Ask the Expert

This month’s expert looks at biometrics and its real-world implementations

  • By Skip Sampson
  • May 01, 2007

THE word biometrics comes from ancient Greek words bios, meaning life, and metron, meaning measure. And life measure would be an apt description for the variety of technologies used to accurately identify people through voice, fingerprint or some other unique body characteristic.

To date, identities have been confirmed by two factors: what we have and what we know. What we have is comprised of cards or documents such as driver licenses, ID cards, passports or birth certificates. What we know typically consists of passwords or PINs. But as documents get counterfeited, passports are stolen and passwords are shared or forgotten, we can no longer validate an individual’s identity with any accuracy. And as a result, security—buildings, finances, computer systems, even borders—is compromised.

To solve this challenge, identities are becoming more frequently confirmed by a third component: what we are. Biometric technology helps measure what we are.

Recent advances in microprocessors have helped increase accuracy and reduce the cost of biometric systems, bringing the systems within the reach of government facilities, banks, hospitals, colleges and universities—virtually anyplace that requires a higher level of security.

In a typical biometric system, a person’s biometric measurement (a fingerprint, face or iris patterns) is scanned, this information is processed by a numerical algorithm and then stored in a database. Later, when that person attempts to enter a door or access a computer, he or she presents the selected biometric to a reader. The reader processes the information into a digital template. If the template matches the information in the database, access is granted.

One advantage of a biometric system is that it can free the user from having to remember PINs, usernames and passwords—all of which can be stolen or given others.

ISSUE: Biometrics seems to be a viable options of authentication. Which industry is most receptive to the technology?

SOLUTION: Private industry is catching on to biometrics, but the biggest user is—and for the foreseeable future will be—the federal government. HSPD-12 called for all 5 million federal employees and an additional 2 million contractors to carry identification cards, including embedded fingerprints, for access to federal buildings and IT networks. The deadline for program implementation was last fall. Due to the scope of the project, total implementation likely remains months away.

A common, interoperable system used to verify identity of individuals, both within and across agencies, is a significant step in enhancing security and reducing identity fraud.

The federal government also is looking at biometrics to help identify port workers and passport owners. Ultimately, methods and standards being set by federal agencies will come to be used by state and local governments and private industry.

Standards are critical to the successful implementation of biometric systems. To that end, a number of organizations, both public and private, are working to ensure that components from one biometric vendor will work with those from another provider. Industry standards also will make it easier for end users to compare factors, such as price and performance, when reviewing systems or components from rival vendors.

ISSUE: What are some biometric measurement techniques?

SOLUTION: Currently, a number of techniques are available for biometric measurement, including the analysis of the iris, retina, fingerprints, face, voice, hand geometry and vein patterns.

Fingerprints are by far the most commonly used biometric technique. But a test several years ago by a national standards laboratory in the United Kingdom found the most accurate measurement to be iris scanning. The iris scan system never accepted a false identity. The false rejection rate was lower than two percent on the first attempt and fell to less than 0.2 percent when the subject tried as many as three times to gain access.

And for those who argue that biometrics pose an invasion of privacy, a fingerprint or iris scan reveals far less about a person than other regularly collected identification data, such as phone numbers, addresses and credit card and Social Security numbers.

Biometric technology is no longer the technology of spy movies. It has arrived and will soon be used in one form or another as a safe, accurate means of identification.

READER QUESTION: I work with a small, but growing company. Our employees wear badges and we have access readers on all entrances. During an average day, we have 10 or more vendors moving about our offices. Currently, we have them sign in and fill out an adhesive name label, but we would like to have a better and more accurate record of who comes and goes. Do you have any suggestions?

SOLUTION: Paper guest books have been around for a very long time. They are easy to use and very inexpensive. Unfortunately, most companies find the data collected is usually incomplete, often difficult to read and impossible to analyze. And perhaps more importantly, confidential information about who has recently visited your facility is out in the open and readily available to anyone who wants to flip through the book’s pages.

We have seen a recent trend at many organizations of all shapes and sizes to replace outdated paper logs and adhesive name labels with electronic visitor management systems.

These systems can improve security and help enforce a company’s visitor policies and procedures. Visit times can be limited, and visitors can be associated with the company’s host employee. Log books are eliminated and visitor privacy is maintained.

A scanner is used to provide positive identification for visitors, capturing information from a business card, driver’s license, passport or other official credential. An inexpensive USB camera can photograph and capture the visitor’s picture. Printed, professional-looking badges with pertinent visitor information, including visit expiration time and date, and clearance levels are printed.

The visitor management system software provides an audit trail and a utility can generate a variety of reports from the captured information. Watch lists can be generated to prevent visits from undesirable individuals.

Systems are available from manufacturers such as EasyLobby or Honeywell’s LobbyWorks. The systems use standard, off-the-shelf PCs and printers while all peripherals are USB.

Featured

  • Video Surveillance Trends to Watch

    With more organizations adding newer capabilities to their surveillance systems, it’s always important to remember the “basics” of system configuration and deployment, as well as the topline benefits of continually emerging technologies like AI and the cloud. Read Now

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services

  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

Most   Popular

New Products

  • PE80 Series

    PE80 Series by SARGENT / ED4000/PED5000 Series by Corbin Russwin

    ASSA ABLOY, a global leader in access solutions, has announced the launch of two next generation exit devices from long-standing leaders in the premium exit device market: the PE80 Series by SARGENT and the PED4000/PED5000 Series by Corbin Russwin. These new exit devices boast industry-first features that are specifically designed to provide enhanced safety, security and convenience, setting new standards for exit solutions. The SARGENT PE80 and Corbin Russwin PED4000/PED5000 Series exit devices are engineered to meet the ever-evolving needs of modern buildings. Featuring the high strength, security and durability that ASSA ABLOY is known for, the new exit devices deliver several innovative, industry-first features in addition to elegant design finishes for every opening.

  • 4K Video Decoder

    3xLOGIC’s VH-DECODER-4K is perfect for use in organizations of all sizes in diverse vertical sectors such as retail, leisure and hospitality, education and commercial premises.

  • ResponderLink

    ResponderLink

    Shooter Detection Systems (SDS), an Alarm.com company and a global leader in gunshot detection solutions, has introduced ResponderLink, a groundbreaking new 911 notification service for gunshot events. ResponderLink completes the circle from detection to 911 notification to first responder awareness, giving law enforcement enhanced situational intelligence they urgently need to save lives. Integrating SDS’s proven gunshot detection system with Noonlight’s SendPolice platform, ResponderLink is the first solution to automatically deliver real-time gunshot detection data to 911 call centers and first responders. When shots are detected, the 911 dispatching center, also known as the Public Safety Answering Point or PSAP, is contacted based on the gunfire location, enabling faster initiation of life-saving emergency protocols.