**7. The development of the theoretical framework**

198 Security Enhanced Applications for Information Systems

the system factors. Similarly, the categories of organisation's strategies, organisation's services, organisation's needs, and organisation's perceptions were combined to be 'organisational factors' as all of them related to the organisation and were mentioned as the organisation's viewpoints. Acceptance factors were also combined with contributory factors to be called 'enabling factors' as all the factors in this category were mentioned as factors that would enable the achievement of successful adoption of biometric authentication in m-

It is noteworthy that the presented codes and categories in the above sections are the final set of the re-coding process. As suggested by (Miles and Huberman 1994), in order to ensure that codes and categories are applied consistently, it is significant for the researchers to verify all codes and categories that are assigned to the data. The benefit of re-coding process consisted of reconfirming and refining the codes and categories. Moreover, a comparison between newly and previously assigned codes and categories assisted us as well to check whether the codes and categories were reliable and truly represented the empirical data. The initial codes were mostly too close to the exact words of the data while the final codes

As evidenced from the data analysis, one concept that was frequently stressed by the participants was the idea of acceptance. It had been introduced as a category involving: relative advantages, compatibility, ease of use, trialability, observability, trust, and privacy; and had been promoted to the "core" category. This, as known in Grounded Theory

Another important category is the category of contributory factors which include availability, awareness, legislation, economical aspects, as well as social and cultural aspects. During the data analysis, it is found that both acceptance factors and contributory factors are involved in

Furthermore, the emerged categories show that organisational factors including organisation's strategies, services, needs, and perceptions influenced by users' factors which consist of users' needs, concerns, and perceptions. At the same time, both organisational and users' factors influence acceptance factors in different manners. For instance, applying biometric authentication along with a public key infrastructure (PKI) in m-government services is an important need of service providers due to the security relative advantage of this combination between biometrics and the PKI. This application also meets the users' need for protection of their personal and sensitive information through the use of mgovernment services. This combination of factors can consequently be seen to positively influence the acceptance of biometrics in m-government security among both users and

Similarly, system factors including system requirements and other related system issues such as the authentication responsibility and user registration at a website influence the acceptance factors and are at the same time influenced by users and organisational factors. This is because the majority of the system requirements, for example, have basically

It was also found that several challenges influence the adoption of biometric authentication in m-government security. These challenges include technical and related challenges such as

methodology, was because it linked up all of the other categories.

emerged due to organisations' and users' needs and perceptions.

promoting the adoption of biometric authentication in m-government security.

government security.

service providers.

provide more meaningful concepts.

Figure 3, below, illustrates the findings, focusing on the categories that have emerged from the open, axial, and selective coding phases. Based on the application of Grounded Theory, this theoretical framework, pictured, encompasses and organizes the concepts that form the factors influencing the adoption of biometric authentication.

Fig. 3. Theoretical framework for the adoption of biometrics in m-government security in the KSA

Figure 3 depicts a new theoretical framework for the factors influencing adoption of biometric authentication in m-government security in Saudi Arabia, which was derived by the use of Grounded Theory as described above. Analysis and discussion of the results indicated that "entities factors", which include users', organisational, and system factors, as well as enabling factors involving acceptance and contributory factors, influence the adoption of biometric authentication in m-government security. As reported earlier in the previous section, this will also be influenced by responses to technical and non-technical challenges.

Developing a Theoretical Framework

for the Adoption of Biometrics in M-Government Applications Using Grounded Theory 201

perceived usefulness and perceived ease of use for user acceptance of the mobile Internet. Teo and Pok (2003) also found that social factors, including perceptions of relative advantage, play a significant role in influencing intentions for the adoption of Wireless Application Protocol (WAP)-enabled mobile phones amongst Internet users. Furthermore, while the developed theoretical framework in this chapter classified social and cultural aspects as contributory factors that influence the adoption of biometric authentication systems in m-government security, Myers et al. (2002) stated culture as a factor that

