Passwords and signatures
E-business software may implement highly secure encryption and digital signatures to prevent eavesdropping and guarantee integrity, but in a password-controlled situation, these are effective only as long as the password remains secret. The password is usually the weakest point in the system.
For this reason, it is not wise to blithely assume that a digital signature guarantees that a document has been signed by a particular person. The signature actually connects the document to a digital key. What matters is who can gain access to the key.
This chain of reasoning has led many organisations to consider biometric security. Biometrics allow security systems to use two of the three classes of authentication without the troublesome need to issue a physical token.
Alternatively, biometric authentication may be used with a smartcard capable of storing biometric data. This approach can protect the card itself from misuse or forgery. Clearly this type of system is only as secure as the information held on the smartcard, and so biometric data and other information stored on the card is normally encrypted to prevent copying or forgery. Similarly, copies of biometric data stored on the user's PC must be held in an encrypted form, to prevent snooping by unauthorised software.
Suppliers of biometric technology include Veridicom, which recently launched a fingerprint sensor that is compact enough for use with PC Cards and mobile phones  future versions of the product may be thin enough to be built into smartcards.
Keyware, another specialist in biometric technologies, has teamed up with Sony to incorporate its Biometric Screensaver into Sony's CMR-PC1 USB notebook camera kit. Biometric Screensaver is designed to be used as an alternative to PIN- or password-based security. The system unlocks the notebook after checking both the user's facial features and a spoken password. The firm has also developed a smartcard that stores the user's fingerprint, allowing verification through a fingerprint reader.
