Security in Electronic Prescription

Nikoo MalekCalifornia State University of Fullerton

nikoo@csu.fullerton.edu

ABSTRACTEstablishing identity is becoming critical in our vastly inter-connected society. Questions such as ”Is she really who sheclaims to be?” or is this person authorized to use this facil-ity? Because of increasing the need for reliable user, authen-tication techniques have increases in the wake of heightenedconcerns about security. The purpose of this paper is todescribe different ways of identification and authenticationprocess. We use the theory to explain many existing mech-anism for security and solves issues concerning the securityin electronic prescription system.

KeywordsAuthenticator: evidence useful for authenticationCredential: a physical or digital AuthenticatorBiometric authentication: authenticate user based on one oftheir physical characteristicsDictionary attack: try every work in dictionary to find thepasswordPassphrases: longer type of passwords

1. INTRODUCTIONE-prescription or electronic prescribing is an electronic wayfor doctors to create prescriptions. When doctors e-prescribe,they do not have to write prescriptions on paper. Instead,they send electronic prescriptions directly to your pharmacy.Usually, all you need to do is go to your pharmacy and pickup the prescription. High number of prescribers, large prac-tices and enterprise systems require software that is adapt-able to the practice workflow and that facilitates and securesthe process of traditional prescribing more. E-prescribing isintended to bring safety and efficiency benefits to the pre-scribing management system for patients and prescribers.For this reason, one of the most important issues in e-prescriptionis security. The experience of providing or receiving medi-cal care is a personal and private. Health care informationis perhaps the most intimate, personal and sensitive of anyinformation collected and maintained about an individual.

Health information is classified by law as sensitive informa-tion. This is so because disclosing information to outsiderscan cause indirect or direct damage to an individual. Firstwe need to find the Threats to the system. Threat ana-lyze begin with gathering information about all the compo-nents that are part of the system, for example, equipmentswhich are in use in pharmacy or network. In the other hand,we need to secure the information too. There are differentmethods for security:

• Identification , Authentication, and Authorization

• Encryption

• Data integrity

• Secure routing

In this paper I will focus on the first part, Identification,Authentication, and Authorization. I will discuss theory ofauthentication in distributed systems and a practical systembased on the theory. Authentication is the process of deter-mining who you are. Authentication binds an identity to asubject and consists of:

• Something the entity knows (e.g. password, PIN)

• Something the entity has (e.g. smartcard, SIM card)

• Something inherent to the entity (e.g. fingerprint, reti-nal characteristics)

Strong authentication contains two out of three methods;something that a person knows, has, or is.

There are other matters that will discuss. What is the theorygood for? Any security system has assumptions about whoshould trust and also who has an authority to do the specialtasks.

2. IDENTIFICATION, AUTHENTICATION,AND AUTHORIZATION

Identification describes the method of ensuring that a sub-ject (user, program, or process) is the entity it claims to be.Identification can be providing with the use of usernameor account number[4]. Authentication is usually requiredto provide a second piece to the credential set. This Piece

could be a password, passphrase, cryptographic key, Per-sonal identification number (PIN).

These two credential items are compared to what informa-tion has been previously stored for this subject. If thesecredentials match the stored information, the subject is au-thenticated. Authorization is the process of determiningwhat you are allowed to do. Authentication and Autho-rization pattern need to be work in parallel to ensure accessservice to the authorize person only. By using login-and -authenticate protocol we can grant or deny access to individ-ual requestor. This is particularly important in distributedsystems with a variety of accesses, both internal (Intranet)and external (Internet). Remote objects may also need tobe configured account for changeable capabilities betweenthe client and server systems. The Authenticator pattern isuseful: [6]

1. When identification and authentication is required foraccess to remote objects;

2. When a variety of authentication methods may be used;

3. When additional protocol negotiations (encryption se-lection, software version supported, etc.) is requiredprior to obtaining a remote object; and the underly-ing distributed system does not support these require-ments

Although identification, authentication, and authorizationhave close definitions, each of them has distinct functionto accomplish the task. A user may be properly identifiedand authenticate, but he may not have the authorizationto access the files on the file server. Figure 1 illustratesthe three steps that must happen for a subject to access anobject.

