Evaluating Accuracy

Evaluating Accuracy

Installers and system integrators must consider a wide range of readers and credential types in the evaluation process when designing an access control system. Determining the appropriate solution for an application will depend on a needs assessment conducted with the end user to define specific functionality, compatibility and operational criteria for the new system. Among the products that may be considered are legacy card readers, keypads, keycards, integrated lock devices, proximity readers and biometric technologies—and all the credentials each of these devices will require.

When it comes down to a final decision on access control technologies, one key question is, which of these products and/or combination of devices delivers the accuracy, security and cost-efficiency to best meet your defined system criteria and budget?

Before exploring the answer to this question, it’s important to understand the basic concept of identity, which affects nearly every aspect of security.

Identity is particularly vital with access control, where the decision to allow an individual to enter any secured area depends on the ability to determine if he or she is authorized to be there. Therefore, physical security depends on the ability to connect authorities and permissions to the particular individuals who hold them. This connection between identity and permission is critical for triggering actions, including opening a particular door, admitting visitors, issuing keys, accessing sensitive or valuable materials and more. This is why identity verification in security systems—and particularly access control systems—is so important.

CONFIRMING IDENTITY

So, how can a person’s identity be confirmed? Generally speaking, the methods used to confirm the authorization—and identity—of a person for security purposes can be broken down into three categories: something you have, something you know or something you are.

A card reader is an example of “something you have,” namely an access card. For access control systems, other examples include a company badge, proximity tokens and even garage door openers. Documents such as driver’s licenses and passports may be used in staffed lobbies and security checkpoints. Whatever the physical “thing” may be the common weakness is that it can be lost, stolen or loaned to someone else.

One way to reduce the likelihood of loss or theft is the “something you know” approach to confirming identity and authorization within a security system. Most often these are passwords or passcodes. In some cases, the answer to security questions—such as favorite food or first school—may also be used. Unlike physical credentials, these codes are harder to misplace in a way that would allow them to be used by imposters, but they can be vulnerable to guessing or hacking using social engineering techniques. They can also be easy to forget, which is especially true of strong passwords that contain letters, numbers and symbols. Similar to physical credentials, they are easy to loan to another person simply by telling them.

Commonly referred to as biometrics, “something you are” is the third of these approaches. Examples of these credentials include fingerprints, palm veins, facial features and one or both irises. These offer two significant security advantages over the first two approaches: first, they offer higher identity accuracy and therefore security, and second, they are more difficult to lose, steal or lend.

Many access control systems in businesses use card readers for enabling access. In these situations, an access card is the sole means of confirming the identity of the individual carrying it, and the decision to authorize access is made based on an individual presenting a pre–programmed access card. The card serves as confirmation of the person carrying it. Obviously, this is the lowest level of identity verification because cards can be stolen, loaned, lost or duplicated, making the link between credential and identity tenuous and vulnerable at best.

Without physical identity verification, the reader cannot confirm that the user is in fact the individual to whom a card has been assigned. Two-factor authentication (i.e., access card plus PIN or password) is a security improvement, but even that can be defeated with skimmers and cameras that are readily available. Organizations that use card readers have determined that the low level of security is sufficient for their needs; the truth is that every member of their staff is a potential weak point or vulnerability that could allow criminals or others with malicious intent to gain entry.

It is clear that of the three main methodologies, biometrics has the strongest link to an individual’s identity, making it best suited for ensuring the security of an access control system. Within this general category, the main biometric identifiers used to verify identity are fingerprints, facial and iris recognition.

FINGERPRINTS

Fingerprints are thought to be unique to individuals, and can therefore be used for biometric identity confirmation. One positive aspect of this modality is that most people don’t mind having their fingerprints recorded. Fingerprint readers are easy to use and require no special environmental conditions— the messy ink of yesterday has been replaced with digital scanners that take only a second or two to capture the pattern.

As for drawbacks, fingerprints typically require physical contact with something that’s been touched by other people, which poses a hygiene issue, particularly during the cold and flu season. Fingerprints also change over time and as a consequence of activity— for example, age, scarring, calluses and other factors can change fingerprints enough to prevent matching.

FACIAL RECOGNITION

Faces contain features that can be used for individual identification. These include the relative position, size and shape of facial elements such as the distance from forehead to chin and eye to ear, for example. Biometric systems capture selected identifiers and turn them into a unique code, which is stored in the reference database and compared to other images to find a match.

