Biometrics: What Technology Is The Best Fit?

Sept. 5, 2012
Fingerprint recognition is the most widely deployed biometric identifier because it is reliable and easy to deploy. Facial imaging and retinal scans are options. Use of multiple credentials greatly increases security.

Biometrics can be used for identification or combined with credentials and PIN codes to affect multiple factor authorization. Multiple factor authorization forces a higher level of security.

Biometric technology involves creating a digital file referred to as a template is created by using a biological characteristic of an individual; often called their biometric signature. This template can be stored in memory and compared to the biometric signature of individuals requesting access.

When an individual’s trait is compared to a large database it is referred to as 1:N (one to many) identification.

Another technique is to store the template on a credential and the person presents the credential when attempting access, and the trait is compared to the template on the credential. This is referred to as 1:1 (one to one) authentication.

Systems often will permit the enrollment of two biometric signatures for each end-user, in case one of the signatures is unreadable by the system. This is typically a fingerprint where a wound on the finger obscures the scan. Another alternate is to assign a P.I.N. number to a user which can be used in lieu of their biometric signature.

Unlike keys, PIN numbers, picture IDs, magnetic swipe and “smart” cards, biometric-derived identities cannot be transferred to another person, stolen, copied or counterfeited.  Therefore, the application of biometric technology eliminates or greatly reduces the opportunity for identity theft unauthorized access and the potentially disastrous consequences to safety and security.

There are three different elements to Biometric access control systems:

  • A reading or scanning device (terminal) that can capture the image of personnel. 
  • The Software algorithm which creates each individual’s biometric template which is stored in a database or on a credential, and determines if the scanned signature matched the stored template.
  • Access Control controllers and software which manage the users the templates the access rules and control and record activities and the locking and unlocking of the doors.

Some biometric technologies are open platform in that they present a Weigand output to a access control system. One example would be that my fingerscan would create a Wiegand data string the same as a credential would create, and the access control system would act on this data as if it were a credential-based transaction.

Some biometric systems are self-contained and a valid signature results in a contact closure to unlock the door. Many biometric terminals may be configured to do both.

There are a number of biometric scanning technologies, and which one is best is the subject of much contention between not only vendors but also consortiums that make studies and comparisons.

Fingerprints, hand geometry, veins, voices, faces, irises, retinas and even signatures, keystrokes and DNA all lend themselves to being measured, digitized, stored, retrieved and matched in order to verify someone’s identity. 

Check out http://www.nist.gov/itl/iad/biometric-120611.cfm to gain a little more perspective on this area of technology.

Facial recognition system can verify identity without physical contact with a reader or appliance. CCTV cameras have been adapted for use in facial recognition.

Iris recognition is one of the most accurate biometrics currently available. 

Retina recognition also has a high degree of precision, but because subjects must allow a light to be shone into the back of their eye, retina recognition is considered one of the more intrusive biometric technologies.

Hand recognition is precise, reliable and non-intrusive. 

Vein recognition systems are not readily available yet, but offer a level of precision similar to iris recognition technology.

Voice, signature and keystroke reliability of this technology depend on the variables such as the subject’s stress level, ambient noise level, illness, etc.

Fingerprint recognition is the most widely deployed biometric identifier because it is reliable and easy to deploy.

When determining which type of biometrics to use, site conditions play an important role, as each biometric technology has characteristics which differentiate it from the pothers.      Things to factor into your decision include:

Throughput required: This means how many individuals the system will be required to screen, and how fast must this be accomplished without creating delays and user frustration.

Existing system capabilities: Many Biometric upgrades are totally possible without having to run cabling or changing other system assets.

Reliability and efficiency of the reader: Every person who will use the system will have to be ‘enrolled’. The identity every person using the system must be verified. Misreads or malfunctions will cause big problems.

Price: The cost of the hardware and the amount of technical support required to keep biometrics lowering and thereby making the technology more feasible.

Ease of Deployment: Biometric systems and readers are more robust and modular; software is written to interface more readily, and the readers are designed to withstand harsh environments.

Reliability: Improved technology results in fewer hardware failures and security lapses. Reader throughput rivals keypad and credential based system speeds.

Convenience: Newer biometrics are less intimidating than earlier efforts, less body contact, no laser beams in the eye; no hygiene issues, makes the biometric interface more friendly to users.

As is the case with all security technologies, the landscape is constantly changing with respect to the technologies, the costs and the end-user demand and acceptance of these products. As the world becomes a more dangerous place, heightened security starts to make more sense.

