The ‘Veri’ series of readers from Bioscrypt utilize a finger scan in conjunction with a card reader or pin pad. A user presents the system with a hand-entered (keyed in) number or swipes/scans an ID card. Next the user places their finger on the sensor for verification. The reader compares the stored template (matching the keyed-in or card-read ID number) with the template of the presented finger. If they match the number is passed up to the access control system via the security industry standard wiegand output. It’s important to note that the reader handles the biometric verification while the access control system determines privilege based on the number.
Each of the readers comes in several configurations for two-factor authentication, generally a keypad and/or a card reader along with the biometric reader. This allows the user to identify himself to the system either by presenting the card or keying in the ID number. Keypads are inexpensive to deploy but have substantial management costs. Mag stripe, prox and contactless smart cards can all be used with both hand and finger readers, although the contactless smart card does have some distinct advantages.
Although targeted for access control, this same deployment topology could be applied to either financial transactions or privilege verification. Instead of the wiegand output, clock and data outputs can mimic mag stripe readers, or serial output can be used to interface with more intelligent systems. Once someone on your campus starts to use biometrics for access, it is almost inevitable the card programs will see requests to use it elsewhere.
Both the Bioscypt and the IR devices outlined above compare the presented biometric against a template in a locally stored database. This presents two key problems for large installations with multiple readers. How was the template communicated to the reader and how many can the reader store? The wiegand protocol used for physical access control only communicates one way, so local databases at each reader must be populated manually or via a second serial or Ethernet connection. That just adds more cost and complexity to the system. Once populated these local databases have limited storage. Even with extended memory the Hand Key II from Ingersoll-Rand tops out at thirty-two thousand users. With turnover, even a mid-sized institution can exceed this in time.
Storing the template on the ID card
Contactless card technology represents a potential solution for both template management and memory limitations. Using a contactless card to store the biometric template, the need for databases handling an entire population’s templates is eliminated. In essence, each person carries their template with them on their ID card.
Storing the template on the card allows the user to always carry their template with them, eliminating both distribution and storage issues. Bioscrypt and Hand Key both have options for enabling contactless cards. Biometric verification ensures that it is the cardholder presenting the credential (by comparing the template created by the reader with that stored on the card) while the access control system operates as normal, authenticating that the wiegand or other id number from the card is entitled to the requested privilege. Biometrics can be bolted-on with no software modification to the existing system.
Obviously, the card solves some problems and make the participation of the card program desirable, but is it compatible with existing card program applications? The answer is an emphatic “Yes.”
iClass(tm) (from HID) and other contactless smart cards are widely available in the CR80 card size/form factor, with options for ABA mag stripes, contact smart cards and proximity chips. Several major printer manufacturers even have modules for encoding iClass and other contactless chips during personalization.
Now we have biometrics utilizing existing infrastructure and working with the card program to create an experience that can reinforce the card program’s place as the arbiter of campus identity. While your IT or security groups may be the key drivers for biometrics, only the card program is positioned to handle enrollment and management on a campus wide scale.
Whether now or later, your card program will become involved. Being proactive early in the process gives your card program a voice in the policy and implementation discussions that will affect your business. Dealing with identity issues everyday gives card programs a unique, valuable perspective as your institution moves forward with this powerful technology.
To learn more about biometric concepts, read the series of Frequently Asked Questions developed by the author to accompany this article.