What's In Your Future?
The move to biometric access control grows more inevitable
- By Jennifer Toscano, Jon Mooney
- Aug 01, 2010
A major teaching hospital employee carries a magnetic-stripe card with two bar codes on her lanyard. In addition, she must remember two different PINs and has a proximity card in her pocket for the institution’s other facility.
Such scenarios are cumbersome for both the employees and physical access control management.
The typical access control system in use today, in all too many cases, is installed in stages. As a result, it is comprised of different brands and disparate products, many of which do not integrate into the same system or talk with each other. Often, today’s systems require many separate databases and a plethora of software interfaces that create confusion, lower the level of security within the facility and decrease staff productivity for the customer and the installer.
Tightening the ID Process
Simply running a magnetic-stripe card or entering a PIN is not enough in today’s world. A stolen card or found PIN should not be the ticket for unauthorized people to enter places they do not belong, which is why the University of Virginia wanted to tighten its access control process.
“We wanted a Grade 1 ANSI spec locking system with dual credentials; something the student could carry -- their magnetic stripe ID card -- plus something the student knew -- a PIN -- to get into these halls and their rooms,” said Gary Conley, University of Virginia facilities and systems engineer for the Office of Business Operations.
Though this process is not as convenient as simply swiping a card or entering a PIN, students’ parents prefer the two-step method, which is becoming more de facto. Access involving a PIN or card that must be matched with a biometric is now a major selling point in the marketplace.
The Popularity of Biometrics
If access control systems are to control where people -- not credentials -- can go, then only a biometric device can truly provide this capability. And, it takes a two-step procedure to verify if the person trying to obtain entry is authorized to do so.
A live biometric presented by the user is compared to a stored sample, previously captured during enrollment, and the match is confirmed. The actual hand geometry or fingerprint is not stored in a database. Instead, a mathematical equation, or algorithm, extracts unique points from the image and converts the data into a unique mathematical template, which is stored.
To make the system work, the user presents an ID card or enters an assigned PIN. When the user presents his or her hand or finger, the reader runs the authentication process to determine if the stored template matches the template of the biometric being presented. If there is a match, the person is verified.
Traditionally, biometrics were only used in high-security venues, such as data centers, nuclear plants and laboratories. However, their biggest deployments are in applications that require convenience.
Biometrics are user friendly because they eliminate the need for keys or cards. While keys and cards themselves do not cost much, the true benefit of eliminating them is realized through reduced administrative efforts.
For instance, a lost card or key must be replaced and reissued by someone. Just as there is a price associated with the time spent to complete this seemingly simple task, when added together, the overall administration of a key or card system is costly.
“The No. 1 suggestion from our members was eliminating the need for ID cards,” said Jill Schindele, director of campus recreation at the University of California-Irvine. “We took their suggestions seriously and feel that hand geometry is the fastest and most efficient alternative to identification cards.”
Biometrics also are easy to administer, install and maintain. Replacing card readers, in many cases, involves an unplug-plug and- play operation. Hand geometry and fingerprint readers, especially, get people into buildings and rooms quickly. They include a variety of options, such as letting an employee quickly check accrued vacation time. Plus, it is easy to control threshold levels, tightening access control in a nuclear power plant while loosening the level at a day spa, for instance.
“Housing basically has an electrified door system,” said Bill McGee, manager of Bulldog Bucks office, the blackboard transaction system at the University of Georgia card services. “Any door can be opened from the control desk or remote desks around campus. We also have cameras on the doors. By adding the Hand- Key, we go from an access control system to a security access system. We feel that this is an important attribute. By simply putting one HandKey at an entrance, an organization can turn that door into a security system in its simplest form at a low cost.”
McGee said eliminating re-keying for lost or stolen keys or when students or employees leave the university is cost-prohibitive -- and a logistical nightmare.
“Nobody loses their hand,” McGee said. Because they require minimal operator assistance, biometrics are a good fit for businesses and government agencies. Both can save money by devoting customer service and other staff to activities other than screening people requesting access to restricted areas.
One example is at financial institutions. The Augusta Metro Federal Credit Union, in Augusta, Ga., is using a stand-alone Schlage biometric HandKey reader to provide its customers with self-service access to the safe deposit vault.