Figure 1: There are three steps that must happenfor a subject to access an object: identification, Au-thentication, and Authorization

2.1 Distributed system AuthenticationThe authentication is not always between user and com-puter. Sometimes two machines need to authenticate eachother or even two part of program like two modules needto authenticate each other. Consider a distributed system

that is a collection of hosts interconnected by a network. Inthis system a fundamental concern is authentication of localand remote entities in the system. In a distributed system,the hosts communicate by sending and receiving messagesover the network. Various resources (like files and printers)distributed among the hosts are shared across the networkin the form of network services provided by servers. Individ-ual processes (clients) that desire access to resources directservice requests to the appropriate servers. In this situationwe are faced with two kind of security issue:

The first type, host compromise, refers to the subversion ofindividual hosts in a system. Host compromise threats canbe countered by a combination of hardware techniques (likeprocessor protection modes) and software techniques (likesecurity kernel/reference monitor). The second type, com-munication compromise, includes threats associated withmessage communications. We subdivide these into:

1. eavesdropping of messages transmitted over networklinks to extract information on private conversations;

2. arbitrary modification, insertion, and deletion of mes-sages transmitted over network links to confound a re-ceiver into accepting fabricated messages; and

3. replay of old messages; this can be considered a com-bination of 1 and 2.

1 is a passive threat, while 2 and 3 are active threats. Apassive threat does not affect the system being threatened,whereas an active threat does. Therefore, passive threats areinherently undetectable by the system, and can only be dealtwith by using preventive measures. Active threats, on theother hand, are combated by a combination of prevention,detection, and recovery techniques.

2.2 StructureThe Authentication pattern1 uses a distributed object acces-sible remotely that will identify and authenticate requestorand possibly perform some protocol negotiation. If and onlyif the authentication and negotiation is successful will theauthenticating object will give permission to the requestor.The Authenticator pattern consists of the following compo-nents.

1. Authenticator: This abstract class defines the inter-face used to authenticate. It represents an object thatknows how to obtain authentication for a network con-nection. Usually, it will do this by prompting the userfor information. The resulting class should registerwith the applicable naming service as a distributed ob-ject accessible throughout the network. The authenti-cate method is used by the requestor after obtaining areference to the Authenticator object. When authenti-cation is successful, the Authenticator class creates aninstance of a distributed object that can now be ac-cessed by the remote requestor using the get method.The proposed implementation of the pattern uses an

1Authentication pattern is the design that we use in authen-tication implementation.

Object Factory class passed to the Authenticator con-structor to create the protected object.

2. Object Factory: This abstract class contains only onemethod, create. The implementation of this methodcreates the protected object. It may also perform otheractions specified by the Authenticator as a result of thenegotiations.

3. Requestor: Although not strictly a part of the pat-tern, the remote requestor object is assumed to be im-plemented in a manner matching the implementationof the concrete Authenticator class, so that the val-ues passed as arguments to the authenticate methodand the returned values can be used to complete theauthentication.

2.3 CollaborationsThere are four phases of operation for the Authenticatorpattern.

1. Initialization: The Authenticator object must be reg-istered with the distributed object system’s namingservice for remote access. This phase of the opera-tion is system specific and external to the pattern, butnevertheless tightly coupled with it. Server creates andregisters an Authenticator implementation object withthe registry, passing an object factory object to Au-thenticator as a constructor parameter.

2. Connection: When a remote object, a requestor, ob-tains a reference to the Authenticator object, it usesthe authenticate method to pass a string to the Au-thenticator implementation. The return value is an-other string which the requestor uses to determine ifthe authentication or negotiation succeeded or failed,or whether (and how) to construct another string foranother use of authenticate. The requestor continuesto call authenticate until the authentication or negoti-ation is completed. Requestor calls registry lookup toget a reference to the Authenticator implementationobject.

• Requestor calls authenticate (string).

• Authenticator returns completion, failure, or con-tinuation string.

• Previous two steps are repeated as necessary tocomplete authentication/negotiation.

3. Creation: When the Authenticator implementation rec-ognizes a successful authentication, it creates the pro-tected object in preparation for handing that to therequestor as a response to the get method. The ex-pected process is for the authenticate method to invokean object factory method. However, the Authentica-tor implementation and the object factory can use anymeans to make one or more objects accessible. Au-thenticate calls the object factory to create/initializeprotected object prior to returning successful comple-tion.

4. Acquisition: The requestor finally uses the get methodto get a reference to the protected object. Requestorcalls get to obtain reference to protected object.

2.4 ImplementationSome implementation issues to consider when designing anAuthenticator pattern implementation are discussed below.

