CONTENTS:

1. Abstract

2. Introduction

3. Security and authentication

4. Methods of verification

a. Psychological verification

i. Finger Print.

ii. Hand Print.

iii. Face Measurement.

iv. Retinal Scanning.

v. DNA Analysis.

b. Behavioral verification

i. Typing.

ii. Signature.

iii. Voice.

5. Identification.

6. Verification.

7. Advantages

8. Limitations

9. Conclusion.

10. References
Abstract: something, which is related to
The present century has been one of many measurement. In network environment
scientific discoveries and technological security is a crucial factor. Provide
advancements. With the advent of security to pages in the network is to
technology came the issue of security. As difficulty. Password is not a good
computing systems became more measurement for security. Good security
complicated, there was an increasing need mechanism is necessary on the Internet.
for security. Security in different levels applies to
This paper deals with the concept of various documents. Security is depends
Biometrics which gives security to the how security assign to documents.
pages in the internet. There are two Security depends on following categories.
security methodologies which are 1. Confidential
discussed in the paper viz., Token-based 2. Secret
security and Secret based security. This 3. Non-secret
identifies the psychological and behavioral 4. Public
characteristics of the user. Web-Based Confidential pages over the
Enterprise Management (WBEM) supports network provide full security. No way to
a limited form of security for the tamper data in the page by third party. In
Microsoft® Windows® 98. There are this case biometrics are more useful and
many security mechanisms which are no way to disturb the page contents. First
followed in protecting the password our of all store all data about biometrics in
paper discuss some of those techniques. database after that tally with this data. If
There are several types of verification tally satisfies with backend then provide
methods. They are psychological access to the user. Collecting information
verification, behavioral verification etc. in is too difficult and store in database also
turn the above methods have sub methods need more space.
which are discussed along with their There are two security methodologies in
advantages and disadvantages. Biometrics, they are
1. Token-based security:
It relies on the users special item
Introduction:
-token like card-id.
Biometrics is an advanced
2. Secret based security:
technology for superb security and
It relies on an individual secret id
authentication .The very term "biometric”
number like password.
it represent that "bio" means related to the
Neither of the two can accurately
biological study and "metric " means
determine whether the password that
posses a token nor knows some secret
information of the individual it represents.
Tokens can be stolen and information can
be guessed or fraudulently obtained.
Biometric is a technology where
the password for entry is you, which
identifies your psychological
behavioral characteristics.
Security and Authentication:
Web-Based Enterprise
Management (WBEM) supports a limited
form of security for the Microsoft®
Windows® 98 platform that involves
validating a user's logon for the local
machine and for remote access.
validated user is granted access to the
entire Common Information Model (CIM)
schema. WBEM does not secure system
resources, such as individual classes,
instances, and namespaces. Security is
limited because Windows 98 is not a
secure operating system and does not
support file system or registry security.
All security-related information is
represented by instances of WBEM system
classes located in the Root\Security
namespace. These classes and instances
can only appear in the Root\Security
namespace and must remain
permanently.
The WBEM Administrator
application can be used to set permissions
for WBEM users. It is similar to the User
Manager application supplied
Microsoft® Windows NT®.
In WBEM, all security accounts
are referred to as subjects. There are two
types of subjects: user and group. Users
are represented by instances of the
NTLMUser system class, which describes
and
individual users. Groups are represented
by instances of the NTLMGroup system
class, which describes multiple users. Both
the NTLMUser and NTLMGroup classes
derive indirectly from the subject system
class, an abstract class that is not intended
to be used for instantiation. More directly,
NTLMUser derives from the generic User
A class and NTLMGroup derives from the
generic Group class.
Permissions:
Microsoft SQL Server uses
permissions to enforce database security.
The SQL Server permissions system
specifies which users are authorized to use
which Transact-SQL statements, views,
and stored procedures. The ability to
assign permissions is determined by each
user's status (as SA, database owner, or
database object owner). Permissions are
set on database users or groups, not on
login IDs.
there
Permission Hierarchy:
SQL Server's permissions system
recognizes four types of users: the SA,
database owners, database object owners,
and other users of the database.
with
The different types of users exist in
a hierarchy (explained in the following
sections and illustrated below).
System Administrator
Database owners
Database object owners
Database users
Only the SA and database owners
can grant statement permissions to other
users.
Different Security Mechanisms:
To help you understand the
information presented in this chapter, we
begin by defining some security-related
terms. This brief list of definitions is not
intended to serve as a comprehensive SQL
Server glossary. It is provided as a quick
reference to help you understand some of
the security elements discussed throughout
this chapter. You may find it useful to
refer back to this list of security
definitions as you read through this
chapter and through Chapter 9, "Managing
Security."
Alias:
An alias is a database username
that is shared by several login IDs. A
database alias allows you to treat more
than one person as the same user inside a
database, giving all of them the same
permissions. Any username in a database
can also serve as an alias.
Aliases are often used so that
several users can assume the role of
database owner.
Database object owner:
Database objects are tables,
indexes, views, defaults, triggers, rules,
and procedures. The user who creates a
database object is the database object
owner and is automatically granted all
permissions on it. The database object
owner can grant permission to other users
to use that object. Database object
ownership cannot be transferred.
Database owner:
The database owner (DBO) is the
creator of a database. There is only one
DBO. The DBO has full privileges inside
the database that he or she owns, and
determines the access and capabilities
provided to other users.
In his or her own database, the user
is recognized as DBO; in other databases,
the database owner is known by his or her
database username.
DBO status can be reassigned to a
different user. Only one login ID can be
DBO, although other login IDs can be
aliased to DBO.
Domain:
In Windows NT security, a domain
is a collection of computers that are
grouped for viewing and administrative
purposes, and that share a common
security database. The login security mode
determines the manner in which a SQL

