Biometrics Authentication Part I


One of the important roles of the operating system is to protect the processes executed within the computer systems from one another’s activities. To provide such protection, operating systems use various mechanisms to ensure that only processes that gained the proper authorization from the operating system can operate on the available resources (such as memory, file, disks and CPU). Such protection provides the essential mechanism that can control and enforce the rules that maintain the access of programs, processes or users to the available resources with the computer systems (Silberschatz and Galvin, 2009).

With the rapid changes in the computer systems architectures, modern protection are provided to such systems to increase the reliability of any complex system that makes use of shared resources. Such protections are provided to prevent the violation of an access restriction by users, and also to ensure that each program component uses system resources only in ways consistent with the stated policies. To achieve such goal, a process should be allowed to access only those resources which it has authorization that is required to complete its tasks. To facilitate the internal protection within any computer systems, a process operates within a protection domain, which specifies the resources that the process may access. With such mechanism each domain defines a set of objects (hardware objects such as memory, CPU, or disks or software objects such as programs and files) and the types of operations that may be invoked on each object (Silberschatz and Galvin, 2009).  

System protection provided by the operating system is an internal solution for any computer systems. On the other hand, security requires not only an internal system protection, but also consideration of the external environment within which the system operates. System protection is ineffective if user authentication is compromised or a program can run by an unauthorized user, and as such; computer resources must be protected against malicious destruction, unauthorized access, and intrusion. Total security for any computer systems can’t be achieved, however ensuring the security of the computer systems is worth considerable effort, and computer systems must have mechanisms to make security breaches a rare occurrence. One of the major security problems for operating systems is user authentication (Silberschatz and Galvin, 2009).

The system protection depends on the ability to identify the program, and processes currently executing where in turn depends on the ability to identify each user of the system. The most common approach to authenticating a user identity is the use of passwords where are often used to protect objects in the computer system in the absence of complete protection schemes. One of the authentication methods that can be used to authenticate users other than the password is the use of biometric measures. For example, fingerprint readers have become accurate and cost-effective where the devices read finger ridge patterns, and convert them into a sequence of numbers that can be stored in the computer systems. Software can then scan a finger on the pad and compare its features with these stored sequences to determine if they match (Kay, 2005).

Biometrics Technology

Kay (2005) explained that one of the growing problems in the modern computer systems is the identity theft, and the loss of the data and the related intellectual property, and as such; it becomes more difficult to maintain and manage access while protecting both computer’s data and user’s identity. Authenticating an identity can be done in three ways:

  • By a method that user knows such as personal identification or a password.
  • By something the user has such as smart card or security token.
  • By something that identifies user’s physical characteristics such as fingerprint where biometric is used.

Kay (2005) also explained that each of the above mechanisms has its own drawbacks, and as such; a combination of two or more mechanisms should be used to maintain systems protections. Biometrics authentication have proven over the years that it’s hard to forge or spoof since the authentication is based on the unique physical characteristics of the human being such as fingerprints, voice recognition and eye signatures. In the beginning years of implementing such technology, it was slow, intrusive, and expensive to implement since the technology was used by mainframe. However, with faster computer systems, and inexpensive hardware, renewed the interest in biometrics again. A number of biometric technologies has been introduced over the recent years, however few have gained wide acceptance from the computers vendor, and users. Some of these technologies are:

  • Signature dynamics – such technology is based on the individual’s signature which might create a problem since the final image produced by the device can be different from time to time due to the difference in pressure, and writing speed at various points in the signature.


  • Typing patterns – such technology is similar to the signature technology; however it extends to the keyboard where the recognition is based on the intervals between characters, and the overall speeds and pattern.


  • Eye Scans – such technology required an expensive hardware since two parts of the eye has to be scanned; the retina and iris, it’s slow and inconvenient to users.


  • Fingerprint recognition – such technology easy to use, and requires little physical space since the fingerprint is used to identify an individual.


  • Hand or palm geometry – such technology used the entire hand to identify individual where it relies on the measure of the length, and the angles of individual fingers. Despite the fact it’s more user-friendly than retinal scans, it’s still complex and cumbersome for many users to use.


