Learn about Biometrics in CISSP



Continuing our discussion on the authentication methods, we are going to talk about Biometrics.

Applying statistical analysis to biological data.

The third category of authentication methods is the Biometrics. Using biometric methods is considered the strongest and most authentic identification and authentication approach. You will find this reasonable if you refer back to the definitions of the identification and authentication:

Identification is the process in which a user claims an identity, while authentication is the process of proving the claimed identity.
Okay, now a biometric method (which depends on a unique feature that nobody else can share with you; i.e. pupil, fingerprint, etc.) checks and verifies that you are actually YOU. This is both an identification and authentication process.

Among all known identification and authentication methods, biometric methods are the most expensive ones. That is why they are used wherever verifying personnel identity is of ultimate importance. Examples for this are found in airports and military zones.

Biometric methods are divided into two main sub-categories:
Physiological methods: methods of this category rely on physical features of the person, like his face, fingerprints, hand geometry, iris scan, retina scan, and voice print.
Behavioral Methods: rely on the way you do something, like your hand-written signature, and keystroke dynamics.

Now, let’s discuss in brief each of the above-mentioned methods.

Face Scan
The oldest identification and authentication method in history: identifying a person by his face. This is done using human eyes.
Nowadays, the Face Scan process relies on the technologies of face detection and recognition. This is usually used in airports to verify the identity of a passenger before allowing him/her to enter the country. The face is photographed (scanned), and then its picture is analyzed and compared to a database of previously-saved images.


Another one of the oldest identification techniques used mainly in criminal investigations. The idea depends on matching the finger patterns of suspicious persons against the one(s) extracted from the crime scene. A fingerprint is one of the unique features that can never be shared between two humans. In the context of access control, a database of allowed personnel fingerprints is created by asking the staff to come and enroll their fingerprints on a reader machine. At the entry points, the same machine is placed, asking the staff to authenticate their identity by putting thumb/fingers on the reader.

Hand Geometry
Besides fingerprints, the shape and dimensions of the hand can also be used to as a method to identify a person. The use of this method is not widespread like fingerprints.

Retina Scan
The eye-print or retina scan is most accurate biometric identification and authentication method. This method depends on taking a picture of the eye with details of the blood vessels located in the back of the eye.

Iris Scan
Another accurate method using the eye is the iris scan. In this method, the patterns of the iris are scanned and checked against a database of stored iris patterns.

Voice Print
In this method, the enrollment is done first by asking the user to say a specific phrase to be recorded. On authentication, the person is asked to say the same phrase again to be compared with the original. Even though some voices appear to be very similar, they are still unique, so special devices have the ability to differentiate between voices. The idea is that the vocal cords, vocal cavities, and mouth movements vary from one person to another in a way that makes it impossible for two persons to have the same voice print.

Keystroke Dynamics
The way a person types on the keyboard varies from one to another even for the same phrase. In the enrollment process, the user is asked to type a specific phrase on the keyboard. The typing speed, the pressure on the keys, and the typing style all are translated into electrical signals that are uniquely different from person to another. On authentication, the user is asked to type the same phrase again, and the resulting electrical signals are compared to the previously-saved ones.

Signature Dynamics
The writing process also varies from one person to another; i.e. the way the person holds the pen, the style of how he/she draws each character, the speed of writing, the pen pressure, and the length of the time period in which the user lifts the pen between strokes. This combination is unique in a way that makes signature dynamics an effective identification and authentication method. The writing process produces electrical signals that can be stored in a database. On authentication, the user is asked to sign his signature. The resulting signals are compared to the previously-enrolled ones.
Some testing centers use signature dynamics to verify the identity of an applicant before entering exams.


  • Biometric access control methods are the most accurate and expensive identification and authentication methods.
  • Biometric is the process of applying statical analysis to biological data
  • Biometric methods could be either Physiological or Behavioral.
  • Common biometric authentication methods are: face scan, fingerprints, iris scan, retina scan, voice prints, keystroke dynamics, and signature dynamics.

In the next article, we will talk about One-Time Passwords.
See you.


Please enter your comment!
Please enter your name here