1. Security: The object factory class is hidden within theAuthenticator implementation for security. The Au-thenticator implementation is a remote object acces-sible to the untrusted requestor client, the object fac-tory is not a remote object and is therefore inaccessibleto the client. (If not remote objects, then some othermeans may be necessary to restrict access to the objectfactory.) The Authenticator implementation must notprovide a means to invoke the object factory withoutcompleting the negotiation.

2. Negotiation: The design of the authentication and ne-gotiation must take into account concurrent access formultiple clients (if, for example, the Authenticator is aSingleton), the possibility of dropping a network con-nection or timing out, incorrect or out of sequenceresponses, and other unintentional or intentional fail-ures. It must also provide an efficient means of indicat-ing the current status of the negotiation to the client:,usually one of succeeded, failed, or still in progress.The results of the authenticate method must be suffi-cient to guide the client to the next step of the nego-tiation.

3. Parameterized object creation: It may be necessary toparameterize the creation of an object by the objectfactory. The parameter list for the object factory’s cre-ate method shown in the example below is empty, butthat is not a requirement as long as the Authentica-tor implementation and the object factory class agree.The Authenticator implementation may build a pa-rameter list from data supplied by the client duringnegotiation, or it may provide an additional methodfor the client to use to specify parameters.

4. Creation of multiple objects: Once the authenticationis complete, is exactly one object accessible or can theclient create any number of objects? If any numberof objects can be created, must they all be instancesof the same class? The example below shows exactlyone object being made accessible. This is enforced bycreating the object in the authenticate method so thatmultiple calls to the get method return the same ob-ject. Alternatively, the get method could constructa new instance each time it is called if the authenti-cate method has indicated that the authentication hascompleted successfully.

3. BASICS AUTHENTICATIONBasic authentication [2] is the simplest method of authen-tication that was the most common authentication methodfor a long time. However, other methods of authenticationhave recently passed basic in common usage. Sometimesidentify is the external entity like my identity, nikoo, andthe subject is computer entity like process.

3.1 PasswordsPasswords are the most widely used form of authentication.Users provide an identifier, that is consists of characters or

numbers, along with a password. In many systems pass-words are not store as plain text, they should be encrypted.So if hackers access to the database that stores the pass-words they could not use them. Password authenticationdoes not normally require complicated hardware since au-thentication of this type is generally simple and does notrequire much processing power. Password authenticationhas several safety issues, some of the obvious one are: Pass-word may be easy to guess. Writing the password down andplacing it in a highly visible area.

3.1.1 One-Time PasswordsA one-time password is also called a dynamic password isgood only once. After first use it is immediately invalidated.This type of authentication mechanism is used in environ-ments that require a higher level of security than static pass-words provide.With using one-time password we are able todecrease the percentage of Brute Force2 Attack.

3.1.2 Passwords GenerationPassword can be generated by the user. So it would easierfor user to remember. On the hand, it is easy to guess andin danger of methods that I will discuss later like dictionaryattack and brute force attack.

The other ways is computer generated password that ran-domly creates by the computer. It is stronger password.Some of the generated passwords are pronounceable type forexample like: imadways, tinglent. It helps user to rememberit better. Password aging is the other concept that is usedin computer generated passwords. Password aging forcesthe user to change passwords after a system administrator-specified period of time. The system may also keep a list ofthe last five to ten passwords and not let the users revertback to previously used password. One of the disadvantagesof the computer generated password is sometimes user needto write in on the paper.

3.1.3 Passwords StoragePasswords can store as a clear text in the text file. In thissituation if somebody hacks the password file, all passwordsare accessible. For solving this problem we need to havepassword encrypted. So we only keep the encryption de-cryption keys in memory.

encryption is a security mechanism that transforms data intosome unreadable form. So if hackers access the password ta-ble they are not able to find real passwords. Deciphermentis the reverse of encryption. That is, it is the transformationof encrypted data back into some intelligible form. encryp-tion which is performed on cleartext to produce ciphertext(encrypted data whose semantic content is not available).The result of decipherment is either cleartext, or ciphertextunder some cover. encryption can provide confidentiality ofeither data or traffic flow information and can play a partin, or complement other security mechanisms. encryptiondecryption require the use of some secret information, usu-ally referred to as a key, which directs specific transforma-tions. This is one of two crypto variables used: The otheris the initialization variable, which is sometimes required to

2brute force attack is a strategy used to break the encryptionof data

preserve the apparent randomness of ciphertext. encryptiontechniques can be symmetric or secret key, where knowledgeof the encryption key implies knowledge of the private deci-pherment key and vice versa, or asymmetric. In asymmetricalgorithms, generally one key is called public (because it ispublicly available), while the other is called private (becauseit is kept secret). Once a private key has been compromised,the system (or at least the use of that private key) is nolonger secure. Both encryption techniques are used to pro-vide the data confidentiality service.

