to the individual employees or the team (Barnartt
& Altman, 2001). The implication is that for work adjustment to
take place the employee and the workplace environment must
achieve some degree of incontrovertible symmetry. In simplistic
terms the employee and the workplace environment are in
effect tethered to each other. The theory of work adjustment
158
does not only apply to individuals with disabilities, it actually
applies to all employees (Swanson & Fouad, 1999).
When the organizational career theory was first conceived it
was perceived as an economic based theory and did not include
employees with disabilities. This is because the medical model of
disability was still widely accepted and a person with a disability
was not thought of as needing or desiring a career, for he or she
was unable to work (Swanson & Fouad, 1999). The
organizational career theory is more of a theoretical method
that can be used by employers in the development of career
planning strategies or to meet company objectives and as a
strategic career management tool for employees. The purpose
of this theory is to match the skills and abilities of an employee
to the best career fit within the organization (Szymanski &
Parker, 1996). The organizational career theory favors the
established hierarchical bureaucracy of an enterprise as the idea
and most efficient method of deployment. Hence, it is the
responsibility of the employer to seek the best career fit to meet
required organizational personnel objective, in doing so the
employee will subsequently profit (Swanson & Fouad, 1999).
159
Super’s Theory is a developmental theory that predicates the
notion that there exists a fundamental correlation between the
differences of people and occupations. These differences can be
summed up in terms of abilities and personality traits. In theory,
to achieve the most benevolent outcome it is feasibly possible
for employers to translate such differences into occupational
suitability factors for people with disabilities (Swanson & Fouad,
1999). As stated in the work of Szymanski and Parker (1996),
the Super’s theory encompasses fourteen propositions, of which
only three have practical application to the management of
employees with disabilities (p. 87-89):
People differ in their abilities and personalities, needs,
values, interests, traits, and self-concepts.
People are qualified, by virtue of these characteristics,
each for a number of occupations.
Each occupation requires a characteristic pattern of ability
and personality traits, with tolerances wide enough to
allow both some variety of occupation.
Since Super’s theory is a developmental theory it is relevant
to make note that employees progress through seven different
stages of career priority. This progression is most often
160
associated to an employee’s age. For example, at age 18 an
employee may be on a journey of self-discovery or exploration
for the career. The progression of stages continues from the
exploratory stage, to basic training, to early career, to mid-
career, to late career, to disengagement of career focus, to the
final stage of retirement (Hagner & DiLeo, 1993). However, for
employees with disabilities this progression stages most often
becomes stuck for an extended time somewhere in between the
early to mid-career stages (Swanson & Fouad, 1999). As
indicated by Barnartt and Altman (2001), it is important for a
manager to recognize such a condition and take action in the
advancement of an employee to the next career stage.
In reference to the role theory, employees fit into a particular
career role and as such they are expected to assume the
perceived characteristics of that role. The career role may be
permanent or temporary and will dictate how each person or
employee’ will be perceived by the employer and society. Under
the medical model, a person with a disability is perceived by
society as unable to work. Thus, it is very hard for some people
(employers, managers, etc.) to understand why someone with a
disability would desire to work (Barnartt & Altman, 2001).
161
The role theory is a sociological theory composed of multiple
role concepts. Barnartt and Altman (2001) have listed several of
these role concepts. They are, “role salience, role set, role
discontinuity, role strain, role conflict, role ambiguity and role
synchrony” (p. 85).
As per the concept of workplace accommodations, employers
with 15 employees or more must make reasonable workplace
accommodations for employees with disabilities. Reasonable
accommodations will include those structural and technological
modifications that do not impose an undue hardship on the
employer. The phases ‘reasonable accommodations’ and ‘undue
hardship’ have not been distinctly defined. However, each can
be gauged by the size, revenue, and nature of the company. For
those employers or managers desiring more detail, they can
refer the guidelines outlined by the Americans with Disabilities
Act 1990 and current amendments via the Disability Rights
Section website (United States Department of Justice, Civil
Rights Division, Disability Rights Section [USDOJ], 2002).
From the perspective of the manager, some disabilities or
impairment may be hidden or just not obvious. Furthermore, the
Americans with Disabilities Act of 1990, precludes the employer
162
from inquiring about a disability or impairment. It is therefore
the obligation of the employee to furnish the manager or
employer with enough selective information to demonstrate that
an employee has a disability or impairment that limits or
restricts his or her ability to perform what is referred to as major
life activities (USDOJ, 2002). Per the National Council on
Disability (2001), a major life activity is the impairment in the
performance of manual task, walking, learning, concentrating,
thinking, speaking, breathing, sleeping, hearing, seeing,
interacting with others, or caring for oneself.
The website of the United States Department of Justice, Civil
Rights Division, Disability Rights Section, Section 504 was
amended in 2002 to the Americans with Act of 1990, as such a
person with an disclosed disability or impairment may ask for
accommodations to include, modification of facilities, assistive
equipment or devices, part-time work schedule, modified work
schedule, time away for treatment, unpaid leave of absence, job
restructuring, additional education, modification of policy, or
transfer to a vacant position for which the employee is qualified
to fill. However, the United States Department of Labor, Office of
Disability Employment Policy (2002) has legislated that the
163
requesting employee must also be willing to participate in the
process of researching, determining, developing, and
implementing a reasonable accommodation. If the employee
does not fully participate he or she may lose their right to such a
reasonable accommodation. In the context of participation, the
employee may voluntarily submit to a medical or psychological
examination, as the resulting documentation may be needed to
determine if the employee has a temporary or permanent
disability. As per the United States Department of Justice, Civil
Rights Division, Disability Rights Section website, a temporary
disability may not warrant an accommodation via the aegis of
the Americans with Disabilities Act of 1990 and if the disability is
deemed as permanent the documentation may help to identify
the perimeters for the most efficacious accommodation (USDOJ,
2002).
The concept of assistive technology refers to the belief that
assistive technologies can dissolve the barriers most disability
issues. In truth, assistive technologies are only effective when
accompanied by the proper legislation, policies, and an
equitable cultural paradigm in the workplace (Flippo, Inge, &
Barcus, 1995). Assistive technologies can be an electronic
164
device, a piece of software or a hardware component used to
assist the employee (United States Department of Justice, Civil
Rights Division [USDOJ], 1998). Assistive technology theories
and concepts predicate the tenet philosophy that universal
design is tethered directly to the universal access of all
technologies, electronic or not (USDOJ, 2002).
As per Flippo, Inge, & Barcus (1995), the fundamental
development of assistive technologies foundations have been
dictated by legislation and federal policy. The aforementioned
legislation and policies have also set the stage for standards
associated to the application of communication technologies,
sensory impairment technologies, mobility, and strategies for
the workplace and schools. As implied by Heldrick (1999), the
employment of assistive technologies within companies has also
created a multitude of developmental staffing and creative
financing issues.
The organizational concept of culture is the cultural paradigm
that exists within the workplace of every company or enterprise.
As coined on the Department of Labor’s website, the
organizational concept is sometimes referred to as the “Social
Theory of Disability” (USDOL, 2002). An example of this would
165
be the dissimilar social ranking between management and
employees.
The organizational culture is a set of learned attitudes,
behaviors, and the other factoids that comprise a way of
conducting business life with co-workers and management
within an organization. While, it is unlikely that any one
employee or manager will share his or her personal culture with
all their co-workers. It is, however, very likely that he or she will
choose to share their personal culture with at least one co-
worker, both within the organization and outside of the
organizational confines. With different organizational groups a
varied level of comfort is achieved. The practice of establishing a
desired level of comfort is known by most employees as
networking and can be an effective reconnaissance tool for
employees and managers alike (Szymanski & Parker, 1996).
The concept of management functions is a broad plan of
attack for managers on how to influence the organization and
employees through effective planning, organizing, directing,
controlling, employee selection, employee support, employee
training and development, and management style (Hagner &
DiLeo, 1993). There are many practices that management could
166
feasible employ to determine what management functions are
best suited to influence diverse employees with disabilities
(Szymanski & Parker, 1996). The overpowering objective of the
theories and concepts as related to the management functions
of employees with disabilities is to promote or invoke a
paradigm shift within the organization, management ranks, and
the workers cultural from the current damning cultural to one
that recognizes the potential abilities of a person (NCD, 2001).
Ability Sequestration of Society
Societies from the beginning of recorded history have made
sequestration of those with variable abilities a legal and moral
acceptable practice. Sequestration happens on many levels as
those with variable abilities tend to be generally ignored,
forgotten and regard as invisible part of the society. Even today
we sequester the elderly to nursing homes. It has been even
worse for those with disabilities, for in the not to distant past
those with disabilities were perceived as a plaque on society and
were committed to mental institutions or in some case nursing
homes.
167
Society sees the practice of sequestration those with variable
abilities to a nursing home or mental institution as a means of
providing care, or it just may be a method employed by family
members to remove the undesirables (elderly and disabled)
from society. In either event the origin of segregation in society
is directly linked to the divergence of abilities between the bulk
of society and those of variable abilities, the elderly and
disabled.
Sequestration of those with variable abilities in our society is
not only practiced by family members, but by governments. This
is evident by an article written by Wilkie, D. (2003, May 17). The
article suggests that via the use of life-cost benefit calculations
that the U.S. government places less value on the lives of
seniors, the disabled, and the sick. The author has alluded to the
fact that the government has deemed it more cost-effective to
give more support to policies that care for young people. The
antonym of that is that the elderly, sick, and disabled are not
worth saving.