“When we completed our new state-of-the-art building, we incorporated the latest in technological advances for our customers,” said Butch Holley, credit union vice president. “In addition to our teller ‘pod’ concept and individual cash dispensing machines, we decided to use the HandKey to let customers access their safe deposit boxes on their own, without assistance from a credit union employee.”
According to Holley, a customer simply punches in a code on the hand reader and presents his or her hand to the unit. Once the customer is verified, the bullet-proof glass door opens. At the same time, the person’s safe deposit box opens and no one can enter the vault until that customer puts away the deposit box.
As a result of so many biometric installations on college campuses during the last decade -- in addition to the countless campuses that already had been using biometrics for years -- in the residence halls, dining halls and recreation centers, the industry sees biometrics as a trusted tool for its security and convenience -- rather than equipment to be feared as “futuristic” or worrisome.
Smart Cards are the Future
Experts thought that Homeland Security Presidential Directive 12 would fuel smart-card use in the government and accelerate adoption by large enterprises since it seeks to establish secure and reliable identification for all federal employees and contractors. Since federal mandates tend to have a cascading effect, this directive would have a huge impact on the biometrics field, because state and local governments, as well as first responders, would become major buyers of FIPS 201-compliant smart cards to comply with the federal initiatives. Private contractors would have to follow.
Many, including Boeing, are already doing so.
But, today, there are bigger and more important reasons for organizations to choose smart credentials.
With their price now comparable to proximity cards, there is no reason not to deploy smart cards, even if the only purpose will be for physical access control.
A smart credential provides a higher level of security, more convenience and far greater functionality than a proximity card.
Smart credentials have the ability to manage access, payments and many other functions. Those not willing to make that upgrade today should at least incorporate multi-technology readers.
That way, when the switch to smart cards arrives, they will not have to re-install all of their facilities’ readers.
For IT security purposes, smart credentials help the client or end user know that he or she is connecting with the company server and will be able to access all the data that is allowed with his or her access credentials.
At the same time, the server will authenticate the client and check the entered credentials and clearances against the profile created for the client.
These smart credentials also will provide:
- AES 128-bit encryption, a key encryption technique that helps protect sensitive information.
- Diversified keys, which virtually ensure no one can read or access the holder’s credential information without authorization.
- A message authentication code, which further protects each transaction between the credential and the reader. This security feature ensures complete and unmodified transfer of information, helping to protect data integrity and prevent outside attacks.
Colleges, for the most part, understand the importance of a one-card solution. Today, they are using proximity cards but quickly migrating to smart credentials because they can more easily load applications on a smart card, including identification, library circulation privileges, building access, meal plans, student health facilities and access to recreational facilities.
Biometrics in the Healthcare Industry
Smart credential technology also offers a way to significantly reduce hospital administrative costs while maintaining or increasing quality of care and customer service. It helps hospitals achieve better patient identification, securely storing various identity credentials -- such as a PIN, photo or biometric -- directly on the card and making it very difficult to forge or steal the credentials. Smart credentials provide administrative efficiencies, cutting down the time for admissions by providing ready access to accurate, up-to-date patient information and linking a patient to his or her medical records to reduce medical errors.
Smart credentials will be in everyone’s future, regardless of the hiccups being experienced with government applications. The problems with smart cards at the governmental level are not that of the technology itself. The cards work, and the readers read them.
The challenges lie in the deployment of the programs. Once those wrinkles are ironed out, more facilities will be migrating to smart cards.
It is very important that organizations be prepared for smart credential deployment, even if that facility wants to install proximity, magnetic-stripe or keypad readers at present. Integrators can help their customers by proposing multi-technology readers that combine the ability to read both proximity cards and smart cards in just one reader. That way, when the group switches over to smart cards, they don’t have to tear out all their old readers to install smart-card readers.
During the transition, they can use both their old proximity credential and the new smart credential.
Also, try to ensure the new credential readers are open architecture. Save money by using the existing access control system, if at all possible. Open-architecture readers will let groups use both their present software and panels with their new credentials. If, down the road, they change their software, they can still use these readers.