AMAG Technology logo Integrated Security Solutions Call us: (800) 889-9138
Let us call you

SECURITY BEYOND INTEGRATION

COMMERCIAL     GOVERNMENT     EDUCATION     HEALTHCARE     TRANSPORTATION
AMAG Partner Site
access control and video menu
Skip Navigation Links
Skip Navigation Links

Are Biometrics Ready for Show Time?

Over the past few years, many have associated biometrics with James Bond and Star Trek. That may have been because until recently only James Bond and the crew of the starship Enterprise were using it. Since Randall Fowler, founder of Identix, patented the optical fingerprint scanning system in 1978, manufacturers and analysts alike have predicted the day when our bodies and our behavior would win out as the ultimate identification credentials. But between the state of biometric technology twenty years ago and today stood a number of substantial technological and psychological barriers to widespread acceptance of biometrics outside government agencies and the prison system (those organizations who had already learned to live with Big Brother).

Since that time, several factors have created an environment in which biometrics may finally begin to spread its wings. First, manufacturers of biometric identification products have risen to the challenge by adopting existing standards, creating new standards, educating the public regarding privacy concerns and drastically reducing false accept (misidentifying and granting access to an unauthorized person) and false reject (misidentifying and denying access to an authorized person) rates. Second, radical increases in computing power coupled with radical declines in the cost of that power have brought biometric throughput rates into the ballpark of what is tolerated by commercial access control users. Third, the physical security industry, like the culture in general, has cultivated a voracious appetite for technology. As a result, our customers are more comfortable buying technologically complex security products and we are more comfortable selling them. Lastly, growing concerns about the security of intellectual property and e-commerce transactions have attracted massive investments in developing the necessary tools to protect computers and the networks they are attached to.

All of these factors mean that biometric technology has enjoyed renewed interest, investment and acceptance among those in the information technology (IT) community. For example, a Network World survey conducted in the middle of 2000 indicated that, while only 4 percent of participants were currently using biometric authentication, 11 percent planned to use it within the next 18 months. And it probably doesn? hurt that the patriarch of personal computing software himself recently integrated biometric authentication features into the Windows™ 2000 operating system.

These trends lead me to believe that the time is right for biometrics to take a more prominent position on the access control landscape. In the past, many biometric suppliers predicted that their technology would obsolete cards because biometrics were a more reliable authentication technology than cards and biometrics are easier to use and more cost-effective than cards. While I agree that biometric technology does verify the identity of an individual in a way that cards may not be able to approximate, I would not agree that biometrics will replace card-based technologies. My experience leads me to believe that, like all of the other security technologies currently available, biometrics will find its application within a hybridized, or layered, approach that exploits the best that each technology has to offer.

Knowing when and how to weave biometrics into the security fabric of a customer? enterprise requires a comprehensive understanding of 1) the magnitude of the end user? unique security needs/desires, 2) the size of the end user? budget, 3) the environment in which the technologies will be used, 4) what technologies the customer is already using, and 5) which specific biometric technology best addresses the end user? unique needs within the available budget.

First, different types of businesses require different levels of security. Biometrics have been particularly popular as a physical access strategy with data centers and network colocation facilities. For example, one of our customers in this industry is using a combination of biometrics, CCTV and mantraps to control access into main entry points and biometric readers to restrict access to network equipment cages. Common denominators in these kinds of applications are a) mission-critical servers, storage devices and miles of CAT-5 cable residing throughout their facilities, b) the data residing and circulating through the facility is extremely sensitive, c) the locations are remote and unmarked and access is tightly restricted so throughput is not as critical an issue, and d) robust budgets that accommodate the maximum levels of security.

But most businesses do not share these characteristics. Usually networking equipment and data storage devices are stored centrally, creating a localized security hot spot. In contrast, most enterprise or campus environments have to provide access to a large number of employees, partners, vendors and customers, all with varying levels of access privileges. In this situation, throughput, convenience and transparency are priority issues. Proximity card access currently offers the best method of addressing these issues and also provides the basis for the photo identification requirement most organizations have. The best practice here would be to harden security as traffic approaches the organization? hot spots with the use of biometric readers, most of which are Wiegand 26-bit compatible and are designed to easily replace card readers.

Second, biometric technology suppliers have made radical improvements in the costs of their products. For example, a finger scan reader, that may have cost $500 only two years ago, is now available for under $100, with many other readers available for under $200 per unit. More sophisticated iris scan readers have moved from the $7,000 range into the $4,000 range and some manufacturers are predicting sub-$1,000 units soon. That being said, biometric technology is still substantially more expensive to purchase than most card technologies, which themselves are also dropping in cost. So while end users may express interest in deploying biometrics in their facilities, corporate budgets will often determine whether or not that will actually happen.

Third, current biometric product design necessitates that units be deployed indoors as most have not been ruggedized for prolonged exposure to outdoor conditions or vandalism. The amount and kind of traffic may also affect the selection of biometrics or cards. For instance, in parking structure applications or near main entrances, wireless card technologies, like proximity, are more convenient than biometrics.

Fourth, end users will be more inclined to buy off on biometric value proposition if they can leverage rather than replace their current systems. This leveraging can be accomplished in a number of ways. A pure biometric system would function almost exactly like a card access system. Individuals attempting to gain access present their finger, hand, eye or face or speak into a microphone in the same way they would present their card. The difference is that the typical proximity cardholder identification number requires 26 to 85 bits of memory. The typical fingerprint template used by a biometric system requires 250 to 1,000 bytes or, if we recalculate those numbers into bits for comparison, 2,000 to 8,000 bits. Obviously, it takes substantially more processing time and power to verify the identity of an individual biometric scan against a database of hundreds or thousands of others versus a cardholder number.

There are a few ways to use a customer´s existing card-based system to solve this problem. One way is to associate each individual cardholder number with that person? biometric template. This can be done easily during the enrollment process and requires that individuals present their existing card to a card reader either installed next to a biometric reader or actually built into it. The cardholder number tells the biometric system where to look on the template database for the individual´s stored template, greatly reducing the amount of processing required to verify the authenticity of the biometric scan. Another way to simplify processing is to store the biometric template on a smart card. This eliminates the need for a separate biometric template database and the infrastructure needed to support it, because the smart card provides all of the storage and security needed. This is an especially popular method for our government agency customers who are already using smart card technology for both physical and logical access. The third way to get around the processing problem is to store the biometric template on the controller panel.

Lastly, after settling these issues, you still have to determine which kind of biometric technology best matches your customers´ situation. The three technologies that I believe to be the most practical currently are finger scan, hand scan (or hand geometry) and eye scan (either retina or iris). I do not advocate the use of voice or facial scan technologies at this time because, at their current level of development, neither provides a practical solution for most commercial physical security applications. The three technologies I will address usually offer the user the ability to adjust sensitivity, or tolerance levels to balance false accept and false reject rates.

There is usually a direct correlation between accuracy, as measured in the number of unique characteristics the technology can discern, and cost. The level of intrusiveness is also an important consideration because customers who deploy intrusive procedures into the organization could become the target of enterprise-wide hostility. Eye scan technology is probably the most accurate technology of the group, but it is also the most expensive and perceived to be the most intrusive. Retina scan products require that users position their eye within half an inch of the reader while over 400 unique features are scanned from the back of the eye. Iris scan technology offers a similar level of accuracy (around 260 unique features) and similar price, but is less intrusive. Individuals need only get within three feet for a reliable scan. Because either eye scanning process requires the individual to get into position and hold their eyes steady (usually around two seconds), only the most security-conscious employees will be able to truly appreciate the reliability of eye scan technology.

Finger scan technology is probably the most popular of the biometric technologies for a wide range of applications including logical access, internet security, banking and point-of-purchase. It offers a good balance between accuracy and cost and generally has managed to shake the criminal identification stigma. Traditional optical finger scan technology will most likely be replaced with newer silicon technology that requires less surface scanning area and less maintenance than optical scanning.

Given the current state of development among the various biometric technology alternatives, hand scan, also known as hand geometry, integrated best with physical access system and is our preferred choice for combining accuracy (up to 90 unique features or measurements) and cost with a minimal perceived amount of intrusion. Hand geometry templates are the smallest available from current biometric technology at around 9 bytes (72 bits), which translates into reduced processing and storage requirements. Hand geometry readers are designed to correctly position the individual? hand and ensure quick, efficient reads.

Once the decision has been made about where biometric technology will be used in your customer? organization, which kind of technology will be used and how it will be integrated with existing systems, the final step is to train customer security personnel. Not only will they need to know how to adjust the tolerances of the readers to balance false accept and false reject rates, they also will need to know how to calm employees´ fears that their identities may be stolen. Additionally, the security director should expect some level of animosity toward the biometric readers when some employees are unable to access areas to which they are authorized due to improper use or narrow tolerance settings. Thoroughly preparing the security personnel can go a long way toward smoothing the path to acceptance of the new technology.
© AMAG © AMAG 2008 SiteMap | Home : Company Overview : Products : Industry Solutions : Support : Library : Contact Us
Visit our other G4Tec websites:
G4Tec Corporate | G4Tec Integrated Systems (UK)
HI SEC | Girovend | Guard Control Systems

Access Control I Access Control Equipment I Access Control Software I Access Control System I Camera System Management I CCTV and Access Control I CCTV Management Systems I Integrated Security System I Security Camera System I Security Management System I Smart Card Readers
Surveillance Camera System I Symmetry Security Systems I Video Management System I Video Security Software I Wireless Access Control