The developed theoretical framework in this chapter identified several organisational factors as contributing to m-government acceptance. Feng (2003) and Alharbi (2006) confirmed organisational issues and culture as important factors that need to be considered when applying new technology. More specifically, Feng (2003) stated that e-government projects are not a technical issue, but rather an organisational issue. A result of the study presented in this chapter indicated a lack of organisations with clear implementation strategies, and only a few organisations following Yesser's strategies regarding the implementation of e-government applications. This supports a literature finding where Al-Shehry (2008) pointed out some doubts about transforming Yesser's ideas into reality. He mentioned that some organisations failed to follow the general standards set by Yesser. He also indicated some issues that have not been adequately addressed in Yesser's strategy, such as organisational readiness, awareness, and the re-engineering of business processes. Moreover, Sahraoui et al. (2006) indicated that there is a lack of clear vision and strategy for the deployment of e-government services in Saudi Arabia. Consideration towards applying advanced levels of authentication in electronic and mobile services were also apparent among the organisational factors; which supports the finding that reveals that successful egovernment strategies have to include effective security controls for the processes and systems of the government, and to ensure privacy for personal information (OMB 2002). According to Satyanarayana (2004), an e-government strategy should identify the infrastructure needs, required process transformations within government, and the technical

Another important category among organisational factors is addressing an organisation's needs, which in this study, represent the needs of both government organisations and mobile network companies regarding the authentication of m-government security in Saudi Arabia. A number of researchers such as (Bergstrom 1987; Putnam 1987; Roberts and Pick 2004) mentioned organisational needs as a factor that affects the adoption of new technology. According to Bergstrom (1987), organisational needs influence the decision processes involving new technologies. Putnam (1987) identified organisational needs as a critical factor that may impact the success of a modernisation project in organisations where new technology is involved. Such a determined need of advanced authentication system reflects the organisations' perceptions towards the importance of security in m-government applications, which supports the literature findings of (Al-Khamayseh et al. 2006; Chang and Kannan 2002). More specifically, Al-Khamayseh et al. (2006) indicate that the security of m-government services is considered the hallmark of successful m-government, while a study by Clarke and Furnell (2005) found that additional and advanced authentication systems are required for mobile devices. Furthermore, this result relates with the literature finding where Nanavati et al. (2002) confirmed that increased security is one of the main

influenced users' decision to accept and adopt a particular system.

framework, along with an indicative timeline.

It is noteworthy that acceptance factors including relative advantage, compatibility, ease of use, trialability, observability, trust, and privacy, as well as contributory factors involving availability, awareness, legislation, economical aspects, and social and cultural aspects, are the most important factors that will enable the KSA in achieving the adoption of biometric authentication in m-government security.

The results of this study presented in this chapter are supported by a number of findings reported in literature. In particular, the findings among the acceptance factors, for example, are close to existing theories such as Diffusion of Innovation (Rogers 1995) and the Technology Acceptance Model (Davis 1989). Relative advantage, for instance, is similar to Rogers' theory of Diffusion of Innovation (1995). However, by comparing this concept with "perceived usefulness" in the Technology Acceptance Model (TAM) (Davis 1989), it seems that "relative advantage" is more accurate in representing users', service providers', and network operators' perceptions regarding the application of biometrics in m-government security. Furthermore, it is noticeable that the set of factors proposed in TAM variants and Unified Theory of Acceptance and Use of Technology (UTAUT) correspond closely with factors identified in DOI theory. While in the Technology Acceptance Model, two specific variables of perceived usefulness and perceived ease of use are hypothesized to be fundamental determinants of user acceptance (Davis 1989); the Diffusion of Innovation theory concentrates on five concepts - relative advantage, compatibility, complexity, trialability, and observability - as the five factors that affect the rate of innovation diffusion. However, the acceptance factors among the developed framework include the five concepts of DOI theory in addition to the concepts of trust and privacy as emerged from the data analysis.

