Page 975 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 975

the retina, the iris remains relatively unchanged throughout a person’s
               life (barring eye damage or illness). Iris scans are considered more

               acceptable by general users than retina scans typically because scans
               can occur from far way. Scans can often be done from 6 to 12 meters
               away (about 20 to 40 feet). However, some scanners can be fooled
               with a high-quality image in place of a person’s eye. Additionally,
               accuracy can be affected by changes in lighting and the usage of some
               glasses and contact lenses.


               Palm Scans Palm scanners scan the palm of the hand for
               identification. They use near-infrared light to measure vein patterns in
               the palm, which are as unique as fingerprints. Individuals simply place
               their palm over a scanner for a few seconds during the registration
               process. Later, they place their hand over the scanner again for
               identification. As an example, the Graduate Management Admissions
               Council (GMAC) uses palm vein readers to prevent people from taking
               the test for others and also to ensure that the same person reenters the

               testing room after a break.

               Hand Geometry Hand geometry recognizes the physical
               dimensions of the hand. This includes the width and length of the
               palm and fingers. It captures a silhouette of the hand, but not the
               details of fingerprints or vein patterns. Hand geometry is rarely used
               by itself since it is difficult to uniquely identify an individual using this

               method.

               Heart/Pulse Patterns Measuring the user’s pulse or heartbeat
               ensures that a real person is providing the biometric factor. It is often
               employed as a secondary biometric to support another type of
               authentication. Some researchers theorize that heartbeats are unique
               between individuals and claim it is possible to use electrocardiography
               for authentication. However, a reliable method has not been created or

               fully tested.

               Voice Pattern Recognition This type of biometric authentication
               relies on the characteristics of a person’s speaking voice, known as a
               voiceprint. The user speaks a specific phrase, which is recorded by the
               authentication system. To authenticate, they repeat the same phrase
               and it is compared to the original. Voice pattern recognition is
   970   971   972   973   974   975   976   977   978   979   980