Although it is done in a different context, the practice of
placing value on a person’s life or determining cost-effectiveness
is not unheard of. This approach is used everyday by life and
168
health insurance companies. Life insurance companies have
conducted numerous studies on how to determine the value of a
life and what factors may contribute to the ending of life
(http://ideas.repec.org/p/nbr/nberwo/7193.html). Health
insurance companies use such studies to determine the cost-
effectiveness of medical maintenance
(http://aee.cas.psu.edu/docs/ 216001246.html). While many
people may deem such practices as acceptable and/or
necessary. There are others that see this as discrimination
(http://www.drc-gb.org).
Biometrics Technologies
No biometric technique is foolproof. People need to be clear
on that issue. Getting objective comparisons of the false
acceptance rate (FAR) and false rejection rate (FRR) of various
technologies is just about impossible. The FAR is the percentage
of time that a system grants access to someone who is
misrepresenting himself. The FRR is the percentage of time that
a system denies access to a legitimate applicant. In general, in
any system, the more stringent you make the acceptance
criteria, the lower the FAR becomes and the higher the FRR
becomes.
169
Based on the personal communication from Henry J. Boitel,
Esq. (March 20, 2003) and an article from the New York Law
Journal. The weakest link in security is the human factor. The
communications go on further to state that an organization is
"vulnerable to security breaches if it has not taken steps to
prevent the exploitation of the human element" (Toren, 2003). In
short, biometrics could be perceived as a socially regressive
technology that excludes the disabled and the elderly.
Biometric Technology Markets
In recent years, many governmental and commercial market
sectors have adopted the use of biometric technologies as a
proven method for authenticating a users access to valuable
data or physical structures. The market sector that have seen
the largest increase of implementation are the law enforcement
sector, government sector, financial sector, healthcare sector,
travel sector, and the immigration sector, these market sectors
are referred to as biometric vertical markets (Nanavati et al.).
Law Enforcement
One-to-many matching is typical of fingerprint searches that
law-enforcement authorities conduct with the aid of automatic
fingerprint-identification systems (AFISs). Some proposed iris-
170
scan systems would also perform one-to-many matching, using
only an iris scan to identify an individual.
AFISs are expensive (typically more than $1 million) systems
that incorporate high-speed parallel processors. The systems do
not make the final judgment on which stored fingerprints match
the presented print. Rather, the systems determine which sets
of stored prints have a high likelihood of matching the presented
print. Human experts then further evaluate the AFIS selections
to see which are most likely to match the presented print.
There are many opportunities for biometric technologies to
aid law enforcement professionals in the disbursement of
justice.
Corrections - Biometric technologies are currently being used in
the law enforcement market to monitor the movements of
prisoners and guards in prisons (Ashbourn, 2000).
Surveillance – With the availability of facial-scan technologies
law enforcement has sought to place cameras within high crime
neighborhoods, sporting events (Superbowl in Tampa Bay), and
entertainment districts (Nanavati et al.) to name a few.
171
Tracking – Movement of suspected criminals through airlines,
public places, and government buildings (Woodward, Orlans, &
Higgins, 2003)
Locating - The Child Protection Education of America (CPEA)
(http://www.find-missing-children.org) is a nonprofit organization
that offers free digital fingerprinting (all ten) and digital
photographing of children in hopes of protecting children. It is
notable to acknowledge that CPEA does not retain images of the
fingerprints or photograph. Instead CPEA prints the digital data
to a card for the parents to retain (V. Dinova (CPEA Director),
personal communication, June 11, 2003).
Government Sector
Just about 1,000 city government employees of Oceanside,
CA have been using a biometric authentication system that was
installed by at the workstation level by BioLogon. According to
the Information Technology Director of Oceanside, Michael
Sherwood many of the helpdesk calls were to reset password,
since the system was installed the number of helpdesk calls
have dropped by approximately 60%. Additionally, Sherwood
has deemed the biometric authentication system as a timesaver
and a worthy investment (Quintanilla, 2000).
172
The Department of Defense (DOD) Biometric Management
Office (http://www.defenselink.mil/c3i/biometrics) has been
exploring methods of using biometric technologies to enhance
POW and refugee processing, weapons access, information
security, intelligence, coalition operations, healthcare, force
protection and access control, and sensitive areas.
Welfare offices in San Diego and Connecticut (Department of
Social Services) are using digital fingerprint-recognition software
to make sure recipients do not collect benefits more than once.
Travel and Immigration
Per the Biometric Consortium INSPASS and PORTPASS were
both developed to track the entry of travelers into the United
States. Hand geometry is the biometric of choice for INSPASS,
while voice verification is the biometric for PORTPASS.
Image 25: INSPASS Station
173
Source: http://www.panynj.gov/aviation/inspassguysm.jpg
INSPASS was designed to be utilized by travelers entering the
United States via airports and/or foot. While, PORTPASS was
developed to be employed at point of entry for travelers via the
conveyance of automotives (i.e. dedicated commuter lanes
between port of entry) into the United States. Additionally, both
INSPASS and PORTPASS predicate a one-to-one biometric match
philosophy. To accomplish the one-to-one match the traveler will
be issued a smart card containing the traveler’s biometric
template. In the case of PORTPASS the traveler’s biometric
template is stored via a RFID that is attached to the travel’s
vehicle.
Governments around the world have implemented biometric
technologies to protect live, civil liberties, individual privacy. The
Otay Mesa, CA border crossing between Mexico and the United
States employs a facial geometry biometric to authenticate the
crossing of 3,000 commuters. The Sheriff’s Department in Los
Angeles, CA uses facial geometry to compare a composite
sketch to a database of 350,000 mug shots (Woodlands Online,
n.d.).
174
New York's JFK airport uses hand scanners, but the purpose is
to speed frequent flyers through customs. London’s Heathrow
airport has started directing selected international passengers to
bypass immigration agents and instead look into a iris scanner
to see if the passengers’ iris sampling matches the passengers’
frequent flier iris template and numbers.
Physical access for employees to secure areas of airports in
San Francisco, Hawaii, O’Hare’s in Chicago, Charlotte/Douglas
International and Frankfurt, Germany are controlled by a
biometric authentication system. All reports describe the system
as being highly effective (Nanavati et al.).
Corporate Sector
Ever since the implementation of the first enterprise network,
organizations have continuously searched for the most
impregnable method(s) available to keep corporate knowledge
and personal privacy (data) secure from the unauthorized
intrusion, violation, or destruction of prying eyes. Traditionally,
the most dominant methods of securing a companies’
infrastructure is to merge an employee’s username with a
password, personal identification number (PIN), or a secure
token (Nanavati et al.).
175
The function of a biometric authentication system is to
facilitate controlled access to applications, networks, personal
computers (PCs), and physical facilities. A biometric
authentication system is essentially a method of establishing a
person’s identity by comparing the binary code of a uniquely
specific biological or physical characteristic to the binary code of
an electronically stored characteristic called a biometric
template. The defining factor for implementing a biometric
authentication system is that it cannot fall prey to hackers; it
can’t be shared, lost, or guessed. Simply put, a biometric
authentication system is an efficient way to replace the
traditional password based authentication system (Ashbourn,
2000).
Therefore, it is reasonable to conclude that PCs, cell phones,
and other wireless (mobile) devices would be the first mass-
market products to incorporate biometrics. Compared with
desktop units, notebooks and other mobile devices are more
subject to theft, tampering, been lost and has a shorter lifespan
of usefulness (as technology rapidly evolves).
Today, most information-technology (IT) managers would
probably pay a modest premium for an easy-to-use alternative
176
to password protection of such machines. But, many of these
managers expect to wait several years before they consider
widespread deployment of biometrics on desktop PCs and
workstations.
The prolific increase of cell phone (voice), laptops
(fingerprint), PDAs (fingerprint), and other mobile devices have
prompted security agencies throughout the world to issue a
warning that mobile devices are becoming even more of a
security risk to corporations. A great number of the mobile
devices wireless access to a corporate network with very little
security, and have become the weak link in the corporate
infrastructure. The newest solution of mobile device
manufactures is to design biometric authentication system into
their platform (Van Impe, 2002).
Even the entertainment industry is no stranger to biometric
technologies. Orlando's Disney World uses hand recognition to
prevent visitors from sharing season passes. Casinos across the
country routinely use facial recognition technology to identify
known cheaters.
A potential application of conjecture would be the function of
biometrics to protect the copyright privileges of music, movies,
177
and software creators. It is the hypothesis of the researcher that
a biometric algorithm could be employed to encrypt and decrypt
media stored on a multitude of mediums (i.e. CD-R/RW,
DVD-R/RW, flash memory, etc.). The end result would be that
only the legitimate owner of might access the work of art. It is
the sincere expectation of the researcher to explore this
hypothesis in greater detail within the near future.
Financial Sector
Fraud and identity theft cost consumers and financial
institutions of dollars billions in loss revenue each year. Many
people do not realize how easily criminals can obtain our
personal data without having to break into our homes. In public
places a theft can watch you from a nearby location as you
punch in your telephone calling card number, credit card
number, or ATM PIN. They can use various electronic
communication devices to ease drop on your telephone
conversation while you give your credit-card number to another
business. The thief can go dumpster diving at your home or
office to obtain copies of your checks, credit card or bank
statements, or other records that typically with your name,
address, and/or telephone number. Criminals can also spoof the
178
Internet to acquire identifying data, such as passwords, banking
information, or other confidential identity data
(http://www.consumer.gov/idtheft).
