Page 979 - (ISC)² CISSP Certified Information Systems Security Professional Official Study Guide
P. 979

Biometric devices can be ineffective or unacceptable due to factors
               known as enrollment time, throughput rate, and acceptance. For a

               biometric device to work as an identification or authentication
               mechanism, a process called enrollment (or registration) must take
               place. During enrollment, a subject’s biometric factor is sampled and
               stored in the device’s database. This stored sample of a biometric
               factor is the reference profile (also known as a reference template).

               The time required to scan and store a biometric factor depends on

               which physical or performance characteristic is measured. Users are
               less willing to accept the inconvenience of biometric methods that take
               a long time. In general, enrollment times over 2 minutes are
               unacceptable. If you use a biometric characteristic that changes over
               time, such as a person’s voice tones, facial hair, or signature pattern,
               reenrollment must occur at regular intervals, adding inconvenience.

               The throughput rate is the amount of time the system requires to scan

               a subject and approve or deny access. The more complex or detailed a
               biometric characteristic, the longer processing takes. Subjects typically
               accept a throughput rate of about 6 seconds or faster.


               Multifactor Authentication

               Multifactor authentication is any authentication using two or more

               factors. Two-factor authentication requires two different factors to
               provide authentication. As an example, smartcards typically require
               users to insert their card into a reader and enter a PIN. The smart card
               is in the something-you-have factor, and the PIN is in the something-
               you-know factor. As a general rule, using more types or factors results
               in more secure authentication.




                          Multifactor authentication must use multiple types or

                  factors, such as the something-you-know factor and the
                  something-you-have factor. In contrast, requiring users to enter a

                  password and a PIN is not multifactor authentication because both
                  methods are from a single authentication factor (something you
                  know).
   974   975   976   977   978   979   980   981   982   983   984