Moving to the Door

Moving to the Door

Biometrics makes its way across the enterprise

Biometrics have rapidly expanded into our daily lives, as millions of people use fingerprints to unlock their mobile phones, access cash through ATMs, and verify their identity in a growing range of use cases. This mainstream adoption is also driving the increasing demand for biometrics at the door and across the enterprise for physical and cybersecurity. These applications benefit from biometrics’ ability to fuse convenience and security while validating “true identity” versus one’s identity that is associated with possessing an ID card or mobile ID on a smartphone.

Bringing Biometrics to the Door

A number of challenges have had to be solved to bring biometrics to the door. The biggest is the environment where biometric solutions must operate for these applications. In the real world, people have wet, dirty, oily, dry or worn fingerprints that have been difficult to capture and read with previous biometrics technology. As a result, earlier fingerprint biometrics solutions for physical access control are often deployed with reduced security thresholds because their lower-quality imaging technology leads to false fingerprint rejections that create long authentication lines at the door.

The latest fingerprint reader/controller solutions solve this challenge to deliver up to 99.9 percent accuracy in fingerprint image capture, leading to much higher matching speeds and better overall performance—regardless of the fingerprint conditions. This level of reliability, coupled with the security and user convenience it offers, is driving interest in marrying biometrics with physical access control applications.

Environment isn’t the only challenge that has faced the use of biometrics in access control applications. Many fingerprint technologies are vulnerable to spoofs and hacking, enabling fraudsters to create a fake fingerprint and present it to a reader. Previous solutions also have been notoriously slow at moving users through doors as compared to using a simple ID card and reader. There also have been significant differences in the performance between available fingerprint capture technologies.

Key developments in biometrics are removing these issues and shining a spotlight on the technology and its suitability for use in access control.

Better image capture. The quality of the captured image is critical, across all types of fingerprints ranging from children to the elderly, and in cold, dry, dirty and wet environments. To address these challenges, organizations are increasingly choosing sensors that use multispectral imaging that optimizes the quality of the captured image by illuminating the skin at different depths. This enables the sensor to collect information from inside the finger to augment available surface fingerprint data.

Also important, the sensor collects data from the finger even if the skin has poor contact with the sensor because of such environmental conditions as water or finger contamination. Multispectral sensors have been proven to work for the broadest range of people with normal, wet, dry or damaged fingers, across the widest range of conditions, from the presence of lotions or grease to sunlight, wet or cold conditions. The sensors also resist damage from harsh cleaning products and contamination from dirt and sunlight.

Liveness detection that enhances trust. Even when fingerprint images are properly captured, if they are a plastic fake or other artificial copy, the system cannot be trusted. For this reason, liveness detection is an increasingly visible dimension of biometric performance in commercial applications. While liveness detection is critical for preserving trust in the integrity of biometrics authentication, it must not impede performance or result in excessive false user rejections. The most trusted multispectral imaging fingerprint sensors with liveness detection provide a real-time determination that the biometric data captured by the fingerprint reader is genuine and being presented by legitimate owners, rather than someone impersonating them.

This capability leverages the imagecapture approach of using different colors or spectrum of light to measure the surface and subsurface data within a fingerprint. In addition to this optical system, the biometrics sensor features several core components including an embedded processor that analyzes the raw imaging data to ensure that the sample being imaged is a genuine human finger rather than an artificial or spoof material. Advanced machine learning techniques can be used so the solution can adapt and respond to new threats and spoofs as they are identified. This is critical if biometrics is to eliminate the need to use PINs or passwords. It also protects privacy—if you can’t use a fake finger, then even if you did obtain someone’s fingerprint data, it is meaningless.

Optimized performance. The top-performing solutions capture usable biometric data on the first attempt for every user and speed the liveness detection process. They quickly perform template matching to reject impostors and match legitimate users and should be tested by skilled and independent third parties like the National Institute of Standards and Technology (NIST) for interoperability so that performance is based on data that can be trusted in all templatematching modes.

Raw performance is not enough, however— this performance must be trusted. The next generation of solutions deliver trusted performance by using the top-ranked NIST certified MINEX III minutia algorithm to ensure interoperability with industrystandard fingerprint template databases in all template-matching modes. This includes both template-on-card and card/mobile + finger modes using “1:1” template-matching profiles, as well as template-on-device mode for finger-only authentication using “1:N” matching. Delivering this level of interoperability ensures that today’s systems, which are based on much more powerful hardware than in the past, will perform accurate 1:N identification of a full database in less than a second, significantly reducing delays and the queues users often experienced with earlier biometric solutions.