To counter identity theft and fraud a growing number of
banks, including Texas-based Bank United, the Bank of America
and Wells Fargo, are using biometric technology to improve the
security of online banking and replace PINs and bankcards at
ATMs.
Healthcare Sector
Health care centers must comply with what is referred to as
the HIPPA legislation and one of the principles of HIPPA is to
safeguard access to patient data. Health care centers like New
York State Office of Mental Health, St. Vincent Hospitals, and
Health Care Centers have adopted a biometric authentication
system as the preferred method (Nanavati et al.).
Adaptation to People of Variable Abilities
Think of biometrics as a key! Yes… A key, it can open doors
for you and provides security to keep others out. It is a key that
can be customized to an individual’s access needs. You can use a
biometric to access your home, your account, or to invoke a
customized setting for any secure area/application.
179
Reasonable Accommodation
Would the adaptation of biometrics to people of variable
abilities be considered a reasonable accommodation? To answer
this, the concept of reasonable accommodation must be
revisited to determine if the biometric solution meets
qualification factors. For the purposes of convenience the
definition of ‘Reasonable Accommodation’ has been restated
below:
Reasonable accommodations will include those
structural and technological modifications that do not
impose an undue hardship on the employer. The
phases ‘reasonable accommodations’ and ‘undue
hardship’ have not been distinctly defined. However,
each can be gauged by the size, revenue, and nature of
the company. For those employers or managers
desiring more detail, they can refer the guidelines
outlined by the Americans with Disabilities Act 1990
and current amendments via the Disability Rights
Section website (United States Department of Justice,
Civil Rights Division, Disability Rights Section [USDOJ],
2002).
180
It is the conclusion of the researcher that the adaptation of
biometric technologies to people of variable abilities would
absolutely meet reasonable accommodation guidelines.
Smart Card Interface
While contact smart cards can provide an excellent storage
platform they do not easily adapt to people of variable abilities.
The interfaces available to contactless smart cards are well
suited and easily adaptable to people of all ability levels.
Contactless smart card technologies provide the ideal
interface access and control of physical facilities and logical
assets. Per the Smart Card Alliance web site, contactless smart
card technologies provide:
High speed access and throughput, as wireless provides
immense bandwidth.
The interface is useable in harsh or dirty environments,
because it is sealed from the elements.
User friendly and simple to use.
Less intrusive, because direct contact is not required.
Does not require insertion of card into a reader.
No issues with orientation of card.
181
Card may be kept in wallet or pursue for personal security
during use.
Encryptions and encryption protocols provide excellent
security.
Protection of privacy, as MOC can be used.
Flexibility of application interoperability.
Reduced maintenance cost of readers for there are no
moving parts and direct contact is not required.
Reduced vandalism to readers for it can be hidden from
sight and/or direct physical access.
Durable and reliable, because all elements of the card are
self-contained.
Established international standards (ISO/IEC).
When using a contactless platform (i.e. two-way radio, Wi-Fi,
etc.), encryption and a triple acknowledgement certificate is
best method of ensuring secure bi-directional communications.
Even with this the method the biometric templates are not
accessible to external communications as all matching is still
processed within the confines of the card (MOC).
Control
182
Can either be logical or physical in nature. Logical involves
the granting a user access to information technology systems
such as a network or database. Physical control refers to the
ability to affect ingress of a user to an entryway. The medium for
such control can be acquired via the Internet, infra-red (IR),
radio frequencies, microwaves, or via another wireless
technology.
Universal Design
The methodology behind the concept of universal design is to
establish a standard or technology that can be applied to people
of all ability levels. A pioneer of the universal design concept for
technology is Dr. Gregg Vanderheiden, Ph.D. (Director, Trace
R&D Center, University of Wisconsin) and his team.
The methodologies of universal design are not limited to only
technology. An organization know as “The Center for Universal
Design” is comprised of architects, product designers, engi-
neers, and researchers have made it their mission to ride the
world of physical barriers. The Center for Universal Design has
crafted a formidable list of principles and guidelines that can be
applied to technology and physical structures alike. The princi-
ples and guidelines are displayed below in the same context as
183
they appear at The Center for Universal Design website, http://
www.design.ncsu.edu/cud/univ_design/princ_overview.htm:
PRINCIPLE ONE: Equitable Use - The design is useful
and marketable to people with diverse abilities.
Guidelines:
1a. Provide the same means of use for all users:
identical
whenever possible; equivalent when not.
1b. Avoid segregating or stigmatizing any users.
1c. Provisions for privacy, security, and safety should
be
equally available to all users.
1d. Make the design appealing to all users.
PRINCIPLE TWO: Flexibility in Use - The design accom-
modates a wide range of individual preferences and
abilities.
Guidelines:
2a. Provide choice in methods of use.
2b. Accommodate right- or left-handed access and
use.
184
2c. Facilitate the user's accuracy and precision.
2d. Provide adaptability to the user's pace.
PRINCIPLE THREE: Simple and Intuitive Use - Use of
the design is easy to understand, regardless of the
user's experience, knowledge, language skills, or cur-
rent concentration level.
Guidelines:
3a. Eliminate unnecessary complexity.
3b. Be consistent with user expectations and intu-
ition.
3c. Accommodate a wide range of literacy and lan-
guage
skills.
3d. Arrange information consistent with its impor-
tance.
3e. Provide effective prompting and feedback during
and
after task completion.
PRINCIPLE FOUR: Perceptible Information - The de-
sign communicates necessary information effectively to
the user, regardless of ambient conditions or the user's
185
sensory abilities.
Guidelines:
4a. Use different modes (pictorial, verbal, tactile) for
redundant presentation of essential information.
4b. Provide adequate contrast between essential
information and its surroundings.
4c. Maximize "legibility" of essential information.
4d. Differentiate elements in ways that can be de-
scribed
(i.e., make it easy to give instructions or direc-
tions).
4e. Provide compatibility with a variety of techniques
or
devices used by people with sensory limitations.
PRINCIPLE FIVE: Tolerance for Error - The design mini-
mizes hazards and the adverse consequences of acci-
dental or unintended actions.
Guidelines:
5a. Arrange elements to minimize hazards and er-
rors: most
186
used elements, most accessible; hazardous ele-
ments
eliminated, isolated, or shielded.
5b. Provide warnings of hazards and errors.
5c. Provide fail safe features.
5d. Discourage unconscious action in tasks that re-
quire
vigilance.
PRINCIPLE SIX: Low Physical Effort - The design can
be used efficiently and comfortably and with a mini-
mum of fatigue.
Guidelines:
6a. Allow user to maintain a neutral body position.
6b. Use reasonable operating forces.
6c. Minimize repetitive actions.
6d. Minimize sustained physical effort.
PRINCIPLE SEVEN: Size and Space for Approach and
Use - Appropriate size and space is provided for ap-
proach, reach, manipulation, and use regardless of
user's body size, posture, or mobility.
Guidelines:
187
7a. Provide a clear line of sight to important ele-
ments for
any seated or standing user.
7b. Make reach to all components comfortable for
any
seated or standing user.
7c. Accommodate variations in hand and grip size.
7d. Provide adequate space for the use of assistive
devices
or personal assistance.
All though universal design of technology is a critical concept,
not even one of the one-on-one interview participants
considered universal design to be relevant, as per question 4 of
Appendix 6.
Fused Biometric Solution
In the context of this research paper a fused solution involves
combining the enabling attributes of contactless biometrics with
those of contactless smart cards will produce a solution that is
fully autonomous, programmable and has the capability of
storing at least 16mb of data (i.e. other biometric templates,
financial records, medical records, etc…).
188
The fused solution is a one-to-one matching (MOC) schema,
for example at an ATM the user would still have a card
(contactless smart card). The user’s profile will prompt the user
to key in his or her password, or press their finger against a
fingerprint sensor, or speak a predetermined phrase into a
microphone, or look at a facial camera, all contained on an
autonomous smart card. An ulterior addition of the contrived
fused solution would in due course directly lead to the creation
of a universal international standard.
Most importantly as part of the fused solution is the storage
of the Accessibility Level Field (ALF) and user’s profile can be
stored on the smart card. Complied with the ALF the profile can
theoretically allow technology to adapt to a user's special needs
by prioritizing the user’s choice of authentication, access
requirement, challenge and response.
Currently the ALF does not exist and would have to be
crafted by adding what the research has named as the
Accessibility Level Field (ALF) to the Common Biometric
Exchange File Format (CBEFF). To accomplish this the
researcher has convinced Dr. Fernando Podio, the Co-Chairman
of the Biometric Consortium to reserve twelve hexadecimal
189
digits from the Payload Field and two hexadecimal digits from
the Challenge-Response Field of the CBEFF. The theory is that
such a modification to the CBEFF would allow manufactures and
vendors to promote interface interoperability between
biometrics technologies and assistive technology.
Both the Payload and the Challenge-Response Fields fall
under the Standard Biometric Header (SBH) Element of the
CBEFF as optional fields (see image and table below).
Figure 2: CBEFF Data Block
Standard Biometric Header Biometric Data Block Signature
Block
Table 3: Standard Biometric Header Followed by the BDB and the SBField Name Required
or Optional
Notes
SBH Security Options
Required ‘00’ = plain Biometric‘10’ = with Privacy (Encryption)‘20’ = with Integrity (Signed or MACed)‘30’ = with Privacy and Integrity
Integrity Options Optional ‘01’ = MACed‘02’ = SignedThis field only exists if Integrity is used (i.e. SBH Options=’20’ or ‘30’).
