Biometric Basics

The word “biometrics” pertains to the use of physical, biological characteristics as a means of identifying people. Common physical attributes that often are employed for this purpose include fingerprints, finger vein patterns, palm geometry, facial recognition, retina and iris, voice, and others.

In time the list will likely include genetic identifiers, which will be even more secure and fault free than the technologies now in place in the biometric access control market. In this regard, it’s important to note that biometrics does not provide 100 percent results in terms of accuracy. But the industry as a whole has found ways to compensate for this that actually creates a powerful identity tool for physical security purposes (see sidebar 1 for further information on the issue of errors).

In this story we'll discuss the basic premise behind biometric access control, we'll look at the technologies that serve fingerprint analysis and hand geometry, and we'll look at a handful of biometric access control readers now on the market and the systems that serve them.

In a typical biometric access control system, a sample of each user's chosen biological trait is captured and then converted into a data template using a mathematical algorithm. In some systems a backup template also is acquired while in others only one is sufficient. Templates are saved in the reader; an on-site host computer;’ a Cloud-based processing system (if one is used); and a credential, such as a smart card.

The system compares the user's real-time finger or hand print to the template. At the time of enrollment, or at a subsequent time, information on the user will be utilized to determine “if” the biometric credential is valid, “which” door(s) he/she is permitted to enter, and “on” which days of the week and time of day they are authorized to access the facility.

System architecture usually consists of a head-end host computer as well as individual access controllers. These controllers are designed to accommodate at least two access readers at one or two doors, also called “portals.” They commonly contain all the necessary I/O’s (Inputs/Outputs) to monitor doors, receive and process REX (Request to Exist) requests, determine identity, and release doors and gates.

Biometric-based access control readers can be used in stand-alone or in conjunction with a conventional means of personal identification for verification and authentication. Examples include a proximity card, smart card, or a unique PIN (Personal Identification Number) in conjunction with a traditional keypad.

Two readers at a single door are common in some applications where one is placed inside the portal and the other outside. This arrangement allows the access control system to track users as they enter and leave the premises. The result is an accurate, real-time accounting of everyone inside the facility at any moment of the day, which is a valuable tool to have during an evacuation, if and when one should become necessary. This also is ideal when it comes to creating an accurate audit trail of all events that take place in the system. It also makes it possible to perform a time-and-attendance function so employees do not have to manually ring in and out of a time clock.

Biometric Identifiers

Fingers and hands are perhaps the predominant means used to determine the identity of people as they come and go from tool rooms, computer rooms, utility rooms, entire commercial buildings, government facilities, and other secure areas. According to the The International Biometric Foundation (IBF), “Hand Geometry and fingerprint are the two most widely used technologies in access control applications.” For this reason we’ll restrict our discussion to biometric technologies with an emphasis on fingers and the hand.

The popularity of fingerprint identification relates to the fact that law enforcement long ago began developing the technology, which means it’s a dependable, stable means of determining individual identity. Most fingerprint readers effectively map the finger, extracting 30 or more minutiae thereon, of which only as few as 10 have to match to declare access.

Minutiae is not the only method used in fingerprint identification. “Instead of using minutiae, some systems perform matches on the basis of the overall ridge pattern of the fingerprint. This is called global matching, correlation, or simply image multiplication or image subtraction,” says Lawrence O'Gorman, of Veridicom Inc., Chatham, NJ; author of 2 Fingerprint Verification.

Modern systems commonly use an optical or solid-state imager of some kind that captures the unique essence of an individual's fingerprint, storing it as a data template.

“There are two primary approaches to capturing the image, optical and silicon-based sensors that measure capacitance. The two most widely used methods for comparing the captured image are pattern and minutia based” (Understanding Error Rates in Biometric Access Control, IBF, Haverhill, Suffolk, United Kingdom).

"HID Global has a unique fingerprint sensor that operates based on a multi-spectral imaging technology," says Bill Spence, vice president of sales, Biometrics, with HID. "We're able to dial out the negative effects of age, dirt, finger pressure, and common environmental conditions that can often be problematic in capturing a clear, concise image of the user's finger."

