Over the past few years, biometrics has rapidly expanded into consumer applications, like the financial market for customer authentication, to payment services and withdrawing cash from ATMs in high-fraud markets. However, its adoption as an additional authentication factor for physical access control systems (PACS) and other enterprise applications, hasn’t been as rapid. But this is changing.

Biometrics offers numerous benefits at the door and throughout the enterprise. With the advent of new anti-spoofing capabilities, and its integration into secure trust platforms that protect privacy and support a variety of RFID credential technologies, biometric authentication is poised to deliver a much higher matching speed and better overall performance. This will dramatically improve an organization's security, while enhancing user convenience.Newer solutions are overcoming these security and convenience hurdles to help realise the full potential of biometrics

Challenges For Biometric Authentication

Biometrics fuses convenience and security while validating “true identity” versus identity that is associated to the possession of an ID card. As an example, biometrics prevents a user from taking someone else’s card and obtaining access to privileged resources. This adds the human element to traditional methods of authentication, strengthening security by combining something the user “is” with something the user “has” or “knows.”

According to the firm ABI Research in its May 2018 study, Biometric Technologies and Applications, the total fingerprint sensor shipments for the entire consumer market is “estimated to reach 1.2 billion worldwide for 2018, thus ensuring its market dominance.It has been far too easy for fraudsters to create a fake fingerprint and present it to a reader

Despite the benefits of fingerprint authentication in numerous consumer applications, there have been impediments to its broader adoption in the enterprise. While price has been one big roadblock, there have also historically been other reasons for its slower-than-expected growth.

First, many technologies are still vulnerable to spoofs and hacking. It has been far too easy for fraudsters to create a fake fingerprint and present it to a reader. Equally troublesome, older products have not been able to move users through the doors as fast as a simple ID card and reader. In general, all fingerprint capture technologies are not equal among older products, and there can be significant differences in performance. 

Developing Technology Performance

Newer solutions are overcoming these security and convenience hurdles to help realize the full potential of biometrics. Their development has focused on three key areas:

  1. How fingerprint images are captured – if the image can’t be properly captured, the rest of the process fails
  2. The implementation of liveness detection to enhance trust – even in the case when the image is properly captured, if it is fake the system cannot be trusted
  3. Optimizing performance through a combination of new technology and algorithms, while ensuring interoperability so the performance can be trusted.

 

The top-performing solutions capture usable biometric data on the first attempt for every user. They also speed the process of determining that the biometric data is not a fake
The skin is illuminated at different depths to deliver much richer data about the surface and sub-surface features of the fingerprint

Optimizing Capture

The quality of the captured image is critical, across all types of fingerprints and environments. Many customers choose sensors that use multispectral imaging because it collects information from inside the finger to augment available surface fingerprint data.The skin is illuminated at different depths to deliver much richer data about the surface and sub-surface features of the fingerprint The skin is illuminated at different depths to deliver much richer data about the surface and sub-surface features of the fingerprint.

Additionally, the sensor collects data from the finger even if the skin has poor contact with the sensor, because of environmental conditions such as water or finger contamination. Multispectral sensors work for the broadest range of people with normal, wet, dry or damaged fingers, across the widest range of usage conditions – from lotions or grease to sunlight to wet or cold conditions. The sensors also resist damage from harsh cleaning products and contamination from dirt and sunlight.

Liveness Detection

Liveness detection is the ability to determine that the biometric data captured by the fingerprint reader is from a real living person, not a plastic fake or other artificial copy. An increasingly visible dimension of biometric performance in commercial applications, liveness detection is critical for preserving trust in the integrity of biometrics authentication. At the same time, it must not impede performance or result in excessive false user rejections.While liveness detection optimizes performance, it is also important to ensure that this performance can be trusted

The most trusted multispectral imaging fingerprint sensors with liveness detection provide a real-time determination that the biometric captures are genuine and are being presented by the legitimate owner, rather than someone impersonating them. This capability leverages the image-capture approach of using different colors or spectrum of light to measure the surface and subsurface data within a fingerprint.

In addition to this optical system, the biometrics sensor features several core components, including an embedded processor that analyses the raw imaging data to ensure that the sample being imaged is a genuine human finger rather than an artificial or spoof material. Advanced machine learning techniques are used so the solution can adapt and respond to new threats and spoofs as they are identified.

While liveness detection and the underlying capture technology optimizes performance, it is also important to ensure that this performance can be trusted. This requires adequate testing to ensure interoperability with template matching algorithms.