CBEFF Header Version
Optional Version of the CBEFF header. Currently set to: Major: ‘01’, Minor: ‘00’
Patron Header Version of header (of a patron
190
Version format specification or standard)Biometric Type Optional Indication of biometric typeBiometric Feature Optional Indicate a choice within a
biometric typeRecord Data Type Optional Indication of record data type.
Currently set to ‘02’ (Processed, the default). This field doesn’t exist if the default is used.
Record Purpose Optional Intended use of the data. Currently set to ‘04’ (Enroll for Verification Only, the default). This field doesn’t exist if the default is used.
Record Data Quality
Optional Indication of the quality of the biometric data
Creation Date Optional Creation date and time of the biometric data
Validity Optional Valid From and until DatesCreator (PID) Optional Unique identifier of the entity
that created the biometric data (also known as a Product Identifier – PID).
Index Optional Unique identifier for the biometric reference (enrollment) data
Challenge/Response Optional Information used to present a challenge to a user of system.
Payload Optional Reference data captured during enrollment and used in conjunction with the biometric data.
Subheader/Basic Structure Count
Optional Number of CBEFF Structures that follow this header. Used to help process nested structures.
BDB Format Owner Required ID of the Group or Vendor which defined the BDB
BDB Format Type Required Type as specified by the Format Owner
Biometric Data Block (BDB)
Required Defined by the Format Owner
Signature Optional Signature or MAC. Only present if the SBH value is ‘20’ or ‘30’
Excluding the ALF requirement, to the researchers knowledge
there is only one smart card that even comes close to
191
embodying the requirement of the proposed fused solution.
However, as this time a Non-Disclosure Agreement (NDA) is
currently preventing the researcher from divulging specific
details relative to the smart card solution.
Exoskeleton
Creating an exoskeleton is relatively ease, controlling the
exoskeleton is another matters altogether. The most desirable
method of facilitating control is to use a neural control interface.
Image 26: Rendering of a Exoskeleton
Source: http://www.metamotion.com/mocap/Gypsy-motion-capture-system.jpg
Neural waves emanate from the brain in the form of
brainwaves or bioelectrical impulses. To further iterate read this
article called “Monkey Thoughts Control Computer” published on
the BBC News website
192
(http://news.bbc.co.uk/hi/english/sci/tech/newsid_1871000/1871
803.stm). This is not the first article or paper of this type, to
promote the abilities of a neural control interface. On the
contrary there have been countless papers and articles released
from multiple universities, colleges, and companies in an
attempt to document their research. However, IBVA
(www.ibva.com) is on the cutting edge, and the first website to
commercialize the distribution of neural control interface
devices.
Image 27: Example of Neural Interface
Source: Image is from the IBVA Technologies, Inc website (www.ibva.com)
Per question 2, 4, and 7 of Appendix 4, an average of
75.0075 percent of all those surveyed agreed to a certain extent
that this technology was feasible and could be of benefit to
people of variable abilities. Additionally, Appendix 4 also
193
demonstrates that 89.78 percent would agree to be a recipient
of a neural implant (question 1).
Implementation Strategies
If a biometric authentication system is properly implemented
and managed effectively the cost savings benefits, related to the
help desk, administration, increased convenience, productivity
of users, decreased fraud, reduction of stress, and increased
security can far out weigh the cost of implementation (Biocentric
Solutions Inc., n.d.).
When implementing a biometric authentication system, the
managers of a company must take into account many elements
related to the company’s infrastructure. Some of these elements
will be easily identifiable, while others may be as illusive as the
fountain of youth. The easiest elements of the infrastructure to
identify are those that are heavily used and would most likely
have been a commercially purchased product, such as the
hardware and software of the biometric authentication system
itself. Whereas the illusive elements of the company’s
infrastructure may be seldom used and may or may not have
been commercially purchased. For example, a legacy system
may have been purchased commercially, yet seldom used. We
194
must also take into account issues related to the environment in
which the system will be deployed (logical, physical or both),
system integration, platform, distributed systems, biometric
trait, front-end devices, front-end processing, back-end devices,
back-end processing, level of security required, user education,
remote access users, initial productivity losses, scalability, and
exception processing (Ashbourn, 2000).
The BioNetrix Corporation (2001) has composed a paper in
which it has cited reports from the Gartner Group, META Group,
Network Applications Consortium (NAC), Security Industry
Association, Computer Security Institute (CSI), and the Federal
Bureau of Investigations (FBI). The report from the Gartner
Group proclaims that it will cost from $14 to $25 for a corporate
helpdesk to reset an employee’s password, further more an
employee is most like to forget his/her password an average of
four times in a year. When the cost of resetting a password is
applied to thousands of employees it becomes astronomical is
combined with notion that on the average, a user spends 12.5
hours a year logging onto just one application a day. When you
multiple these by the total number of application access by a
user it is easy to see the cost savings. A welcomed side effect is
195
increased user convenience and productivity (BioNetrix
Corporation, 2001). The increased security of a biometric
authentication system will directly contribute to the reduction of
financial losses due to fraud and security breaches. CSI reported
in a survey they conducted that 50% of the 186 companies that
responded claim to have 10-20 incidents per year, with an
average per year cost of $142 thousand per incident (BioNetrix
Corporation, 2001).
Risk Assessment Methodology (RAM)
Before implementing a biometric solution the implementer
does not just need to know what benefits the solution will bring,
but also what potential risks the solution will bring to their
organizations. To identify potential risk many integrators (i.e.
ComGuard.net, RSASecurity.com) recommend that a risk
analyze be conducted. You will notice a trend. The trend is that
all of the risk is associated to the acceptance of the solution by
the users.
At the top of the list of risk are privacy concerns that an
organization maybe inclined to distribute a user’s identity
sensitive data or misuse the data for purposes other than the
purpose for which it was originally intended. And, there is still
196
the issue of the individual anonymity that is of concern. The
common factor here is not necessary one of trust, but one of
user control.
When choosing a biometric you must take into account
concerns about hygiene, disease (i.e. SARS), and religious
taboos (i.e. exposure of face) that may inhibit the use of select
biometrics.
The system must be accessible to people of all ability levels
as certain groups (i.e. the disabled) many not have the body
needed the ability (i.e. the disabled and/or elderly) to present
the biometric in order to access the system. If users do not
voluntarily accept the solution, then it is doomed to collide with
reality of consumer confidence.
Integration Concerns
The integration concerns are fairly simple and intuitive.
Implementers should require the solution to be convenient to
use, delivered and installed fast, compatible with existing
infrastructure and/or network systems, interoperable with other
IT security solutions, and to promote a cost savings.
Nevertheless, before biometric products can embark on
widespread solution deployment, developers of biometric
197
products must wait for representatives of dozens of companies
to work out the details of a generalized biometric application-
programming interface (API). This work requires the cooperation
of biometric vendors, operating-system vendor, add-on security-
hardware vendors, and developers of applications that must
recognize the security features. Currently, in the biometric
technology industry, at least four efforts are under way to
develop biometric APIs (BioAPI Consortium, 2001).
Enrollment/Administration Practices
The largest purchasers of the new technologies are IT
managers of medium and large companies. An important
consideration of a purchase is easy of enrollment and
administration. Although some devices, such as IC fingerprint
sensors, may eventually cost less than $5 in quantity, the total
cost of installing biometric sensing is several times the sensing
unit's cost. Moreover, much of the initial crop of sensing units
uses USB interfaces. As a result, biometric sensing on PCs may
become cost-effective only when IT managers replace the
installed base of computers with USB-compliant PCs.
The essential element to the enrollment/administration
process is to establish protocol that can be easily adapted to
198
cover any situation.
Training/Education
Currently, there exist a gap between the number of feasible
biometric projects and knowledgeable experts in the field of
biometric technologies. The post September 11th, 2002 attack
(a.k.a. 9-11) on the World Trade Center has gave rise to the
knowledge gap. Post 9-11 many government agencies has
recognized the need for increased security and identification
protocols of both domestic (U.S.) and international fronts.
This is however, changing as studies and curriculum
associated to biometric technologies are starting to be offered at
more colleges and universities. One of the most predominant
universities to offer biometric curriculum is the University of
California, Los Angeles (UCLA) (www.UCLA.edu). A method of
closing the biometric knowledge gap is for knowledge seekers of
biometric technologies to participate in biometric discussion
groups and biometric standards committees.
The solutions only needs the user to possess a minimum of
require user knowledge and effort. A biometric solution with
minimum user knowledge and effort would be very welcomed to
both the purchase and the end user. But, keep in mind that at
199
the end of the day all that the end users care about is that their
computer is functioning correctly and that the interface is
friendly, for users of all ability levels.
Alternative Authentication Methods
Alternative methods of authenticating a person’s identity are
not only a good practice for making biometric systems
accessible to people of variable ability level. But it will also serve
as a viable alternative method of dealing with authentication
and enrollment errors.
Auditing
Auditing processes and procedures on a regular basis during
and after installation is an excellent method of ensuring that the
solution is functioning within normal parameters.
Accountability
A well-orchestrated biometric authentication solution should
not only prevent and detect an impostor in instantaneous, but it
should also keep a secure log of the transaction activities for
prosecution of impostors. This is especially important, because a
great deal of ID theft and fraud involves employees and a secure
200
log of the transaction activities will provide the means for
prosecution or quick resolution of altercations.
Above is one meaning of accountability. The other meaning of
accountability is to ensure that guidelines are well documented
for an oversight committee.
Oversight
Oversight refers to a method of ensuring that all aspects
relative to auditing and accountability have been correctly
enforced. Those with responsibility of overseeing that
accountability guidelines and protocols have not been violated.