Hand geometry is another means of determining the identity of a user requesting access to a facility. This type of reader performs this task by examining more than 96 measurements related to the user's hand. This includes the shape and size of the hand as well as the length, width, and height of the user's fingers. Not all the measurements have to match in order to declare a user is valid to unlock the door. The threshold of identification can be varied up or down in order to improve detection of unauthorized individuals while allowing valid users to pass unimpeded (see sidebar). This also applies to fingerprint analysis.

No matter which flavor of biometric identification you select, there’s a learning curve, one that anyone can master. The only way to do this, however, is to dig in and make it happen. You may want to start with the products and manufacturers listed below.

The following products involve the use of fingerprints and hand geometry. Each one is manufactured by a highly respected company in the physical security market. Use the links provided to get more information on the biometric readers of your choice.

HandKeyII

The HandKeyII biometric hand geometry reader made by Allegion, a Schlage company, provides increased security when identifying users by employing the size and shape of the human hand. The open-architecture of the HandKey system allows for integration with almost any access control system that uses the Wiegand data protocol for communications over 802.11 (WiFi), Ethernet, RS485, or RS422. Allegion's HandKey product can be used in standalone or in a multi-door access control network and will accommodate from 512 to 191,488 users.

According to Allegion, “Hand Geometry is a robust, industrial biometric that has been trusted to secure a wide variety of applications at various security levels: critical facilities like data centers and transportation hubs, healthcare facilities, financial institutions, education installations from dorm rooms to athletic facilities and of course various commercial buildings.”

For more information, go to: http://bit.ly/1QPkLHr.

CV-940 Fingerprint Reader

The CV-940 is a biometric fingerprint reader made by Camden Door Controls of Mississauga, Ontario, Canada. It will accommodate standalone as well as network integration. It comes equipped with a biometric fingerprint sensor and can be configured for two-factor access using either a proximity card reader or keypad. The two-factor approach adds a heightened degree of security. The CV-940 will store up to 9,500 fingerprint templates inside the reader’s memory.

“You can order the fingerprint reader alone (CV-940) or in combination with keypad or proximity reader,” says David Price, marketing manager with Camden Door Controls of Mississauga, Ontario, Canada. “The networkable version uses the Wiegand protocol to communicate with a centralized access control system whereas in stand-alone mode relays are used to lock/unlock doors and perform other duties. We believe the technology behind the CV-900 is proven and stable enough to be used independent of other access devices.” For more information, go to: http://bit.ly/1KmxrQE

Zodiac iClass II

The Zodiac iClass II fingerprint reader by Cansec of Mississauga, Ontario, Canada offers heightened security by utilizing a 16-bit iClass credential with a fingerprint scanner. If the fingerprint template matches the one captured in real time, and if the template is associated with the iClass credential, the Zodiac iClass II will unlock the door to allow the individual to enter. The reader uses the Wiegand data protocol which means it can be used on almost any access control system on the market. In terms of number of users, because fingerprint templates are stored on the smart card that accompanies the user, the Zodia iClass II will accommodate an unlimited number of individuals.

According to Cansec, “The reader compares the live fingerprint scan to the template stored on the credential. If they match, the Wiegand data on the credential is sent to the access control system where it is processed just as if it came from a normal prox reader.” For more information, go to: http://bit.ly/1KmxuvV.

SID220 Finger Access Control Reader

The SID220 fingerprint access control reader manufactured by SekurID was designed for low to medium traffic indoor environments. The multi-spectral fingerprint imaging sensor works where other competing conventional technologies fail. The SD220, along with its accompanying controller, will accommodate up to 10,000 users.

According to Marco Quintero, CEO with SekureID Corp. a partner of HID Global, “The SID220 uses multiple wavelengths of light to capture an image of both external fingerprints and identical “internal fingerprints,” which is the foundational capillary bed. Unlike conventional fingerprint technologies used in most access control readers today, the SID 220 performs under a variety of conditions including wet, dirty, dry, moisture and bright ambient light. Best of all, the SID220 authenticates even if the external print is damaged or obscured.”

For more information, go to: http://bit.ly/1jUqIbl.

Access Control System Errors

The first rule of thumb when working with any kind of access control system is that there is no guarantee of 100 percent accuracy. Truth of the matter is: an access control system is capable of making several kinds of errors. The two most common when a user presents his biological identifier or hard credential to an access control reader is referred to as Type I and Type II.

