Focus shifting from high security to convenience, speed
There are also the high-security areas, where biometrics has long been used. Some campuses have labs that may store nuclear materials and the Department of Energy requires three-factor authentication for those facilities, says CBORD’s Lemley.
Also bolstering adoption is the increased reliability and accuracy of biometrics. “Biometrics is mature enough and you can get the speed you need with the reliability and low false rejection rates,” Pawlak says.
The algorithms that run the system are also faster, says Lemley. The systems can perform checks on larger databases quicker so students aren’t waiting for the system to respond.
Not storing an image but a template
It is a common refrain that biometrics are well received on campus because students are comfortable with new technology.
It also helps, however, to explain that systems aren’t storing images of a fingerprint, iris or other body part. Rather mathematical representations, or templates, are created and the actual image is never stored in the system. When an individual is enrolled into a biometric system–no matter the modality–the algorithm picks out a select number of points and then translates that into a mathematical template.
That information is typically encrypted and rechecked when a user attempts to authenticate to the system at the time of service delivery.
There are several advantages to using a biometric template instead of an image. For one, they are smaller in size and make it easier to store biometric information on a smart card or other memory-restricted system. Additionally, it ensures that an actual image could not be reverse-engineered from a compromised or stolen template.
Spoofing is an attempt to defeat a biometric system through the introduction of fake biometric samples. Common spoofs include photos of face or iris, latent fingerprints, artificial fingers, and voice recordings. There are several categories of anti-spoofing approaches commonly used in biometric deployments.
Attended, supervised sample collection
By placing a human watcher at the point of biometric sample collection–such as a border control agent at an entry point–spoofing attempts can be made more complicated. In most cases, however, this is an unpractical and cost prohibitive approach.
Challenge and response procedures
With certain modalities, the specifics of the sample can be customized and changed at the collection point. Facial recognition systems can randomly ask for changes in face characteristics, for example smile and alter gaze or direction.
Liveness detection
Making sure a biometric sample is from a living, breathing human being is a key tool in the prevention of spoofing. Techniques for liveness detection vary from modality to modality and vendor to vendor. Iris and face vendors look for subtle, often involuntary movements that occur in human samples.
There are a number of different approaches fingerprint vendors take to ensure that the biometric is not coming from a plastic mold or other spoof. Some look below the surface of the skin to detect the presence of tissue, veins or other features. Others look for the naturally occurring pulsation, electric conductivity, radio waves, perspiration, heat or other byproducts of live tissue.
Iris biometric systems have typically been deployed in high-security environments, such as airports, data centers and border control areas. Early iris systems required the user to be just inches from the camera in order to authenticate.
The technology has since improved, enabling users to authenticate from as much as six feet away. These systems are deployed at airports across the Middle East to spot individuals who may not be welcome in certain countries. The technology is also catching on in the U.S. and other Western countries where military bases, corporate centers and government offices are utilizing iris for secure, convenient authentication.
One issue with iris has been it’s high cost, especially compared to fingerprint scanners. When comparing iris systems, with the greater distance comes increased cost. Typically, devices with shorter reach are less costly and thus more likely to be the choice of universities and convenience-focused applications.