Moving to the Door

Biometrics makes its way across the enterprise

• By Steve Carney
• Aug 01, 2019

Biometrics have rapidly expanded into our daily lives, as millions of people use fingerprints to unlock their mobile phones, access cash through ATMs, and verify their identity in a growing range of use cases. This mainstream adoption is also driving the increasing demand for biometrics at the door and across the enterprise for physical and cybersecurity. These applications benefit from biometrics’ ability to fuse convenience and security while validating “true identity” versus one’s identity that is associated with possessing an ID card or mobile ID on a smartphone.

Bringing Biometrics to the Door

A number of challenges have had to be solved to bring biometrics to the door. The biggest is the environment where biometric solutions must operate for these applications. In the real world, people have wet, dirty, oily, dry or worn fingerprints that have been difficult to capture and read with previous biometrics technology. As a result, earlier fingerprint biometrics solutions for physical access control are often deployed with reduced security thresholds because their lower-quality imaging technology leads to false fingerprint rejections that create long authentication lines at the door.

The latest fingerprint reader/controller solutions solve this challenge to deliver up to 99.9 percent accuracy in fingerprint image capture, leading to much higher matching speeds and better overall performance—regardless of the fingerprint conditions. This level of reliability, coupled with the security and user convenience it offers, is driving interest in marrying biometrics with physical access control applications.

Environment isn’t the only challenge that has faced the use of biometrics in access control applications. Many fingerprint technologies are vulnerable to spoofs and hacking, enabling fraudsters to create a fake fingerprint and present it to a reader. Previous solutions also have been notoriously slow at moving users through doors as compared to using a simple ID card and reader. There also have been significant differences in the performance between available fingerprint capture technologies.

Key developments in biometrics are removing these issues and shining a spotlight on the technology and its suitability for use in access control.

Better image capture. The quality of the captured image is critical, across all types of fingerprints ranging from children to the elderly, and in cold, dry, dirty and wet environments. To address these challenges, organizations are increasingly choosing sensors that use multispectral imaging that optimizes the quality of the captured image by illuminating the skin at different depths. This enables the sensor to collect information from inside the finger to augment available surface fingerprint data.

Also important, the sensor collects data from the finger even if the skin has poor contact with the sensor because of such environmental conditions as water or finger contamination. Multispectral sensors have been proven to work for the broadest range of people with normal, wet, dry or damaged fingers, across the widest range of conditions, from the presence of lotions or grease to sunlight, wet or cold conditions. The sensors also resist damage from harsh cleaning products and contamination from dirt and sunlight.

Liveness detection that enhances trust. Even when fingerprint images are properly captured, if they are a plastic fake or other artificial copy, the system cannot be trusted. For this reason, liveness detection is an increasingly visible dimension of biometric performance in commercial applications. While liveness detection is critical for preserving trust in the integrity of biometrics authentication, it must not impede performance or result in excessive false user rejections. The most trusted multispectral imaging fingerprint sensors with liveness detection provide a real-time determination that the biometric data captured by the fingerprint reader is genuine and being presented by legitimate owners, rather than someone impersonating them.

This capability leverages the imagecapture approach of using different colors or spectrum of light to measure the surface and subsurface data within a fingerprint. In addition to this optical system, the biometrics sensor features several core components including an embedded processor that analyzes the raw imaging data to ensure that the sample being imaged is a genuine human finger rather than an artificial or spoof material. Advanced machine learning techniques can be used so the solution can adapt and respond to new threats and spoofs as they are identified. This is critical if biometrics is to eliminate the need to use PINs or passwords. It also protects privacy—if you can’t use a fake finger, then even if you did obtain someone’s fingerprint data, it is meaningless.

Optimized performance. The top-performing solutions capture usable biometric data on the first attempt for every user and speed the liveness detection process. They quickly perform template matching to reject impostors and match legitimate users and should be tested by skilled and independent third parties like the National Institute of Standards and Technology (NIST) for interoperability so that performance is based on data that can be trusted in all templatematching modes.

Raw performance is not enough, however— this performance must be trusted. The next generation of solutions deliver trusted performance by using the top-ranked NIST certified MINEX III minutia algorithm to ensure interoperability with industrystandard fingerprint template databases in all template-matching modes. This includes both template-on-card and card/mobile + finger modes using “1:1” template-matching profiles, as well as template-on-device mode for finger-only authentication using “1:N” matching. Delivering this level of interoperability ensures that today’s systems, which are based on much more powerful hardware than in the past, will perform accurate 1:N identification of a full database in less than a second, significantly reducing delays and the queues users often experienced with earlier biometric solutions.