  • Voice recognition – such technology built on the idea of verifying the individual speaker against a stored voice pattern. It’s not speech recognition, and as such; understanding what is being said is not required to verify individual’s authentication.
  • Facial recognition – such technology used the facial features where some facial features such as eye sockets, the sides of the mouth, areas around cheekbones, and the location of the eyes and the nose can be unique identifications among different individuals.

Fingerprint authentication becoming the wide choice for the biometric technology due to the ease of use, and its convenience to many users to use. There are a growing number of the computer systems that are built-in with fingerprint readers where encrypted passwords can be maintained by the device (fingerprint) instead of the user to remember such password.  Also, additional password or PIN can be added to the device to offer extra authentication to the computer system (Kay, 2005).

Rosenzweig and Kochems (2004) explained that biometrics can be used in two ways: for verification or for identification. When the biometrics is used to verify an individual, it’s known as “on-to-one” matching where the verification between the individual’s biometric and the biometric templates in a database can be done in a matter of seconds. On the other hand, when the biometric is used for identification, it’s known as “one-to-many” matching where the comparison is done between the individual’s presented biometric against all of the biometric templates within a database. Such system offers two types of identification systems:

  • Positive identification – where a match between the biometric presented, and the template is expected to be found. Such systems are designed to make sure that the individual is in the database.


  • Negative identification – such systems are designed to make sure that the individual is not in the system (such as watch list where the match will trigger a notice to the authority for certain action).

Rosenzweig and Kochems (2004) also explained that both types of the biometrics don’t generate perfect matches, instead each comparison result generates a score of how close the presented biometric to the stored template within the database. Also, with such system a sample biometric required to create the biometric templates within the database. In addition to the biometric implemented in today’s computer systems such Iris recognition, hand geometry, fingerprint, facial recognition, and voice recognition, researchers are also looking for other biometrics technology such as vein scans, DNA matching, blood pulse measurements, and skin pattern recognition. There’s no doubt that the use of biometric technology will increase the computer system security, however such technology raises several practical and policy questions about the purpose, and the privacy requirements for its use within any organization. 

Finally, increasing processors speed and USB ports within computer systems, makes the fingerprint recognition the most cost-effective, easiest to implement, reliable, and the best of overall choices for majority of the applications and computer systems to authenticate users. However Users are usually reluctant about fingerprint recognition technology since the fingerprints is primarily used by the law enforcement which can be easy to overcome by reminding users that their fingerprints are already all over their workstations and keyboards (McCormick, 2004).


Computer systems contain many objects that need to be protected from unauthorized users and misuse. Computer systems contain hardware objects (such as CPU, I/O devices and memory) or software objects (such as Programs and files). Operating systems provide an access right mechanism (permissions) to such objects to perform an operation. For an operating system to provide such protection a domain with set of access rights are used as a mechanism for system protection. Processes execute in a certain domain may use any of the access rights belong to such domain, and objects within such domain and as such; during the lifetime of such processes, they may be either bound to a protection domain or allowed to switch from one domain to another (Silberschatz and Galvin, 2009).

Protection is an internal system problem and as such; security should be considered to protect computer system, and valuable objects from outside threats (such as people, and businesses) within which such system is used. With valuable data and information stored in the computer systems, security has to be provided to protect such systems from unauthorized access, malicious destruction or any intrusion. It is easier to protect the operating systems against accidental loss of data than to protect against malicious access to the data (Silberschatz and Galvin, 2009).

Finally, absolute protection and security of the information stored in the computer system from malicious abuse is not possible, however, the cost of not having security mechanism implemented can be costly since the system vulnerability will be in high risk with such information available without proper authority. User authentication methods are used to identify legitimate users of any computer systems. In addition to standard user-name and password protection, several authentication methods are used. One of these methods is the biometrics. Different types of biometrics can be used to authenticate users and protect the computer systems (Kay, 2005).


Kay, R. (2005) QuickStudy: Biometric authentication [Online]. Available from: (Accessed: 25 September 2010).

McCormick, J. (2004) Determining which biometric technology is right for you [Online]. Available for:,339028264,320283295,00.htm (Accessed: 25 September 2010).

Rosenzweig, P. & Kochems, A. (2004) Biometric Technologies: Security, Legal, and Policy Implications [Online]. Available from: (Accessed: 25 September 2010).

Silberschatz, A. & Galvin, P. (2009) Operating System Concepts. 8th ed. NJ: John Wiley & Sons, Inc.



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: