Macao construction workers, building a new casino, use hand geometry readers to enter the site.
Red squares show where biometric readers are typically placed in Internet data, telecommunications, interconnection and collocation facilities.
Hydro-Quebec’s Gentilly-2 nuclear generating station uses biometrics to limit entry to only authorized individuals.
If access control systems are to control where people — not credentials — can and cannot go, then only a biometric device can truly provide this capability. That’s why more and more biometrics readers are showing up in access control systems. How do you determine the right biometric technology for you?
Before getting specific, let’s discuss two important topics relating to biometrics that are somewhat intertwined: a one-to-many match vs. a one-to-one match and privacy issues.
An important distinction must be made between “identification” — a one-to-many match, and “verification” — a one-to-one match. A system designed to “identify” a person compares a biometric presented by a person against all biometric samples stored in the database. The one-to-many system identifies the individual if the presented biometric matches one of the many samples on file. This type of system is used by the police to identify criminals.
The verification process, however, involves a one-to-one search. A live biometric presented by the user is compared to a stored sample — previously given by that individual during enrollment — and the match is confirmed. However, the actual hand geometry, vein pattern or fingerprint is not stored in a database. Instead, a mathematical equation, or algorithm, creates a unique number that represents the points measured on the finger, veins or hand. The number — or template — that results from this equation is all that is stored.
When the user presents an ID card or enters an assigned PIN, only that template is transmitted. When the employee presents his/her hand or finger, the reader runs the authentication process to determine if the template that is stored matches the template of the biometric being presented. If there is a match, the person is verified.
Privacy should not be a concern
In some cases, companies implementing biometrics will initially receive employee resistance, with privacy issues taking center-stage. This will invariably be the case if a union is involved, looking for negotiating points. Any concerns are eliminated if employees are educated on the system’s announcement. After using the biometric reader once or twice and seeing how easy it is to operate, employees generally prefer biometrics.
Teach that biometrics will provide them with increased security in the workplace and improve record-keeping for payroll. Emphasize that the biometric reader provides verification, a one-to-one match, and how that works.
Additionally, for those using smart cards, let them know the template data can be stored on their employee card, thereby keeping control of its use in their own hands.
Today’s Leading One-to-One Biometric Technologies
Hand Geometry. The size and shape of the hand and fingers is used by a hand reader to verify a person by evaluating a 3D image of the hand. It was the technology used for the very first commercially available biometric device, which came to market in 1976. Hand geometry readers continue to be the dominant biometric technology for access control and time-and-attendance applications. They are predominantly used in high-throughput applications, such as at the gates to a factory, access to an airport tarmac or admittance to a college recreation center.
Fingerprint. Remember, do not confuse the fingerprint readers used in access control with the one-to-many fingerprinting done by police. One-to-one fingerprint access control readers create a template of the fingerprint in a process similar to hand geometry readers for local comparison. Due to throughput concerns, fingerprint access control may be best applied in smaller user populations. Because of cost and size, they are a perfect choice for single person verification applications, such as in logical access control, where they are used to log onto PCs or computer networks. They are also a good choice for a small lab or admittance into the telecommunications room for a select few people.
Vein Recognition. Like one’s hand geometry or fingerprint, the layouts of a person’s veins are unique. To use a vein recognition system, the user simply places the finger, wrist, palm or the back of the hand on or near the scanner. A camera takes a digital picture using near-infrared light. The hemoglobin in one’s blood absorbs the light, so veins appear black in the picture. As with all the other one-to-one biometric types, the software creates a reference template based on the shape and location of the vein structure. Small-scale access control for equipment such as lockers can easily embed finger vein scanners.
Eye. The scanner stores traits of a person’s iris into a template. The user tilts the unit so that their eye appears in the center of the image capture area. This image passes to a processing unit via network wiring to be compared with the iris code on files. Several doors can be connected to the processing unit. While the technology is extremely accurate, the high cost-per-door limits its widespread adoption for general commercial applications. Acquisition is difficult to perform at a distance and extremely complicated when the subject is uncooperative.
Other One-to-One Technologies
The other most-discussed technologies include signature validation and voice authentication; however, these technologies will tend to be used only in very vertical applications, such as check cashing and telecommunications-based industries. For instance, voice verification is proving invaluable to enhanced call center applications, banking and payment adoption.
Multimodal technologies are also seeing rapid development, harnessing the power of two or more biometrics — improving accuracy and providing increased flexibilities.
What’s the Best Choice?
With all these choices, which then is the best biometric to choose? It depends on the application. First of all, what is the security level? There is a big difference whether someone breaches a nuclear warhead storage area vs. a student union.
How many people need to use it? If there are hundreds of people using the biometric daily and they are standing in line to do so, that is unacceptable.
Throughput — the total time that it takes for a person to use the device — is a key determination. This will vary between technologies.
It is difficult for manufacturers to specify a throughput since it is application-dependent. Most manufacturers specify the verification time for the reader, but that is only part of the equation. When a person uses a biometric reader, they typically enter an ID number on an integral keypad. The reader prompts them to position their hand, finger or eye where the device can scan physical details. The elapsed time from presentation to identity verification is the “verification time.” Most biometric readers verify in less than two seconds.
However, one must look beyond the verification time and consider the total time, including the time taken to enter the ID number, if required, and the time necessary to be in position to be scanned. If ID numbers must be entered, keep them short. If a long ID number must be used, some biometrics can obtain the number by reading a card, which contains the ID number in the card code.
Consider Biometrics for Every Job
Justifying the use of a biometric is becoming a reality and necessity for more and more organizations. There are biometric systems available today which economically meet the needs of almost any commercial access control application.
Jon Mooney is general manager for Schlage Biometrics, a unit of Ingersoll Rand Security Technologies.