Type I errors, also called “false rejections,” involve the rejection of a valid user. In other words, an authorized user attempting to enter is prevented from doing so by the access control system. The reasons for this depend on the technology used, but it can be due to corrupted data templates or changes in the biological characteristics of the user. This is why two templates often are required.

Type II errors, also called “false accepts,” involve the acceptance of an invalid user. Of the two error types, Type II's are the most serious, although Type I's will cause a good deal of trouble, such as bottlenecks at protected doors and gates as well as angry users and managers.

The two other error types that you need to know about are 1) Failure to Enroll, and 2) Failure to Acquire.

Failure to Enroll occurs when the access control reader is unable to enroll a user’s biological trait into the system. An example of this might be where the user’s fingerprints are worn or damaged to the extent where the system is unable to use them.

Failure to Acquire, on the other hand, occurs where the image captured is not clear enough for the system to compare it to the user’s data template stored in the system.

MorphoAccess SIGMA Lite series

Morpho (Safran) has announced the introduction of two new additions to the popular MorphoAccess (MA) SIGMA family of biometric access control and time solutions, called the MorphoAccess SIGMA Lite series.

Engineered with the same attention to detail and performance as the versatile MA SIGMA biometric access terminal, the MA SIGMA Lite fingerprint terminals are specifically designed to equip narrow mounting surfaces on glass/aluminum door mullions, turnstiles, or server rack doors.

With two designs and multiple card reader options, there are a variety of models to address the widest range of deployment scenarios, both indoors and outdoors. The first design features an LED indicator to assist users in the access control process, whereas the second model offers enhanced interactivity with a color touchscreen.

With Morpho's industry leading fingerprint technology inside, they are equipped for a high capacity workload, accommodating up to 250,000 users for one-to-one verification and up to 10,000 users for one-to-many identification.

The slim and sleek fingerprint readers embed a web server that enables users of laptops, tablets or smartphones to connect, and then trigger on-device enrollment, configure terminals or retrieve transaction logs.

Offering an easy to use mounting system and high configurability, the devices fit perfectly into legacy Bioscrypt and Morpho installations as well as new implementations.

"With these new devices, the right combination of design, robustness and performance is now available in a compact package," said Samuel Fringant, Executive Vice President of Morpho's Security division. "By delivering readers suitable for renewing legacy installations, complementing deployments of MA SIGMA stations or securing brand new facilities, Morpho reaffirms its commitment to give its customers access to the latest refinements of its technology, whatever the situation."

For more information: www.morpho.com

ZKAccess Biometric Lock with Bluetooth

ZKAccess, a leading provider of biometric and RFID security solutions, has just released its ML10-B biometric fingerprint door lock with built-in Bluetooth technology. The ML10-B operates the very same way as does the ZKAccess ML10 (fingerprint door lock). However, this ML10-B version is additionally equipped with built-in Bluetooth technology that allows for remote control capability.

ZKAccess' new mobile application - ZKBioBT - works in conjunction with the ML10-B fingerprint door lock, putting biometric door access control conveniently in the palms of customers. Prior to the introduction of this app, the ML10 enrolled users’ fingerprints to allow 24/7 door access. Now, with the ZKBioBT app, users can connect to ML10-B via Bluetooth and open the door wirelessly for true remote control capability from their mobile phone. .

This new app provides customers with far greater programming and reporting capabilities. They can enter users’ names, create time tables to establish when specific users are permitted door access and generate reports that show who entered an area and when.

“The ZKBioBT app is extremely secure," notes Larry Reed, CEO, ZKAccess. "Prior to launching the app and connecting to an ML10-B fingerprint door lock, the user is prompted for their password. This new mobile app provides the added level of security and convenience our customers were asking for."

Because no wiring is required, the ML10-B is easy to both program and install and is a very simple yet highly secure & convenient plug ‘n play replacement to any old “lock & key” door knob. Registering users with their fingerprints is also quick and easy. Each ML10-B door lock can store and recognize up to 60 users. ML10-B is truly a DIY (Do-it-yourself) solution for consumers wishing to improve security.

More information: http://www.zkaccess.com/.