Summary, Recommendations and Conclusions
Chapter 5
It is the general conclusion of the researcher that the
adaptation of biometric technologies to people of variable
abilities would absolutely feasible. The following will aid to
reinforce the researchers theory and conclusions. Additionally,
the chart of Appendix 5 also demonstrates that 83.95 percent
overall would agree to that the adaptation of biometrics is
feasible.
201
Mainstream Biometric Technology Summary
Passwords and PINs can be hacked, shared, or guessed; and
secure tokens can be lost (Corcoran, Sims, & Hillhouse, 1999). It
is therefore not uncommon for employees of large companies to
have numerous, long, and unbelievably complicated passwords
to remember. Many times the passwords are so ambiguous that
the employees become stressed and the passwords are easily
forgotten. To add to the frustration, an employee must then
contact the helpdesk or network administrator to have the
encrypted password reset or changed (Quintanilla, 2000).
While some biometrics may be technical sound in theory,
they may not be sound in application. For instance the use of a
footprint biometric is not practical, image having to take of your
shoes off in a restaurant to pay for dinner or at an ATM machine
to conduct a financial transaction.
Emerging Biometric Technology Summary
Biometrics is an emerging and ever changing field of
technology that can be implemented into just about anything
that requires a security protocol. While the initial cost of
implementation is high the benefits of increased security, peace
202
of mind, lessening of man-hours, and of course the increase of
accessibility by people of variable abilities may justify the cost.
Indeed, the reliance on the latest technology may make a
company even more vulnerable by creating the illusion of
security. This is why governmental agencies and commercial
companies must remain eternally vigilant and continually seek
out the most up-to-date method of securing the technological
assets of an enterprise. But, let us not forget that as we seek to
secure, hackers seek to invade.
Summary of Cultural Barriers
In order for employers to capitalize on the ability differences
of employees with disabilities in the workforce they have sought
out solutions from many sources. Some of the solutions are
complex and other are simple, they may require a shift in the
workplace paradigm, the use of assistive technologies, the
development of management strategies, or a change in work
location philosophies. The overwhelming justification is that it is
the most beneficial, ethical and humane thing to do Hagner &
DiLeo (1993).
The work of authors such as Szymanski and Parker (1996) have
alluded to the fact that before people with disabilities could not be fully
203
integrated into the workplace until the culture of the workplace becomes
more welcoming. This is because the medical model did not perceive
people with disabilities as potential workforce asset. Hence, not much
emphasize had been placed on resolving the workplace barriers. The shift
of paradigms from that of the medical model to the disability model has
fostered a change in the perceptions of society and the workplace culture.
Additionally, the National Council on Disability believes that the only way
to shift the culture is to establish legislation (NCD, 2001). Still Hagner and
DiLeo (1993) advocate a middle ground approach.
Workplace strategies can vary from company to company and can
potentially consist of thousands of concepts or notions. The basic
objective of workplace strategies as applied to employees of variable
abilities is to promote productivity (Hagner & DiLeo, 1993). There are
many strategies available to ponder from many sources (Hagner & DiLeo,
1993; Heldrick, 1999; Szymanski & Parker, 1996; United States
Department of Labor, Office of Disability Employment Policy
[USDOL/ODEP], 2002; USDOL, 2002; NCD, 2001). Hagner and DiLeo
(1993) have suggested a few strategies that managers can implement or
modified to make the workplace culture more positive, nurturing, and
accommodating to people with disabilities or new employees. Managers
could reexamine or modify their leadership style to include, but not limited
204
to their tone of interaction, vary gathering (meeting) places, celebrate
special events, educate the staff on disability, form a disability support
group, keep in touch with employees, create pride by reinforcing the
company image, and standardize required task (USDOL/ODEP, 2002). A
required task could be as simple as standardizing the location of a stapler
for the vision impaired or as complicated as the standardization of a
password authentication system (Hagner & DiLeo, 1993).
Effective planning strategies for diverse employees with disabilities may
consist of a detailed strategic business plan for the near and distant
future. The plan must be accurate, timely, easy to find, identify information
sources, communicate with other employees who do similar work, talk to
the employee, examine job descriptions, or call the Job Accommodation
Network at 800-JAN-7234 (USDOJ, 2002). Plans are frequently
threatened with obsolescence of technology changes and economic
turbulence before the ink on the paper is even dries. The reality is that
even the best-laid business plan may still go astray, especially as
managers try to predict a company's technology requirements, staffing
needs, and work processes (Szymanski & Parker, 1996).
Nonetheless, a good business plan can effectively communicate the
company’s vision, provide direction, establish time management
procedures and facilitate methods of control to all employees, whether
205
disabled or not.
For additional examples, the Workforce Investment Act of 1998 refers
to strategies, as principles of which there are seven (Heldrick, 1999).
From the seven principles, there are only two that apply to diverse
employees with disabilities (p. 6):
Services must be streamlined, by coordinating multiple
employment and training programs, must be accessible to
people with disabilities.
The system should empower individuals with the
information and resources they need to manage their own
careers.
Assistive Technology Summary
There are many types of assistive technologies available for
many types of disabilities. Flippo, Inge, & Barcus (1995) have
authored a book that details the many different types of
assistive technologies available to employers and people with
disabilities. Unfortunately, as demonstrated by the results of
question 2 of Appendix 6 only ten of the thirty-five one-on-one
interview participants had knowledge of assistive technologies.
Hence, Flippo, Inge, & Barcus (1995) have outline adaptation
strategies for the workplace, such as career planning, education,
206
redesign, mobility assistance, universal design of low-tech and
high-tech devices, to name a few. The use or deployment of
assistive technologies is not just a feasible resolution strategy. It
may be also allow the employer to remain in compliance with
rehabilitation and assistive technology legislation of the past
century. For example the Vocational Rehabilitation Act of 1918,
Americans with Disabilities Act of 1990 (ADA), to include the
2002 amendment of Section 508 to the ADA (USDOJ, 2002). The
assistive technologies of today can help people with visual
impairments or blindness, hearing impairments or deafness,
mobility impairment or paralyze, or a combination of multiple
impairments at varying levels of severity (Flippo, Inge, & Barcus,
1995).
It has been recommended via the United States Department
of Labor website that managers become familiar with the
various type of assistive technologies that are available for
people with disabilities. Here is a brief list of possible assistive
technologies (USDOL, 2002):
Vision (sight) – screen readers, speech synthesizers, Braille
systems, scanner systems, TeleBraille, and large format
displays.
207
Hearing/speech – visual redundancy systems,
telecommunication device for the deaf (TDD), speech
amplification device, telephone signaling device, and
caption systems.
Mobility – keyboard macros, sequential keystroke input,
alternative keyboards, infrared pointing device, and a
speech recognition system.
Telecommuting, which is sometimes referred to as
teleworking, can be a highly effective and extremely flexible
solution for employees of all ability levels. For those employees
who cannot easily make it into the traditional workplace because
of physical disabilities, as telecommuting eliminates the need to
commute and may be the only viable alternative (Joice, n.d.). As
stated in a report from the United States Department of Labor
(2002, July 26), “telecommuting can be useful in solving
business problems by decreasing certain overhead costs,
satisfying fluctuating demands for additional office and parking
space, and increasing employees’ loyalty, productivity, and
retention by helping them balance work and family demands”
(p. 43).
208
Universal Design Summary
Universal design of biometric technologies will do for the
biometric industry what the Universal Serial Bus (USB) has done
for the computer industry. Accordingly, to successful accomplish
universal design of biometric technologies developers must also
consider factors related to but not limited to economics,
engineering capabilities, cultural stigmas, politics, age, gender,
market, environmental issues and abilities.
Recommendation for Universal Standards
To foster universal standards the principles and guidelines
located on The Center for Universal Design website
(http://www.design.ncsu.edu/
cud/univ_design/princ_overview.htm) are excellent and should
be adapted to overcome the barriers of logical and physical
realms.
To further demonstrate the need for a universal standard,
let's say that a government issued universal biometric
identification (UBID) contactless smart card is issued to the
public. The UBID would ultimately become the standard means
of proving your identity, when using an ATM, purchasing goods,
buying services, and gaining access to facilities. Furthermore,
209
the CBEFF would comply with legal statues/laws throughout the
international communities (i.e. sections 504 & 508 of the ADA).
If the ALF were not established as a universal international
standard, then the adaptation of biometrics as a fused solution
to people of variable abilities will not be possible.
Recommendations for Adaptation of Biometrics
Implementing a biometric authentication system is a very
efficacious method of galvanizing the technological assets and
data against the fanatical onslaught of internal and external
threats. When implementing a biometric authentication system
enterprises must be ecologically aware that as the required level
of authentication increases, so does the cost. In short too much
security can be just as hazardous as too little security, choose
the right biometric to accomplish the task and avoid overkill.
While many of those in the biometric industry would take
exception to the forthcoming statements, the evidence
nevertheless supports it.
The strategy for deploying a biometric authentication
system should almost always be deployed with a one-to-
one or one-to-a-few matching methodology in mind.
210
Biometric manufactures should make every attempt to
address concerns and/or issues related to cultural
diversity, hygiene, privacy, usability, and of course
accessibility.
Recommendations for Storage Methodologies
All things considered (evidence), the only storage method
(platform) that would even remotely embody the elements of
security, accessibility, and privacy would be the smart card. While it is true
that biometric templates can be deployed on all storage platforms, the
smart card would have the best chance of been accepted by all
parties of advocates and opponent.
