Biometrics in an Integrated System

Why isn't biometrics working in some applications, and what can you do about it?

The second problem with employing single-factor biometric technology as a basis for access control is that without a single index into the database—such as what an access card ID or PIN would provide—data searches must be performed one to many (i.e., identification). Let's say, for example, that there is a database of 20,000 iris scans. When a person approaches a door, his iris is scanned and it is converted to a template. Now a search must be made for a match against 20,000 iris scans, which can be very time consuming.

Furthermore, since the readers do not have the capacity to store a large number of templates, the system architecture relies on all searches being performed against a centralized database, with the central host making the access decision.

When a biometric template is created, a threshold must be set that defines the range of acceptable values. The threshold should be very tight for identification purposes. If it is too loose, too many matches will be found that are close enough to the live template when a search is performed. However, a tight threshold makes it very difficult if not impossible to find a match. The bottom line is that in a single-factor biometric system, accurate data searches require an excellent algorithm and perfect conditions of capture.

Is There Another Solution?
An alternative to an interfaced system is a seamlessly integrated solution in which all of the component functions operate flawlessly together, collectively behaving as one system. In a truly integrated environment, biometric data is treated like any other data. In such an environment biometric readers are components of an access control system and behave like access control readers; there is no database in the biometric readers and no templates are stored there; and the biometric does only what it was designed to do: compare and verify templates.

The architecture of a distributed controller solution consists of a single system, seamlessly integrated access control and biometric functionality, a single, centralized database and single, centralized enrollment and administration. All data—user data, access control data and biometric data—is captured in a single process during enrollment.

At the door is a combination access control (proximity) and biometric reader. A person presents his card, which is read by the proximity portion of the reader. The unique card ID is read and sent to the controller. The controller searches the database for that unique card ID, then searches for the template that is associated with that ID. Once found, the controller sends the template to the biometric portion of the reader. The reader reads the person's live fingerprint, converts that reading into a template and compares that template with the template received from the controller. Based on that information, the reader tells the controller yes or no, and the controller makes the access decision. With one system to maintain, it's more cost-effective and easier to manage. Enrollment is streamlined, and data synchronization is not a problem.

There are important reasons why a second factor authentication such as access cards (or PINs) are an essential component of a seamlessly integrated biometric solution. First of all, virtually every facility that has an access control system uses photo IDs or other cards as credentials for identification. In addition, data searches are greatly simplified. The use of card IDs provides an index into the biometric template database, so each search is one to one—verification rather than identification. For this reason, biometric template thresholds can be set a little looser to minimize false rejections, yet still be accurate enough to produce a correct match.

The Smart Card Option
The use of contact or contactless smart cards could be the driving force for integrating biometrics into physical access control environments. Instead of storing the biometric templates in the controller, they're stored along with the access control information in the smart card itself. With the addition of smart card readers, most existing technology and computers in the system can remain in place.

In a distributed smart card solution, a smart card credential is created during enrollment and the captured biometric template is stored in both the database and the card. At the door, there is a combination smart card and biometric reader, which reads the template from the smart card. A person then presents his live fingerprint to the reader.