At the recent National Association of Campus Card Users (NACCU) meeting in San Antonio, a panel discussion focused on the utilization of biometric technology in the college and university market. The panelists described a series of biometric implementations–both new and long standing–that control access to facilities and privileges around the country. Highlights of the discussion are presented in the following report.

Emory University

When the new $70 million Clairmont Campus was being constructed, access control to the state-of-the-art facilities was a key consideration. Decision makers worked with the existing campus card vendor, General Meters Corp., to determine a solution. Hand geometry readers from Ingersoll Rand were selected and are now in use at six locations around the campus.

Of the 30,000 members of the Emory community, 7,000 are currently registered in the system. Registration involves the enrollment of the palm/hand. The hand is scanned three times to build an accurate template and the resulting image is transformed into a series of numbers based on key points of the image. The enrollment process takes just 30 seconds.

Each day, as many as 1000 access transactions are conducted via the biometric system. Students and staff enter their 7-digit Peoplesoft ID number at a reader’s keypad and then place their hand on the hand scanner. The image is converted to a series of numbers using the same process that was used during enrollment. The resulting numeric string is compared to the enrolled template that was accessed from the database based on the Peoplesoft ID number. Access is then granted or denied. This entire process takes approximately seven seconds.

“(For individuals whose hands don’t scan well) the system gives us the ability to adjust tolerance levels,” said Dave Segal, Director of Emory Card and Campus Life Technical Services at Emory University.

Regarding the students apprehension to using this new technology, Mr. Segal expressed little concern. “A ‘Big Brother’ article appeared in the student newspaper but (the use of the biometric readers) quickly became a way of life and no one seems to worry.”

University of Georgia

At the University of Georgia in Athens, every student is “hand imaged” at card issuance. And while biometrics is thought by many to be a new technology, it is old hat in Georgia. They have been using the technology to control access to food service locations for more than thirty years. Beginning in 1972, students on campus have been scanning their hands to gain entry to the dining halls.

According to Donald Smith, Program Coordinator for UGA Card Support Services, there are now more than 50 biometric devices being used in food service, housing, the recreation centers, and in a lab.

In the food service and housing locations, all eligible records are stored in the reader so there is no need for an online connection to an external database. “At the rec center there is not enough memory for all images to be stored on a reader,” says Mr. Smith, “so the 6 readers are connected to a server holding all images.”

The usage numbers are impressive. An average of 1700 transactions are attempted daily at each reader in the food service locations. This amount to nearly 250,000 scans per month. Each reader in the housing locations processes an average of 450 scans per day, collectively totaling 250,000 transactions per month for housing as well. The rec center averages 2500 per day or an additional 870,000 per year.

As for the durability of the readers, Mr. Smith notes that the initial readers were in use from 1972 to 1990. Some of their current readers were put into the field a decade ago in 1994.

Johnson and Wales University, Denver Campus

Students at the Denver campus of Johnson and Wales University use their handprints as keys to their dormitory access control system. The system was put into place for the campus by system integrator, the Vizer Group. Scott Sutton, Vizer Group, described biometrics as a “double digit growth sector. Our clients are using it for access control, time and attendance, and corporate security applications.”

At Johnson and Wales, both external and internal residence hall entrances are equipped with biometric Handreaders from Ingersoll Rand. Says Mr. Sutton, the sophisticated yet easy-to-use readers “take 90 different readings and create a 32-digit algorithm” to represent the hand image.

Industry expert Cathy Tilton provides insight

One of the biometric industry’s leading experts joined the panel to paint the industry-wide picture of the technology. Cathy Tilton, Director Integrated Solutions Group for Saflink Corp., serves as the chairperson for several biometric committees within both national and international standards bodies including BioAPI, INCITS M1, and the M1 ad hoc group on government smart cards. In addition to detailing the path that biometric technology has traveled from its early days to the relative maturity, stability, and emerging standardization, Ms. Tilton raised a number of interesting points.

Biometric systems are far more complex and difficult to defraud than most people think (yet they have become extremely user friendly in recent years). Take for example, Iris scanning, the process of reading the unique patterns of the human iris. The iris develops before birth through a process called chaotic morphogenesis such that each iris is unique–even identical twins iris patterns are different and each person’s right and left eye are distinct. According to Ms. Tilton, “Iris recognition software reads 250 distinct points in the iris (to create the biometric indicator).” “With speech recognition,” she adds, “28 different characteristics are evaluated.”

Discussions of biometric systems frequently involve the topic of false rejection rates, or the frequency with which a valid individual is denied access based on a bad reading. Ms. Tilton had an interesting real world perspective on false rejections: “typically the first time a user fails it is because they put the hand in too roughly (or incorrectly), then they are more on the second try and it reads fine.” She compares it to a bill validator that kicks the bill out on the first try, then the user carefully straightens the bill and it works fine.

Biometric systems face one type of fraud that is specific and unique to the technology: spoofing of the device. This process involves an attempt to make the reader think it is seeing the actual physical item to be read (e.g. hand, finger, iris, face) when in reality it is another item created to appear like the actual item. Commonly photographs of faces, false eyes, and synthetic body parts are used in an attempt to spoof a reader. Ms. Tilton points out however, that today’s readers have sophisticated measures in place to render the vast majority of such attempts useless. She notes that iris scan technologies track for movement in the pupil, facial scanners evaluate the three-dimensional components of a face, and other devices check for heat and/or bloodflow.