Growing the Government

Biometrics and credentials are critical to the future

• By Dan Kilgore
• Mar 01, 2011

A critical element of protecting troops in the field of battle is proper identity management. A military installation in the Middle East, for example, must ensure that only authorized personnel can enter the camp.

For soldiers, losing an access card to an enemy could be disastrous. Personal identification numbers are too easy to steal or share. To solve this problem, the military turned to biometrics just as other government entities have done -- from public colleges protecting students in their residence halls to town officials protecting city hall -- and many commercial enterprises have implemented them, as well.

Why Biometrics?
Only biometrics can truly ensure that the right person, and not simply the person with the right token or PIN, can enter a given area.

Using biometrics, a two-identity verification procedure provides an increased level of security. In this case, users either enter a PIN (something they know) or present a card (something they have) to activate the biometric hand reader. Then the user presents a live biometric, which is compared to a stored sample the person gave during the enrollment process, and the system confirms the match.

The actual hand geometry is not stored in a database. Instead, a mathematical equation, or algorithm, creates a unique number that represents the points measured on the hand.

The number, or template, that results from this equation is all that is stored. Thus, even if the system were hacked, the perpetrator would end up with nothing but a series of ones and zeros.

At military bases in the Middle East, the armed forces use biometric hand readers housed inside a custom portal to ensure that only authorized staff access base camps. The readers are not affected by dust, dirty hands or minor injuries, which can cause false rejections with other biometric technologies.

The result is portable, turnkey access control portals that are plug-and-play, fully integrated security systems. To install a mobile access control portal, military officials simply set it in place and plug it into a 220-watt power source. Because the units are portable, the military can establish a “moving perimeter” widely used in base construction.

“When they finish with one site, they can simply pick up the portal and move it to the next site,” said David Slagel, integrator and president of Modular Security Systems Inc. “For the military, it represents zero construction process. They used to spend $80,000 to $100,000 rebuilding these ‘brass shacks’ each time the perimeter changed.”

Using the portals also is easy. Military staff enter the portal through one of five roll-up doors. They walk up to the entrance and present a proximity card and then their hand to the hand reader. If their hand fits the template, the light turns green, and they are allowed through the turnstiles. If the light is red, an alarm is sounded that alerts a guard, who then investigates.

The modular access control (MAC) portals, featuring Schlage HandKey units, eliminate concerns about the identity of the cardholder, as well as worries about tailgating, in which someone simply follows the first person through an access point without providing credentials.

“The proximity card, in combination with the biometric identifier, virtually eliminates both of these security-compromising practices and establishes a higher level of security,” Slagel said.

New arrivals on base are quickly registered at the MAC itself, and the MACs can communicate with one another.

Typically, a central MAC is linked to the portals via a LAN or WAN.

Stateside Military Application
Scott Air Force Base in St. Clair County, Ill., is the headquarters for the Air Force Transportation Command, Air Mobility Command, 18th Air Force, Defense Information Systems Agency and the Air Force Communication Agency. It is located on nearly 3,600 acres of land and employs more than 5,000 active-duty military staff.

The total workforce numbers more than 13,000 people, including Air Force Reserves, National Guardsmen, civil service and other civilian employees. It also provides services for more than 14,000 retired military members in the region.

The Shiloh-Scott MetroLink station offers Scott employees a valuable commuting and transportation point to the St. Louis metropolitan region. Security forces at Scott AFB initially manned the gate between the civilian and military sides of the Shiloh-Scott light rail station, but access to the base is now controlled using hand readers in conjunction with a six-digit PIN, freeing security staff for other duties.

Convenience is Important
Most people are familiar with the use of biometrics in high-security venues such as military bases, nuclear plants and government offices. However, many find it surprising that their biggest deployments are often where they are chosen for convenience.

Biometrics are user-friendly. They can eliminate the need for keys or cards. While keys themselves don’t cost much and dramatic price reductions have lowered the capital cost of the cards in recent years, the true benefit of replacing a lost card or key is their elimination and the reduction in administrative efforts. When added together, the overall administration of a key or card system is costly. In comparison, hands are not lost, stolen or forgotten. They also don’t (normally) wear out or need to be replaced.

“The number-one suggestion from our members was eliminating the need for ID cards,” said Jill Schindlel, director of campus recreation at the University of California- Irvine. “We took their suggestions seriously and feel that hand geometry is the fastest and most efficient alternative to identification cards.”

Biometrics are easy to administer, install and maintain. Replacing card readers, in many cases, is simply an unplug, plug-andplay operation. Hand geometry readers, especially, get people into buildings and rooms quickly. They include a variety of options, such as letting an employee quickly check accrued vacation time. Plus, it is easy to control threshold levels, tightening access control in a facility like a nuclear power plant while loosening the control level at a site less weighty, like a spa.

Chesterfield County, Va., implemented a hand reader to provide off-hours access at the county’s main administration building.

“We needed a positive identifier for people carrying out critical county functions at off-hour times,” said Dennis Lacey, a Chesterfield County security coordinator who spent 20 years with the Secret Service and 17 years with the Department of Defense. “Biometrics is the only way you can positively identify who comes into a building. At the same time, we need to ensure that all those authorized to get into the building can do so and not be blocked because their biometrics aren’t being read. These false rejections can become a major reliability problem. We feel that fingerprint technology relies on too small of an area to avoid the problems of false rejects. Meanwhile, hand geometry takes its data points from an entire hand. From a technology standpoint, it’s simply much easier to consistently get a good image from a big hand rather than a small finger.