I’ve seen some biometric products where the installer can actually ‘tune’ the scanner to reduce misreads, and lower the criteria for a positive read, thereby reducing the incidence of false negatives (preventing an authorized person from entering) and consequently increasing the incidence of false positives (allowing an unauhorized individual to access). Would you want a system like this protecting you?

With so much at stake, perhaps the locksmith should carefully consider if he wants to get involved with offshore knock off biometric products whose algorithms and design may have not been subjected to adequate evaluation by experts.

The following are some of the latest biometrics products available.

HID BioClass

Using 13.56 MHz contactless smart card technology, HID iCLASS® products provide users with new options for supporting multi-authentication of identity.

Users can combine contactless card presentation with a fingerprint biometric. Personal identification numbers  (PIN) can be used with a contactless card presentation. 

• The iCLASS RWKL550 read/write is a contactless smart card reader with keypad and LCD display.

The bioCLASS RWKLB575 read/write is a contactless smart card reader with keypad, LCD display and fingerprint biometric verification.

The bioCLASS BIO500 fingerprint biometric verification module is an addition that can be used to upgrade existing RWKL550 readers.

These bioCLASS products provide three levels of fingerprint verification. Users can choose the level of security to meet their needs: card and PIN; card and  fingerprint; card, PIN, and fingerprint.

During the enrollment process, the CP575 is connected to a PC via a USB port. The software will guide the user to place a finger on the sensor.  The fingerprint template is collected at the unit and immediately transferred to the card.

During this enrollment process, the fingerprint template is stored ONLY on the card; it is never transmitted to an external host. During verification at the door, the LCD graphical display assists the user with instructions about finger placement on the biometric sensor.

More Info: www.hidcorp.com.

Hirsch Fingerprint Readers

Hirsch’s newest fingerprint reader, Model CR-BIO-MA110, is a grey and silver surface mount fingerprint and smart card reader for interior use. The device stores two fingerprint templates per person for up to 500 individuals and associated Wiegand numbers.

It includes a 13.56 MHz HID iCLASS 16 bit (16K2 or 16K16) contactless reader. 500dpi optical sensor. 1; 1 verification time < 1 sec. Adj. FAR.

Valid access sends a locally stored Wiegand number or a number on the card to the Hirsch MATCH or ScramblePad. USB or 10/100 Ethernet port for template distribution.

More Info: - www.hirschelectronics.com /

Panasonic Iris Reader

Panasonic says its Iris Readers offer the most accurate and precise personal identification technology in the biometrics field. 

Panasonic’s recognition technology uses built-in countermeasures, making it virtually impossible to defeat by spoofing. This technology can identify a user in just 1.5 seconds.  This means no needless delays or back-ups at entry points.

Using the Panasonic Iris Reader requires no physical contact at all; users stand 12 to 15  inches away from the camera.  This hygienic, contactless solution makes it ideal for clean rooms or other sensitive environments.

Panasonic technology easily recognizes users wearing eyeglasses or contacts. The system can even recognize users wearing glasses and a full-face safety shield.

Contrary to popular myths Panasonic Iris Readers do NOT use lasers of any kind.  And NO bright or harsh lighting is involved in capturing iris images.  The system uses low-power infrared illuminators, like those used in household (TV and DVD) remote controls. 

All Panasonic Iris Reader systems fully conform to IEC60825-1 and ANSI RP-27.1-96 eye safety standards.

Panasonic supports from just a handful of users to many thousands, with no loss of accuracy, speed, or flexibility.  Panasonic Iris Readers have been deployed in all types of systems, large and small, including highly secured border crossings and registered traveler programs.

Panasonic’s iris reader technology makes use of the complex patterns in the iris:  the delicate muscular structure that gives the eye its color. These intricate patterns are unique to each individual, and are even different in right and left eyes. Even identical twins do not have identical iris patterns. Since the iris is well protected and stable throughout life, individuals only need to be enrolled once; the iris code will remain constant.

For each enrollee, the specialized Panasonic Iris Reader camera captures a video snapshot of the iris in each eye.  An algorithm automatically records the characteristics at approximately 260 different points in the iris – and translates this into a unique and encrypted Iris Code™ data packet.  Depending on how it is configured, this code can be stored in the reader itself, stored in a network attached PC or server, encoded into smart cards, or even written into a barcode. The system does not need to store actual images of the iris itself – only the encrypted Iris Code template.

The unique architecture of Panasonic Iris Reader systems supports virtually any type of access control, verification, or large-scale identification application.  You can easily enhance existing security systems with Panasonic Iris Readers - and design systems with whatever mix of equipment and software integration the application demands.