The only exception to this would be use of centralized
criminal database in high treat areas, such as ports-of-entry.
However, deploying such a database would meet resistance by
the ACLU and other privacy organizations. To counter such
resistance the purpose of the database must clearly established
and a legal strategy to ensure that database is not misused by
official must be established to police the police. Additionally, TTP
should never be allowed to store biometric templates of any
form. A TTP only need to verify the authenticity of the card to
ensure that tampering has not occurred.
211
Recommendations for Fused Biometric Solutions
Although there are twelve available hexadecimal digits
available for use from the Payload Field, it is the assumption of
the researcher that only two hexadecimal digits from the
Payload Field would be required to identify an individual’s ability
limitations and/or access requirements and two hexadecimal
digits from the Challenge-Response Field to determine which
biometric out of the biometrics available to the individual would
have priority. What's more, given that the recommendation calls
for the ALF to be incorporated into the CBEFF it would therefore
automatically be part of the biometric template.
Additionally, I would recommend that a two-stage interface
process be adopted. What is meant by a two-stage interface
process? Stage one is that the individual’s access requirements
are established by the logical or physical barrier that user is
attempting access. Stage two is that the proper biometric
authentication challenge or response is presented to the person
requesting access.
For example, if a vision impaired individual were attempting
to gain access to a public facility. He or she would approach the
entrance of the facility where a series of strategically placed
212
proximity sensor would acquire the Accessibility Level Field
(ALF). If at this point authentication would not be required,
hence the doors would automatically open and the individual
may be presented with an audible greeting (i.e. Welcome to the
public court house). This would be the completion of stage one.
To continue with the scenario, as the individual transverses
through the facility he or she may come upon an entry point
where authentication of a persons identity is required. At this
point stage-one will be repeated whereas the Accessibility Level
Field (ALF) would be acquired. In stage-two the Challenge-
Response Field will trigger the appropriate biometric application.
For this scenario a vision impaired individual could be issued an
audible challenge and the user could then reply in the same
fashion (voice verification biometric). There are many more
scenarios and a multitude of other biometric applications.
213
Chart 5: Fused Biometric Solution Decision Flow Chart
214
Conclusions
Presently, policies and/or concepts such as the concept of
workplace accommodations, assistive technology concept,
organizational concept of culture, and the concept of
establishing solid management functions are not well defined
within the structure of companies. In fact policies and/or
concepts are for the most part dictated to society by federal and
state laws or regulations (Barnartt & Altman, 2001; Hagner &
DiLeo, 1993; Swanson & Fouad, 1999; Szymanski & Parker,
1996).
The fused solution combines the benefits of biometrics, ALF,
other versatile technologies, and implementation strategies will
result in a secure, accessible, and privacy promoting solution
that can be applied to people of all ability levels. The fused
solution is a universal key that can open physical doors,
provides logical security to data, and keep others out. It is a key
that can be customized to an individual’s access needs or it can
be used to invoke a customized profile to aid physically
challenged individuals. The fused biometric solution must be
implemented whenever and wherever possible.
215
I would like to close with a quote from Microsoft’s Bill Gates’
in PC WEEK Online October 8, 1997 stated, “Biometric
technologies – those that use human characteristics such as
fingerprint, voice and face recognition – will be the most
important IT innovations of the next several years”.
216
References
Accenture. (2001, November 16). White paper: Radio Frequency
Identification (RFID). Retrieved December 3, 2002 from http://
www.accenture.com/xdoc/en/services/technology/vision/
RFIDWhitePaperNov01.pdf
American Association of Motor Vehicle Administrators (AAMVA).
(2000, June 30). AAMVA national standard for the driver
license/
identification card. Retrieved December 3, 2002 from
http://www.
aamva.org/Documents/stdAAMVADLIDStandrd000630.pdf
Architectural and Transportation Barriers Compliance Board.
(2002,
December 21). Electronic and Information Technology
Accessibility
217
Standards. Retrieved December 20, 2002 from
http://www.access-
board.gov/sec508/508standards.htm
Ashbourn, J. (2000). Biometrics: Advanced identity verification.
London: Springer-Verlag London Limited.
Barnartt, S. N., & Altman, B. M. (Eds.). (2001). Exploring theories
and
expanding methodologies: Where we are and where we need
to go.
London: Elsevier Science Ltd.
BioAPI Consortium. (2001, March 16). BioAPI specification version
1.1.
Retrieved July 19, 2002 from
http://www.bioapi.org/bioapi1.1.pdf
Biocentric Solutions Inc. (n.d.). White paper: Why use a biometric
and a
card in the same device?. Retrieved July 3, 2002, from
http://www.
biocentricsolutions.com/media/whitepaper.pdf
BioControl Systems, http://www.biocontrol.com (October 10,
2001)
218
Biometrics ID issued to 4 million military. Washington Post
Online, October 29, 2001.
http://www.washintonpost.com/wp.srv/
aponline/20011029/aponline173744_000.htm (November
5,2001).
Biometric Consortium. http://biometrics.org
BioNetrix Corporation. (2001, June 18). BioNetrix authentication
suite:
Cost justification for implementing an enterprise-wide
authentication
management infrastructure. Retrieved July 3, 2002, from
http://
www.bionetrix.com
British Broadcasting Corporation (BBC) News. (2000, November
15).
Monkey brain operates machine. Retrieved March 14, 2002
from
http://news.bbc.co.uk/hi/english/sci/tech/newsid_1025000/
1025471.stm
Carreira-Perpinan, M., & Sanchez-Calle, A. (1995): A connectionist
approach to using outer ear images for human recognition and
219
Identification. The
University of Sheffield Website:
http://www.dcs.shef.ac.uk/~miguel/papers/
ps/ear-abstract.pdf
Center for Applied Special Technology, Inc., http://www.cast.org
Charness, N., Parks, D., & Sabel, B. (Eds.). (2001).
Communication,
technology and aging: Opportunities and challenges for the
future.
New York: Springer Publishing Company, Inc.
Corcoran, D., Sims, D., & Hillhouse, B. (1999, March 1). Smart
cards
and biometrics: Your key to PKI. Linux Journal. Retrieved July 3,
2002 from http://www.linuxjournal.com/article.php?sid=3013
Corum, C. (2002, December 1). Why RFID is the right choice for
personal ID. ContactlessNews. Retrieved December 3, 2002,
from
http://www.contactlessnews.com
Daugman, J. (n.d.). Iris Recognition. The International Center for
Disability
220
Resources on the Internet (ICDRI). Retrieved December 12,
2002, from
http://www.icdri.org/biometrics/iris_biometrics.htm
EEG Spectrum, http://www.eegspectrum.com (November 21,
2001)
Everett, D. (n.d.). Smart card technology: Introduction to smart
cards.
Smart Card News Ltd. Retrieved January 1, 2003 from http://
www.
smartcard.co.uk/resources/articles/intro2sc.html
Flippo, K. F., Inge, K. J., & Barcus, M. (1995). Assistive technology:
A
resource for school, work, and community. Baltimore: Paul H.
Brooks Publishing Co.
Georgia Tech Research Institute (GTRI).
http://www.gtri.gatech.edu
Gill, J.M. (2003). eEurope smart card Trailblazer 8 on user
requirements: User requirements for cardholder identification,
authentication and digital signatures. Retrieved February 3,
2003
221
from Royal National Institute for the Blind. http://www.tire-
sias.org/
reports/user_requirementsv2-2.htm
Gill, J.M. (2002). Design of smart card systems to meet the needs
of
disabled and elderly persons. Retrieved January 3, 2003 from
Royal
National Institute for the Blind. http://www.tiresias.org/reports/
ecart.htm
Gill, J.M. (1994) (Ed.). Proceedings of the COST 219 seminar on
smart
cards and disabilities. Retrieved January 3, 2003 from Royal
National Institute for the Blind. http://www.stakes.fi/cost219/
smartc94.doc
Gill, J.M. (2002). Smart cards: Interfaces for people with
disabilities.
Retrieved January 3, 2003 from Royal National Institute for the
Blind. http://www.tiresias.org/reports/urcai.htm
Gindin, S. E. (1997). Lost and found in cyberspace: Informational
privacy in the age of the Internet. Retrieved August 28, 2002
from
222
http://www.info-law.com/lost.html
Greene, J., & Caracelli, V. (1997). (Eds.). Advances in mixed-
method
evaluation: The challenges and benefits of integrating diverse
paradigms. New Directions for Program Evaluation, No. 74, San
Francisco: Jossey-Bass.
Greene, J., Caracelli, V., & Graham, W. (1989). Toward a
conceptual
framework for mixed-method evaluation design. Educational
Evaluation and Policy Analysis, 11(3), pp. 255-74.
Hagner, D. C., & DiLeo, D. (1993). Working together: Workplace
culture, supported employment, and persons with disabilities.
Cambridge, MA: Brookline Books.
Heldrick, J. J. (1999). The Workforce Investment Act of 1998: A
primer
for people with disabilities. Retrieved September 12, 2002,
from
University of Iowa Website: http://www.its.uiowa.edu/law/lhpdc/
rrtc/workforce.html
Huff, C. (n.d.). An escort memory system case study: RFID in the
textile
223
industry. Retrieved January 12, 2003, from The Association for
Automatic
Identification and Data Capture Technologies (AIM) Global
website:
http://www.aimglobal.org/technologies/rfid/casestudy/MaldenMills
EMS.pdf
IBVA Technologies, Inc. http://www.ibva.com. (April 21, 2002)
INCLUsion of Disabled and Elderly people in telematics (INCLUDE).
