A Perfect Match

Consider multiple options for deployment of biometric authentication

As more organizations implement biometrics, it is not uncommon to see an iris reader used to control access to an IT server room, a fingerprint sensor integrated into a laptop computer for desktop logon or a facial recognition system used to clock in on a factory floor. Although these are excellent examples of the use of biometrics, for many organizations the question remains, “Should we be using a biometric, and if so, what type?”

Whether the application is used for physical access control to a building, logical access control to a PC or time and attendance functions, biometric verification offers a number of benefits over traditional methods of authentication. Biometric verification is more productive and convenient than traditional methods and eliminates the need to remember multiple PINs or passwords. Additionally, each biometric is unique to a person, thus ensuring high-accuracy authentication for access control.

Which Solution is Right?
While there are no hard and fast answers regarding which biometric method works best for an organization, there are several issues, including regulatory compliance and/or government standards, that compel companies to consider deploying specific types of biometric installations.

The intense pressure for governance and compliance impacts organizations by amplifying the focus on security policies, controls, auditability and identity assurance. With increased regulatory considerations, including accounting and insurance security audits, these regulations and programs drive the need for multifactor authentication, especially where unsecured access to sensitive locations or information can lead to dire consequences. For instance, the government’s TWIC program requires that a biometric be enrolled on a smart card to access facilities, protecting U.S. ports from potential terrorist infiltration.

While most biometric solution providers offer both server and smart card-based methods of template storage and distribution, a smart card-based method enhances the privacy of biometric templates while reducing system installation costs and complexity. The result is an increased return on investment for the organization. Overall, the right biometric system will reduce costs and/or improve productivity such that it will pay for itself in a reasonable period of time, so long as the secondary authentication is protecting something of high value.

Deployment Within a Network
If an organization is looking to increase security within a facility, biometrics easily can be integrated into existing access control systems. Most biometric devices are equipped to support traditional Wiegand output, as well as bidirectional serial communication. Implementing biometrics can be as simple as adding a standard keypad or card reader. In this case, the question of where to install biometrics within the existing access control framework often arises.

Every organization’s needs are different, which often results in a tailored biometric installation. Organizations must weigh their need for increased security against cost, as well as increased throughput time and environmental considerations. For instance, organizations with larger physical spaces and security-sensitive locations, such as an airport, tend to install more biometrics to protect these locations, such as data centers and sterile areas. In contrast, organizations with few employees and less sensitive locations install biometric access on a smaller portion of physical access points like IT server rooms while using a biometric time and attendance system to ensure proper employee clock-in and clock-out.

For biometric installations at perimeter locations, an organization should consider that throughput time will increase. To prevent bottlenecks at main entrances, enough entry points should be available for employees. This is especially important for employees who use a biometric time and attendance application that requires them to clock in for their workday. For biometrics that will be installed on outdoor perimeters, consider a biometric that can perform and is rated for your climate. Additionally, it is important to work with a large portfolio of biometric products that can provide a variety of options, ensuring that the installation is tailored to meet the organization’s needs.

Application of Biometrics
Beyond standard access control, biometrics can be leveraged for other applications, including providing business efficiencies in the areas of time and attendance and logical access. Within the time and attendance space, biometrics can be used to confidentially support self-management at a PC terminal.

For instance, when an employee uses a biometric system to request time off or a shift change, the system is assured that the employee is the one who made the request. This helps to minimize the overhead of human verification and improves the ROI within an organization.

There are additional benefits of using a biometric. Once it can be positively confirmed who executed a transaction at a PC terminal using a biometric, more sensitive data can be shared, enabling employees to check their vacation time status, request time off and view short but important messages. The biometric adds non-repudiation, which is important when dealing with personnel issues.

What Should be Used?
Once the decision is made to deploy biometrics, the next question is usually, “What type of biometric should be used?” While there is no standard answer, there are several considerations for choosing which type of system to deploy, including:

Privacy. During enrollment, users often ask, “Is my biometric securely stored or will this be shared with any government agency?” Although biometrics are typically not shared, users often do not accept the argument and remain concerned with letting their information be stored on a server. In these cases, a better approach is to store the biometric on the user’s smart card and nowhere else. The template is read during the verification process and then discarded by the reader.

Cost. The key is to focus on the total cost of deployment and ongoing use, including the direct cost of the biometric equipment, as well as the cost associated with training users and maintaining the system.

Ease-of-use/traffic. For very hightraffic areas, such as the entrance to a large building, it may be necessary to use multiple readers to not delay employees during peak traffic times.

Installation environment. For environments where hands are used a lot for other tasks, the condition of the fingers may reduce the effectiveness of fingerprints. Even the best sensors have a difficult time reading wet and dirty fingers. In that type of environment, an iris-based biometric may be an effective solution, since no direct physical contact is required. Facial recognition—which performs best when the lighting at authentication is similar to when the user was enrolled—may require the biometric to be used in the same location every time, which can be impractical or problematic for portable use.

