Moving to the Door

Moving to the Door

Biometrics makes its way across the enterprise

Biometrics have rapidly expanded into our daily lives, as millions of people use fingerprints to unlock their mobile phones, access cash through ATMs, and verify their identity in a growing range of use cases. This mainstream adoption is also driving the increasing demand for biometrics at the door and across the enterprise for physical and cybersecurity. These applications benefit from biometrics’ ability to fuse convenience and security while validating “true identity” versus one’s identity that is associated with possessing an ID card or mobile ID on a smartphone.

Bringing Biometrics to the Door

A number of challenges have had to be solved to bring biometrics to the door. The biggest is the environment where biometric solutions must operate for these applications. In the real world, people have wet, dirty, oily, dry or worn fingerprints that have been difficult to capture and read with previous biometrics technology. As a result, earlier fingerprint biometrics solutions for physical access control are often deployed with reduced security thresholds because their lower-quality imaging technology leads to false fingerprint rejections that create long authentication lines at the door.

The latest fingerprint reader/controller solutions solve this challenge to deliver up to 99.9 percent accuracy in fingerprint image capture, leading to much higher matching speeds and better overall performance—regardless of the fingerprint conditions. This level of reliability, coupled with the security and user convenience it offers, is driving interest in marrying biometrics with physical access control applications.

Environment isn’t the only challenge that has faced the use of biometrics in access control applications. Many fingerprint technologies are vulnerable to spoofs and hacking, enabling fraudsters to create a fake fingerprint and present it to a reader. Previous solutions also have been notoriously slow at moving users through doors as compared to using a simple ID card and reader. There also have been significant differences in the performance between available fingerprint capture technologies.

Key developments in biometrics are removing these issues and shining a spotlight on the technology and its suitability for use in access control.

Better image capture. The quality of the captured image is critical, across all types of fingerprints ranging from children to the elderly, and in cold, dry, dirty and wet environments. To address these challenges, organizations are increasingly choosing sensors that use multispectral imaging that optimizes the quality of the captured image by illuminating the skin at different depths. This enables the sensor to collect information from inside the finger to augment available surface fingerprint data.

Also important, the sensor collects data from the finger even if the skin has poor contact with the sensor because of such environmental conditions as water or finger contamination. Multispectral sensors have been proven to work for the broadest range of people with normal, wet, dry or damaged fingers, across the widest range of conditions, from the presence of lotions or grease to sunlight, wet or cold conditions. The sensors also resist damage from harsh cleaning products and contamination from dirt and sunlight.

Liveness detection that enhances trust. Even when fingerprint images are properly captured, if they are a plastic fake or other artificial copy, the system cannot be trusted. For this reason, liveness detection is an increasingly visible dimension of biometric performance in commercial applications. While liveness detection is critical for preserving trust in the integrity of biometrics authentication, it must not impede performance or result in excessive false user rejections. The most trusted multispectral imaging fingerprint sensors with liveness detection provide a real-time determination that the biometric data captured by the fingerprint reader is genuine and being presented by legitimate owners, rather than someone impersonating them.

This capability leverages the imagecapture approach of using different colors or spectrum of light to measure the surface and subsurface data within a fingerprint. In addition to this optical system, the biometrics sensor features several core components including an embedded processor that analyzes the raw imaging data to ensure that the sample being imaged is a genuine human finger rather than an artificial or spoof material. Advanced machine learning techniques can be used so the solution can adapt and respond to new threats and spoofs as they are identified. This is critical if biometrics is to eliminate the need to use PINs or passwords. It also protects privacy—if you can’t use a fake finger, then even if you did obtain someone’s fingerprint data, it is meaningless.

Optimized performance. The top-performing solutions capture usable biometric data on the first attempt for every user and speed the liveness detection process. They quickly perform template matching to reject impostors and match legitimate users and should be tested by skilled and independent third parties like the National Institute of Standards and Technology (NIST) for interoperability so that performance is based on data that can be trusted in all templatematching modes.

Raw performance is not enough, however— this performance must be trusted. The next generation of solutions deliver trusted performance by using the top-ranked NIST certified MINEX III minutia algorithm to ensure interoperability with industrystandard fingerprint template databases in all template-matching modes. This includes both template-on-card and card/mobile + finger modes using “1:1” template-matching profiles, as well as template-on-device mode for finger-only authentication using “1:N” matching. Delivering this level of interoperability ensures that today’s systems, which are based on much more powerful hardware than in the past, will perform accurate 1:N identification of a full database in less than a second, significantly reducing delays and the queues users often experienced with earlier biometric solutions.

Deployment Best Practices

Organizations now have an easy path for taking their systems from traditional readers to a biometric solution but they should adhere to several important best practices during deployment. Biometrics must be incorporated into access control systems using a secure trust platform designed to meet the concerns of accessibility and data protection in a connected environment. The platform should leverage credential technology that employs encryption to prevent man-inthe- middle attacks while also protecting the biometric database, and a software-based infrastructure to secure identities on any form factor for trusted access to doors, IT networks and beyond.

As an example, HID Global’s iCLASS SE RB25F fingerprint reader/controller incorporates the company’s Seos technology and secure trusted platform, which gives users the option of accessing facilities with a mobile device. Its multispectral sensor incorporates trusted liveness detection to provide real-time validation that the fingerprint is genuine and real, while ensuring superior protection against hundreds of commonly used spoofing materials. The solution also comes with duress finger functionality, as well as a built-in optical tamper that automatically sends alerts in the case of an attempt to remove the device.

