Chapter 15. Biometrics

And the Gileadites took the passages of Jordan before the Ephraimites: and it was so, that when those Ephraimites which were escaped said, Let me go over; that the men of Gilead said unto him, Art thou an Ephraimite? If he said, Nay; Then said they unto him, Say now Shibboleth: and he said Sibboleth: for he could not frame to pronounce it right. Then they took him, and slew him at the passages of the Jordan: and there fell at that time of the Ephraimites forty and two thousand.

— Judges 12:5–6


The above quotation may be the first recorded military use of a security protocol in which the authentication relies on a property of the human being — in this case his accent. (There had been less formal uses before this, as when Isaac tried to identify Esau by his bodily hair but got deceived by Jacob, or indeed when people recognized each other by their faces — which I'll discuss later.)

Biometrics identify people by measuring some aspect of individual anatomy or physiology (such as your hand geometry or fingerprint), some deeply ingrained skill or behavior (such as your handwritten signature), or some combination of the two (such as your voice).

Over the last quarter century or so, people have developed a large number of biometric devices. Since 9/11 the market has really taken off, with a number of large-scale programs including the international standards for biometric travel documents, the US-VISIT program which fingerprints visitors to the USA, Europe's ...

Get Security Engineering: A Guide to Building Dependable Distributed Systems, Second Edition now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.