Moving to the Door
Biometrics makes its way across the enterprise
- By Steve Carney
- Aug 01, 2019
Biometrics have rapidly expanded
into our daily lives,
as millions of people use
fingerprints to unlock their
mobile phones, access cash
through ATMs, and verify their identity in a
growing range of use cases. This mainstream
adoption is also driving the increasing demand
for biometrics at the door and across
the enterprise for physical and cybersecurity.
These applications benefit from biometrics’
ability to fuse convenience and security
while validating “true identity” versus one’s
identity that is associated with possessing an
ID card or mobile ID on a smartphone.
Bringing Biometrics
to the Door
A number of challenges have had to be
solved to bring biometrics to the door. The
biggest is the environment where biometric
solutions must operate for these applications.
In the real world, people have wet, dirty, oily,
dry or worn fingerprints that have been difficult
to capture and read with previous biometrics
technology. As a result, earlier fingerprint
biometrics solutions for physical access
control are often deployed with reduced security
thresholds because their lower-quality
imaging technology leads to false fingerprint
rejections that create long authentication
lines at the door.
The latest fingerprint reader/controller
solutions solve this challenge to deliver up
to 99.9 percent accuracy in fingerprint image
capture, leading to much higher matching
speeds and better overall performance—regardless
of the fingerprint conditions. This
level of reliability, coupled with the security and user convenience it offers, is driving interest
in marrying biometrics with physical
access control applications.
Environment isn’t the only challenge that
has faced the use of biometrics in access
control applications. Many fingerprint technologies
are vulnerable to spoofs and hacking,
enabling fraudsters to create a fake fingerprint
and present it to a reader. Previous
solutions also have been notoriously slow at
moving users through doors as compared
to using a simple ID card and reader. There
also have been significant differences in the
performance between available fingerprint
capture technologies.
Key developments in biometrics are removing
these issues and shining a spotlight
on the technology and its suitability for use
in access control.
Better image capture. The quality of the
captured image is critical, across all types
of fingerprints ranging from children to
the elderly, and in cold, dry, dirty and wet
environments. To address these challenges,
organizations are increasingly choosing
sensors that use multispectral imaging that
optimizes the quality of the captured image
by illuminating the skin at different depths.
This enables the sensor to collect information
from inside the finger to augment available
surface fingerprint data.
Also important, the sensor collects data
from the finger even if the skin has poor
contact with the sensor because of such
environmental conditions as water or finger
contamination. Multispectral sensors
have been proven to work for the broadest
range of people with normal, wet, dry or
damaged fingers, across the widest range of
conditions, from the presence of lotions or
grease to sunlight, wet or cold conditions.
The sensors also resist damage from harsh
cleaning products and contamination from
dirt and sunlight.
Liveness detection that enhances
trust. Even when fingerprint images are
properly captured, if they are a plastic fake
or other artificial copy, the system cannot
be trusted. For this reason, liveness detection
is an increasingly visible dimension of
biometric performance in commercial applications.
While liveness detection is critical
for preserving trust in the integrity of biometrics
authentication, it must not impede
performance or result in excessive false user
rejections. The most trusted multispectral
imaging fingerprint sensors with liveness
detection provide a real-time determination
that the biometric data captured by the
fingerprint reader is genuine and being presented
by legitimate owners, rather than
someone impersonating them.
This capability leverages the imagecapture
approach of using different colors
or spectrum of light to measure the surface
and subsurface data within a fingerprint.
In addition to this optical system, the biometrics
sensor features several core components
including an embedded processor that
analyzes the raw imaging data to ensure
that the sample being imaged is a genuine
human finger rather than an artificial or
spoof material. Advanced machine learning
techniques can be used so the solution
can adapt and respond to new threats and
spoofs as they are identified. This is critical
if biometrics is to eliminate the need
to use PINs or passwords. It also protects
privacy—if you can’t use a fake finger, then
even if you did obtain someone’s fingerprint
data, it is meaningless.
Optimized performance. The top-performing
solutions capture usable biometric
data on the first attempt for every user and
speed the liveness detection process. They
quickly perform template matching to reject
impostors and match legitimate users and
should be tested by skilled and independent
third parties like the National Institute of
Standards and Technology (NIST) for interoperability
so that performance is based
on data that can be trusted in all templatematching
modes.
Raw performance is not enough, however—
this performance must be trusted. The
next generation of solutions deliver trusted
performance by using the top-ranked NIST
certified MINEX III minutia algorithm
to ensure interoperability with industrystandard
fingerprint template databases in
all template-matching modes. This includes
both template-on-card and card/mobile +
finger modes using “1:1” template-matching
profiles, as well as template-on-device mode
for finger-only authentication using “1:N”
matching. Delivering this level of interoperability
ensures that today’s systems, which
are based on much more powerful hardware
than in the past, will perform accurate 1:N
identification of a full database in less than a
second, significantly reducing delays and the
queues users often experienced with earlier
biometric solutions.
