In electronic access control vernacular, authentication is how a system determines if the individual requesting permission to enter is allowed (authorized).
Authentication is achieved several different ways:
- What a person has: such as a credential or a key
- What a person knows: such as a code, often referred to a P.I.N. (personal identification number)
- Who a person is: a physiological feature of the individual, such as a fingerprint, hand geometry, retinal pattern, or facial features.
The more authentication factors used to qualify the individual, the better the security. For example, a single numeric entry code for all users is considered the weakest authentication. A memorized code can be easily shared or even guessed so security cannot be assured.
Using a key or credential is generally better authentication. However, how well the keys or credentials are managed and the type of key or credential used will affect security. For example, a non-patented key can be readily duplicated just about anywhere. Additionally if a credential is lost or stolen but remains in the system, or if a key - even a high security key - is lost or stolen and the locks are not rekeyed, security of the opening is compromised.
If a credential or key is used in conjunction with a memorized code, this is referred to as dual or multiple authentication, and this greatly enhances security.
In electronic access control, biometrics is considered the highest level of authentication, and biometrics can be used in single-factor or multiple-factor security management.
Variables such as the reliability of the biometrics and other elements of the premises security management system affect the system’s efficacy.
A fingerprint or other biometric factor is stored electronically and referred to as a template. Depending on the particular application, the template is used in different ways. In some applications, the template is embedded onto a credential, and the person requesting access presents the credential at the access control point, at which time their system compares the template on the credential with the physical characteristic of the individual requesting access. The biometric reader compares the person’s biometric characteristic with the single template stored on the credential, performing a 1 to 1 comparison.
The credential itself is usually proximity encoded and is also enrolled into the system so that the template may be paired with the person’s identity and data, and access privileges can be managed using the credential within the access control database. Often, different levels of authentication are required at different locations within the premises, such as card only at some openings, and biometric and credential at others.
Some biometric systems such as the KABA AD102KIT are standalone and use a keypad rather than a card reader. The person presents his finger and the system tests the biometric characteristic against the templates stored in the standalone system’s database. This is called a one-to-many comparison.
The AD102KIT, like other biometric units in this class, allows each user to enroll more than one finger, and will also allow a P.I.N. to be associated with each user. When using this method, having a dirty or damaged finger will not prevent the individual from being granted access.
The biometric reader is comprised of the scanner which collects the fingerprint and converts it to a digital image, and the operating firmware/software referred to as the algorithm which determines which fingerprint characteristics are scanned, and also controls how the collected image is compared to the templates in the database.
How well the biometric system is working is measured in many different ways and is collectively referred to as performance metrics.
Down at the door, the system is judged by whether a person gets in or not, but of course there is a lot more involved, since sometimes someone not getting in is a good thing.
The basic performance metrics for biometric systems are:
Two market drivers of biometrics are convenience and security. New products from BioAxxis, Bio-View, Marks USA and eKey USA deliver both convenience and added security.