By Mike Chaudoin
|
For environments requiring an extra level of security, fingerprint biometrics can be deployed inexpensively. The above is a physical access device using fingerprint authentication solution from UPEK. (Photo by UPEK, Inc.) |
The advantages of fingerprint biometrics for physical access control are becoming increasingly clear: enhanced security and improved user convenience. Since fingerprint biometrics are based on ¡®who you are¡¯ instead of ¡®what you have¡¯ or ¡®what you know¡¯, it reduces threats to traditional physical access controls such as picking locks, stealing and copying keys, re-entering PINs and faking swipe cards; convenience is derived from the fact users no longer have to carry keys and cards or remember PINs. For environments requiring an extra level of security, fingerprint biometrics can be deployed inexpensively and in tandem with existing security measures such as swipe cards for dual-factor authentication.
FALSE SCARES
Many people have grown skeptical towards the viability of fingerprint biometric technology because it has failed to deliver on its promises in the past. Common concerns include:
Is fingerprint biometric technology robust and secure enough to be deployed in real-world applications today?
Fingerprint biometric security has been improving steadily for many years and has now emerged in several mainstream applications. Examples include authenticating users of Lenovo (IBM) ThinkPad notebook PCs, SanDisk portable USB flash drives, HID access control terminals, Brinks home safes and many other applications. The technology has been gaining market acceptance for years, and has seen rapid adoption by major enterprise and consumer products -- a validation of the technology¡¯s maturity.
Can you fake the sensors?
¡®Spoofing¡¯ sensors, a concept often depicted in Hollywood, is more difficult than the movies would lead one to believe. Advanced silicon sensors capture 3D images and include specialized sensing capability to recognize the properties of real fingers, making it difficult to bypass these systems. No solution is perfect, but there has been a steady increase in the capability of leading solutions, offering added security benefits to users.
Does using my finger for authentication present a risk to my privacy?
Using fingerprints to identify individuals may have been associated with law enforcement applications in the past. However, in commercial applications today, fingerprint systems do not need to save the full fingerprint image to work reliably. Instead, these systems generally store just the fingerprint ¡®template¡¯. A fingerprint template is a mathematical representation of the unique aspects of your finger, but it cannot be converted back into the original fingerprint. Think of a template as the ¡®password¡¯ stored in your fingerprint. These systems ¡®read¡¯ this fingerprint password and eliminate the rest of the fingerprint information. This method allows the system to determine if you are who you claim to be, but without requiring a full fingerprint image. Electronically, fingerprint templates are also smaller in size, sometimes as much as 1/500th the size of the data that would make up the original fingerprint. This compact size allows for faster matching and smaller memory storage requirements.
Does it take a lot of processing to make a fingerprint authentication work well?
Actually, leading devices come with the fingerprint sensor and a co-processor integrated into a single package. These devices allow this technology to be used in a device without having to understand the details of a biometric subsystem. These ¡®intelligent¡¯ devices can be used to capture and match fingerprint information, without ever having to send the fingerprint information outside of the system. This integrated approach improves both the security of the system and offers better privacy protection for users.
FINGERPRINTS FOR ACCESS CONTROL
In the access control market, major companies such as HID, Identix, Cogent and others have integrated fingerprint biometrics into terminals for physical access deployments. Fingerprint devices have been deployed in banks, hospitals, businesses, private homes, cars and many other places. One example of an access control deployment is the Caltex Pacific Indonesia Oil Refinery¡¯s use of a combination biometric-smartcard authentication solution from Canadian company Labcal. This system monitors the entry and exit of employees and vehicles in secure areas. Authorized security officers use enrollment devices to generate biometric ID cards (contactless smart cards) in which the worker¡¯s credentials and fingerprint template are stored. Then, using mobile readers, staff and vehicles are authenticated at on-site verification gates by comparing the employee¡¯s fingerprint with the fingerprint template stored on the card. Every transaction (entries and exits made by the employee) is securely logged in the mobile device¡¯s memory, downloaded and transferred to a central server database, and aggregated into reports. This example illustrates a system approach to using fingerprint authentication to enhance the security of a system, while making it convenient for users.