Group: Server validates a login request. There are

three types of login security: integrated,
In SQL Server, a database group is
standard, and mixed.
a collection of database users. The users
receive the database permissions granted Mixed security:
to the group. Using groups simplifies Mixed security allows login
management of a large number of database requests to be validated using either
users, because groups provide a integrated or standard security. Trusted
convenient way to grant and revoke connections (as used by integrated
permissions to more than one user at the security) and nontrusted connections (as
same time. used by standard security) can be
established.
In Windows NT, a group is a
collection of Windows NT users. The
Object permissions:
users received the Windows NT rights and Object permissions regulate the use

permissions granted to the group. Groups of certain statements on certain database

provide a convenient way to manage the objects. They are granted and revoked by

capabilities of a large number of users the owner of the object.

with similar needs, within the security

scope of a domain or a computer.
Permissions:
Integrated security:
Microsoft SQL Server uses
Integrated security allows a SQL
permissions to enforce database security.
Server to use Windows NT authentication
The SQL Server permissions system
mechanisms to validate logins for all
specifies which users are authorized to use
connections. Only trusted (multi-protocol
which Transact-SQL statements, views,
or named pipes) connections are allowed.
and stored procedures. The ability to
Login ID:
assign permissions is determined by each
A login ID is a name by which a
user's status (as SA, database owner, or
user is known to SQL Server. Login IDs
database object owner).
are also referred to as logins.
There are two types: object permissions
To log in to a SQL Server that is
and statement permissions.
running standard security, a user must
provide a valid login ID and password.
Standard security:
Standard security uses SQL
Login security mode:
Server's own login validation process for
all connections. To log in to a SQL Server, out of SQL Server databases; backing up
each user must provide a valid login ID and restoring databases; implementing and
and password. maintaining replication; scheduling
Statement permissions: unattended operations; monitoring and
Statement permissions provide the tuning SQL Server performance; and
privilege to issue certain Transact-SQL diagnosing system problems. The system
statements. Statement permissions are not administrator may also advise application
object-specific. They can be granted only designers about the data that already exists
by the SA or the database owner. on SQL Server, make recommendations
about standardizing data definitions across
Statement permissions apply to
applications, and so on.
these statements: CREATE DATABASE,
CREATE DEFAULT, CREATE The system administrator operates
PROCEDURE, CREATE RULE, outside the protection system, which
CREATE TABLE, CREATE VIEW, means that SQL Server does no
DUMP DATABASE, and DUMP permission checking for the system
TRANSACTION. administrator. The system administrator is
also treated as the owner of whatever
Statement permissions are also
database he or she is using. Anyone who
called command permissions.
knows the SA password can log in and act
System administrator: as system administrator (unless the server
The system administrator (SA) is is running in integrated login security
the person responsible for the mode).
administrative and operational functions
Trusted connections:
that are independent of any particular
Integrated security requires
application, and is likely to be a person
network protocols that support
with a comprehensive overview of SQL
authenticated connections between clients
Server and all its applications.
and servers. These are referred to as
Administering SQL Server
trusted connections. The multi-protocol
typically includes such tasks as installing
and named pipe protocols provide trusted
SQL Server; configuring servers and
connections.
clients; managing and monitoring the use
