Securing the Delta Biometric Sorority House

The reliability and efficiency of biometrics is greatly enhanced with dual authentication, meaning using the biometric template (your fingerprint) with a unique PIN or credential.


Our shop is in a college town and as well as getting frequent calls from the various University departments for all types of security work, providing security for off campus student residences is part of our business. Many of these residences are fraternity and sorority houses.

Standalone keypad access is a favorite solution for these applications because it eliminates the need to hand out keys to all the residents, and then repeat the process when the student turnover happens.

PIN-only access control is more convenient than key-based access, but regrettably does not offer any substantial improvement in security over traditional mechanical keys in most instances because students will share their PINs.

If the premises is keyed with proprietary key system, the chance of unauthorized key duplication is reduced, but the cost for keys is higher and keys can be lost, and the loss may not be immediately reported. When it is finally reported, you have to rekey and give out another set of keys.

If the keypad system utilizes a single PIN code, there are the issues of people sharing the code, and the possibility that the PIN code will be guessed by a perseverant miscreant.

With individual PIN code type systems, the number of user codes increases the probability of a good guess, does not prevent sharing a PIN, and therefore does not provide a substantial improvement in security.

If the keypad system is an individual PIN type system and provides for an audit trail, or if video surveillance is incorporated into the system, the combined effects of dual intimidation do represent an improved security management system.

 

Dual Authentication

But even if the PIN codes are replaced with individually enrolled credentials and then individual user codes are assigned to each credential, although security improves with each added level of authentication, there still remains opportunities for an enterprising and highly creative mind of a youth to circumvent a system.

Most of our customers find that some sort of PIN code solution is adequate for their purposes weighing risk against convenience against ROI.

When a sorority contacted me and asked if I did biometrics, of course I said yes.

In theory, the superior security benefits of biometrics are hard to dispute, assuming you are dealing with a legitimate biometrics security product.

Last summer we worked with an imported biometric lock, where the installer could dial in the sensitivity of the biometric algorithm. This was supposed to help for applications where higher throughput was desired, and occasional false positives were acceptable.

To me this is nutty. Of course higher throughput is always desirable. While false negatives slow up throughput and might anger some users, false positives feed into the suspicions people have about the efficacy of Biometrics. (Is this really reading my fingerprint?)

For locksmiths, it is bad enough that their keys are being supplanted by credentials. But biometrics now threaten to supplant the credential.

Well not exactly, since the reliability and efficiency of biometrics is greatly enhanced with dual authentication, meaning using the biometric template (your fingerprint) with a unique PIN or credential.

There are several different ways to deploy biometrics:

  • The fingerprint is scanned and tested against a database of biometric templates of enrolled valid users (1: many)
  • A credential with a copy of the individual’s biometric template embedded on the credential is presented to the reader, then the finger is placed on the scanner. (1:1)
  • The finger template has been enrolled into the biometric device along with a matching PIN code, and both are required in order to gain access.

So in one situation the fingerprint replaces both the PIN and the credential which is single authentication. In the next situation, the fingerprint takes the place of the PIN (dual authentication), and in the last situation the fingerprint takes the place of the credential (also dual authentication).

This content continues onto the next page...

We Recommend