“Today, everything requires passwords, passcodes, security questions, and user names. Imagine being able to skip this process entirely and sign in to your corporate network or a private database with only your fingerprint, or by clicking a button on your phone or smart watch,” Bill O’Hern, SVP and Chief Security Officer, AT &T.
Accessing the entire corporate network using just your fingerprint sounds futuristic, but it is actually happening now! Swiping your finger is going to become your main sign-in mechanism in the coming days. The technology which is leading this transformation in authentication processes is known as Biometric Single Sign On!
What exactly is meant by Biometric Single Sign On and how it is going to revolutionize the way we login into a variety of systems and applications during our routine day-to-day activities…
What is Biometric Single Sign On
To understand the term biometric single sign on (SSO) we need to break it up into its two constituent terms –
Fingerprint Biometrics and Single Sign On
Biometrics is the biological metric or measurement. It refers to measurement of any of the biological characteristics or traits which a person possesses and which can be uniquely used to identify that person.
In security and authentication applications biometric, or biometrics, includes fingerprints, iris patterns, retinal patterns, gait, hand shapes and many other biological characteristics. All these characteristics are unique for every individual and can be effectively used for identification management. In addition, these characteristics can be measured digitally using pre-defined scientific parameters or biometric templates.
Such biometric templates can then be stored in a database. Whenever a person presents himself for authentication for gaining access, the access control procedures capture his specific biometric characteristic, such as his fingerprints or iris scan, digitally. This biometric trait is captured and then converted into its equivalent biometric template. This biometric template is then matched against all the stored biometric templates in the database. If a match is found, this personal is allowed access, else he isn’t allowed to proceed.
Biometrics have become key to various categories of physical access control as well as online access control. Authentication and Authorization are the key objectives of such biometric access control systems. It is the online access control aspect of biometric security systems which brings us to the second term of Single Sign On.
Single Sign On (SSO) refers to a user authentication process wherein a user uses a single set of access credentials to login into a group of applications. The important aspect of Single Sign On is that once he logs in into one application from the group, if he then proceeds to another application from within the group, then he is not required to present his access credentials again.
Technically, Single Sign On is accomplished by using a central policy server which holds the access credentials for all users eligible to access the group of applications participating in SSO. Once the user logs into one of the applications, then his session is propagated across to different applications which have agreed to shared his single signed on session.
It is the central SSO server’s responsibility to take care of access management among the whole group of applications. The central server takes care of managing the user session across multiple applications. It also sends across a part of logged in user’s data which might be needed by the application he is logged in to. Thus, a Biometric Single Sign-On(SSO) authentication and access management system combines the best of both biometrics and SSO.
The biometric characteristic which is currently most widely used and acceptable due to its economic cost and satisfactory performance is the fingerprint.
Fingerprints for all individuals are unique. A biometric security system using fingerprints for identification consists of a fingerprint scanner and a central database for storing fingerprints of all authenticated persons. When a person presents himself at access control checkpoint, which can be physical check point or online check, he needs to present his fingerprint for scanning. This scanned fingerprint is then matched to all the stored fingerprints in the central database. If a match is found, then he is allowed access else denied.
Biometric Single Sign-On(SSO) systems allow access to a group of applications with a single successful authentication done in any one of the applications. In a fingerprint based biometric access control, the Biometric SSO will entail the user swiping his fingerprints to access an application. If he successfully logs into any one of the applications, he is then allowed to access the second application without again being asked to prove his identity.
Let us understand the process of biometric SSO access management by breaking it down into steps –
Person authenticates himself for a single online application (App A) by swiping his fingerprints on a fingerprint scanning device.
App A’s application’s server contacts the central policy server with his fingerprint scan.
Central Server matches the fingerprint sent to it against all the stored fingerprints in the central database. Only the central serve has access the central biometric database.
If a match for the fingerprints is found then the central server sends a message back to the App A’s application’s server with the information that the authentication has been successful or not. It also sends basic user details to App A which the application may need to display to a logged-in user such as his name and designation.
App A successfully logs in the user, by taking him into a logged-in flow, if authentication is successful. (If the user is not authenticated, then he is shown a regret message and not allowed to access App A and the login process terminates.)
User works on App A for some time and then tries to access App B.
App B is part of the SSO group of applications. App B sends a request to the central server asking for session information for the user logged in.
If the central server finds an active session then it replies back with a ‘successfully authenticated’ message with the logged-in user’s details – the same information which App A received when it had requested for authentication from the central server.