IRIS-ONLY (1: N) Identification Mode, IRIS AND CARD OR PIN (1:1) Verification Mode and IRIS CODE™ ON SMART CARD Verification Mode  are available.

With the higher security of IRIS CODE™ ON SMART CARD option, you can integrate Panasonic Iris Readers with new or existing systems that rely on Smart Cards.  The Iris Readers provide an extra level of security by verifying that the person presenting the proximity card is in fact the authorized user.  Each user’s Iris Codes are encoded directly into the card during the enrollment process.  No Iris Codes need to be stored in the reader or the attached server.

At the access point, the user must first present a valid smart card or proximity card to activate the Panasonic Iris Reader system. After presenting the card, the user simply looks into the camera, which immediately produces an Iris Code from a live image of the iris.

This live Iris Code is then compared to the Iris Code retrieved from the user’s smart card.  If there’s a match, the camera signals the EAC system over a Wiegand or TCP/IP interface on the iris reader.

You can use the Panasonic BM-ESDK300 Software Development Kit to set up a system that creates smart cards from any manufacturer.

An integral color video camera in the Iris Reader can be used to capture a facial image of every user each time they attempt to gain access. DVR time-stamped images serve as a video log of each access attempt.

The color CCTV camera is entirely separate from the iris-reading cameras – and does not capture iris information.

Two tamper detection switches on the front and back of the unit are designed to activate if the cover is removed, broken, or otherwise tampered with. The Iris Reader will then immediately sound a local alarm, and transmit an alarm to the administrative server.  At the same time, the Reader can be set to delete any stored iris data –thereby denying all access until the situation is resolved.

The built-in CCTV camera can also capture a video image of anyone attempting to tamper with the unit.

More Info: www. Panasonic.com.

Rosslare Biometrics

Rosslare’s biometric PIN and prox readers/controllers and software can accommodate 500 users, with two templates per user fingerprint, PIN and card.

Master and user cards and fingerprint enrollment are programmed using Rosslare’s AS-B01 software in  conjunction with Rosslare’s CP-R26 Mifare® card desktop programmer and BioTrax™ Biometric Fingerprint Enrollment Software

BioTrax™ is a PC software application for the AYC-W6500 biometric fingerprint Reader/Controller. BioTrax™ can be used to enroll a user’s fingerprints, add cards and users, and allow the user to upload and download data between the unit and the PC. BioTrax™ communicates with the unit through the serial port.

The controller features two user levels and operation modes: Normal and Secure Reader.

It is coompatible with Mifare® ISO 14443A 1K and 4K cards and tags

More Info: www.rosslaresecurity.com.

Cansec Zodiac Link

Zodiac LinkTM is Cansec’s latest addition to its field-proven line of fingerprint readers. Building on the success of the Zodiac 250, three new features have been added.

User capacity is increased from 250 users to 2,000.

You can now link up to five readers with all user programming done from a designated Master. You can also copy user templates from one unit to the other in case one is damaged and needs to be replaced. No need to re-enroll users.

Just like the Zodiac 250, it can be used to directly control a door or it can be connected to any Wiegand-compatible access control panel. And like the 250, you can upgrade a regular prox reader to biometrics in less than five minutes.  

More Info: www.cansec.com.

KEYper Systems

The KEYper Elite Series Electronic Key Management systems use Windows based embedded controller and state-of-the-art semiconductor technology to control, catalog and track critical keys used by your organization. It controls and reports who used which key, when it was withdrawn and returned, and why it was requested. The KEYper is a Web based appliance which can be operated locally or remotely. Use of a biometric terminal in order to log into the KEYper is the most popular option. A backup PIN code may be used in case of a finger injury.

Only authorized administrators are able to access the electronic key management system. Customized administrator groups allow for escalated control of more sensitive keys. Unauthorized key removal is permanently logged and causes immediate email notifications.

Quick easy to use web based software shows what keys are in, what keys are out, and to whom they are issued. Upon checkout, the appropriate key is visually indicated by means of a flashing LED. In addition the KEYper system allows you to return any key to any location in the cabinet. The KEYper relearns the key’s new location on the board.

Electronic key management reports can be generated and used to track activities within the organization. Complete audit trail and reporting by user, key, and administrator reduces lost keys. Concise key management is the cornerstone of effective security management.

More Info: www.keypersystems.com.

About the Author

Tim O'Leary

Tim O'Leary is a security consultant, trainer and technician who has also been writing articles on all areas of locksmithing & physical security for many years.