Proxy Services Inc. - BIOMETRIC's
In
keeping with Proxy Services, Inc.'s mission of providing the
most secure Proxy Service found anywhere, Proxy Services has
invested substantially in Biometrics and Behaviometrics.
Biometrics (ancient Greek: bios ="life", metron ="measure") refers to two very different fields of study and application. The first, which is the older and is used in biological studies, including forestry, is the collection, synthesis, analysis and management of quantitative data on biological communities such as forests. Biometrics in reference to biological sciences has been studied and applied for several generations and is somewhat simply viewed as "biological statistics."
More recently and incongruently, the term's meaning has been broadened to include the study of methods for uniquely recognizing humans based upon one or more intrinsic physical or behavioral traits.
Biometrics are used to identify the identity of an input sample when compared to a template, used in cases to identify specific people by certain characteristics.
possession-based: using one specific "token" such as a security tag or a card
knowledge-based: the use of a code or password.
Standard validation systems often use multiple inputs of samples for sufficient validation, such as particular characteristics of the sample. This intends to enhance security as multiple different samples are required such as security tags and codes and sample dimensions.
Biometric characteristics can be divided in two main classes, as represented in figure on the right:
physiological are related to the shape of the body. The oldest traits, that have been used for more than 100 years, are fingerprints. Other examples are face recognition, hand geometry and iris recognition.
behavioral are related to the behavior of a person. The first characteristic to be used, still widely used today, is the signature. More modern approaches are the study of keystroke dynamics and of voice.[citation needed]
Strictly speaking, voice is also a physiological trait because every person has a different pitch, but voice recognition is mainly based on the study of the way a person speaks, commonly classified as behavioral.
Other biometric strategies are being developed such as those based on gait (way of walking), retina, hand veins, ear canal, facial thermogram, DNA, odor and scent and palm prints.
Issues and concerns
As with many interesting and powerful developments of technology, there are concerns about biometrics. The biggest concern is the fact that once a fingerprint or other biometric source has been compromised it is compromised for life, because users can never change their fingerprints. A theoretical example is a debit card with a personal Identification Number (PIN) or a biometric. Some argue that if a person's biometric data is stolen it might allow someone else to access personal information or financial accounts, in which case the damage could be irreversible. However, this argument ignores a key operational factor intrinsic to all biometrics-based security solutions: biometric solutions are based on matching, at the point of transaction, the information obtained by the scan of a "live" biometric sample to a pre-stored, static "match template" created when the user originally enrolled in the security system. Most of the commercially available biometric systems address the issues of ensuring that the static enrollment sample has not been tampered with (for example, by using hash codes and encryption), so the problem is effectively limited to cases where the scanned "live" biometric data is hacked. Even then, most competently designed solutions contain anti-hacking routines. For example, the scanned "live" image is virtually never the same from scan to scan owing to the inherent plasticity of biometrics; so, ironically, a "replay" attack using the stored biometric is easily detected because it is too perfect a match.
The television program MythBusters attempted to break into a commercial security door equipped with biometric authentication as well as a personal laptop so
equipped. While the laptop's system proved more difficult to bypass, the advanced commercial security door with "live" sensing was fooled with a printed scan of a fingerprint after it had been licked. There is no basis to assume that the tested security door is representative of the current typical state of biometric authentication, however. With careful matching of tested biometric technologies to the particular use that is intended, biometrics provide a strong form of authentication that effectively serves a wide range of commercial and government applications.
However, the clear concern is that the number of biometric samples of an individual are limited. If all samples are lost via compromise the legitimate owner will be unable to replace the old ones. Additionally, the limited number of samples means that there is a concern with secondary use of biometric data: a user who accesses two systems with the same fingerprint may allow one to masquerade is her to the other. Several solutions to this problem are actively being researched, such as Biometric Encryption and Cancelable Biometrics.
