Biometrics 101: A Primer for Physical Access Control

Biometrics 101: A Primer for Physical Access Control By Debra Spitler The world of physical access control was altered by the events of September 11, 2001, as veterans of this industry will attest. Prior to that time, physical access...

Error Rates
Most people considering biometric technology for their facilities have concerns about the accuracy and performance of biometrics. In general, technology experts agree that the accuracy and response time have improved. However, given the way data is reported, it is difficult to quantitatively estimate the level of improvement.

Within the world of biometrics, we hear about false acceptance rates (FAR) and false rejection rates (FRR). Most manufacturers of biometric products indicate that such errors typically result from improper use (improper positioning and recording of traits during the enrollment process), rather than inaccuracy of the technology.

According to Webb, modern biometric systems are very accurate and may have false acceptance rates of less than 1 in 10,000. When the system is tuned this way, the false rejection rates increase dramatically. Therefore, a way of looking at the systems on equal footing is the equal error rate-the level at which the false acceptance and false rejection rates are equal. Some of the best systems have an equal error rate of approximately 1 in 1,000. These numbers are generated based on large databases of collected templates.

Enrollment quality and operational use issues must also be considered. If someone does not provide the best input to the device, the false rejection rate will be high. Training is often the best solution. The installer or integrator should train the end user on how to properly enroll the biometric. This includes how to place the finger, the projected response time, and what to do in case of a negative response. A high-quality enrollment will go a long way in showing a system in its best light.

Privacy Concerns
One of the key items in a successful biometric solution deployment is gaining user acceptance. According to Cathy Schaub, vice president of marketing for Biocentric Solutions Inc., three privacy questions arise with biometric applications: (1) where the biometric templates are stored; (2) who has access to them; and (3) whether they can be duplicated.

Frances Zelazny notes that the biometric industry is responding to privacy concerns through the International Biometric Industry Association (IBIA). This trade association was founded to advance, advocate, defend and support the collective international interests of the biometric industry.

Privacy guidelines have been developed that govern the use of biometric technologies in both the private and public sector. These guidelines specify that in the private sector, biometric data can be used only for the purpose for which it was collected, and should not be sold or transferred to a third party without the individual's consent unless in response to proper law enforcement investigative procedures. In the public sector, the guidelines stipulate that the collection of the biometric be done in accordance with the law.

In addition to adhering to guidelines such as those outlined above, companies such as Biocentric Solutions Inc. consider privacy concerns a key component of product design. For example, biometric templates are not saved after enrollment and are not held in a database. Templates, which are encrypted, are stored on a card and held by the owner of that card. Bioscrypt's Webb explained, "Since the biometric data is stored on the card, and you have possession of the card, there is less worry of the information being used surreptitiously. Also, the smart card may encrypt your data for storage, further limiting the possibility that the data can be used inappropriately."

Hunepohl and Webb agree that privacy concerns are really an education issue. "Users need to understand biometrics applications are just a more secure form of identification," said Hunepohl. Webb added, "Although biometrics are a measurable characteristic of your body, they are used to protect, not incriminate." She noted the biometrics that cause the most concern over privacy are DNA and fingerprints (since fingerprints are often used in criminal investigations and stored by other government organizations.)