Deployment Best Practices

Organizations now have an easy path for taking their systems from traditional readers to a biometric solution but they should adhere to several important best practices during deployment. Biometrics must be incorporated into access control systems using a secure trust platform designed to meet the concerns of accessibility and data protection in a connected environment. The platform should leverage credential technology that employs encryption to prevent man-inthe- middle attacks while also protecting the biometric database, and a software-based infrastructure to secure identities on any form factor for trusted access to doors, IT networks and beyond.

As an example, HID Global’s iCLASS SE RB25F fingerprint reader/controller incorporates the company’s Seos technology and secure trusted platform, which gives users the option of accessing facilities with a mobile device. Its multispectral sensor incorporates trusted liveness detection to provide real-time validation that the fingerprint is genuine and real, while ensuring superior protection against hundreds of commonly used spoofing materials. The solution also comes with duress finger functionality, as well as a built-in optical tamper that automatically sends alerts in the case of an attempt to remove the device.

With today’s solutions, system management is simplified using web-based reader managers that handle all reader/controller configuration and management while supporting fingerprint enrollment for both the 1:2 verification and 1:N identification modes. The solution should encompass remote management of all readers and users, spanning all onboarding as well as template loading and enrollment activities for the supported authentication modes. Today’s tools can be used as stand-alone applications or interfaced with other access control and/or time and attendance platforms and enable system administrators to manage all configuration settings from time and data to language, security and synchronization. They also enable continuous live monitoring of authentication, alerts and system health.

To simplify deployment, application programming interfaces (APIs) are available for direct integration of biometrics authentication solutions with the access control infrastructure. Multiple interface options should be available to support various system architectures.

It is critical that biometrics data is handled like all sensitive and identifying information. A properly architected system will always consider and protect against both internal and external threats and attacks. Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multifactor and even multi-modal authentication to maintain security even if some identifying data is compromised. All reader/controllers should also feature duress finger functionality, as well as built-in optical tamper safeguards with automated alerts if there is an attempt to remove the device.

Also important is the environmental design of the reader/controller. In addition to built-in vandal resistance, all devices should include weather protection so they can be installed indoors or outdoors. Features that support rapid deployment can reduce installation time to just minutes.

Early Adoption Paths

There are several applications that lend themselves to the security and convenience of biometrics technology at the door. Examples include education and healthcare campuses where it is imperative to prevent users from taking someone else’s card and using it to gain access to restricted locations and/or privileged resources. When used for authentication, it adds the human element to strengthen security by combining something the user “is” with something the user “has” or “knows.”

The ability to identify persons with 100 percent accuracy is especially critical healthcare so that medical professionals have the correct patients’ medical history with which to properly diagnose and treat them. The inclusion of liveness detection in these biometric solutions will give healthcare organizations the assurance, for instance, that they are complying with HIPAA regulations for verifying identity without the fear that someone will compromise the system and gain access using a fake fingerprint.

On a college campus, biometric solutions will be increasingly important for preventing unauthorized use of data or access to secured campus locations, and eliminating errors or fraudulent manipulation of attendance monitoring, library management and other systems. Here, too, liveness detection will play an important role, ensuring that a thief can’t steal and use someone’s campus ID card to, for instance, gain unauthorized access to the person’s dorm room or fraudulently purchase meals at the cafeteria using their account.

In these and similar applications, biometric solutions deliver a higher confidence about “who” is being admitted into a university residence hall, classroom, a hospital’s front door and other restricted areas where this confidence really matters. In these and other applications, it is insufficient to simply possess an ID card, and what is required is the ability to validate a person’s true identity using biometrics. This must be accomplished in such a way that any person can be identified or verified regardless of skin condition, at any authentication point regardless of environmental conditions, and without the risk of excessive false user rejections that slow down access.

Biometrics technology will continue to improve as it grows in popularity to use at the door, and companies are actively investing in these advancements. Examples include HID Global’s acquisition of Lumidigm for fingerprint sensors with multispectral imaging and liveness detection, and Crossmatch for its biometric identity management solutions for civil government, defense and commercial applications, as well as a secure multifactor authentication software solution. Today’s fingerprint authentication solutions are on a fast track to deliver a unique combination of ease of use and higher security. They combine enhancements in liveness detection, system architectures and trusted performance to give people secure and convenient access facilities, networks and services using fingerprints that are unique and cannot be forgotten, lost or stolen.

This article originally appeared in the July/August 2019 issue of Security Today.