3.2 Password authentication weaknesses• client attacks: an adversary attempts to achieve user

authentication without access to the remote host or tothe intervening communications path

• host attacks: attacks are directed at the user file at thehost where passwords, token passcodes, or biometrictemplates are stored

• Eavesdropping: an adversary’s attempt to learn thepassword by observing the user, finding a written copyof the password, keystroke logging, etc

• Replay: an adversary repeating a previously captureduser response. The most common countermeasure tosuch attacks is the 3challenge- response protocol

• trojan horse: an application or physical device mas-querades as an authentic application or device for thepurpose of capturing a user password, passcode, or bio-metric

• denial-of-service: attack attempts to disable a user au-thentication service by flooding the service with nu-merous authentication attempts

3.2.1 Dictionary attackA dictionary attack is trying ”every word in the dictionary”as a possible password for an encrypted message. Dictionaryattacks works because most users use ordinary word as apassword. Dictionary attached is less successful against sys-tems that are using passphrases instead of password, or ran-dom combination of uppercase and lowercase letter mixed upwith numerical. Passphrases are mostly like the passwordbut much longer and consist of random set of charactersof words that are hard to guess and even sometimes theycontain space. Brute force attach: this method is the mostknows as a password cracking method. It tries to use everypossible character combination as a password. To recover aone-character password it is enough to try 26 combinations(’a’ to ’z’).

3.2.2 Increasing Security against a Brute Force At-tack

We can increase security to prevent the Brute Force attackby consider:

• Increasing the length of the password

3challenge-response authentication is a family of protocolsin which one party presents a question (”challenge”) andanother party must provide a valid answer (”response”) tobe authenticated.

• Allowing the password to contain characters other thannumbers, such as *

• Imposing a 30 second delay between failed authentica-tion attempts

• Locking the account after 5 failed authentication at-tempts

A brute force attack will always succeed, eventually. How-ever, brute force attacks against systems with sufficientlylong key sizes may require billions of years to complete.

4. BIOMETRIC AUTHENTICATION[5] Biometrics authentication and identification technologiesare based on unique biological characteristics. Inherent bio-logical characteristic include voice, fingerprints, hand geom-etry, facial features, retinal patterns, etc.

A biometric system usually has a biometric scanner whichtakes a biometric sample or ”image” of the individual. Thebiometric device may be is a microphone, video camera, fin-gerprints reader, etc. The other components of a biometricsystem consist of a processing algorithm and a matching al-gorithm. These may be hardware or software components,but most implementations generally utilize software algo-rithms running on a workstation. The system must performaccurate and repeatable measurement of characteristic. Thistype of sensitivity can easily cause false positive or false neg-ative. The system should be collaborated so these false re-sults have a low occurrence, and the results are as accurateas possible. When a biometric system rejects an authorizedindividual, it is calls a type I error. When the system acceptswho should be rejected, it is called a type II error. The goalis to obtain low numbers for each type of error. When com-paring different biometric systems, many different variableare compared, but one the most important variables is thecrossover error rate (CER). This rate is stated in percent-age and represents the point at which the false rejection rateequals the false acceptance rate. This rate in very impor-tant when we want to identify the accuracy of the system.The biometric system that delivers a CER of 3 will be moreaccurate than a system that delivers a CER of 4. Look atfigure 2:

Each environment has a specific security level, which willidentify how many type I and type II errors are acceptable.For example, a defense institution that is very concern aboutconfidentially would be prepared to accept a certain amountof type I errors, but absolutely would not accept any falseaccept (type II errors). The defense institute would regulatethe biometric system to lower the type II error to zero, butthat would mean that they would have to accept a higherrate of type I error.

4.1 Good things about biometricsGenerally they cannot be lost a stolen like the passwords.People do not need to keep them secret for secure authenti-cation. Because person needs to register first so some timeregistration can deter fraud even if not used in authentica-tion process.

Figure 2: Accurancy of the system

4.2 Different type of biometric authenticationThere are many type of biometric systems that examine dif-ferent type of user’s characteristic. In each of these systems,the individual must go through an enrolment process whichcaptures the biometric data and stores it in the reference file.This reference file would be use later when person attemptto be authenticated. The following is an overview of thedifferent types of biometric systems and the physiologicalcharacteristic they examine.figure 4.

