Few Fingers In The Mix
Biometric technology is no longer the stuff of science fiction or high-tech thrillers. The technology for using a person’s unique biological markers to offer irrefutable proof of identity or presence in a specific place at a specific time is functional, marketable and increasingly sophisticated.
“Biometric systems are available now. Fingerprint and iris systems are reliable,” says Jonathan Keith, project manager for Milwaukee, Wis.-based Johnson Controls.
That’s the good news for biometrics fans. The sobering side of the story is that commercial enterprise users apparently are finding only limited uses for the technology. The reasons are intertwined, say analysts and a variety of security industry vendors.
First, biometric systems still cost more than password, token and card technologies. Second, biometric technology does not always work the way users expect. Higher costs combined with unmet expectations are keeping biometrics from playing a larger role in the converged physical/logical security world. Instead, the technology is proving useful in important but less integrated functions.
“The places where biometrics works are not where people expected it to go,” says William Kennedy, product marketing manager for Pelco in Clovis, Calif.
The Cost Problem
While the biometric vendor universe has consolidated through mergers and acquisition, innovation continues in types of biometric “templates.” Enterprises and their system integrators may choose among fingerprint capture, palm geometry, voiceprint recognition, iris scans, facial recognition and even vein pattern recognition systems.
In a typical biometric system, a user supplies physiological data, such as a fingerprint, which is then stored as a complex mathematical template in a local reader, on a smart card, on a central database or in some combination.
When the user presents his finger for scanning, the live data is compared against the stored template.
The security and convenience of biometrics seem obvious; however, the expense of achieving these benefits often comes as a surprise.
“There’s a huge perceived cost problem with the equipment,” says Steve Van Till, president and CEO of Brivo Systems, based in Bethesda, Md. He and others in the industry say many users are very interested in biometrics until they compare the price tags of biometric scanners and biometrics- embedded smart cards with those of proximity cards and readers.
Sometimes biometrics may supply more security than is actually needed, vendors say.
“If you’re not gaining a high security benefit, you haven’t proven the economics of installing biometrics,” says Damon Dageenakis, product marketing manager, physical access control readers for HID Global, based in Irvine, Calif. “You must look at the context in which you will use the technology.”
Managing Expectations
Managing what users expect to gain by deploying Biometrics -- security, convenience or both -- is a critical challenge for the technology, say industry observers.
“Expectations for biometrics are still not set correctly,” says Kennedy, who works with access control systems at Pelco and formerly marketed palm geometry biometric systems for Ingersoll Rand.
Most end users don’t perceive the key benefit of biometrics as added security but rather convenience, he says. Then, if biometric tools are not convenient, users are dissatisfied. Kennedy says Pelco “constantly” finds biometric readers installed but disabled at client sites because they did not work as expected.
Users often expect to eliminate or reduce other security measures with biometrics.
That’s not always the case.“The value of biometrics is in combining factors of authentication,” Van Till says. “If you give up an access card in favor of a fingerprint, you haven’t necessarily made things more secure.”
Practical problems also plague user expectations.
Users see biometrics working seamlessly in film and on television. However, while the technology is constantly improving, false rejects are still common. A scab, scar or new ring may trick a reader. Workers in heavy industries may not have very legible fingerprints.
“Biometrics is not quite a science yet; there’s still a lot of art that goes into it,” says Larry Lien, vice president of product management for Proximex, a physical security information management systems vendor based in Sunnyvale, Calif. “Biometrics must get to the point where the accuracy is there.” Lien and others say clients are interested in multimodal forms of biometrics, in which multiple physiological markers are compared for a positive identity. However, costs often disqualify these systems for many companies today.
Front Door Backlog
One place that it’s rare to find biometrics is at the main entrance of an enterprise or building. False rejections at these entrances easily can cause a traffic backup. Even if the biometric system works perfectly, each person still needs to stop and do something, whether it’s be scanned or swipe a card and wait for a match.
“The biometrics system then becomes a barrier to me doing my work,” Kennedy says. Part of the issue is the speed of matching a user and a stored template. Most vendors and observers note that “one-to-many” matches, in which templates are stored either in a reader or in a network database, are inherently slow because of the data volumes involved.
A more efficient current approach is a “one-to-one” match. A user’s biometric template is stored on a smart card; the biometrics reader then reads the card template, compares it to the real-time data captured in a scan and makes a match. Even this approach takes time and requires more costly cards and readers.
Biometric Business Cases
Issues like these are pushing biometrics into security applications in which a relatively small volume of users need to access very sensitive or valuable data, materials or merchandise. Locations include server rooms, data centers, secure areas, vaults and storage facilities.
Some of the same access problems occur in these locations. But fewer users means greater tolerance for slower access times; the enterprise is so concerned about protecting the asset that it’s willing to spend the money on sophisticated readers. Plus there’s the “cool factor.”
“The end user accepts the inconvenience as being part of the elite,” Kennedy says.
Many observers say IT departments and computer manufacturers are driving biometric adoption. Laptops increasingly have built-in fingerprint readers, and the technology is finding its way into cell phones and other small mobile devices.
“It’s cheaper to add a fingerprint reader to a laptop than to install fingerprint readers at every door,” Van Till says.
Such readers can use the PC’s or laptop’s processing power and cost only a few dollars per unit, versus hundreds for biometric readers. And some industries have either the security needs or resources to deploy biometrics, Lien says.
“Business applications have to drive the technology,” he says. “Biometrics has to be part of the standard operating solution and workflow across systems and the environment.” He notes a security application for biometrics may not always be the best value driver.
Bio-Time
In fact, time and attendance applications are the most commonly cited uses for biometric technology.
“There’s an immediate return for large and small companies and manufacturers when they implement biometrics in time and attendance systems,” Dageenakis says.
He and other vendors point out that business enterprises are willing to pay for additional biometric readers at entry points and throughout work sites because of the benefits gained from increased timekeeping accuracy.
Biometrics also is useful in industries with many compliance regulations to meet because biometric data is considered “nonrepudiable.”
That is, outside of a spy movie, it’s difficult for someone to claim their finger or iris was stolen and used to enter a restricted database or work center.
In these situations, enterprises either issue biometrics-embedded smart cards to the employees requiring special access, or use a separate system of biometric readers at the locations, say vendors. It’s rare to find a single access control system incorporating both the general population and the high-security biometric locations.
Nor is it common to find biometric data used as a trigger for video surveillance or other security applications. One reason may be that tying biometrics into some legacy card readers often requires that complex, highly secure biometrical algorithms be translated into much simpler Wiegand electronic signals the legacy systems can interpret.
Still, the potential and wish for integration is there. Lien says some of Proximex’s customers are interested in combining more video with biometrics, such as a finger swipe matched to a video image.
“You need to leverage existing systems to enhance biometrics,” he says. “It’s another source of information.”