Deployment Best Practices
Organizations now have an easy path for
taking their systems from traditional readers
to a biometric solution but they should
adhere to several important best practices
during deployment. Biometrics must be incorporated
into access control systems using a secure trust platform designed to meet the
concerns of accessibility and data protection
in a connected environment. The platform
should leverage credential technology
that employs encryption to prevent man-inthe-
middle attacks while also protecting the
biometric database, and a software-based
infrastructure to secure identities on any
form factor for trusted access to doors, IT
networks and beyond.
As an example, HID Global’s iCLASS
SE RB25F fingerprint reader/controller incorporates
the company’s Seos technology
and secure trusted platform, which gives
users the option of accessing facilities with
a mobile device. Its multispectral sensor incorporates
trusted liveness detection to provide
real-time validation that the fingerprint
is genuine and real, while ensuring superior
protection against hundreds of commonly
used spoofing materials. The solution also
comes with duress finger functionality, as
well as a built-in optical tamper that automatically
sends alerts in the case of an attempt
to remove the device.
With today’s solutions, system management
is simplified using web-based reader
managers that handle all reader/controller
configuration and management while supporting
fingerprint enrollment for both the
1:2 verification and 1:N identification modes.
The solution should encompass remote management
of all readers and users, spanning
all onboarding as well as template loading
and enrollment activities for the supported
authentication modes. Today’s tools can be
used as stand-alone applications or interfaced
with other access control and/or time
and attendance platforms and enable system
administrators to manage all configuration
settings from time and data to language, security
and synchronization. They also enable
continuous live monitoring of authentication,
alerts and system health.
To simplify deployment, application
programming interfaces (APIs) are available
for direct integration of biometrics
authentication solutions with the access
control infrastructure. Multiple interface
options should be available to support various
system architectures.
It is critical that biometrics data is handled
like all sensitive and identifying information.
A properly architected system will
always consider and protect against both
internal and external threats and attacks.
Beyond the encryption of the data itself,
there are now many good alternatives available
for building highly secure and well protected
systems, including the use of multifactor
and even multi-modal authentication
to maintain security even if some identifying
data is compromised. All reader/controllers
should also feature duress finger functionality,
as well as built-in optical tamper safeguards
with automated alerts if there is an
attempt to remove the device.
Also important is the environmental design
of the reader/controller. In addition to
built-in vandal resistance, all devices should
include weather protection so they can be
installed indoors or outdoors. Features that
support rapid deployment can reduce installation
time to just minutes.
Early Adoption Paths
There are several applications that lend
themselves to the security and convenience
of biometrics technology at the door. Examples
include education and healthcare
campuses where it is imperative to prevent
users from taking someone else’s card and
using it to gain access to restricted locations
and/or privileged resources. When used for
authentication, it adds the human element to
strengthen security by combining something
the user “is” with something the user “has”
or “knows.”
The ability to identify persons with 100
percent accuracy is especially critical healthcare
so that medical professionals have the
correct patients’ medical history with which
to properly diagnose and treat them. The
inclusion of liveness detection in these biometric
solutions will give healthcare organizations
the assurance, for instance, that they
are complying with HIPAA regulations for
verifying identity without the fear that someone
will compromise the system and gain access
using a fake fingerprint.
On a college campus, biometric solutions
will be increasingly important for preventing
unauthorized use of data or access to
secured campus locations, and eliminating
errors or fraudulent manipulation of attendance
monitoring, library management and
other systems. Here, too, liveness detection
will play an important role, ensuring that a
thief can’t steal and use someone’s campus
ID card to, for instance, gain unauthorized
access to the person’s dorm room or fraudulently
purchase meals at the cafeteria using
their account.
In these and similar applications, biometric
solutions deliver a higher confidence
about “who” is being admitted into a university
residence hall, classroom, a hospital’s
front door and other restricted areas where
this confidence really matters. In these and
other applications, it is insufficient to simply
possess an ID card, and what is required is
the ability to validate a person’s true identity
using biometrics. This must be accomplished
in such a way that any person can be identified
or verified regardless of skin condition,
at any authentication point regardless of environmental
conditions, and without the risk
of excessive false user rejections that slow
down access.
Biometrics technology will continue to
improve as it grows in popularity to use at the
door, and companies are actively investing in
these advancements. Examples include HID
Global’s acquisition of Lumidigm for fingerprint
sensors with multispectral imaging and
liveness detection, and Crossmatch for its
biometric identity management solutions for
civil government, defense and commercial
applications, as well as a secure multifactor
authentication software solution. Today’s
fingerprint authentication solutions are on a
fast track to deliver a unique combination of
ease of use and higher security. They combine
enhancements in liveness detection, system
architectures and trusted performance
to give people secure and convenient access
facilities, networks and services using fingerprints
that are unique and cannot be forgotten,
lost or stolen.
This article originally appeared in the July/August 2019 issue of Security Today.