Biometrics and Privacy
A concern is how a person's biometric, once collected, can be protected. Australia has therefore introduced a Biometrics Institute Privacy Code Biometrics Institute in order
Marketing of biometric products
Despite confirmed cases of defeating commercially available biometric scanners, many companies marketing biometric products (especially consumer-level products such as readers built into keyboards) claim the products as replacements, rather than supplements, for passwords. Furthermore, regulations regarding advertising and manufacturing of biometric products are (as of 2006) largely non-existent. Consumers and other end users must rely on published test data and other research that demonstrate which products meet certain performance standards and which are likely to work best under operational conditions. Given the ease with which other security measures such passwords and access tokens may be compromised, and the relative resistance of biometrics to being defeated through alteration and reverse engineering, large scale adoption of biometrics may offer significant protection against the economic and social problems associated with identity theft.[citation needed]
Sociological concerns
As technology advances, and time goes on, more private companies and public utilities may use biometrics for safe, accurate identification. These advances are likely to raise concerns such as:
Physical - Some believe this technology can cause physical harm to an individual using the methods, or that instruments used are unsanitary. For example, there are concerns that retina scanners might not always be clean.
Personal Information - There are concerns whether our personal information taken through biometric methods can be misused, tampered with, or sold, e.g. by criminals stealing, rearranging or copying the biometric data. Also, the data obtained using biometrics can be used in unauthorized ways without the individual's consent.
Danger to owners of secured items
When thieves cannot get access to secure properties, there is a chance that the thieves will stalk and assault the property owner to gain access. If the item is secured with a biometric device, the damage to the owner could be irreversible, and potentially cost more than the secured property. In 2005, Malaysian car thieves cut off the finger of a Mercedes-Benz S-Class owner when attempting to steal the
car. PROXY SERVICES, Inc. feels the utilization of BehavioMetrics will
thwart attempts like this as client's must personally access the systems
themselves.
Cancelable Biometrics
Physical features, such as face, fingerprint, iris, retina, hand, or behavioral features, such as signature, voice, gait, must fulfill a certain criteria to qualify for use in recognition. They must be unique, universal, acceptable, collectable and convenient to the person, in addition, to reliability at recognition, performance and circumvention. Most importantly, however, permanence is a key feature for biometrics. They must retain all the above features in particular the uniqueness unchanged, or acceptably changed, over the lifetime of the individual. On the other hand, this fundamental feature has brought biometrics to challenge a new risk. If biometric data is obtained, for example compromised from a database, by unauthorized users, the genuine owner will lose control over them forever and lose his/her identity.
Previously, research was focusing on using biometrics to overcome the weakness in traditional authentication systems that use tokens, passwords or both. Weakness, such as sharing passwords, losing tokens, guessable passwords, forgetting passwords and a lot more, were successfully targeted by biometric systems, although accuracy still remains a great challenge for many different biometric data. But one ordinary advantage of password does not exist in biometrics. That is re-issue. If a token or a password is lost or stolen, they can be cancelled and replaced by a newer version i.e. reissued. On the other hand, this is not naturally available in biometrics. If someone’s face is compromised from a database, they cannot cancel it neither reissue it. All data, including biometrics is vulnerable whether in storage or in processing state. It is relatively recently research has been undertaken to consider protection of biometric data more seriously. Cancelable biometrics is a way in which to inherit the protection and the replacement features into biometrics. It was first proposed by Ratha et al[14]. Besides reliable accuracy performance and the replacement policy cancellable biometric has to be non-revisable in order to fulfill the aim.
Several methods for generating cancellable biometrics have been proposed. Essentially, cancelable biometrics perform a distortion of the biometric image or features before matching. The variability in the distortion parameters provides the cancelable nature of the scheme.
External links
Parts
of the above reference information are provided from: http://wikipedia.org
How Secure is Proxy Services, Inc.?
Proxy Services, Inc. has adopted the most secure management system
available, Proxy Services, Inc. performs all services, tasks and duties on
behalf of Proxy Services, Inc. clients, thus acting as a true
"Proxy". In order for a client to initiate changes to a domain
name, changes to mail forwarding or other tasks, assignments, services or
duties, the Proxy Services, Inc. client MUST FULLY identify themselves, this
process can be time consuming, however is done to provide the ultimate in
privacy and protection. Proxy Services, Inc. is committed to continual
re-investment in the latest technologies and methods to achieve it's three
part security initiative in confirming the identity of a Proxy Services, Inc.
client. Using the most advanced protocol regarding confirmation of the
identity annonymously of a Proxy Services, Inc. client, Proxy Services, Inc.
requires the following security procedures be followed:
1.
Something YOU KNOW: This security protocol step is two
part: (1) A pass-phrase [chosen by our client to identify
themselves] (2) Typically a secure "password",
containing: Alpha Characters, Numeric and "other characters",
these passwords are typically 13 to 24 characters in length.
