The impact of bringing biometrics to the door
FYI, this story is more than a year old
Article by HID Global director of product marketing Wayne Pak.
Biometrics have rapidly expanded into consumer applications like the financial market for customer authentication to payment services and withdrawing cash from ATMs in high-fraud markets. Its adoption as an authentication factor for physical access control systems and other enterprise applications hasn’t been as rapid, but this is changing.
Biometrics fuse convenience and security while validating “true identity” versus identity that is associated with possessing an ID card to offer numerous benefits access control and other enterprise applications. With the emergence of new anti-spoofing capabilities and its integration into secure platforms that protect privacy and support numerous credential technologies, biometric authentication is poised to deliver a much higher matching speed and better overall performance. This will dramatically improve an organisations security and enhance user convenience.
Despite the benefits of biometrics, there have been impediments to its broader enterprise adoption. While the price has been one big roadblock, there have also historically been other reasons for its slower-than-expected growth.
First, many technologies are still vulnerable to spoofs and hacking. It has been far too easy for fraudsters to create a fake fingerprint and present it to a reader. Equally troublesome, older products have not been able to move users through the doors as fast as a simple ID card and reader. In general, all fingerprint capture technologies are not equal among older products, and there can be significant differences in performance.
Newer solutions are overcoming these security and convenience hurdles to help realise the full potential of biometrics. Their development has focused on three key areas: 1) how fingerprint images are captured; 2) the implementation of liveness detection to enhance trust, and 3) optimising performance through a combination of new technology and algorithms.
Across all types of fingerprints and environments, the quality of the captured image is critical. Many customers choose sensors that use multispectral imaging because it illuminates the skin at different depths to collect information from inside the finger to augment available surface fingerprint data.
Additionally, the sensor collects data from the finger even if the skin has poor contact with the sensor because of environmental conditions such as water or finger contamination. Multispectral sensors work for the broadest range of people with normal, wet, dry or damaged fingers, across the widest range conditions (from lotions or grease to sunlight, wet, cold conditions). The sensors also resist damage from harsh cleaning products and contamination from dirt and sunlight.
Liveness Detection and Trusted Performance
Liveness detection is the ability to determine that the biometric data captured by the fingerprint reader is from a real living person, not a plastic fake or other artificial copy. An increasingly visible dimension of biometric performance in commercial applications, liveness detection is critical for preserving trust in the integrity of biometrics authentication. At the same time, it must not impede performance or result in excessive false user rejections.
While liveness detection and the underlying capture technology optimises performance, it is also important to ensure that this performance can be trusted. The top-performing solutions capture usable biometric data on the first attempt for every user. They also speed the process of determining that the biometric data is not a fake, and they quickly perform template matching to reject impostors and match legitimate users.
To trust this performance, interoperability testing must be performed by skilled and independent third parties like the National Institute of Standards and Technology (NIST) so that performance is based on data that can be trusted in all template-matching modes:
- template-on-card and card/mobile + finger modes using “1:1” template-matching (one of the fastest-growing two-factor authentication use cases for secure access to physical and digital places); and
- template-on-device mode for finger-only authentication using “1:N” matching.
Physical Access Control Integration
Incorporating biometrics into access control systems requires a secure trust platform designed to meet the concerns of accessibility and data protection in a connected environment. The platform should leverage credential technology that employs encryption and a software-based infrastructure to secure identities on any form factor for trusted access to doors, IT networks and beyond. Cryptography prevents any man-in-the-middle attacks while also protecting the biometric database. This system also should encompass remote management of all readers and users, spanning all onboarding as well as template loading and enrolment activities for supported authentication modes.
Other important focus areas include configuration and administration, plus all logs, reports and monitoring. It should be possible to manage biometric readers as groups or individually over the network, and tools should be available to allow system administrators to manage all configuration settings from time and data to language, security and synchronisation. Additionally, the system should enable continuous live monitoring of authentication, alerts and system health.
There are also backend implementation decisions to be made, including how a biometric authentication system will be integrated into third-party systems. This is another pain point of biometric technology. To simplify deployment, application programming interfaces (APIs) should be available for direct integration of biometrics authentication solutions with the access control infrastructure.
Properly implemented, biometrics solutions with liveness detection also protect privacy – if you can’t use a fake finger, then even if you did obtain someone’s fingerprint data, it is meaningless. Strong and updatable liveness protection is critical if biometrics are to eliminate the need to use PINs or passwords.
Biometrics data must be handled like all sensitive information, and properly architected systems will always consider and protect against both internal and external threats. Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well-protected systems, including the use of multi-factor and even multi-modal authentication to maintain security even if some identifying data is compromised.
Today’s fingerprint authentication solutions are on a fast track to delivering a unique combination of ease of use and higher security to access control systems. With their latest enhancements in liveness detection, system architectures and performance, they seamlessly combine security and convenience to make them a viable option for secure access to facilities, networks and services. These solutions deliver a higher confidence of “who” is being admitted through the building’s front door, where it really matters.