Access Control

Meeting the challenge of regulation compliance with the help of biometrics

In the wake of September 11, 2001, the federal government passed a wide variety of security compliance regulations – each with their own requirements and standards. Such moves have raised security awareness levels across industries and inspired data security and internal control acts such as HIPAA, FFIEC, and Sarbanes-Oxley (SOX), to name a few.

Increasing security compliance means that organizations face an increasing burden to adequately protect accounts, personal data, and other sensitive information, while reducing security and administrative costs.

Biometric technology represents a significant advancement in enabling security compliance because it physically verifies an individual's identity.

Biometric security systems tie a unique physical attribute of a user to the IT resources and data that they are allowed to access. The most common biometric security systems use fingerprints, but these systems can also use iris and retinal scans, hand geometry, and facial recognition technology.

Traditional security systems might prompt a user to enter their username and password to gain access to a protected resource and then compare it to information stored in the system. Though if the password is discovered, there's no way for the system to detect an unauthorized user. By contrast, a biometric system heightens security by requiring the user to provide a unique physical characteristic, typically their fingerprint, to the system, which is then verified against a stored template, usually held in a database.

Privaris' plusID device is one example of a fingerprint biometric solution designed to solve an organization's security compliance needs and offer significant enhancements over traditional fingerprint biometric security systems.

plusID is a personal, mobile, biometric device that verifies its user's identity prior to allowing data access, but does so without the use of a biometric database to ensure its user's personal privacy. All fingerprint information in securely stored on the device itself, not in a database. The user never has to relinquish their biometric information.

The plusID can be used to authenticate users to computers, networks, websites, software, VPNs, encrypted files, and online applications.

Passwords, cryptographic keys, and any other type of access credentials, are storied in the secure, tamper resistant device. These access credentials are only accessible after the authorized user has verified with their finger against the fingerprint template securely stored in the plusID. Once authenticated, the device can encrypt and/or digitally sign access credentials before transmitting them from the device. The fingerprint, however, is never released from the device.

The device enrollment process is simple (typically taking only two minutes) and secure, making plusID a rapid and easy to deploy solution for security compliance.

The Privaris plusID biometric security device is a practical and cost efficient solution for organizations looking to comply with the new security requirements imposed by government regulations.