With today’s solutions, system management is simplified using web-based reader managers that handle all reader/controller configuration and management while supporting fingerprint enrollment for both the 1:2 verification and 1:N identification modes. The solution should encompass remote management of all readers and users, spanning all onboarding as well as template loading and enrollment activities for the supported authentication modes. Today’s tools can be used as stand-alone applications or interfaced with other access control and/or time and attendance platforms and enable system administrators to manage all configuration settings from time and data to language, security and synchronization. They also enable continuous live monitoring of authentication, alerts and system health.

To simplify deployment, application programming interfaces (APIs) are available for direct integration of biometrics authentication solutions with the access control infrastructure. Multiple interface options should be available to support various system architectures.

It is critical that biometrics data is handled like all sensitive and identifying information. A properly architected system will always consider and protect against both internal and external threats and attacks. Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multifactor and even multi-modal authentication to maintain security even if some identifying data is compromised. All reader/controllers should also feature duress finger functionality, as well as built-in optical tamper safeguards with automated alerts if there is an attempt to remove the device.

Also important is the environmental design of the reader/controller. In addition to built-in vandal resistance, all devices should include weather protection so they can be installed indoors or outdoors. Features that support rapid deployment can reduce installation time to just minutes.

Early Adoption Paths

There are several applications that lend themselves to the security and convenience of biometrics technology at the door. Examples include education and healthcare campuses where it is imperative to prevent users from taking someone else’s card and using it to gain access to restricted locations and/or privileged resources. When used for authentication, it adds the human element to strengthen security by combining something the user “is” with something the user “has” or “knows.”

The ability to identify persons with 100 percent accuracy is especially critical healthcare so that medical professionals have the correct patients’ medical history with which to properly diagnose and treat them. The inclusion of liveness detection in these biometric solutions will give healthcare organizations the assurance, for instance, that they are complying with HIPAA regulations for verifying identity without the fear that someone will compromise the system and gain access using a fake fingerprint.

On a college campus, biometric solutions will be increasingly important for preventing unauthorized use of data or access to secured campus locations, and eliminating errors or fraudulent manipulation of attendance monitoring, library management and other systems. Here, too, liveness detection will play an important role, ensuring that a thief can’t steal and use someone’s campus ID card to, for instance, gain unauthorized access to the person’s dorm room or fraudulently purchase meals at the cafeteria using their account.

In these and similar applications, biometric solutions deliver a higher confidence about “who” is being admitted into a university residence hall, classroom, a hospital’s front door and other restricted areas where this confidence really matters. In these and other applications, it is insufficient to simply possess an ID card, and what is required is the ability to validate a person’s true identity using biometrics. This must be accomplished in such a way that any person can be identified or verified regardless of skin condition, at any authentication point regardless of environmental conditions, and without the risk of excessive false user rejections that slow down access.

Biometrics technology will continue to improve as it grows in popularity to use at the door, and companies are actively investing in these advancements. Examples include HID Global’s acquisition of Lumidigm for fingerprint sensors with multispectral imaging and liveness detection, and Crossmatch for its biometric identity management solutions for civil government, defense and commercial applications, as well as a secure multifactor authentication software solution. Today’s fingerprint authentication solutions are on a fast track to deliver a unique combination of ease of use and higher security. They combine enhancements in liveness detection, system architectures and trusted performance to give people secure and convenient access facilities, networks and services using fingerprints that are unique and cannot be forgotten, lost or stolen.

This article originally appeared in the July/August 2019 issue of Security Today.

Featured

  • New Report Reveals Top Trends Transforming Access Controller Technology

    Mercury Security, a provider in access control hardware and open platform solutions, has published its Trends in Access Controllers Report, based on a survey of over 450 security professionals across North America and Europe. The findings highlight the controller’s vital role in a physical access control system (PACS), where the device not only enforces access policies but also connects with readers to verify user credentials—ranging from ID badges to biometrics and mobile identities. With 72% of respondents identifying the controller as a critical or important factor in PACS design, the report underscores how the choice of controller platform has become a strategic decision for today’s security leaders. Read Now

  • Overwhelming Majority of CISOs Anticipate Surge in Cyber Attacks Over the Next Three Years

    An overwhelming 98% of chief information security officers (CISOs) expect a surge in cyber attacks over the next three years as organizations face an increasingly complex and artificial intelligence (AI)-driven digital threat landscape. This is according to new research conducted among 300 CISOs, chief information officers (CIOs), and senior IT professionals by CSC1, the leading provider of enterprise-class domain and domain name system (DNS) security. Read Now

  • ASIS International Introduces New ANSI-Approved Investigations Standard

    • Guard Services
  • Cloud Security Alliance Brings AI-Assisted Auditing to Cloud Computing

    The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment, today introduced an innovative addition to its suite of Security, Trust, Assurance and Risk (STAR) Registry assessments with the launch of Valid-AI-ted, an AI-powered, automated validation system. The new tool provides an automated quality check of assurance information of STAR Level 1 self-assessments using state-of-the-art LLM technology. Read Now

  • Report: Nearly 1 in 5 Healthcare Leaders Say Cyberattacks Have Impacted Patient Care

    Omega Systems, a provider of managed IT and security services, today released new research that reveals the growing impact of cybersecurity challenges on leading healthcare organizations and patient safety. According to the 2025 Healthcare IT Landscape Report, 19% of healthcare leaders say a cyberattack has already disrupted patient care, and more than half (52%) believe a fatal cyber-related incident is inevitable within the next five years. Read Now

New Products

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • QCS7230 System-on-Chip (SoC)

    QCS7230 System-on-Chip (SoC)

    The latest Qualcomm® Vision Intelligence Platform offers next-generation smart camera IoT solutions to improve safety and security across enterprises, cities and spaces. The Vision Intelligence Platform was expanded in March 2022 with the introduction of the QCS7230 System-on-Chip (SoC), which delivers superior artificial intelligence (AI) inferencing at the edge.