(n.d.). SATURN Case Study. Retrieved January 3, 2003 from
http://www.stakes.fi/include/cases.html
Individuals with Disabilities: Enabling Advocacy Link (IDEAL).
(n.d.).
Statistics on disabilities. Retrieved February 5, 2003 from
http://www.attideal.org/Statistics.asp
International Biometric Group LLC: BioPrivacy Initiative.
http://www.bioprivacy.org
International Center for Disability Resources on the Internet
(ICDRI).
http://www.icdri.org
224
International Journal of Biometrics.
http://www.optel.com.pl/avanti/avanti.htm
Jacobs, S. (2002, November 22). Business benefits of access-for-all
design. Retrieved November 27, 2002, from http://www.
biometricgroup.com/a_press/office/office.htm
Joice, W. (n.d.). Federal telework topics. United States General
Services
Administration. Retrieved September 14, 2002, from
http://www.gsa.gov/attachments/GSA_PUBLICATIONS/extpub/
DOL_Paper_Final.doc
JUSTNET. Justice Technology Information Network.
http://www.nlectc.org/justnet.html
LaPlant, W.P. (n.d.). Disability Statistics & Policy in the United
States of
America and the World. Retrieved January 3, 2003 from
http://www.icdri.org/Statistics/mainstats.htm
Nanavati, S., Thieme, M., & Nanavati, R. (2002). Biometrics:
Identity
verification in a networked world. New York: John Wiley & Sons,
Inc.
225
National Council on Disability. (2001, June 21). The accessible
future.
Retrieved September 12, 2002, from http://www.ncd.gov/
newsroom/publications/accessiblefuture.html
National Institute of Standards and Technology, Information
Technology
Laboratory (NIST-ITL).
http://www.itl.nist.gov/div895/biometrics/
standards.html
National Institute of Standards and Technology (NIST). (n.d.).
Common
Biometric Exchange File Format (CBEFF) Website. Retrieved
July 23,
2002, from http://www.itl.nist.gov/div895/isis/bc/cbeff
National Organization on Disability (NOD). http://www.nod.org
(November 20, 2001)
National Security Agency (NSA). (2002, September). Information
Assurance Technical Framework (IATF). Retrieved December
15,
2002 from http://www.iatf.net
226
O’Brien, D. (2003, May 5). Scanning for security: Biometrics:
Fraud, terror
attacks and privacy laws have many seeking more foolproof
ways to
identify people. The Baltimore Sun. Retrieved May 5, 2003
from
http://www.sunspot.net/news/printedition/bal-
te.biometrics05may05,0,
7980825.story?coll=bal%2Dpe%2Dasection
Office of Homeland Security. (2002, July). National strategy for
homeland security. Retrieved July 17, 2002 from http://www.
whitehouse.gov/homeland/book/nat_strat_hls.pdf
O’Hanlon, M., Orszag, P., Daalder, I., Destler, I., Gunter, D., Litan,
R.,
& Steinberg, J. (2002). Protecting the American homeland: A
preliminary analysis. Washington, D.C.: Brookings Institution
Press.
Retrieved May 5, 2002 from
http://www.brook.edu/dybdocroot/fp/
projects/homeland/fullhomeland.pdf
PosID, Inc., http://www.posidinc.com.
227
Quintanilla, F. (2000, July 5). Fingerprint as password: Your
fingerprint
could be your one password for life. Retrieved July 3, 2002
from
http://www.biometricgroup.com/a_press/office/office.htm
Radio Frequency Identification (RFID) Journal.
http://www.rfidjournal.com
Richter, C. (1999, September 13). RFID: An educational primer.
Retrieved December 12, 2002, from Intermec Technologies
Corporation website:
http://epsfiles.intermec.com/eps_files/eps_wp/
rfid_wp.pdf
Schaie, K., & Schooler, C. (Eds.). (1998). Impact of work on older
adults. New York: Springer Publishing Company, Inc.
Smart Card Alliance. http://www.smartcardalliance.org.
Stapleton, J. (2001). Biometrics. PKI Forum. Retrieved January 6,
2003, from http://www.pkiforum.org/pdfs/biometricsweb.pdf
Swanson, J. L., & Fouad, N. A. (1999). Career theory and practice:
Learning Through case studies. Thousand Oaks, CA: Sage
Publications.
228
Szymanski, E. M., & Parker, R. M. (Eds.). (1996). Work and
disability:
Issues and strategies in career development and job
placement.
Austin, TX: Pro-Ed, Inc.
The Biometric Foundation. (n.d.). Why Biometrics? Retrieved
January
10, 2003 from http://www.biometricfoundation.org/
whybiometrics.htm
Thieme, M. (n.d.). Biometric usage on a privacy continuum.
International
Biometric Group LLC. Retrieved January 10, 2003 from
http://www.bioprivacy.org/continuum.htm
Thieme, M. (n.d.). Privacy concerns and biometric technologies.
International Biometric Group LLC. Retrieved January 10, 2003
from
http://www.bioprivacy.org/privacy_fears.htm
Toren, P. J. (2003, March 20). From the mind of a hacker. New
York Law
Journal. Retrieved March 20, 2003 from
http://www.law.com/jsp/article.jsp?
229
id=1046833592378
TRACE Center. http://www.trace.wisc.edu. (December 6, 2002)
United States Department of Justice, Civil Rights Division,
Disability
Rights Section. http://www.usdoj.gov/crt/ada/adahom1.htm.
United States Department of Justice, Civil Rights Division. (1998).
Workforce Investment Act of 1998 (WIA). Retrieved September
24,
2002 from http://www.usdoj.gov/crt/508/508law.html
United States Department of Labor. (2002, July 26). People with
disabilities: Strengthening the 21st Century workforce.
Retrieved
September 23, 2002 from http://www.dol.gov/sec/programs/
ptfead/2002rpt/ 2002_PTFEAD_Report.pdf
United States Department of Labor, Office of Disability
Employment
Policy. (2002). New freedom initiative 2002: Independence
through
employment. Retrieved September 24, 2002, from
http://www.dol.
gov/odep/pubs/nfi02/finalnfi_71802.pdf
230
Van Impe, M. (2002, September 5). New Voice Biometric Security
for mobile
phones. Mobile CommerceNet. Retrieved January 10, 2003,
from
http://www.mobile.commerce.net/print.php?story_id=2129
Voice Security Systems.
http://www.voice-security.com/flash/index.html.
(November 3, 2002)
Walder, B. (1997). Smart cards: The use of “intelligent plastic” for
access control. Bedford, England: NSS Group Network House.
Westin, A. (2002). Public attitudes toward the uses of biometric
Identification technologies by government and the private
sector:
Summary of survey findings. Opinion Research Corporation
(ORC)
International. Retrieved January 9, 2003 from
http://www.search.
org/policy/bio_conf/Biometricsurveyfindings.pdf
Wilkie, D. (2003, May 17). White House may put less value on se-
niors,
231
disabled. Copley News Service: Union-Tribune Publishing Co.
Retrieved
May 17, 2003, from
http://www.signonsandiego.com/news/uniontrib/sat/
news/news_1n17value.html
Winter, C. (2000, October 29). Biometrics: Safeguard or invasion
of
privacy. Sun-Sentinel. Retrieved July 3, 2002, from http://www.
biometricgroup.com/a_press/SunSentinelarticle_Oct2000.htm
Woodlands Online. (n.d.). Biometric emerges as a solution for
security.
Retrieved July 3, 2002, from http://www.biometricgroup.com/
a_press/woodland.htm
Woodward, J., Orlans, N., & Higgins, P. (2003). Biometrics: Identity
assurance in the information age. Berkeley, CA: McGraw-
Hill/Osborne
Yin, R. K. (1994). Case study research: Design and methods
(Applied
social research methods (Vol. 5, 2nd ed.). Beverly Hills, CA:
SAGE
Publications, Inc.
232
Zunkel, R. (1998). Hand geometry based authentication in
biometrics:
Personal identification in networked society. New York: Kluwer
Academic
Publishers.
APPENDICIES
A1-0
Appendix 1
To Be Or Not To Be? (Survey Introduction)
Introduction
On November 26th, 2001 my wife and I had our paper “Let Me In!!!” published on the to ICDRI website. The paper drew much interest and is due to be republished at www.nextinterface.net. It also promoted many questions and inquires, about feasibility and mostly about the security of personal data.
Feasibility
Let us first address the issue of feasibility, which is the easiest to address. Refer to an article called “Monkey Thoughts Control Computer” published by the BBC News (http://news.bbc.co.uk/hi/english/sci/tech/newsid_1871000/1871803.stm). This is not the first article of this type, but I believe it to be the most significant. Because, this prototype demonstrates the potential to be universal and useable by the majority of the disabled people. Why? Well it stands to reason that if a monkey can be trained to use the device, then training a human would imply orders of magnitude with respect to ease. Yes, we can use biology’s logic of self-preservation to merge the electronic and biological worlds. In the opinion of Dr. Lawson the neural-interface evolution of man and machine will come in a three-phases. The first will be oriented towards control of appliances (i.e. primarily the Internet), the second will be mobility (i.e. automobiles, exoskeleton, etc.), and the third will be bionic systems (i.e. cyborg).
However, we would like to point out that there are primarily two schools of thought about how to deploy a neural interface device. One is that it must be directly implanted in the brain and the other is that brain waves can be sensed via an external device worn on the head much like headset can be worn. There are real factors to consider and many thresholds to cross.