Figure 3: Biometric can use several different typesof physiological attributes of a person

4.2.1 FingerprintFingerprints are made of a series of ridges and furrows onthe surface of the finger. Everyone is known to have unique,immutable fingerprints. An individual places his finger ona device that reads the details of the fingerprint and com-pares this to a reference file. If the two match, the person’sidentity has been verified. One problem with the currentfingerprint recognition systems is that they require a largeamount of computational resources, especially when oper-ating in the identification mode. Finally, fingerprints of asmall fraction of the population may be unsuitable for theautomatic identification because of generic factors, aging,environmental, or occupational reasons (e.g., manual work-ers may have a large number of cuts and bruises on theirfingerprints that keep changing).

4.2.2 Palm scanthe palm has many aspects that could be use in identify theperson. The palm has creases, ridges, and grooves through-out it that are unique to a specific person. The palm scanalso includes the fingerprints of each finger. An individualplaces his hand on the biometric device, which scans andcaptures this information. This information is compared toa reference file and the identity is verified or rejected.

4.2.3 Hand geometryThe shape of the person’s hand (the length and width of thehand of fingers) defines hand geometry. This trait differssignificantly between people so it is used in biometric systemto verify identity. A person places her hand on a devicethat has grooves for each finger. The system compares thegeometry of each finger, and the hand has a whole, to theinformation in a reference file to verify that person’s identity.

4.2.4 Retina ScanA system that reads a person’s retina scans the blood-vesselpattern of the retina on the backside of the eyeball. This pat-tern is extremely unique between different people. A camerais used to project the beam inside the eye and capture thepattern and compare it to the reference file.

4.2.5 Iris scanThe iris is the color parts of the eye that surrounds the pupil.The iris has a unique pattern, color, rings. The uniquenessof each these characteristic gathered during the enrolmentphase.

4.2.6 Signature Dynamicwhen a person signs a signature, usually it is done in thesame manner each time. Signing a signature can produceelectrical signals that can be captured by the biometric sys-tem. The signal has a unique characteristic that can be usedto identify one person from the other.

4.2.7 Voice printThere are many subtle distinguishing differenced in people’sspeech sound and pattern. A biometric system that is pro-grammed to capture a voice print and compare it to theinformation captured in a reference file can differentiate oneindividual from the other. During an enrolment process, anindividual is asked to say several different words. Then afterthat when individual need to be authenticated, the biomet-ric system compare with tease words.

4.2.8 Facial scanA system that scans a person’s face takes many attributesand characteristic into account. People have different bonestructures, noise ridges, eye widths, forehead size, and chinshapes. These are all captured during the facial scan andcompared to an earlier captured scan that held within areference record. If the information is a match, the personwill identify.

4.3 biometric identification devicesThere are different systems are using biometric system toidentify the authorize person. In particular, there are threepossibilities for the use of microcircuit or microprocessor

cards within systems which support biometric identificationdevices:

Luca Bechelli in the Biometrics authentication with smart-card paper [1]

• Template on Card: In this group the biometric infor-mation is stored on a hardware security module likesmartcard. In this case the template has to be re-trieved and transmitted to a different system to com-pare the fingerprints acquired by special scanners; ”memory-cards” with no operating systems and onboard appli-cations are generally used for this purpose.

• Match on Card: In this group the comparison betweenthe biometric template and the fingerprint acquiredthrough a special scanner occurs inside a hardwaresecurity module. This is typically achieved throughthe use of a smartcard microprocessor provided withan operating system and suitable applications and thebiometric template is safely stored on the card itself.

• System on Card: This is combination of the two tech-nologies above and is certainly the best solution interms of security because it includes the use of hard-ware security modules hosting biometric scanners wherethe acquisition, processing, template selection and matchoperations occur within a totally secure system. Thistype of technology is realized through the use of smart-cards with fingerprint readers or USB tokens equippedwith special fingerprint scanners. The use of USBtoken-based systems are preferred since they do notneed a special smartcard reader but are directly con-nected to the host processing system.

In particular, the main difference between memory cards andsmart cards is the processing power. A memory card holdsinformation but does not process information. A smart cardhas the necessary hardware and logic to process the infor-mation. A memory card can hold a user’s authenticationinformation, so this user only needs to type in a user ID orPIN, present the memory card, and if the two match andapprove by an authentication service, the user successfullyauthenticated.