IMPORTANT CRITERIA
Because this technology is rapidly growing in mainstream markets, it is important to understand that the quality of the sensors and solution varies, and this variation affects the overall system security, convenience and reliability. Therefore, consider these criteria when evaluating fingerprint solution suppliers:
Security
The primary function of physical access control is security. For biometric fingerprint technology, security is determined by the sensor¡¯s ability to capture high quality images and the algorithm¡¯s ability to match stored data accurately. The level of security is measured by the biometric performance indicator False Accept Rate, which is the likelihood that the device will grant access to the wrong person. This metric must be balanced with the level of convenience as measured by the False Reject Rate, or the likelihood that someone who should have access is not granted access. Measuring biometric performance is complex since it requires testing a wide range of people in various environments over time. Since many access control companies are not specialists in conducting this type of testing, you should look to leading security-focused companies that have integrated fingerprint biometrics and scrutinized vendors through qualification testing.
Ease of Use
Authorized users expect to be granted access to the system on their first attempt, so any failure to recognize them will cause frustration. As discussed above, the level of convenience, measured by the False Reject Rate, is determined by the overall system performance. Different technologies have their relative strengths and weaknesses. Over the past few years, silicon-based sensors have improved significantly in their mechanical and electrical robustness, while also providing excellent ease-of-use, high security, cost-effectiveness, small size and power efficiency. Other technologies include larger and more costly optical devices and thermal sensing technology, which may be affected by changing environmental conditions. Active capacitive sensing technology has proven to be very effective at capturing high quality fingerprints under a broad array of conditions. Regarding the different types of sensors, touch sensors allow a user to place their full finger on the sensor at one time. These systems have been in the market for years with a solid track record of working well for many applications, including in physical access control. A new generation of sensors called swipe sensors are emerging onto the market today. These swipe sensors require a user to move their finger over the surface of the sensor, instead of placing and holding their finger on the sensor while the fingerprint image is scanned. The swipe sensor system uses this finger motion to accurately determine the user identity, but at a much lower cost and lower power than is required for touch sensors. Users may have a slight learning curve with these new devices, but once users have practiced a few times, the operation becomes simple and reliable.
Ease of Integration
To have a successful biometric access control system, it is important to consider the sensor and the associated processing platform. Today¡¯s leading fingerprint solution providers offer complete modules that perform all of the biometric processing tasks: image capture, conversion to ¡®template¡¯ template storage, template comparison and communication of the results. Buying a complete module is similar to buying an entire digital camera to take a picture, versus buying just the lens and building the rest of the camera yourself. Buying a complete biometric solution allows buyers to quickly use a device without worrying about complex integration issues -- buying just a sensor can be like buying just a lens. This means you have to put all of the other pieces together to make the complete system to work, and this opens you up to performance and quality issues if the integration is not done well. Also, today¡¯s leading biometric solutions comply with industry standards, which provide customers with compatibility to other systems if needed.
Robustness
Biometric fingerprint sensors must stand up to repeated use and endure a wide range of environmental conditions. Today¡¯s leading fingerprint sensors provide hard protective coatings for extended wear, certified ESD protection, specialized packaging and reliable operation across a wide range of temperatures.
When selecting a fingerprint sensor solution for an access control application, you should consider the items discussed above. Take care to select a fingerprint sensor that meets your needs, and is part of a well tested and proven solution that can get you to market quickly with a product your customers will value and enjoy. The lowest priced sensors may skimp on security or ease-of-use capabilities, resulting in less satisfaction for your customers. When evaluating different biometric providers, it is important to have a long term perspective: select a solution partner that will perform as promised and will provide your customers with a solid product that meets their needs.
Mike Chaudoin, Segment Director for Standard and Security at UPEK, Inc. (www.upek.com), one of the leaders in fingerprint biometric security, is responsible for market development and product strategy for government applications, access control and transaction terminal applications. Mike has eight years of biometric industry experience at companies including Identix and Fujitsu, as well as broad software and system experience from Microsoft, Apple and Xerox. Mike holds an MBA from MIT, an MSEE from RIT and BS/BA from Dartmouth College.
For more information, please send your e-mails to swm@infothe.com.
¨Ï2007 www.SecurityWorldMag.com. All rights reserved.
|