IAM

  1. Identity
  2. IAM policy
  3. Biometrics
    1. Biometric systems
  4. Account

Identity

  • aspects
    1. unique
    2. nondescriptive
    3. can be issued

IAM policy

  1. user access to
  2. access approval
  3. former employee
  4. access revoking
  5. monitoring
  6. compliance

Biometrics

  • types
    1. physiological
    2. behavioural
  • errors
    1. type I: false rejection rate (FRR)
    2. type II: false acceptance rate (FAR)
    3. crossover error rate (CER)
      • % errors, when FRR = FAR
      • equal error rate (EER)
      • allows unbiased solution comparison
  • liveliness check
    • temperature
    • pulsation

Biometric systems

  1. fingerprint: compares whole fingerprint
  2. finger-scan: compares fingerprint traits
  3. palm scan: ~ fingerprint, whole palm
  4. hand geometry: size, form of fingers and palm; picture from above
  5. retina scan: photo of blood vessels in retima; may be subject to compliance as PHI
  6. iris scan: iris photo
  7. signature dynamics: speed, direction, pressure
  8. keystroke dynamics: speed, delay between strokes
  9. voice print
    • several phrases
    • reproducing in random order – protection from voice recording
  10. facial scan: bones, size of nose, eyes, forehead, chin; 3D image
  11. hand topography: palm map, footage from the side

Account

  • acceptable use policy (AUP)
    • list of what is permitted to do
    • protection from privacy-related claims, “I didn’t know” situations
  • change control for allocating access rights
    • duration
    • reason
    • approving person
  • suspension policy: when account is not used
  • data retention policy: useful for investigation because account is not deleted, just suspended
  • authorization creep: uncontrolled accumulation of access rights by users over time