Empirical studies related to the acceptance and adoption of mobile phones and electronic services via the Internet mostly indicate similar factors. For instance, Jahangir and Begum (2008) introduced a conceptual framework that considered perceived usefulness and ease of use, as well as security and privacy, as important factors that influence users' acceptance and adoption of electronic banking services. Another study by Tassabehji and Elliman (2006) highlighted trust and security as major factors in e-government adoption. AlShihi (2007) also indicated that trust has a wide impact on m-government acceptance. Kaasinen (2007) found that perceived value, ease of use, trust, and ease of adoption are important factors that influence user acceptance of mobile Internet services. However, while highly similar acceptance factors appear under various theories and models covering innovation acceptance and adoption, the developed theoretical framework in this chapter is more comprehensive. This is because it identified acceptance factors along with other factors, such as contributory and organisational and users' factors that influence adoption. Although the concepts of the developed theoretical framework in this study presented in this chapter are more comprehensive, it was created to accurately represent what different participants in Saudi Arabia including users, service providers, and network operators meant by their views, allowing it to be applied by individuals as well as organisations.

In addition, some of the identified contributory factors can be related to other findings in the literature. For example, while "availability" in this study indicates the availability of mobile devices with biometric attachment as well as m-services, Quantz (1984) identified availability of new technology as an important factor for the adoption of a new technology. Lee et al. (2002) found that social influence and self-efficacy variables significantly affect

It is noteworthy that acceptance factors including relative advantage, compatibility, ease of use, trialability, observability, trust, and privacy, as well as contributory factors involving availability, awareness, legislation, economical aspects, and social and cultural aspects, are the most important factors that will enable the KSA in achieving the adoption of biometric

The results of this study presented in this chapter are supported by a number of findings reported in literature. In particular, the findings among the acceptance factors, for example, are close to existing theories such as Diffusion of Innovation (Rogers 1995) and the Technology Acceptance Model (Davis 1989). Relative advantage, for instance, is similar to Rogers' theory of Diffusion of Innovation (1995). However, by comparing this concept with "perceived usefulness" in the Technology Acceptance Model (TAM) (Davis 1989), it seems that "relative advantage" is more accurate in representing users', service providers', and network operators' perceptions regarding the application of biometrics in m-government security. Furthermore, it is noticeable that the set of factors proposed in TAM variants and Unified Theory of Acceptance and Use of Technology (UTAUT) correspond closely with factors identified in DOI theory. While in the Technology Acceptance Model, two specific variables of perceived usefulness and perceived ease of use are hypothesized to be fundamental determinants of user acceptance (Davis 1989); the Diffusion of Innovation theory concentrates on five concepts - relative advantage, compatibility, complexity, trialability, and observability - as the five factors that affect the rate of innovation diffusion. However, the acceptance factors among the developed framework include the five concepts of DOI theory in addition to the concepts of trust and privacy as emerged from the data

Empirical studies related to the acceptance and adoption of mobile phones and electronic services via the Internet mostly indicate similar factors. For instance, Jahangir and Begum (2008) introduced a conceptual framework that considered perceived usefulness and ease of use, as well as security and privacy, as important factors that influence users' acceptance and adoption of electronic banking services. Another study by Tassabehji and Elliman (2006) highlighted trust and security as major factors in e-government adoption. AlShihi (2007) also indicated that trust has a wide impact on m-government acceptance. Kaasinen (2007) found that perceived value, ease of use, trust, and ease of adoption are important factors that influence user acceptance of mobile Internet services. However, while highly similar acceptance factors appear under various theories and models covering innovation acceptance and adoption, the developed theoretical framework in this chapter is more comprehensive. This is because it identified acceptance factors along with other factors, such as contributory and organisational and users' factors that influence adoption. Although the concepts of the developed theoretical framework in this study presented in this chapter are more comprehensive, it was created to accurately represent what different participants in Saudi Arabia including users, service providers, and network operators meant by their

In addition, some of the identified contributory factors can be related to other findings in the literature. For example, while "availability" in this study indicates the availability of mobile devices with biometric attachment as well as m-services, Quantz (1984) identified availability of new technology as an important factor for the adoption of a new technology. Lee et al. (2002) found that social influence and self-efficacy variables significantly affect

views, allowing it to be applied by individuals as well as organisations.

authentication in m-government security.

analysis.

perceived usefulness and perceived ease of use for user acceptance of the mobile Internet. Teo and Pok (2003) also found that social factors, including perceptions of relative advantage, play a significant role in influencing intentions for the adoption of Wireless Application Protocol (WAP)-enabled mobile phones amongst Internet users. Furthermore, while the developed theoretical framework in this chapter classified social and cultural aspects as contributory factors that influence the adoption of biometric authentication systems in m-government security, Myers et al. (2002) stated culture as a factor that influenced users' decision to accept and adopt a particular system.