Form factor. This is a more sensitive topic when looking at the logical access arena. As travel restrictions become more prevalent and limitations are placed on carry-on luggage, it can be cumbersome to carry an extra peripheral for authentication when conducting PC log-on and single sign-on. This is where built-in biometrics is extremely beneficial.

Accuracy. The degree of accuracy desired must be balanced against speed and ease-of-use. For larger organizations with a biometric database that may have up to 100,000 records, it is not realistic to expect to identify a person in one second solely from a fingerprint presented at a door. Iris and retinal scans, while generally considered to be more accurate, are more time intensive.

Smart-Card Biometrics
Smart cards minimize the overhead when dealing with biometric template management and distribution. Rather than storing biometrics on a server and distributing them over a wired network, a smart cardbased system allows biometric templates to be carried by the card holder. By using smart cards, biometric templates are mobile and easily can transact with the biometric reader in the field, eliminating the need for the templates to be added, stored or purged on back-end systems.

With smart cards, security is often enhanced and privacy concerns are addressed with biometric template storage only residing on a secure card. Also, coupling a smart card with biometrics for some logical access applications can advance security, improve convenience for the end user and minimize help-desk calls for forgotten passwords in single sign-on cases.

System administration also is made easy with smart cards, as there is no need to download templates to biometric readers or worry about template capacity within the reader. Smart cards deliver template storage to an unlimited number of users. Additionally, the investment in smart cards returns an incremental benefit when adding more applications to the card.

The Algorithm Factor
Smart card-based systems also address privacy concerns by employing mutual authentication and encryption to protect the biometric template on the card. Algorithm choice also is something to consider when selecting a biometric system. There are two primary algorithms: a one-to-one and a one-to-many algorithm.

A one-to-one algorithm verifies the end user’s real-time data—fingerprint image or iris image—against his or her template. This algorithm requires that both a credential and real-time biometric data be supplied to initiate verification. A credential provides a unique identifier for the end user and/or the biometric template(s). Examples of credentials include iCLASS® and MIFARE contactless smart cards, magnetic stripe cards and keypad entry.

A one-to-many algorithm attempts to locate or identify an end user’s biometric information from a database of templates. The end user is only required to provide his or her real-time biometric data to the device; no card or PIN is required to initiate the process.

Although each algorithm has its advantages and ideal installation scenarios, a one-to-one algorithm is generally considered more secure and accurate. For a oneto- one biometric device, the end user must always supply at least two factors of authentication: the credential—what you have—and the candidate data—who you are. One-to-many algorithms attempt to match the candidate data to a potentially large database of templates. A one-to-one algorithm is only comparing candidate data against the template(s). These basic factors lower the probability for a false acceptance to occur within a one-to-one device. This system also addresses broader privacy concerns, as there is no database of biometric templates that can be hacked. Additional security can be achieved when factoring in the use of smart cards, which creates another layer of security via a diversified unique key specific to the site.

Featured

  • Report: 47 Percent of Security Service Providers Are Not Yet Using AI or Automation Tools

    Trackforce, a provider of security workforce management platforms, today announced the launch of its 2025 Physical Security Operations Benchmark Report, an industry-first study that benchmarks both private security service providers and corporate security teams side by side. Based on a survey of over 300 security professionals across the globe, the report provides a comprehensive look at the state of physical security operations. Read Now

    • Guard Services
  • Identity Governance at the Crossroads of Complexity and Scale

    Modern enterprises are grappling with an increasing number of identities, both human and machine, across an ever-growing number of systems. They must also deal with increased operational demands, including faster onboarding, more scalable models, and tighter security enforcement. Navigating these ever-growing challenges with speed and accuracy requires a new approach to identity governance that is built for the future enterprise. Read Now

  • Eagle Eye Networks Launches AI Camera Gun Detection

    Eagle Eye Networks, a provider of cloud video surveillance, recently introduced Eagle Eye Gun Detection, a new layer of protection for schools and businesses that works with existing security cameras and infrastructure. Eagle Eye Networks is the first to build gun detection into its platform. Read Now

  • Report: AI is Supercharging Old-School Cybercriminal Tactics

    AI isn’t just transforming how we work. It’s reshaping how cybercriminals attack, with threat actors exploiting AI to mass produce malicious code loaders, steal browser credentials and accelerate cloud attacks, according to a new report from Elastic. Read Now

  • Pragmatism, Productivity, and the Push for Accountability in 2025-2026

    Every year, the security industry debates whether artificial intelligence is a disruption, an enabler, or a distraction. By 2025, that conversation matured, where AI became a working dimension in physical identity and access management (PIAM) programs. Observations from 2025 highlight this turning point in AI’s role in access control and define how security leaders are being distinguished based on how they apply it. Read Now

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings.

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.