Note that non trusted connections
of disk space, memory, and connections;
(connections over other network protocols
creating devices and databases;
that do not support authenticated
authorizing SQL Server users and granting
connections) must be handled by using
them permissions; transferring data in and
SQL Server standard security.
Username: It involves the user placing his
In SQL Server, a database finger over a glass-plate, which resides
username is a name assigned to a login ID over a high-resolution camera, which uses
for the purpose of allowing a user to have optical or electromagnetic means to take
access to a database. The abilities a user its snapshot. The software analysis your
has within a database depend on the finger for pattern such as loops, worls and
permissions granted to the username (and arches.
to any groups the username is a member Advantages:
of).  This technology is neither
too expensive nor does it
In Windows NT, a username is the
require extensive user training.
name by which the user is known to the
 It also simple to implement.
domain, or to an individual Windows NT
 Finger print system has
computer. A user logs on to a domain or
FAR<0.5%
computer by providing a valid username
 It is oldest known
and password. The abilities of the user
technique that is still used in
depend on the Windows NT rights and
criminal records and forensic.
permissions granted to that username and
Imagine the number if unique
to any Windows NT groups the username
finger prints that might need to be stored
is a member of.
and then accessed in a database. This
Method of Verification: necessities the use of easier indexing and
matching.
1. PSYCHOLOGICAL VERIFICATION
Psychological Verification
involves in the verification of the organs
of the human being, which will have
unique identification and does not match
with others.
There are five types of verifications. These
In US super market, customers
are:
give their credit card information and
1. Fingerprint.
other personal details to store and tie it
2. Handprint.
with their fingerprint data. The next time,
3. Face measurement.
he can pay for purchases without a
4. Retinal scans.
fingerprint.
5. DNA analysis.
Disadvantages:
1. Finger print:
 Any injures of fingers
 effect more.
2. Hand print:
It compares a 3D image of the
users hand to that present in the system
database. It is somewhat similar to finger
print verification.

Advantage:
4. Retinal scans:
 Accuracy is better than
It involves imaging of the blood
fingerprint.
vessels in the retina of the eye when
 Cheap and easy to deploy.
infrared light of a certain frequency and
Disadvantage:
wavelength is incident upon it.this energy
 Complex in usage.
is absorbed by the blood vessels is
 Implementation is
different in different individuals.
expensive.
The retinal iris patterns are unique
 Any damages to hand effect
to individuals than any biometric yet
more.
devised.
3. Face measurement:
The retina is an internal part of the
Measuring this is as simple as
eye located at the back of the eye and is
taking a picture and analyzing the image
get of thin nerve which senses the light
from a security video capture. This
coming through a camera, pupil, and eye
technique enables the computer to use
lenses.
your face as your password and matching
The pattern of blood vessels which
these to an existing database.
makeup retina are unique to each
Advantage:
individual i.e., <1.2 inch.
 Most continents at public
Advantage:
places.
 Accurate with no false
 Less expensive.
match in 2 million people.
Disadvantage:
 It s sophisticated process.
 Inaccurate is affected by
Disadvantages:
changes in lighting, age, and
 Expensive, difficult to
movement, glass.
deploy and use.
 Face creams also effect the
 Focus of light effect
measurements.
measurements.
 will notice that your typing has a certain
pattern. Some letters follow others in
quick succession, while others take longer.
Software called Bio password is
available for less than $100.It integrates
with Windows 2000.Windows NT.Login
to provide this authentication without the
5. DNA Analysis: need for any additional software. This

