Identity
- aspects
- unique
- nondescriptive
- can be issued
IAM policy
- user access to
- access approval
- former employee
- access revoking
- monitoring
- compliance
Biometrics
- types
- physiological
- behavioural
- errors
- type I: false rejection rate (FRR)
- type II: false acceptance rate (FAR)
- crossover error rate (CER)
- % errors, when FRR = FAR
- equal error rate (EER)
- allows unbiased solution comparison
- liveliness check
- temperature
- pulsation
Biometric systems
- fingerprint: compares whole fingerprint
- finger-scan: compares fingerprint traits
- palm scan: ~ fingerprint, whole palm
- hand geometry: size, form of fingers and palm; picture from above
- retina scan: photo of blood vessels in retima; may be subject to compliance as PHI
- iris scan: iris photo
- signature dynamics: speed, direction, pressure
- keystroke dynamics: speed, delay between strokes
- voice print
- several phrases
- reproducing in random order – protection from voice recording
- facial scan: bones, size of nose, eyes, forehead, chin; 3D image
- hand topography: palm map, footage from the side
Account
- acceptable use policy (AUP)
- list of what is permitted to do
- protection from privacy-related claims, “I didn’t know” situations
- change control for allocating access rights
- duration
- reason
- approving person
- suspension policy: when account is not used
- data retention policy: useful for investigation because account is not deleted, just suspended
- authorization creep: uncontrolled accumulation of access rights by users over time