Transparency of Operations
Definition
Transparency of operations is an important
theme that emerged in the analysis of the biometric security
devices. Transparency can have two meanings: (1) to be easily
detected or seen through (visibility), and (2) to be readily understood. In
interface designs these definitions are often in conflict, where
making the operations of the system detectable and visible may
make the system harder to understand, especially if the visible
operations are complex. On the other hand, hiding information to
make things apparently easier to understand is often in conflict
with supporting a deeper understanding that comes from having the
operations of the system visible.
Transparency has a number of dimensions and implications that
are important for usability:
- Understandability: The application
structure, navigation, procedures, features and terminology should be
comprehensible for users.
- Learnability: The usage of the application or
hardware device should exhibit a gradual learning curve and encourage
exploration.
- Self-descriptiveness: This is also called
"affordance" or "obviousness" and is the system's ability to
speak for itself. When the application is presented to the user,
it should be intuitively obvious how the system operates and what
kind of tasks can be achieved.
- Feedback: This refers to whether there is an
accessible, clear, and timely indication and response to user's
actions.
- Metaphors: Metaphors support the transfer of
real world knowledge into applications.
Transparency and Trust
The issue of transparency is not unique to
biometric security applications and devices, but it does have an
especially important role. In order to be used and accepted,
users must come to trust the biometric systems and be willing to
replace their old password methods. It is understandable that all
new things will may be met with criticism and resistance. But it
is even more difficult for biometric authentication systems to be
accepted because of their long association with forensic science
and science fiction. People often have misconceptions about the
capabilities and implications of biometric security devices.
Hiding the internal operations of the systems in an attempt to
make them easier to understand does little to dispel the myths
and fears. Instead, a more valuable approach may be to make the
users understand the inner workings of these systems, including
how the biometric features are captured, extracted, stored, and
used. In the next section, several commercially available
products are evaluated against this concept of supporting
transparency through visibility.
Device Specific Discussions
- Understandability:
The U.are.U Personal biometric system is a good example of
supporting visibility of operations. For example, U.are.U
Personal's "One Touch Internet" feature illustrates how a single
sign-on (SSO) entry is created by asking the user to type the
credentials in a form and then drag and drop it to the
corresponding field on the web page. In contrast, the SSO
entries are created automatically and invisibly in the
"SecureSession" feature of the SecureSuite software that is used
with the Authenticam and Targus Defender products.
In another example, the BioconX software used in the Sony
Puppy system has two front-end parameters that can be adjusted:
MergeThreshold and MinutiaMin. Both parameters are intuitively
named to suggest the value that they adjust, and both definitions
are documented in the user manual. In contrast, BioPassword has
two front-end parameters and one back-end parameter, and two of
the three parameters are called Security and the another one is
called Enrollment. The role of each parameter is not outlined in
the interface, and the software does not have a user manual.
Further, while the iris and fingerprint products all showed some
representation of the biometric information being captured,
BioPassword remains a mystery. It does not give even a glimpse of
how keystroke dynamics are measured.
- Learnability:
All the applications were
relatively easy to learn, but there were two training features
that are notable. BioconX has a built-in enrollment tutor that
mimics the authentication process, and in which the user receives
scores on how successful their authentication attempts are.
BioPassword, on the other hand, has "user training cycles" in
which the user repeatedly types in their user name and password
in order to create a new template, without receiving any
feedback. So in a sense, this only "trains" the computer not the
user.
- Self-descriptiveness:
The file encryption
function of BioconX is an example of poor self-descriptiveness.
This function appears to authenticate the user via biometrics
when the user attempts to open the encrypted file, but really the
"authentication" is done at sign sign-on and the actual
operations are invisible.
- Feedback:
U.are.U Personal is the only
application that has multiple forms of feedback: visual,
auditory, and animations. U.are.U Personal, BioconX, and
SecureSuite all allow the user to adjust the form or the
combination of feedback. U.are.U Personal's unique animation
feedback is a good example of telling users their consequences of
their actions, in contrast to the generic error messages in
SecureSuite and BioconX. BioPassword has very poor feedback with
the only communication being cryptic error messages.
- Metaphors:
In U.are.U Personal, when a file is
encrypted a key symbol appears on the file icon. In SecureSuite,
a product logo is presented. The first one is better
because it draws on an analogy with real world security.
Biometrics Trailer
This page is part of a project on
the
Usability and Acceptability of Biometric Security Devices.