One advantage of facial recognition is that it can be performed using a simple image—for both enrollment and identity verification. However, facial characteristics can be easily modified with make-up, hairstyle, facial hair, glasses and similar alterations that could prevent a match. Plus, faces are naturally unstable, with features changing over time—so people must be regularly re-enrolled to maintain accuracy.

IRIS RECOGNITION

Excluding DNA, iris recognition is one of the most accurate among current biometric modalities. Iris identity authentication is also fast—it can take less than a second and readings are non-contact and noninvasive. In the past, iris recognition systems tended to be more expensive than other methods, but new models leverage technology advances in processing power, cameras, and LED illumination, making them available at surprisingly affordable costs. Fixed readers are available, as well as high-throughput systems that can perform iris-based recognition while users walk by at normal speed.

There are still misconceptions in the market about biometrics in general and iris readers in particular. Some facts and an explanation of how iris reader technology works might help to debunk some of these mistaken beliefs. First, remember that reading an iris is not a retina scan. The retina is a layer at the back of the eye’s interior, and requires a relatively intrusive scan to capture. The iris is the clearly visible colored portion of the eye, and can be captured with a camera in a process similar to taking a photo.

The iris pattern has desirable properties for verification compared to other biometrics because of its uniqueness, stability over time and relatively easy accessibility. And iris recognition has high accuracy among biometrics. According to Cambridge biometric expert Dr. John Daugman, a typical iris is extremely complex, with more than 200 degrees of freedom that can be used for identification. This complexity allows for the development of far more accurate identification systems than could ever be achieved with fingerprints (which have only about 35 degrees of freedom) or faces (which have about 20). Plus, an iris cannot be shared or lost, and iris readers cannot be deceived by makeup, hair or clothing changes. Some readers can capture an iris image through eyeglasses, sunglasses and contact lenses, even in outdoor environments.

GREATER VALUE AND ROI

Because of its non-contact nature, iris recognition technology can be deployed in locations such as pharmaceutical manufacturing where users may wear gloves, at a construction site or port when hands may be dirty or in environments where users wear protective clothing.

As an identity management solution, iris readers have been deployed in applications as diverse as federal, state and local law enforcement, correctional facilities, travel and border security, healthcare, financial services and sports and entertainment venues, in addition to mainstream security locations.

The accuracy of iris recognition systems for identity authentication extends their potential use beyond security to applications such as workforce management, inventory control, logical access and more. For example, consider the efficiency and productivity gains that result from using iris recognition for time and attendance, making “buddy punching” impossible. By eliminating extra steps between punching in, recording hours, processing payroll and performing analytics, iris recognition is also more convenient. These and other non-security applications increase the value of iris recognition systems and deliver greater return on investment for end users.

In general, a higher degree of accuracy translates into a higher level of security, and vice versa. Card/ badge-based and PIN/password-based access control systems cannot accurately determine whether the user is who he or she claims to be. For this potentially difficult task, biometrics is the only one of the three main access control and credentialing methods that can do the job most effectively.

Technology advances in processing power, cameras and LEDs have made iris reader systems available at much more competitive costs, and new form factors are rapidly increasing their reach. Iris biometric- embedded tablets, for instance, combine the accuracy and convenience of iris recognition with the functionality and customization of a mobile computing platform for increased security levels. Other new systems on the market offer high speed, making it possible for users to simply walk through a checkpoint without stopping.

Without question, biometrics is the most fool-proof of the credentialing methods used to verify identity, and today’s iris readers meet all three of the main evaluation criteria for access control systems: accuracy, security and cost-effectiveness. As more organizations place greater emphasis on risk management, iris readers are being deployed in growing numbers to strengthen access control and identity management systems that increase the level of security while delivering numerous additional benefits. In any evaluation of access control systems, biometrics—specifically iris readers—should not only be part of the conversation but should move to the top of the list.

This article originally appeared in the August 2016 issue of Security Today.

If you like what you see, get more delivered to your inbox weekly.
Click here to subscribe to our free premium content.

comments powered by Disqus

Digital Edition

  • Security Today Magazine - October 2018

    October 2018

    Featuring:

    • Streamlined for Success
    • Making Your Expertise Unique
    • An Eye on the Campus
    • Solving Problems
    • Enhancing Security

    View This Issue

  • Environmental Protection
  • Occupational Health & Safety
  • Infrastructure Solutions Group
  • School Planning & Managmenet
  • College Planning & Management
  • Campus Security & Life Safety