A1-1
Appendix 1 (Continued)
To Be Or Not To Be? (Survey Introduction)
Privacy
The questions and concerns on this issue were fierce. As with any new technology issue privacy or misuse of information comes to the forefront. Well the questions and concerns are justified; in fact the people of the world are vulnerable. Yes, vulnerable to many forms of misuse, such as the snooping eyes of Big Brother or identity theft. Which leads to a host of many of crimes; for example, financial fraud, passport theft, and more than we can conceive.
However, Biometrics itself was designed as a method to ensure that sensitive information is protected. It is my belief that only biometric that is feasible for use with a neural control interface and that is a Neural (EEG) Fingerprint. But the question is does it exist? I believe it does.
Why a biometric? Keep in mind that a neural control interface is wireless and it allow an individual to control remote devices. So access is not an issue when that ability is limited to one are two individuals. But, keep in mind that technology transfer is real and this technology can also work for people whom are not disabled. Therefore, security is needed… How do you address such a security issue? I’ll say it again a Neural Fingerprint, before accessing a device remote or otherwise your Neural Fingerprint is compared those whom do have access.
Let’s use and everyday task as an example, you have and neural implant and you want to call for an elevator. You approach the elevator and user your neural implant to call for the elevator, the elevator comes down and you get on. O.K. you’re rich and so you live in the penthouse, once again you use your neural implant to select the penthouse, then you unlock your door.
A1-2
Appendix 1 (Continued)
To Be Or Not To Be? (Survey Introduction)
Great, home sweet home, where is that butler? Now a criminal with a neural implant calls for the elevator, goes to the penthouse, and unlocks your door.
If we used a biometric his access would have been restricted, for example he could have never even called for the elevator, been restricted from the penthouse, and security could have been notified.
We are not saying that biometrics is the answer, just one tool. It is not the supreme Maginot Line.
Survey
We are Americans and in many cases we find ourselves forgetting that the issue of privacy is global, not just something in America. In many cases Americans refer to the Bill of Rights or the Constitution, well if you are not an American you may have no idea what they are. Therefore, I respectfully ask that members of the international community take a moment to complete a survey and please feel free to send additional comments to [email protected].
Link to Survey:http://www.icdri.org/biometrics/survey_biometric.htm
Ultimately whether technology is to be or not be, is up to the people of the world.
Copyright © William J. Lawson 2002
Copyright © 1998, 1999, 2000, 2001, 2002 International Center for Disability Resources on the Internet
A2-0
Appendix 2
Online Survey:Use of Biometrics and Neural Implants
Below is a survey on Neural Implants. There are no cookies on this site and ICDRI does not in any way track individual users. If you wish to fill this survey out, it would be greatly appreciated. Please feel free to send any comments to [email protected]. We thank you in advance for filling out the survey and helping us to understand these issues better.
Please use the below guide to rank your responses.
They appear in the field of the drop down box as listed below:
1 = Strongly Disagree2 = Somewhat Disagree3 = Don't Care4 = Somewhat Agree5 = Strongly Agree6 = It Depends on the Circumstances (Unsure)
Please select the answer that most nearly expresses your response to the question. Each question has a combo box from which you can select one of the six choices above.
Please note, choice number six has been added to account for circumstances that you might feel would warrant a neural implant when you might not normally agree to this.
1. If you were physically disabled, would you agree to be a recipient of a neural implant?
2. It is our opinion that a Biometric Access and Neural Control solution can benefit everyone, disabled or otherwise. Do you agree?
A2-1
Appendix 2 (Continued)
Online Survey: Use of Biometrics and Neural Implants
3. Would you be concern that the information provided to the hospital, doctors, insurance companies, or government might be misused?
4. Do you agree with the paper?
5. Do you agree with the theory that an EEG or Neural Fingerprint exists?
6. If such a solution was available, do you think insurance companies should pay for the procedure?
7. Based on the two schools of thought from the survey paper. Would you still agree to have neural interface directly implanted in your brain?
Copyright © William J. Lawson 2002
Copyright © 1998, 1999, 2000, 2001, 2002 International Center for Disability Resources on the Internet
A3-0
Appendix 3
Sampling of Typical One-on-One Interview Questions
1. Do you manage challenged employees?2. Do you know what assistive technologies are? 3. Do you know what biometric technologies are?4. As a manager, what would you consider to be the greatest
barrier for employees of variable abilities?5. Do you feel that challenged employees are as capable as
non-challenged employees?6. In your opinion do challenged employees miss more or less
work, then their non-challenged counterparts?7. Have you heard of the Americans with Disability Act?8. Are you familiar with Section 504 and/or 508 of the ADA? 9. Do you feel that the interfaces used by your company are
accessible to everyone?10. Do you feel that biometric technologies could assist to
breakdown barriers?
A4-0
Appendix 4
Final Result Matrix: Online Survey - Per Question Breakdown
Legend:TNS = Total Number SurveyedSD = Strongly DisagreeSWD = Somewhat DisagreeDC = Don't CareSWA = Somewhat AgreeSA = Strongly AgreeUNK = It Depends on the Circumstances
Question # 1 Answer: # %If you were physically disabled, would you agree to be a recipient of a neural implant?
SD 1 0.73SWD 2 1.46DC 1 0.73SWA 20 14.60SA 103 75.18UNK 10 7.30TNS 137 100
Question # 2 Answer: # %It is our opinion that a Biometric Access and Neural Control solution can benefit everyone, disabled or otherwise. Do you agree?
SD 2 1.46SWD 11 8.03DC 3 2.19SWA 33 24.09SA 85 62.04UNK 3 2.19TNS 137 100
Question # 3 Answer: # %Would you be concern that the information provided to the hospital, doctors, insurance companies, or government might be misused?
SD 2 1.46SWD 7 5.11DC 6 4.38SWA 97 70.80SA 22 16.06UNK 3 2.19TNS 137 100
A4-1
Appendix 4 (Continued)
Final Result Matrix: Online Survey - Per Question Breakdown
Question # 4 Answer: # %Do you agree with the paper? SD 1 0.73
SWD 1 0.73DC 5 3.65SWA 73 53.28SA 52 37.96UNK 5 3.65TNS 137 100
Question # 5 Answer: # %Do you agree with the theory that an EEG or Neural Fingerprint exists?
SD 3 2.19SWD 2 1.46DC 5 3.65SWA 43 31.39SA 69 50.36UNK 15 10.95TNS 137 100
Question # 6 Answer: # %If such a solution was available, do you think insurance companies should pay for the procedure?
SD 1 0.73SWD 2 1.46DC 1 0.73SWA 23 16.79SA 99 72.26UNK 11 8.03TNS 137 100
Question # 7 Answer: # %Based on the two schools of thought from the survey paper. Would you still agree to have neural interface directly implanted in your brain?
SD 13 9.49SWD 8 5.84DC 2 1.46SWA 35 25.55SA 51 37.23UNK 28 20.44TNS 137 100.01
A4-2
Appendix 5
Fused Results:Online Survey – by Agreement Levels
The follow chart was produced by totaling the responses of
all (137) online survey participants via their agreement levels.
SD = Strongly DisagreeSWD = Somewhat DisagreeDC = Don't CareSWA = Somewhat AgreeSA = Strongly AgreeUNK = It Depends on the Circumstances
A4-3
Appendix 6
Aggregated Results ofOne-on-One Interview Questions
The data was derived by aggregating the open-ended
responses of all (35) interviewees.
1. Do you manage challenged employees?Results: 24 out of 35 have managed challenged employees at some point during their career. 10 out of 35 have never managed challenged employees, but had received instruction on managing challenged employees. 1 out of 35 has done neither.
2. Do you know what assistive technologies are?Results: 10 out of the 35 have knowledge of assistive technologies. 25 out of 35 had no practical knowledge of assistive technologies.
3. Do you know what biometric technologies are?Results: 6 out of 35 were familiar with biometrics. The other 29 confused biometrics with biotechnology.
4. As a manager, what would you consider to be the greatest barrier for employees of variable abilities?Results: 20 out of the 35 believe that cultural stereotyping by co-workers was the greatest barrier. 5 out of the 35 believed that accessible interfaces were the greatest barrier. 9 out of the 35 named transportation as the greatest barrier. 1 out of 35 had no opinion.
5. Do you feel that challenged employees are as capable as non-challenged employees?
A4-4
Appendix 6 (continued)
Aggregated Results ofOne-on-One Interview Questions
Results: 32 out of 35 felt that challenged employees were just as capable. 2 out of 35 felt that challenged employees were not as capable. 1 out of 35 felt as if challenged employees should not be in the workforce.
6. In your opinion do challenged employees miss more or less work, then their non-challenged counterparts?Results: 23 out of the 35 believed that challenged and non-challenged employees were equal. 9 stated that challenged employees did miss 1-4 days more work per year than their non-challenged counterpart. 3 have not noticed.
7. Have you heard of the Americans with Disability Act?Results: 17 out of 35 stated that they have heard of the ADA, but only 12 were able to define the purpose of the ADA.
8. Are you familiar with Section 504 and/or 508 of the ADA?Results: 10 out of 35 were familiar with Section 508. Only 2 out of 35 were familiar with both Section 504 and 508.
9. Do you feel that the interfaces used by your company are accessible to everyone?Results: 31 out of 35 answered, yes. 3 out of 35 answered, no. 1 out of 35 had no idea.
10. Do you feel that biometric technologies could assist to breakdown barriers?
Results: 5 out of 35 believed the answer to be, yes. 1 out of 35 stated, no. 29 out of the 35 did not know.