2.
Something YOU ARE: Using the latest in Bio-Metric
identification, Proxy Services, Inc. clients are required to submit a
Bio-Metric secured authentication, currently Proxy Services, Inc. uses a
Bio-Metric finger-print.
3.
Something YOU HAVE: Proxy Services, Inc. uses two
differing methods: (1) requiring a written request sent to a secure mail
drop with a "token" included (2) the most often chosen method
of a digital swipe card or RFID card used at the Proxy Services, Inc.'s
clients computer terminal.
Additional
Security Protocols:
Proxy Services, Inc. uses
additional security protocols and measures to insure the security
of it's systems these include without limitation:
SSL
technology (Secured Socket Layers), in multiple layers,
using "onion technology" as originally developed by the
United States Navy, through SSL encrypting information at 256bit
encryption level.
BEHAVIOMETRICS:
Proxy
Services, Inc. in it's continual investment into the latest in
security advancements has and continues to experiment with security
algorithms including BEHAVIOMETRICS,
specifically: behavioral metrics such as typing rhythm,
computer mouse or touch pad gestures etc. where analysis can be
done continuously without interrupting or interfering with
computer user activities. Behaviometrics shows promise
to add to the security suite employed by Proxy Services, Inc.
protecting individuals from being forced to access Proxy Services,
Inc. servers while under duress, and/or the unlikely event where a
person gains a Proxy Services, Inc.'s clients': Pass-Phrase and
Password; BioMetric Finger Print code; and Swipe Card. Using
Behaviometrics ONLY a Proxy Services, Inc. client will be able to
use the above three security protocols under normal
circumstances. Proxy Services, Inc. may freeze an account
and proceed with Telephone verification, which will require a Four
Digit Secured PIN (Personal Identification Number) and a verbal
password. The Behaviometric algorithms used by Proxy
Services, Inc. analyze how the client uses and works with their
computer, including without limitation: the keyboard in
(typing rythm), mouse or touchpad or touch stick interaction
including acceleration time, click frequencies etc.) and graphical
interface utilization and interaction (using of computer programs,
how a client is working with programs and opening and closing
them, including the frequency of saving information), Proxy
Services, Inc. believes the aforementioned behavioral uses of the
computer system by the Proxy Services, Inc. client will enable
Proxy Services, Inc. through it's systems and third party
authenticators to confirm the identity of the person using the
computer at the moment they are attempting to access the Proxy
Services, Inc. systems; due to this added level of security it is
necessary for the user to have a micro-application installed on
their computer system for at least four hours prior to access
attempts. It is difficult if not impossible to exactly mimic
another human beings behavior, therefore Behaviometrics enables
Proxy Services, Inc. to detect unfamiliar behavior within milli-seconds,
providing first a warning and then totally disabling the account
access for a period of time. Three attempts will prompt a
security officers intervention in the system accessing, and may as
mentioned herein above require telephone authentication to
re-activate the system for additional attempts. Proxy
Services, Inc. is talking with http://www.behaviosec.se/
regarding using their systems as additional third party
verification.
Mirrored
Servers and Multi-Jurisdictional Servers: In
continuing Proxy Services, Inc.'s committment to security and
privacy, mirrored servers have been deployed throughout the globe,
in multiple national and independent jurisdictions.
Payment
for services, including on a per task/assignment access,
providing additional levels of security some Proxy Services, Inc.
clients may elect an on-going services via pay per service
interaction. This adds additional level of verification and
security by requiring a payment to be made every-time a Proxy
Request is made. Using two third parties Proxy Services,
Inc. shall require payment to the Proxy Services, Inc.
"clearing corporation", through a third party gold and
silver secured and insured payment facility in Switzerland.
As with all Proxy Services, Inc. services payment may only be made
through metals, using a secured system covered by more than four
(4) Internationally protected patents. The third party
payment system employed is GOLDMONEY, more information on Gold
Money can be found at: Insured
Gold Storage .com, the GOLDMONEY system requires users and
entities to be fully vetted to the standards of the IMF
(International Monetary Fund), thus providing an even greater
layer of security and protection. To learn more about
our payment processing please visit our Payment
Section.
Proxy Services, Inc. reserves the right to review
"questionable" material & uses of services on a case by case
basis.
|