“We also felt that there would be too much employee resistance to iris/retinal scan,” Lacey said. “People are uncomfortable putting their eye near a device, and positioning themselves for the reader is just too time-consuming.”

Lacey said the county’s existing accesscontrol system for the five-story main administration building, linked to a threestory and two-story wing and police administration building, uses mechanical keys and the hand reader.

“It’s too expensive and time-consuming to replace missing keys,” Lacey said. “We often have to search for people who leave our employment to get our keys back, since the key represents a part of their career. We’re looking at adding more hand readers to other doors of this building as well as other buildings. We’ve actually had comments from the highest levels of county administration to do so.”

Smart Cards are the Future
In the past, it was common to see smart credentials being deployed in places where multiple uses were needed, such as on campuses for dining halls and bookstore purchases.

And, in the more recent past, we saw the signing of the Homeland Security Presidential Directive 12 (HSPD-12) that creates a standard for a secure and reliable identification system for all federal employees and contractors. This is to be accomplished with the issuance of PIV cards and the personal identity verification processes that go along with them. As federal mandates tend to have a cascading effect, this directive will affect state and local governments, especially first responders, as they would buy FIPS 201-compliant PIV-I (PIVInteroperable) smart cards as they follow the federal initiatives. Private contractors doing business with the government also will follow, and many are doing so, including Boeing and others.

The other compelling reason that state and local governments and private companies are choosing smart credentials is price. With the price point of smart credentials comparable to those of other card technologies, including proximity, there is no longer a reason to wait to deploy smart cards, even if the only initial application will be for physical access control.

A smart credential, for the same price, provides a higher level of security, more convenience and far greater functionality than a proximity card. One credential has the ability to manage access, payments and many other functions.

Though many public colleges are using proximity cards, they are becoming, for the most part, the early government adaptors of a one-card solution. That’s because they can get more applications on a smart card more easily, including identification, library circulation privileges, building access, meal plans and access to recreational facilities and student health facilities. There are many other applications for this solution, including charge privileges at university bookstore locations, admission to athletic events and access to university transit and student legal services.

Smart credential technology offers Veterans Administration hospitals a means to reduce administrative costs while maintaining or increasing quality of care and customer satisfaction. They do this by providing a better method of patient identification, securely storing such identity credentials as a PIN, photo or biometric template. Smart credentials provide administrative efficiencies, cutting down the time for admissions by providing ready access to accurate, up-to-date patient information and linking patients to their medical records to reduce medical errors.

Those not able to upgrade to smart card technology today due to budgetary or logistical issues, such as the number of cards or the operational impact on their enterprise of such a change, should be aware that there are ways to overcome these challenges.

It all starts with a transition plan. A plan helps end users understand the hurdles and the means of overcoming them. It helps them map out the approach to the site and how to minimize the downtime, the security impact, personnel issues, guarding areas during the conversion, issuing of new cards to the personnel, budget impact issues and more.

This will make it easier for them to make the move to this more secure credential technology with the least amount of negative consequences for their organization.

One element that can help make the transition easier is the use of multi-technology card readers. These readers are designed to read multiple forms of credentials (proximity and smart card) and allow the use of smart cards at the same time as the present access control system. These readers are not just a stopgap, but can be used now and into the future when companies switch over to smart cards, making the transition less painful for cardholders and security staff. Integrators can help their customers by proposing the multi-technology readers now. This way, the conversion is more seamless and easier.

Importantly, smart cards and biometrics work perfectly together. The smart credential is capable of holding the biometric template, and hand readers are designed to read smart credentials. They create the most secure twostep procedure a government administrator can deploy in an access control system.

Government groups also must try to ensure the new credential readers are open architecture, which lets groups use both their present software and panels with their new credentials. By doing so, they will save money by using their existing access control system. If, down the road, they change their software, they can still use these readers.

Retrofitting Simplified
In many government facilities, especially older ones, retrofitting an access control upgrade can be a nightmare. The Parker, Colo., Fire District faced this problem. In cases such as these, having a wireless technology available for difficult areas can save a lot of time, money and headache.

“Hardwiring would have been too lengthy and difficult,” said Robert Krause, PFD director of technology. “We had inaccessible locations, issues with using surface mount conduit, grouted doors, difficult-to-reach head-ends and other problems that were easily overcome by using wireless access. As a result, wireless was less expensive and got our system up faster.”

For example, at several of the PFD buildings, the “day room” is on one side of the apparatus bays while the dormitory is on the other. To hardwire, PFD would have had to pull wire over the apparatus bays and through three different attics to get from one side to another. The bays are two-stories and attic access is difficult. With wireless access control, it took only a week and a half to install the system into the four fire stations. Today, PFD is enjoying the benefits.

“We saved several thousand dollars in costs per station by using wireless, something our taxpayers ought to appreciate,” Krause said. “Versus our previous system, our wireless locks notify us of their status. They have a polling feature in which information pops up on the management screen, telling us if a battery is low, a door is propped open or if there are other situations we need to resolve.”

Help That Government Employee
Ultimately, smart credentials and biometrics will be in everyone’s future, both public and private sector alike. With the improvement of the technology behind them and their affordability, smart cards and biometrics are the logical choice.

Today, it is much more efficient, economical and secure for government employees to carry smart cards that provide a variety of applications, including their biometric templates. Cards can provide access to the areas of the facility to which employees are authorized, including the biometrically secured locales, as well as access to many other applications, making their jobs easier, increasing their productivity and making the building more secure. New smart credentials, plus biometrics, are now available to ensure that you are you, not just somebody carrying some piece of plastic or knowing a PIN.

This article originally appeared in the March 2011 issue of Security Today.