Moving to the Door

Moving to the Door

Biometrics makes its way across the enterprise

Biometrics have rapidly expanded into our daily lives, as millions of people use fingerprints to unlock their mobile phones, access cash through ATMs, and verify their identity in a growing range of use cases. This mainstream adoption is also driving the increasing demand for biometrics at the door and across the enterprise for physical and cybersecurity. These applications benefit from biometrics’ ability to fuse convenience and security while validating “true identity” versus one’s identity that is associated with possessing an ID card or mobile ID on a smartphone.

Bringing Biometrics to the Door

A number of challenges have had to be solved to bring biometrics to the door. The biggest is the environment where biometric solutions must operate for these applications. In the real world, people have wet, dirty, oily, dry or worn fingerprints that have been difficult to capture and read with previous biometrics technology. As a result, earlier fingerprint biometrics solutions for physical access control are often deployed with reduced security thresholds because their lower-quality imaging technology leads to false fingerprint rejections that create long authentication lines at the door.

The latest fingerprint reader/controller solutions solve this challenge to deliver up to 99.9 percent accuracy in fingerprint image capture, leading to much higher matching speeds and better overall performance—regardless of the fingerprint conditions. This level of reliability, coupled with the security and user convenience it offers, is driving interest in marrying biometrics with physical access control applications.

Environment isn’t the only challenge that has faced the use of biometrics in access control applications. Many fingerprint technologies are vulnerable to spoofs and hacking, enabling fraudsters to create a fake fingerprint and present it to a reader. Previous solutions also have been notoriously slow at moving users through doors as compared to using a simple ID card and reader. There also have been significant differences in the performance between available fingerprint capture technologies.

Key developments in biometrics are removing these issues and shining a spotlight on the technology and its suitability for use in access control.

Better image capture. The quality of the captured image is critical, across all types of fingerprints ranging from children to the elderly, and in cold, dry, dirty and wet environments. To address these challenges, organizations are increasingly choosing sensors that use multispectral imaging that optimizes the quality of the captured image by illuminating the skin at different depths. This enables the sensor to collect information from inside the finger to augment available surface fingerprint data.

Also important, the sensor collects data from the finger even if the skin has poor contact with the sensor because of such environmental conditions as water or finger contamination. Multispectral sensors have been proven to work for the broadest range of people with normal, wet, dry or damaged fingers, across the widest range of conditions, from the presence of lotions or grease to sunlight, wet or cold conditions. The sensors also resist damage from harsh cleaning products and contamination from dirt and sunlight.

Liveness detection that enhances trust. Even when fingerprint images are properly captured, if they are a plastic fake or other artificial copy, the system cannot be trusted. For this reason, liveness detection is an increasingly visible dimension of biometric performance in commercial applications. While liveness detection is critical for preserving trust in the integrity of biometrics authentication, it must not impede performance or result in excessive false user rejections. The most trusted multispectral imaging fingerprint sensors with liveness detection provide a real-time determination that the biometric data captured by the fingerprint reader is genuine and being presented by legitimate owners, rather than someone impersonating them.

This capability leverages the imagecapture approach of using different colors or spectrum of light to measure the surface and subsurface data within a fingerprint. In addition to this optical system, the biometrics sensor features several core components including an embedded processor that analyzes the raw imaging data to ensure that the sample being imaged is a genuine human finger rather than an artificial or spoof material. Advanced machine learning techniques can be used so the solution can adapt and respond to new threats and spoofs as they are identified. This is critical if biometrics is to eliminate the need to use PINs or passwords. It also protects privacy—if you can’t use a fake finger, then even if you did obtain someone’s fingerprint data, it is meaningless.

Optimized performance. The top-performing solutions capture usable biometric data on the first attempt for every user and speed the liveness detection process. They quickly perform template matching to reject impostors and match legitimate users and should be tested by skilled and independent third parties like the National Institute of Standards and Technology (NIST) for interoperability so that performance is based on data that can be trusted in all templatematching modes.

Raw performance is not enough, however— this performance must be trusted. The next generation of solutions deliver trusted performance by using the top-ranked NIST certified MINEX III minutia algorithm to ensure interoperability with industrystandard fingerprint template databases in all template-matching modes. This includes both template-on-card and card/mobile + finger modes using “1:1” template-matching profiles, as well as template-on-device mode for finger-only authentication using “1:N” matching. Delivering this level of interoperability ensures that today’s systems, which are based on much more powerful hardware than in the past, will perform accurate 1:N identification of a full database in less than a second, significantly reducing delays and the queues users often experienced with earlier biometric solutions.

Deployment Best Practices

Organizations now have an easy path for taking their systems from traditional readers to a biometric solution but they should adhere to several important best practices during deployment. Biometrics must be incorporated into access control systems using a secure trust platform designed to meet the concerns of accessibility and data protection in a connected environment. The platform should leverage credential technology that employs encryption to prevent man-inthe- middle attacks while also protecting the biometric database, and a software-based infrastructure to secure identities on any form factor for trusted access to doors, IT networks and beyond.

As an example, HID Global’s iCLASS SE RB25F fingerprint reader/controller incorporates the company’s Seos technology and secure trusted platform, which gives users the option of accessing facilities with a mobile device. Its multispectral sensor incorporates trusted liveness detection to provide real-time validation that the fingerprint is genuine and real, while ensuring superior protection against hundreds of commonly used spoofing materials. The solution also comes with duress finger functionality, as well as a built-in optical tamper that automatically sends alerts in the case of an attempt to remove the device.

