The historic “who goes there?” just isn’t good enough anymore — not only in military circles, but also throughout the corporate world. Instead, the buzzword in security today is biometry, also known as biometrics.
For some security stakeholders, yesterday’s personal identification methods are too labor intensive. Not only that, manual methods are generally less reliable because of the human element and paper identification is easy to alter. In today’s security-minded world, a higher level of certainty is required at the portal.
“Biometrics gives an access control system an opportunity to know that it’s interrogating Al Colombo instead of just Al Colombo’s access card,” says Gene Samburg, CEO with Kastle Systems of Arlington, Va. “That’s an advantage because we’re able to ID people. Biometrics enables us to tie people to events instead of just their cards.”
Biometrics provides assurance that the person trying to seek access is that person. Whether it’s through face, hand, eye or finger identification, biometry can gain more certainty of identity than PIN numbers and identification cards. While advances have improved the reliability of biometric security, it still has its shortcomings. In addition, management practices are needed to ensure the acceptability of such devices by those who use them.
Biometric Access Control Offers Greater Certainty at the Portal
According to the scientific journal Nature, biometry is “The application of statistics to measurable biological traits; the starting point for the analysis of quantitative traits of organisms and populations.”
In this case, biometry is applied to the act of electronically securing physical and logistical assets where a higher-than-normal level of security is necessary. The most common biometric identifiers include facial recognition, fingerprint dentification, eye identification and hand geometry.
Not only can a biometric identifier involve a physical trait, it can also include a person’s behavior. Examples include the speed at which the user types a password into their computer, the pressure and speed applied when signing their name, the way they hold their head, or the way they walk.
Another example is the way they present their finger or eye to a biometric reader. In some cases, an access control system will authenticate users using multiple biometric identifiers, such as a fingerprint and iris scan, voice and hand geometry, or palm geometry and a personal identification number (PIN).
The use of multiple biometric identifiers help assure the system will accommodate a wide user base — even those with special needs. Examples of this might include individuals who have lost a hand, a critical finger or someone with a glass eye.
“It doesn’t matter what the biometric identifier is, there are always some individuals where biometrics will not function properly,” says Douglas Laird, president of Laird & Associates of Reno, Nev. “For instance, my wife is a school teacher, which means she has shuffled papers so much over her 37-year career that the ridges on her fingers have worn down to the point where she is difficult to fingerprint.”
Greater Accuracy, But Still Not Foolproof
Before proceeding to the meat of the biometric issue, there are several items of interest that systems integrators should understand.
Perhaps the most important thing to know is that although huge advances have been made in the biometrics field, there is still plenty of room for improvement.
“The standard issues relative to technology exist, such as system performance from a software perspective,” says Alan Calegari, senior vice president and head of security systems for Siemens Building Technologies (SBT) of Buffalo Grove, Ill. “Additionally, education and acceptance by users also impacts effectiveness.”
There are several types of failures associated with card access control systems, whether they use biometrics or conventional cards. The first issue involves the potential for Type I and Type II failures.
A Type I error involves the rejection of valid users when they present a biometric and/or card at a portal or point of service. A Type I error is also referred to as the “false reject rate” and abbreviated FRR.
Type II errors, referred to as the “false accept rate” (FAR), involve the acceptance of invalid users at the portal.
Either type of failure can cause bottlenecks at the door, not to mention security issues and angry users.
The other issue is circumvention. Biometric access systems may be difficult to compromise, but there are highly skilled criminals and terrorists who through determination will do just that.
For example, Tsutomu Matsumoto, a Japanese cryptographer, was successful several times in negating fingerprint-based biometric access control systems using gelatin and a plastic mold. By creating a duplicate of an authorized user’s finger, he was able to enter an access control system four out of five attempts.
Facial Recognition Systems Make Inroads and Get More Face Time
Facial recognition is among the most controversial technologies used by law enforcement and security. When used for access control, it has the potential to be a remarkable tool. But like any relatively new security technology, there is always more that can be done to improve it.
There are a variety of facial recognition technologies on the market. In general, most of them analyze the peaks and valleys of the human face. The software analyzes things like the depth of a person’s eye sockets, nose and other characteristics — what is commonly called a faceprint.
The technology operates by saving one to three images of each user in relation to either an access card or PIN input. The typical size of a facial access data file is 500 to 1,000 bytes.
Faceprints, card numbers and PINs can either be contained in a central database at the premises, an optical data storage card or a smart card. When the faceprint and access data are kept portable, the equipment at the portal merely compares what’s on the card to the user’s real-time image and card or PIN data.
If they match what’s on the card, the door will open and the user is allowed to enter. When these data are kept in a local or networked database, response time can be slower and the cost of implementation higher because of the data storage space necessary to drive a large system.
Under normal conditions, a single image is all that is necessary for comparison with a real-time image of the user at the portal. When the system rejects the authorized user repeatedly, the operator can elect to add one or two more images to the user’s access data folder.
3-D Solution Helps Plug Security Hole for Facial Systems
Although facial recognition as a means of access control is on the increase, there are some inherent problems associated with its use.
First, a person’s appearance will change during the course of time, causing the system to eventually reject the user altogether. In order to resolve this, some manufacturers enable their system to update the user’s file with current images taken during subsequent logins.
The claim has been publicly made that this type of system has been compromised using digital images presented to the PC in place of real-time video images. To reduce the risk of this happening, some face recognition systems look for movement. This generally stops the use of 2-D renderings. Even then, systems can still be fooled. A German firm used a laptop to fool a facial recognition system by simulating motion through a short AVI video of an authorized user.
SBT — using a technology transferred from Siemens Medical Solutions of Malvern, Pa. — says it has come up with a solution to this problem. The fix involves the use of a relatively new imaging technology that utilizes the 3-D characteristics of the human face to build a 3-D mathematical model.
According to Siemens, the system creates a three-dimensional image of the whole face and then uses this electronic “contoured face mask” to identify the person. Thus, when a flat rendering is presented to the face recognition camera, the system will detect its 2-D characteristic.
Page 1 of 2 pages 1
Access Control ·
Kastle Systems ·
Commenting is not available in this channel entry.