Biometrics in an Integrated System

Why isn't biometrics working in some applications, and what can you do about it?

Biometric solutions have become the subject of much discussion lately, as governments and businesses search for more sophisticated security solutions beyond the traditional identification badge and access control system. Although they have much to offer, biometric technologies have so far failed to become integrated in physical security environments on a widespread basis. To date, there have been few large-scale, enterprise installations in which biometrics was integrated with access control. In general, biometrics has been implemented only in selected small-scale projects at airports, or in IT companies where intense security has been needed. There are a number of reasons that biometric technology has not yet achieved its potential in the physical security arena.

System Architecture
One of the biggest obstacles to the adoption of biometric technologies in physical security environments has been system architecture. Traditionally, access control and biometric functions have existed independently from one another. Biometric systems were designed to either operate alone or to connect to an access control system by means of a Wiegand interface. Many companies tout the use of a Wiegand interface as "integration," when in fact it's not integration at all.

Essentially, this architecture consists of two completely different systems. Each has its own information repository or database, its own specialized readers, its own enrollment process and its own enrollment and administration workstations. There's no connection between them except the Wiegand wire.

On a small scale with only a few readers, this compartmentalized approach can work. But if the system scales upward to incorporate hundreds of readers, greater demands are placed upon it, and the inherent problems become obvious. In each database, a cardholder record contains a unique identifier for each person. That unique ID must be entered manually and maintained in both databases. If a mistake is made entering a cardholder's information during enrollment, the wrong card ID will be associated with the wrong template, and the cardholder will be denied access.

The compartmentalized approach also risks suffering data synchronization errors, which can occur if one database is down and some data becomes corrupted, or if one of the networks or readers fails. As the system grows, the tasks of managing it and keeping the data synchronized can become overwhelming.

Controller Limitations
Quite often in current biometric systems, there's a limited local database of templates stored in the biometric readers. Some systems, however, store the biometric templates in the access controllers. This allows systems to utilize the larger memory capacities of today's controllers. It also allows several readers to share the common storage of templates within the controller, while preserving the fast local decision-making ability needed for access control. But storing the templates in the controllers necessitates that those controllers be designed for distributed network architecture, and that they have sufficient capacity to store both the full cardholder database and the biometric templates. Each template can require several hundred bytes of storage.

Single-Factor Biometric Systems
Increasingly, vendors are positioning biometric systems by themselves as access control solutions. A single-factor biometric (such as fingerprint reading or face recognition) is not reliable enough to provide high-end access control. Many individual biometric technologies have high rates of false acceptance or false rejection because of inaccuracies during data capture and template creation. There are simply too many variables for which the current algorithms cannot account. High error rates are unacceptable, because people who have legitimate access might get rejected and—even worse—people who are unauthorized might be allowed access.

This content continues onto the next page...