It involves in checking the DNA measure is a behavioral characteristic of a

pattern of a human used when physical person.

characteristics are unrecognizable. It is 2. Signature:

used to identify people, who are died, to Some qualities looked into include
find out the relationship like identifying acceleration rates, direction, and pressure
Childs natural parents. and stroke length. Here mainly concentrate
This is one Biometric that is on pressures. These pressures stored in
judicially accepted. No human have back end for future significations.
identified DNA patterns except in twins. Disadvantages:
Advantages:  The disadvantage with the
 DNA samples can be technology lies in the
collected from toothbrush, randomness or the consistency
clothes. with which a user makes his
Disadvantages: signature. If pressures are not
 DNA testing takes longer time than other tally with stored pressure in the
methods. database.
 Twins have same DNA. 3. Voice:
 Researchers produce same DNA. It involves in the recognition of the
2. BEHAVOURAL VERIFICATION voice of the individual.
This involves in oral thing done by Advantages:
the individual. There are 3 types of  It is inexpensive.
behavioral verifications,  It also works through
1. Typing telephone.
2. Signature  Some person mimicry with
3. Voice other person voices.
1. Typing: Disadvantages:
Some systems measure things you  One can mimic the voice of
do in addition to the things you are, you the individual.
 Biometric does not guarantee system is measured in terms of FAR and
security. It simply offers ore convenient FRR.
and reliable means of identification and FAR (False Acceptance Rates):
authentication. Where an imposer is accepted as a
Mixed form Biometrics match. It is a probability of falsely
Some times use more than one accepting a metric as a match.
form biometrics. This mixed form FRR (False Rejection Rates):
provides more security. Here combine
Where a legal match is denied.
more than one type. Even 80% equals with
Where the system sails to recognize an
database then access provide to user.
authentic Bio-signature.
As FRR increases, the FAR goes
down and vice versa.
Almost all biometric systems can be
adjusted to varying levels of strictness to
create a variation in FAR and FRR. For a
system to be successful, both have to be
with in acceptable low limits.
Advantages

Identification:  It provide good security

It is a process of recognition and mechanism than all other security

involves taking the biometric data and methods

searching for the match in the database  It never fails in security

asking it a slow process that it is more constraints.

prone to errors.  In public locations such as banks

and airports a large number of
Authentication:
people transit every day including
It involves confirming your
known criminals. Face recognition
identity and the biometric systems have to
systems attached to video
match your data with only one, single
surveillance systems are supposed
record.
to help catch them.
Depending on the technique used,
 A professor recently published his
Biometric have varying levels of
techniques for fooling finger print
accuracy .The system might let you pass in
scanners. He found that Optical
one attempt on Monday and require five
finger print scanners can be fooled
on Tuesday.
by silicon rubber. However electro
The accuracy of any biometric
magnetic scanners would reject
 those, because electrical
characteristics are different from
that of a live finger.
Limitations
It needs high memory space in the back
end.
 Collect data for security is difficult
 Some times fails the security with
right users
 Any time data loose in database
high effect for security mechanism.
 So many equipments are needed
for provide this technology.
 It highly expensive
Conclusion:
Security is not just about
putting big locks on the front door; it also
involves making sure all the windows are
shut. Each one can be individually fooled,
but the comparison makes the system more
secure as a whole. Biometrics are have its
own advantages and disadvantages. It high
expensive but it provides good security.
Money is not important than security. It is
more useful for confidential maters.

References:
http://Biometrics.com
http://whitepapers.com
http://www.milesresearch.com
http://microsoft/biometrics.com
IT Magazines