For many applications the use of biometric technologies is the most effective, secure and private means of identification available today. Biometrics ascertains or verifies the identity of an individual based on physiological or behavioral characteristics. Examples include products that recognize faces, hands, fingers, fingerprints, signatures, irises, voices and skin characteristics. Determining what constitutes human identity is evolving and becoming more nuanced than our understanding even five years ago.
Biometrics technology can quickly determine a person’s identify by matching data from a live person, such as fingerprints against a database of fingerprints. These physical features can be quickly converted into mathematical codes to become unique and secure identifiers. Biometrics can be readily sold into the same market niches currently using access control systems, as well as applied to other systems used by organizations to gain business efficiencies beyond securing a facility.
Let’s delve a little deeper into how biometrics are being leveraged and why integrators can expect to gain newfound revenue opportunities with these products and solutions.
BIOMETRICS APPLICATIONS ARE VARIED, VERSATILE
The big news in biometrics today is the products actually work as advertised. Previously, systems integrators too often found that these devices failed to live up to all the accompanying marketing hyperbole. Understandably, integrators concerned about their livelihood and reputation were reluctant to adopt bio- metric products for their customers.
While this article focuses on access control, biometrics is applicable to all kinds of security applications where the “who” matters. Currently, fingerprint technology is the most popular type of biometric, with facial recognition gaining increasing acceptance. Facial recognition is recommended for locations where fingerprints would not be practical, for example, because employees are carrying objects in their hands.
Following are various types of applications for biometrics and associated benefits and efficiencies end users can leverage.
Access control: The principal function of any biometric product is to verify the identity of an individual. Access control in addition requires that the unit unlock a door, grant or deny access based on time restrictions, and monitor door alarms. Products are available that (1) protect a single critical access point; (2) are a full state-of-the art system; (3) can be integrated into conventional access control systems; or (4) can be added to the current conventional access control system.
Time and attendance: Most biometric time and attendance systems utilize fingerprints or faces as identifiers. The typical time and attendance system collects the work time and summarizes it according to the customer’s parameters so that the time can be exported to the payroll service to prepare the pay checks. Customers that implement biometric time clocks find that it saves significant money by eliminating time-card fraud, such as buddy punching and lost or stolen cards, or forgotten passwords. Reducing overpayments for time as little as 10 minutes a day in organizations with 100 employees can easily save as much as $150,000 each year.
Muster systems: Muster systems are recommended for crisis control, such as locations with hazardous materials or dangerous processes. During an evacuation or accident, the muster system provides management and first responders with a real-time list of missing persons. This information allows management and first responders to deploy resources where needed. It also provides management information when making announcements or talking with the press.
Visitor management: These systems work much like access control in that positive identification is required of the visitor and an electronic record is made of when, where and who the visitor is. This process greatly reduces record keeping and recording time of end users.
Other common applications: Biometrics can be applied to cabinet control, turnstile control, gate control and dock control to ensure positive identification before the individual can gain entry, operate equipment, etc. Ultimately the key to using biometric products successfully is to select the product that is appropriate for the application. For instance, fingerprint recognition would not typically be recommended for locations where workers’ hands are constantly soiled.
ADVANTAGES OF A MULTIMODAL BIOMETRIC SYSTEM
Multimodal biometric systems evolved in the business world due to a variety of reasons. Primarily because integrators and customers were uneasy about trusting a single biometric, manufacturers added a second identifier to increase the accuracy and reliability of the biometric products. A second reason was that the identification technology — be it fingerprints, faces, etc. — was prone to false acceptance of invalid inputs/tries when only a small census of persons were enrolled and another identifier was added to prevent the false acceptance. The authentication model, the key card reader, most often installed by integrators today was invented in the 1960s.
Hence, in many legacy applications these outdated devices have been rendered vulnerable and therefore violate the promise of trust that the customers have bestowed on installing security contractors. The single key card access control products so popular for years with integrators cannot provide the true identity of the cardholder with an acceptable degree of certainty. Access control cards and related credentials are easily lost, stolen and shared and now can be easily cloned with a device that can be purchased for less than $20. The inherent inability of a card system to provide the true identification of an authorized person is failure of the first degree. Therefore, to mitigate potential security lapses, multimodal biometrics can be applied to use a combination of recognition technologies to compare the identity of a person. Should one of the technologies fail for any reason, the system can still use another one or two biometric technologies to provide accurate identification of a person.
SECURITY INTEGRATORS MUST CONFRONT MULTIPLE CHALLENGES
The role of the traditional security integrator is evolving as the market transitions to IP-based technology. This transition is attracting IT integrators with their lower equipment costs and higher service costs. To remain competitive in the marketplace, security integrators are compelled to broaden their skill sets and to become savvier in project management. One only needs to consider the burgeoning size of the security market to understand why IT integrators are zeroing in on the space.
Market research firm IHS predicts that physical security equipment sold through integrators and installers will reach more than $38 billion in 2016. Security integrators can expect IT providers to continue to move into this industry as they assist their customers with the purchase of security equipment. Some customers will have privacy concerns with biometrics.
In some cases the employees will be concerned that their personal information or fingerprints or facial images will be available either to the employer or an outside entity, such as law enforcement. Employees need to be reassured that images of fingerprints and faces are not saved.
The image is converted to a mathematical code for storage and even if the system is hacked, the code will be meaningless. Notably, a potentially serious liability problem awaits security integrators that continue to install card-based systems now that it is common knowledge the cards can be easily and quickly cloned.
This can essentially render a system useless and invalid. Why would an integrator risk the safety and security of their customer by installing a system they know can be easily defeated with a cloned card? The objective of an access control system is to manage where authorized people are granted entry. With a typical credential-based access control system, entry is granted if the card or credential presented is authenticated by the system.
The card manufacturers’ solution to this issue of inability to authenticate the actual identity of the user has been to produce new cards with more options that are more expensive. Yet these new credentials still do not and cannot authenticate the identity of the user.
Management is still dependent upon the honesty and integrity of the person who holds the card or credential.
More bells and whistles for these credentials are not a cure. Customers are increasingly aware that their card systems do not and cannot authenticate the identity of the user.
Embracing biometric technologies can save customers money, increase security, reduce risk and better safeguard facilities. These are the key reasons why knowing “who” matters in the realm of life safety and security.
