The following article was provided by Debra Spitler, Vice President of Marketing, ASSA ABLOY Identification Technology Group (ITG). Ms. Spitler is a longtime leader in the physical access control industry and an active contributor to industry groups and conferences. Her role within HID and its parent company ASSA ABLOY has positioned her at the forefront of major technology revolutions impacting the security and access control markets. In this piece, part one of two, Ms. Spitler investigates the current revolution that is merging biometric technology with existing access control technologies.
The world of physical access control was altered by the events of September 11, 2001, as veterans of this industry will attest. Prior to this time, physical access control systems relied upon technologies such as barium ferrite, magnetic stripe, Wiegand, and proximity to provide an appropriate level of physical access control.
Biometric technology was rarely considered for use in a physical access control system. The need for “high security” translated into the requirement to provide a proximity reader and card as opposed to a magnetic stripe reader and card. Further, the concept of “identity verification” did not enter the picture.
Times have changed. U.S. government agencies such as the Transportation Security Administration (TSA) and the Federal Aviation Administration (FAA), as well as private industry, are seriously considering the benefits of a second level of physical security that incorporates the use of biometric technology. In addition, biometrics solutions eliminate the hassles of passwords and PINs. As a result, biometric technology providers are seeking ways to transfer their knowledge to the physical access control marketplace.
Likewise, access control system manufacturers and large system integrators are beginning to take an active interest in learning about and supporting biometric technologies at the end-user level.
As new opportunities for growth in the access control arena emerge, it is important to remember that biometrics is a technology, not an industry, says John Hunepohl, president of Exact Identification Corporation. “Before applying any technology, first identify the problem. Second, define a solution. Third, see how “your” technology can become part or all of the solution.”
Biometrics systems use automated techniques that verify or identify people by their physical characteristics. Various technologies are currently available for biometrics authentication:
Voice and signature recognition techniques are generally considered to be appropriate for many non-PC access authorization uses, but in most cases are not good candidates for PC and network user authentication. Biometric techniques that identify physical features are more accurate; therefore, they offer a higher level of security.
Retinal scanning and iris identification are both highly accurate ways of identifying individuals; however, they are both expensive to implement and most organizations do not need this level of accuracy. Hand, face, and fingerprint authentication techniques offer good accuracy for a smaller investment in scanning hardware.
Physical changes such as cuts, scars, and aging can affect the accuracy of certain types of biometric authentication techniques; however, user identification databases can beupdated to overcome most of these problems.
The role of biometrics in physical access control is to provide security and convenience. “Given the new security-conscious climate and the reduction in cost for biometric devices, there is an increasing adoption based on security requirements,” says Frances Zelazny, director of corporate communications for Identix Inc. “In cases where convenience is a main factor, the security aspect of the biometric is a foregone conclusion.”
In reality, the use of biometrics for physical access control is one of the most demanding applications. To be successful in today’s access control environment, basic principles must be adhered to.
Initial biometric systems were standalone and did not integrate with existing access control systems. However, most companies now provide systems that integrate quite easily with legacy hardware by means of Wiegand data. In this case, the biometric reader looks to the door controller just like a normal card reader. This typically requires that the biometric data be handled separately from the user data managed by the access control system. Biometric data is handled by software provided by the vendor.
One way biometric vendors have maneuvered around this drawback is to offer products that utilize smart card technology. When biometric templates are stored on the card, there is no need to distribute the biometric data to the various readers in a facility. The access control system still manages access rights by means of the ID number sent from the biometric reader to the door controller.
One of the more interesting uses of biometrics involves combining biometrics with smart cards and public-key infrastructure (PKI). A major problem with biometrics is how and where to store the user’s template. Because the template represents the user’s personal characters, its storage introduces privacy concerns. Furthermore, storing the template in a centralized database leaves that template subject to attack and compromise. On the other hand, storing the template on a smart card enhances individual privacy and increases protection from attack, because individual users control their own templates.
Vendors enhance security by placing more biometric functions directly on the smart card. Some vendors have built a fingerprint sensor directly into the smart card reader, which in turn passes the biometric to the smart card for verification. At least one vendor, Biometric Associates, has designed a smart card that contains a fingerprint sensor directly on the card. This is a stronger secure architecture because cardholders must authenticate themselves directly to the card.