4.4 Biometric AccuracyIn the Biometric authentication we never get identical tem-plates. For example, consider fingerprint, never two personhave an identical fingerprint. On the other hand we havesome problem with the false match or even false non-match.For instance, system give us fingerprint of other person in-stead the person that we are looking for. These issues men-tioned below are used to compare the various biometric tech-nologies. High, medium and low are denoted by H, M, andL.

• Universality: Each person should have the character-istic. Do all people have it?

• Distinctiveness: can people be distinguished based onan identifier?

• Permanence: How permanent are the identifier? Howwell a biometric resists aging?

• Collectable: Ease of acquisition for measurement. Howwell can the identifier be captured and quantified?

• Performance: matching speed, accuracy and robust-ness of technology used

• Acceptability: willingness of people to accept

• Circumvention: Ease of use of a substitute, foolproof

Figure 4: Compare the various biometric technolo-gies. High, medium and low are denoted by H, M,and L.

4.5 Biometrics IssuesOne of the issues with the biometric systems is trust. Falseread or false matches can be resulted in a false identifica-tion. In the other way is it more expensive than a regularusername password authentication [3]

• Presenting fake biometrics or a copy at the sensor, forinstance a fake finger or a face mask. It is also possi-ble to try and resubmitting previously stored digitizedbiometrics signals such as a copy of a fingerprint imageor a voice recording.

• Producing feature sets preselected by the intruder byoverriding the feature extraction process.

• Tampering with the biometric feature representation:The features extracted from the input signal are re-placed with a fraudulent feature set.

• Attacking the channel between the stored templatesand the matcher: The stored templates are sent to thematcher through a communication channel. The datatraveling through this channel could be interceptedand modified - There is a real danger if the biomet-ric feature set is transmitted over the Internet.

• Corrupting the matcher: The matcher is attacked andcorrupted so that it produces pre-selected match scores.

• Tampering with stored templates, either locally or re-motely.

• Overriding the match result.

5. COMBINING AUTHENTICATION METH-ODS

[7]

User authentication methods, whether based on password,token, cards, or biometrics, provide a layer of security toinformation systems. However, each of these methods re-lies on a single layer of authentication and can be agreedjust in a single step. The security of information systemscan be increased through a technique called double authen-tication, which relies on a combination of methods to per-form user authentication and verification. This technique ismuch more secure than access control based on single-layerauthentication because even if one form of authentication iscompromised, there is an additional check in place to preventunauthorized access to information system resources. Dou-ble authentication can take many forms. Several of thesedual-layer systems have been in existence for quite sometime, while other combinations are just emerging. Perhapsthe most well known double authentication technique is theuse of a magnetic card along with a PIN known by the user.Banks have been using this dual layer of authentication atautomated teller machines (ATMs) or with debit cards. Thissystem incorporates something that the user possesses (themagnetic card) with something that the user knows (thePIN), thereby providing two layers of authentication beforeproviding access to finances. Even in the event that an in-dividual’s debit card is stolen, the thief must also know theuser’s PIN for the card to be of any use. This multi-layerauthentication technique solves a number of the problemswith current methods of authentication.

6. CONCLUSIONSPasswords remain the most prevalent method of user au-thentication for information systems, especially for the E-prescription system. Password-based authentication is lack-ing in due to several factors contributing to the weakness ofpassword construction and the ease with which passwordscan subsequently be compromised. Alternative forms ofuser authentication; including smart cards, and biometrics,attempt to address some of the vulnerabilities of password-based systems, but suffer from their own vulnerabilities whenemployed in a single-layer authentication scheme. Layeredauthentication techniques have been developed which com-bine the methods of two authentication techniques to in-crease the level of security of information systems.

7. REFERENCES[1] L. Bechelli, S. Bistarelli, and A. Vaccarelli. Biometrics

authentication with smartcard. 2002.

[2] M. Bishop. Introduction to Computer Security.Addison-Wesley Publishing Company, 2004.

[3] B. Burr. Biometrics authentication issues. 2002.

[4] S. Harris. CISSP Certification. Mc Graw Hill, 2003.

[5] A. K. Jain, A. Ross, and S. Pankanti. Biometrics: Atool for information security. IEEE TRANSACTIONSON INFORMATION FORENSICS AND SECURITY,1, June 2006.

[6] L. B. Jr, F. L. Brown, J. Divietri, G. D. D. Villegas,and E. B. Fernandez. In PLoP. Wiley, 1999.

[7] L. Leong and E. J. Yerzak. Password pitfalls anddynamic biometrics. Academy of Information and

Management Sciences Journal, 7:28–30, Number 2,2004.