The developed theoretical framework in this chapter identified several organisational factors as contributing to m-government acceptance. Feng (2003) and Alharbi (2006) confirmed organisational issues and culture as important factors that need to be considered when applying new technology. More specifically, Feng (2003) stated that e-government projects are not a technical issue, but rather an organisational issue. A result of the study presented in this chapter indicated a lack of organisations with clear implementation strategies, and only a few organisations following Yesser's strategies regarding the implementation of e-government applications. This supports a literature finding where Al-Shehry (2008) pointed out some doubts about transforming Yesser's ideas into reality. He mentioned that some organisations failed to follow the general standards set by Yesser. He also indicated some issues that have not been adequately addressed in Yesser's strategy, such as organisational readiness, awareness, and the re-engineering of business processes. Moreover, Sahraoui et al. (2006) indicated that there is a lack of clear vision and strategy for the deployment of e-government services in Saudi Arabia. Consideration towards applying advanced levels of authentication in electronic and mobile services were also apparent among the organisational factors; which supports the finding that reveals that successful egovernment strategies have to include effective security controls for the processes and systems of the government, and to ensure privacy for personal information (OMB 2002). According to Satyanarayana (2004), an e-government strategy should identify the infrastructure needs, required process transformations within government, and the technical framework, along with an indicative timeline.

Another important category among organisational factors is addressing an organisation's needs, which in this study, represent the needs of both government organisations and mobile network companies regarding the authentication of m-government security in Saudi Arabia. A number of researchers such as (Bergstrom 1987; Putnam 1987; Roberts and Pick 2004) mentioned organisational needs as a factor that affects the adoption of new technology. According to Bergstrom (1987), organisational needs influence the decision processes involving new technologies. Putnam (1987) identified organisational needs as a critical factor that may impact the success of a modernisation project in organisations where new technology is involved. Such a determined need of advanced authentication system reflects the organisations' perceptions towards the importance of security in m-government applications, which supports the literature findings of (Al-Khamayseh et al. 2006; Chang and Kannan 2002). More specifically, Al-Khamayseh et al. (2006) indicate that the security of m-government services is considered the hallmark of successful m-government, while a study by Clarke and Furnell (2005) found that additional and advanced authentication systems are required for mobile devices. Furthermore, this result relates with the literature finding where Nanavati et al. (2002) confirmed that increased security is one of the main

Developing a Theoretical Framework

biometric system.

for the Adoption of Biometrics in M-Government Applications Using Grounded Theory 203

applications in Saudi Arabia. In contrast, most of the literature in the area of m-government (Al-khamayseh et al. 2006; NECCC 2001) mentioned only security and privacy as challenges of the implementation of m-government, while Lallana (2008) stated cost issues. However, there are some identified challenges that support some of the literature findings. For example, registration and enrolment processes of people's biometric credentials has been identified as one of the biggest challenges facing the adoption of biometrics in mgovernment, and this supports the literature finding where Hirst (2005) stated that the ease of enrolment is a determining factor for the successful implementation and use of a

To summarise, while the developed theoretical framework (Figure 3) in this chapter supports a number of findings reported in existing theories and literature, it is unique and more comprehensive than other related existing theories such as Diffusion of Innovation (1995) and the Technology Acceptance Model (Davis 1989). It includes factors influencing the adoption of biometric authentication in m-government among mobile communication users, service providers and network operators, adding further dimensions such as