App B allows the users to access itself. It does not ask for access credentials i.e. fingerprints from the user again.
Important aspect to note in the process of biometric SSO access management is that the steps 7 and 8 are completely transparent to the user. To him it seems like the moment he opened App B, he was provided access to it.
This is how a biometric SSO access management system works. Let us now look at the advantages a biometric SSO system provides to the end user, and how it improves access management across applications.
Advantages of using Fingerprint based Biometric Single Sign-On (SSO)
Biometric Single Sign-On (SSO) systems have the inherent advantages of both biometric access control and single sign-on applications.
Let us look at the benefits due to which Biometric Single Sign-On solutions are poised to become accepted across various industries in the years to come –
Biometrics SSO offers an unparalleled level of security as compared to traditional passwords
For a long time, access control has relied on passwords. Passwords are inherently insecure for the simple reason that they can be shared between people. This sharing can be intentional when a person tells his password to someone. Or, it may be unintentional as often written passwords are stolen or copied. In addition, password recovery options provide another way to gain access to them. Simply by gaining access to a few personal details of another person or by hacking into his email, the forgot password or reset password workflows can be broken into. The password for the person is then easily retrieved.
Use of biometrics such as fingerprints or iris scans for authentication provides a fool-proof way of authentication. Biometrics, such as fingerprints, are prone to none of the inherent risks which a traditional password possesses. Fingerprints are unique and cannot be stolen. Also, fingerprints need not be remembered to be carried like smart cards.
Biometrics SSO is high in accuracy
With the advancements in biometric technologies such as fingerprint and iris scanning, the false acceptance rates and the false rejection rates have reduced to insignificant levels. The convenience and security of using biometric traits for authentication coupled with accuracy makes its a worthwhile investment.
Biometric SSO is cost effective
World over organizations have suffered huge losses due to stolen or hacked passwords. Although the cost of setting up a biometric SSO system is high, but this is easily offset by the money saved due to password-based security breaches completely coming to a halt.
In addition, the cost of setting-up a biometric SSO system can also be spread across different security and authentication areas within the organization. Areas such as physical access control, timekeeping and attendance, and even employee movement monitoring can use the central biometric authentication system’s assets.
For example, the same central server can be used for storing the enrolled biometric data. The same database can then be used for all security applications across the organizations. This way the cost of initial setup of a biometric access control system can be spread across SSO as well as other areas. This piggybacking on the central database by all departments would definitely result in huge cost savings in the long term.
Ease of operation is high with Biometric SSO
Passwords are tough to remember. People usually end up creating password encrypted spread sheets to store all their passwords. Not only is it risky, it is frustrating and time consuming for the end users.
If the password is lost, one needs to go through forgot password workflows. Such workflows sometimes are not able to send the reset password links or a new temporary password instantaneously. Such inordinate delays in accessing their applications, or even their workstations, affect the productivity of the employees.
Biometrics, on the other hand, gives complete peace of mind as one cannot forget a finger at home or find himself robbed of it. The ease with which a fingerprint scanner works effectively every time, makes negotiating even multiple levels of security a breeze.
Biometric SSO requires lower system maintenance than passwords or smart card based systems
With traditional security mechanisms such as smart cards or passwords there is a need to provide maintenance and support workflows. Such support processes resolve incidents such as system lockouts or urgent password resets over calls. To have such processes in place it necessitates the need to set up support teams which end up being large in size for big organizations.
With biometrics, such support and maintenance requirements are not there. The only areas where maintenance will be required is if a fingerprint scanner starts malfunctioning. The support team for such occurrences would be significantly low in size as compared to the large team sizes for password or smart card based authentication systems support.
Biometric SSO systems are high in user convenience with one login for all applications
The convenience of using biometric authentication mechanisms is further improved via ‘one login for all applications’ feature of a Single Sign-On solutions. A single scan of the biometric feature such as a fingerprint will enable the user to access all the systems he needs to work on. In case of session timeouts, he just needs to swipe his finger again. A biometric SSO system is thus very high on user convenience.
Biometric Single Sign-On systems are thus an efficient combination of the accuracy and security of biometrics with the convenience of single sign-on. Biometrics as a field is maturing now and is bound to grow exponentially in the coming years. A system built on biometrics will have a long serving period and the cost of installation and maintenance will turn out to be much less over the life of its usage.
Given the amount of losses organizations are suffering due to hackings and breaches in their internal security systems, an investment in an enterprise-wide Biometric Single Sign-On solution is sure to deliver rich dividends in the years to come.