With today’s solutions, system management is simplified using web-based reader managers that handle all reader/controller configuration and management while supporting fingerprint enrollment for both the 1:2 verification and 1:N identification modes. The solution should encompass remote management of all readers and users, spanning all onboarding as well as template loading and enrollment activities for the supported authentication modes. Today’s tools can be used as stand-alone applications or interfaced with other access control and/or time and attendance platforms and enable system administrators to manage all configuration settings from time and data to language, security and synchronization. They also enable continuous live monitoring of authentication, alerts and system health.

To simplify deployment, application programming interfaces (APIs) are available for direct integration of biometrics authentication solutions with the access control infrastructure. Multiple interface options should be available to support various system architectures.

It is critical that biometrics data is handled like all sensitive and identifying information. A properly architected system will always consider and protect against both internal and external threats and attacks. Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multifactor and even multi-modal authentication to maintain security even if some identifying data is compromised. All reader/controllers should also feature duress finger functionality, as well as built-in optical tamper safeguards with automated alerts if there is an attempt to remove the device.

Also important is the environmental design of the reader/controller. In addition to built-in vandal resistance, all devices should include weather protection so they can be installed indoors or outdoors. Features that support rapid deployment can reduce installation time to just minutes.

Early Adoption Paths

There are several applications that lend themselves to the security and convenience of biometrics technology at the door. Examples include education and healthcare campuses where it is imperative to prevent users from taking someone else’s card and using it to gain access to restricted locations and/or privileged resources. When used for authentication, it adds the human element to strengthen security by combining something the user “is” with something the user “has” or “knows.”

The ability to identify persons with 100 percent accuracy is especially critical healthcare so that medical professionals have the correct patients’ medical history with which to properly diagnose and treat them. The inclusion of liveness detection in these biometric solutions will give healthcare organizations the assurance, for instance, that they are complying with HIPAA regulations for verifying identity without the fear that someone will compromise the system and gain access using a fake fingerprint.

On a college campus, biometric solutions will be increasingly important for preventing unauthorized use of data or access to secured campus locations, and eliminating errors or fraudulent manipulation of attendance monitoring, library management and other systems. Here, too, liveness detection will play an important role, ensuring that a thief can’t steal and use someone’s campus ID card to, for instance, gain unauthorized access to the person’s dorm room or fraudulently purchase meals at the cafeteria using their account.

In these and similar applications, biometric solutions deliver a higher confidence about “who” is being admitted into a university residence hall, classroom, a hospital’s front door and other restricted areas where this confidence really matters. In these and other applications, it is insufficient to simply possess an ID card, and what is required is the ability to validate a person’s true identity using biometrics. This must be accomplished in such a way that any person can be identified or verified regardless of skin condition, at any authentication point regardless of environmental conditions, and without the risk of excessive false user rejections that slow down access.

Biometrics technology will continue to improve as it grows in popularity to use at the door, and companies are actively investing in these advancements. Examples include HID Global’s acquisition of Lumidigm for fingerprint sensors with multispectral imaging and liveness detection, and Crossmatch for its biometric identity management solutions for civil government, defense and commercial applications, as well as a secure multifactor authentication software solution. Today’s fingerprint authentication solutions are on a fast track to deliver a unique combination of ease of use and higher security. They combine enhancements in liveness detection, system architectures and trusted performance to give people secure and convenient access facilities, networks and services using fingerprints that are unique and cannot be forgotten, lost or stolen.

This article originally appeared in the July/August 2019 issue of Security Today.

Featured

  • Survey Shows Election Anxiety Crosses Party Lines

    New reports of election worker intimidation are raising concerns about election interference. A majority of Americans (71%) are worried about voter intimidation or safety at the polls, and 75% want security cameras at their voting place, according to a new national survey. Read Now

  • 66 Percent of Cybersecurity Pros Say Job Stress is Growing

    Sixty-six percent of cybersecurity professionals say their role is more stressful now than it was five years ago, according to the newly released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • Live from GSX 2024: Post-Show Recap

    Another great edition of GSX is in the books! We’d like to thank our great partners for this years event, NAPCO, LVT, Eagle Eye Networks and Hirsch, for working with us and allowing us to highlight some of the great solutions the companies were showcasing during the crowded show. Read Now

    • Industry Events
    • GSX
  • Research: Cybersecurity Success Hinges on Full Organizational Support

    Cybersecurity is the top technology priority for the vast majority of organizations, but moving from aspiration to reality requires a top-to-bottom commitment that many companies have yet to make, according to new research released today by CompTIA, the nonprofit association for the technology industry and workforce. Read Now

Featured Cybersecurity

Webinars

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening. 3

  • Compact IP Video Intercom

    Viking’s X-205 Series of intercoms provide HD IP video and two-way voice communication - all wrapped up in an attractive compact chassis. 3

  • Luma x20

    Luma x20

    Snap One has announced its popular Luma x20 family of surveillance products now offers even greater security and privacy for home and business owners across the globe by giving them full control over integrators’ system access to view live and recorded video. According to Snap One Product Manager Derek Webb, the new “customer handoff” feature provides enhanced user control after initial installation, allowing the owners to have total privacy while also making it easy to reinstate integrator access when maintenance or assistance is required. This new feature is now available to all Luma x20 users globally. “The Luma x20 family of surveillance solutions provides excellent image and audio capture, and with the new customer handoff feature, it now offers absolute privacy for camera feeds and recordings,” Webb said. “With notifications and integrator access controlled through the powerful OvrC remote system management platform, it’s easy for integrators to give their clients full control of their footage and then to get temporary access from the client for any troubleshooting needs.” 3