The theoretical framework proposed in Figure 3 can be used to understand the factors influencing the adoption of biometric authentication in m-government security. Based on the findings presented in this chapter, several considerations can be suggested for those who

First, the findings of this study revealed that, to be effective, there is a need to provide mobile communication users and service providers with an advanced authentication system for m-government services; therefore, government and decision makers should consider this need in order to enhance the adoption and implementation of m-government services. Based on the viewpoints of the participants, the application of biometric authentication would play an integral role in enhancing the security of m-government. However, it will be important for decision makers to take into account that such legislation needs to be carefully crafted to safeguard the rights of the involved entities, and the people involved will need to be aware of the new laws and regulations. Similarly, it will be important that legislation is enforced and that all parties involved in the application are well informed. Technical support will be required to make mobile devices with biometric attachments available

It would be appropriate that the application of biometric authentication is implemented along with the use of a Public Key Infrastructure (PKI), and that service providers apply biometrics with only the advanced m-services to enhance usability and user acceptance. It is also important to consider the security of the templates and databases as well as the management of biometric data during enrolment, transmission, storage and authentication. The enrolment process, which essentially introduces the user to the authentication system, needs to be considered as it would affect the adoption of biometrics in m-government. A high level of cooperation between government agencies will be required to effectively introduce biometrics in m-government services. Biometric standards and systems evaluation

contributory aspects, organisational aspects, user aspects and system aspects.

**8. Considerations for the adoption of biometrics in m-government** 

are involved the adoption of biometrics in m-government applications.

around the country at a reasonable cost on the normal users' level.

could effectively take place before and during the implementation process.

benefits of adopting biometric authentication compared with traditional authentication methods such as PINs and tokens. Nanavati et al. (2002) found that the need for high levels of security frequently plays an important role in an enterprise's decision to deploy biometrics. A reliable authentication of the user accessing an agency's Website is a basic requirement, since the lack of user authentication may cause serious threats through unauthorized access (Department of Commerce 2003). Moreover, while an organisation in the developed framework indicates a need to apply biometric authentication in only some advanced m-services, Nanavati et al. (2002) emphasized that the application of biometric systems should have a limited scope. Another identified need is to store biometric capture on the SIM card, which is consistent with the literature finding that suggests storing the biometric template on the smart card of the mobile device to enable users to control their biometric pattern (Giarimi and Magnusson 2002).

The theoretical framework in this chapter indicates the importance of taking into account organisations' perceptions in order to adopt biometrics in m-government. Several studies by Putnam (1987), Ettlie (2000), and Roberts and Pick (2004) mentioned that perceptions of a specific security technology are one of the important elements in the decision to recommend the technology to an organisation. Beatty et al. (2001) stated that the more likely organisations were to perceive an innovation as consistent with their perceptions, the more likely they were to adopt it. Positive perceptions emerged, for example, towards the application of fingerprinting, which is consistent with literature findings (ORC 2002) that fingerprint scanning is the most commonly experienced technique, followed by the use of signature dynamics. This also may agree with Giesing's (2003) study where most employees pointed to fingerprint technology as their preferred biometric.

The developed theoretical framework brought to light several users' factors that influence the adoption of biometric authentication in m-government security. This framework identified users' factors including their needs, perceptions and concerns, while the most recent literature mentioned only the importance of users' factors. For example, Ashbourn (2004) stated that users can have a direct impact on the operational performance of biometric systems. They can be an essential factor in the successful implementation of biometrics (Ashbourn 2004; Giesing 2003; Scott et al. 2005). User adoption and perception problems related to the implementation of the new technology have been clarified by Giesing (2003) as a factor that would prevent an organisation from adopting biometric technology. Thus, the biometrics research community is well-advised to study the users' side regarding the use of biometrics (Bolle et al. 2004).

Wayman et al. (2005) highlighted the importance of understanding system requirements, procedures, and other related issues, including systems management and user psychology, in order to gain successful integration of biometric systems. The developed theoretical framework in this chapter identified a number of system factors including requirements and procedural issues that need to be considered to adopt biometric authentication in mgovernment security in Saudi Arabia. According to Kanellis and Paul (2005), in order to have a good chance of project success for such an ICT system, system requirements need to be considered before the implementation commences.