Deployment Best Practices

Organizations now have an easy path for taking their systems from traditional readers to a biometric solution but they should adhere to several important best practices during deployment. Biometrics must be incorporated into access control systems using a secure trust platform designed to meet the concerns of accessibility and data protection in a connected environment. The platform should leverage credential technology that employs encryption to prevent man-inthe- middle attacks while also protecting the biometric database, and a software-based infrastructure to secure identities on any form factor for trusted access to doors, IT networks and beyond.

As an example, HID Global’s iCLASS SE RB25F fingerprint reader/controller incorporates the company’s Seos technology and secure trusted platform, which gives users the option of accessing facilities with a mobile device. Its multispectral sensor incorporates trusted liveness detection to provide real-time validation that the fingerprint is genuine and real, while ensuring superior protection against hundreds of commonly used spoofing materials. The solution also comes with duress finger functionality, as well as a built-in optical tamper that automatically sends alerts in the case of an attempt to remove the device.

With today’s solutions, system management is simplified using web-based reader managers that handle all reader/controller configuration and management while supporting fingerprint enrollment for both the 1:2 verification and 1:N identification modes. The solution should encompass remote management of all readers and users, spanning all onboarding as well as template loading and enrollment activities for the supported authentication modes. Today’s tools can be used as stand-alone applications or interfaced with other access control and/or time and attendance platforms and enable system administrators to manage all configuration settings from time and data to language, security and synchronization. They also enable continuous live monitoring of authentication, alerts and system health.

To simplify deployment, application programming interfaces (APIs) are available for direct integration of biometrics authentication solutions with the access control infrastructure. Multiple interface options should be available to support various system architectures.

It is critical that biometrics data is handled like all sensitive and identifying information. A properly architected system will always consider and protect against both internal and external threats and attacks. Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multifactor and even multi-modal authentication to maintain security even if some identifying data is compromised. All reader/controllers should also feature duress finger functionality, as well as built-in optical tamper safeguards with automated alerts if there is an attempt to remove the device.

Also important is the environmental design of the reader/controller. In addition to built-in vandal resistance, all devices should include weather protection so they can be installed indoors or outdoors. Features that support rapid deployment can reduce installation time to just minutes.

Early Adoption Paths

There are several applications that lend themselves to the security and convenience of biometrics technology at the door. Examples include education and healthcare campuses where it is imperative to prevent users from taking someone else’s card and using it to gain access to restricted locations and/or privileged resources. When used for authentication, it adds the human element to strengthen security by combining something the user “is” with something the user “has” or “knows.”

The ability to identify persons with 100 percent accuracy is especially critical healthcare so that medical professionals have the correct patients’ medical history with which to properly diagnose and treat them. The inclusion of liveness detection in these biometric solutions will give healthcare organizations the assurance, for instance, that they are complying with HIPAA regulations for verifying identity without the fear that someone will compromise the system and gain access using a fake fingerprint.

On a college campus, biometric solutions will be increasingly important for preventing unauthorized use of data or access to secured campus locations, and eliminating errors or fraudulent manipulation of attendance monitoring, library management and other systems. Here, too, liveness detection will play an important role, ensuring that a thief can’t steal and use someone’s campus ID card to, for instance, gain unauthorized access to the person’s dorm room or fraudulently purchase meals at the cafeteria using their account.

In these and similar applications, biometric solutions deliver a higher confidence about “who” is being admitted into a university residence hall, classroom, a hospital’s front door and other restricted areas where this confidence really matters. In these and other applications, it is insufficient to simply possess an ID card, and what is required is the ability to validate a person’s true identity using biometrics. This must be accomplished in such a way that any person can be identified or verified regardless of skin condition, at any authentication point regardless of environmental conditions, and without the risk of excessive false user rejections that slow down access.

Biometrics technology will continue to improve as it grows in popularity to use at the door, and companies are actively investing in these advancements. Examples include HID Global’s acquisition of Lumidigm for fingerprint sensors with multispectral imaging and liveness detection, and Crossmatch for its biometric identity management solutions for civil government, defense and commercial applications, as well as a secure multifactor authentication software solution. Today’s fingerprint authentication solutions are on a fast track to deliver a unique combination of ease of use and higher security. They combine enhancements in liveness detection, system architectures and trusted performance to give people secure and convenient access facilities, networks and services using fingerprints that are unique and cannot be forgotten, lost or stolen.

This article originally appeared in the July/August 2019 issue of Security Today.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.