Verification is Key
Access control is more than the first line of defense
- By Robert Laughlin
- Oct 03, 2016
With the continually expanding integration between video
surveillance, access control and other business systems of
all types, security now plays an important role in nearly every
aspect of business and operations.
Among the technologies that serve the need for security,
organizations are increasingly relying on access control as more than just a first
line of defense. Thanks to advancements in software, access control is now capable
of serving as the core technology for a growing variety of systems. While this is a
positive development, the truth is that some traditional access control solutions
can be vulnerable to misuse and fraud. As a result, these systems may actually be
providing end users with a false sense of security.
Consider that the purpose of access control is to ensure that only authorized
individuals are allowed to enter buildings, certain areas within those buildings and
even networks. The strength of security relies on the ability to connect credentials,
which incorporate authorities, permissions, privileges, etc., to particular individuals
and ensure that only the individual connected to a particular identity is able to use them. Therefore, to maintain a high
level of security, organizations must be
able to correctly identify individuals and
connect them with the proper credentials.
To do this effectively requires verifying
the identity of individuals using
the credentials, but unfortunately, this is
not part of the technology embedded in
conventional access control systems.
Many, if not most, systems rely on
card readers or other physical credentials
to control access. These systems
either grant or deny access based on
nothing more than an individual’s possession
of a physical access card or
entry of a valid PIN or password. In
other words, identity confirmation or
verification is left out of the equation.
Without physical identity verification,
conventional access readers just don’t
have the ability to confirm that the user
is in fact the individual assigned to that
card or other physical device.
Identification cards can be stolen,
loaned, lost or duplicated. Even twostep
verification that requires a card
and a PIN or password can be defeated
with skimmers and other readily available
tools. Determined hackers, thieves,
criminals and others who may have malicious
intent constantly seek out the
path of least resistance and/or potential
loopholes in security to gain access to
buildings, secure areas, networks and
other sensitive assets.
For this reason, organizations looking
beyond today’s access control functionality
for solutions that offer new,
more intelligent security and operational
capabilities need not look farther
than biometric technology, which provide
the strongest link between individual
identities and access.
BIOMETRIC VERIFICATION
For many years now, the affordability,
ease-of-use and overall effectiveness
of traditional card readers, keypads
and other solutions has made these
technologies more or less the standard
choice for access control. Despite the
fact that biometric readers are able to
deliver higher levels of security, their
expense and complexity made them
better-suited for high-security facilities
and little else.
Now, biometric technologies are
available at price points much lower
than in the past. We see this reality every
day in smartphones, tablets and other
devices that incorporate fingerprint,
facial recognition and other biometric
authentication methods for restricting
access. These same cost-efficient biometric
readers are now being deployed
in a growing number and wider variety
of security applications, often in lieu of
card readers and keypads, to increase
security levels significantly.
Biometrics offers the unparalleled
advantage of authenticated physical
identity verification as opposed to
typical card or prox devices. Among the
most common biometric characteristics
used for identity verification are finger-prints, facial features, voice and iris.
Each has its pros and cons, but the fastest-
growing among these is iris recognition.
New biometric iris recognition
technology is dissipating preconceived
notions about the price, performance,
and business potential for iris readers.
Thanks to technological advancements,
iris recognition has become fast,
simple and safe, and doesn’t require
physical contact with a sensor or reader.
This method also delivers the highest
effectiveness of all biometrics.
Iris recognition access control systems
are able to accurately verify an
individual’s identity before allowing
access. Unlike access cards, PINs or
passwords, irises can’t be lost, left at
home, forgotten, shared or stolen – and
it’s virtually impossible for someone to
circumvent iris verification using makeup,
wigs or other methods. Iris biometric-
embedded tablets designed for
mainstream applications combine the
accuracy and convenience of iris recognition
with the functionality and customization
of a mobile computing platform
for increased security levels.
ADVANCED IRIS RECOGNITION
With respect to iris recognition solutions,
many people may still think of
the “old days” when systems required
individuals to come to a full stop, look
directly into a camera from a short
distance and wait a couple seconds or
more for the system to authenticate
their identity. This couldn’t be farther
from the truth today’s solutions, which
are miles ahead of their predecessors.
Enrolling users in the system is
fast and easy. Users sit for a quick
photo that allows a camera to capture
a detailed image of their iris, which is
stored in the system for later comparison.
Verifying identities is even easier.
All a user has to do is look into the iris
reader from a comfortable distance—
often without even stopping—and the
system compares the patterns in his or
her iris against the image stored in the
database. If there’s a match, identity is
verified.
There are some iris recognition systems
on the market that are capable of
scanning as many as 30 people per minute
from a distance of several feet. This
is two to three times faster than the
expected throughput of high-end hand
or fingerprint scanners, which is 10 to
15 people per minute. This increased
efficiency can eliminate long lines and
delays at peak times. And unlike these
other biometrics, iris recognition requires
no contact with a camera or other
surface, which greatly reduces wear
and tear and concerns about contamination
from germs and other sources.
BEYOND SECURITY
The accuracy and identification authentication
provided by iris recognition
systems also delivers benefits and value
to businesses beyond conventional security
purposes. Time and attendance, inventory control and other customizable
applications are all possible.
Incorporating iris verification with
time and attendance applications can
result in potentially significant gains in
both employee productivity and overall
efficiency. In the case of hourly or shiftbased
employees in retail, food service
and other industries, iris recognition
also improves the accuracy of time and
attendance by eliminating the possibility
of “buddy punching.” Convenience
is another benefit, as iris recognition
eliminates the extra steps between employees
punching in, recording hours,
processing payroll and performing analytics,
which are necessary with cardbased
systems.
Advances in software solutions now
allow access control to be increasingly
used as the hub of security and other
systems to collect, sort and share data
between multiple sources. For companies
and organizations in healthcare
and other industries that are governed
by certain regulations, integrating iris
recognition with these solutions ensures
precise audit trails and can considerably
streamline the process of demonstrating
compliance. As iris recognition
continues to evolve, we will see new
form factors, technological advances
and even greater accuracy, all of which
will combine to increase the number
and range of potential applications.
Identity authentication and management
is a foundational concept for
the professional security industry, and
new devices incorporating cost-effective,
high-performance biometric iris
recognition help to achieve this goal.
By deploying these devices, organizations
can address the vulnerabilities associated
with traditional access control
systems to make a meaningful difference
in mitigating their risk exposure.
The ability to use iris recognition for
business applications in addition to
security makes readers even more costeffective.
The ROI of these solutions is
further increased because there are no
physical cards that must be distributed
and replaced when lost; RFID blocking
sleeves to prevent hacking are unnecessary;
and the potential is there to
streamline operations by reducing time
and labor.
Increasing security may seem like a
daunting task for many end users, but
that doesn’t necessarily have to be the
case. Upgrading identity and access
control devices with more accurate and
effective iris recognition devices has
the power to deliver real—and significant—
increases in security. With all the
capabilities and benefits of today’s iris
recognition readers, these solutions are
creating a new benchmark for overall
improved security in our workplaces,
communities and our nation.
This article originally appeared in the October 2016 issue of Security Today.