Finally, as illustrated in Figure 3, the developed theoretical framework indicates several challenges that would influence the adoption of biometric authentication in m-government

benefits of adopting biometric authentication compared with traditional authentication methods such as PINs and tokens. Nanavati et al. (2002) found that the need for high levels of security frequently plays an important role in an enterprise's decision to deploy biometrics. A reliable authentication of the user accessing an agency's Website is a basic requirement, since the lack of user authentication may cause serious threats through unauthorized access (Department of Commerce 2003). Moreover, while an organisation in the developed framework indicates a need to apply biometric authentication in only some advanced m-services, Nanavati et al. (2002) emphasized that the application of biometric systems should have a limited scope. Another identified need is to store biometric capture on the SIM card, which is consistent with the literature finding that suggests storing the biometric template on the smart card of the mobile device to enable users to control their

The theoretical framework in this chapter indicates the importance of taking into account organisations' perceptions in order to adopt biometrics in m-government. Several studies by Putnam (1987), Ettlie (2000), and Roberts and Pick (2004) mentioned that perceptions of a specific security technology are one of the important elements in the decision to recommend the technology to an organisation. Beatty et al. (2001) stated that the more likely organisations were to perceive an innovation as consistent with their perceptions, the more likely they were to adopt it. Positive perceptions emerged, for example, towards the application of fingerprinting, which is consistent with literature findings (ORC 2002) that fingerprint scanning is the most commonly experienced technique, followed by the use of signature dynamics. This also may agree with Giesing's (2003) study where most employees

The developed theoretical framework brought to light several users' factors that influence the adoption of biometric authentication in m-government security. This framework identified users' factors including their needs, perceptions and concerns, while the most recent literature mentioned only the importance of users' factors. For example, Ashbourn (2004) stated that users can have a direct impact on the operational performance of biometric systems. They can be an essential factor in the successful implementation of biometrics (Ashbourn 2004; Giesing 2003; Scott et al. 2005). User adoption and perception problems related to the implementation of the new technology have been clarified by Giesing (2003) as a factor that would prevent an organisation from adopting biometric technology. Thus, the biometrics research community is well-advised to study the users' side regarding the use of

Wayman et al. (2005) highlighted the importance of understanding system requirements, procedures, and other related issues, including systems management and user psychology, in order to gain successful integration of biometric systems. The developed theoretical framework in this chapter identified a number of system factors including requirements and procedural issues that need to be considered to adopt biometric authentication in mgovernment security in Saudi Arabia. According to Kanellis and Paul (2005), in order to have a good chance of project success for such an ICT system, system requirements need to

Finally, as illustrated in Figure 3, the developed theoretical framework indicates several challenges that would influence the adoption of biometric authentication in m-government

biometric pattern (Giarimi and Magnusson 2002).

pointed to fingerprint technology as their preferred biometric.

be considered before the implementation commences.

biometrics (Bolle et al. 2004).

applications in Saudi Arabia. In contrast, most of the literature in the area of m-government (Al-khamayseh et al. 2006; NECCC 2001) mentioned only security and privacy as challenges of the implementation of m-government, while Lallana (2008) stated cost issues. However, there are some identified challenges that support some of the literature findings. For example, registration and enrolment processes of people's biometric credentials has been identified as one of the biggest challenges facing the adoption of biometrics in mgovernment, and this supports the literature finding where Hirst (2005) stated that the ease of enrolment is a determining factor for the successful implementation and use of a biometric system.

To summarise, while the developed theoretical framework (Figure 3) in this chapter supports a number of findings reported in existing theories and literature, it is unique and more comprehensive than other related existing theories such as Diffusion of Innovation (1995) and the Technology Acceptance Model (Davis 1989). It includes factors influencing the adoption of biometric authentication in m-government among mobile communication users, service providers and network operators, adding further dimensions such as contributory aspects, organisational aspects, user aspects and system aspects.