Extensive interoperability testing must be performed by skilled and independent third parties like the National Institute of Standards and Technology (NIST) so that performance data can actually be trusted in all template-matching modes, and not simply a vendor claim.
The first requirement for incorporating biometrics into a physical access control solution is a secure trust platform

Trusted Performance

The top-performing solutions capture usable biometric data on the first attempt for every user. They also speed the process of determining that the biometric data is not a fake, and they quickly perform template matching to reject impostors and match legitimate users.The card/mobile plus finger mode is one of the fastest-growing two-factor authentication use cases for securing access to both physical and digital places To trust this performance, though, the focus must be elsewhere: on interoperability with template-matching algorithms.

Extensive interoperability testing must be performed by skilled and independent third parties like the National Institute of Standards and Technology (NIST) so that performance data can actually be trusted in all template-matching modes, and not simply a vendor claim.

Template Matching Modes

  • Template-on-card and card/mobile + finger modes using “1:1” template-matching profiles authenticates a person’s identity by comparing the person’s captured biometric template with one that is pre-stored in a database.
  • Template-on-device mode for finger-only authentication using “1:N” matching compares the person’s captured biometric template against all stored biometric templates in the system).

The card/mobile plus finger mode is one of the fastest-growing two-factor authentication use cases for securing access to both physical and digital places.Cryptography prevents any man-in-the-middle attacks while also protecting the biometric database

As an example of how to deliver trusted performance, HID Global uses the top-ranked NIST certified MINEX III minutia algorithm to ensure interoperability with industry-standard fingerprint template databases. This interoperability ensures that today’s systems, which are based on much more powerful hardware than in the past, will perform accurate 1:N identification of a full database in less than a second.

Physical Access Control Integration

The first requirement for incorporating biometrics into a physical access control solution is a secure trust platform designed to meet the concerns of accessibility and data protection in a connected environment. The platform should leverage credential technology that employs encryption and a software-based infrastructure to secure trusted identities on any form factor for physical access control, access to IT networks and beyond.

Cryptography prevents any man-in-the-middle attacks while also protecting the biometric database. This system also must encompass remote management of all readers and users, spanning all onboarding as well as template loading and enrolment activities for supported authentication modes.

Biometrics data must be handled like all sensitive and identifying information, and properly architected system designs will always consider and protect against both internal and external threats and attacks
Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems

Other important focus areas include configuration and administration, plus all logs, reports and monitoring.New system architectures and data models have been created to protect personal information and maintain user privacy It should be possible to manage biometric readers as groups or individually over the network, and tools should be available to allow system administrators to manage all configuration settings from time and data to language, security and synchronisation. The system should enable continuous live monitoring of authentication, alerts and system health, and provide a rich set of associated reporting tools.

There are also backend implementation decisions to be made, including how a biometric authentication system will be seamlessly integrated into third-party systems. This is another major pain point of biometric technology. To simplify deployment, application programming interfaces (APIs) should be available for direct integration of the biometrics authentication solution with the access control infrastructure.

Privacy Considerations

Properly implemented, biometrics solutions with liveness detection also protect privacy – if you can’t use a fake finger, then even if you did obtain someone’s fingerprint data, it is meaningless. Strong and updatable liveness protection is critical if biometrics are to eliminate the need to use PINs or passwords.Strong and updatable liveness protection is critical if biometrics are to eliminate the need to use PINs or passwords

Biometrics data must be handled like all sensitive and identifying information, and properly architected system designs will always consider and protect against both internal and external threats and attacks. New system architectures and data models have been created to protect personal information and maintain user privacy.

Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multi-factor and even multi-modal authentication to maintain security even if some identifying data is compromised.

Today’s modern fingerprint authentication solutions are on a fast track to deliver a unique combination of ease of use, availability and convenience and higher security to physical access control systems.

With their latest improvements in liveness detection, system architectures, performance and ability to be easily incorporated into access control solutions, they seamlessly combine security and convenience to make them a viable option when accessing a facility, networks and services. These solutions deliver a higher confidence of “who” is being admitted through the building’s front door, where it really matters.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version Download PDF version

Author profile

Wayne Pak Director of Product Marketing, Physical Access Control Solutions, HID Global

In case you missed it

Why Visualization Platforms Are Vital For An Effective Security Operation Center (SOC)
Why Visualization Platforms Are Vital For An Effective Security Operation Center (SOC)

Display solutions play a key role in SOCs in providing the screens needed for individuals and teams to visualize and share the multiple data sources needed in an SOC today. Security Operation Center (SOC) Every SOC has multiple sources and inputs, both physical and virtual, all of which provide numerous data points to operators, in order to provide the highest levels of physical and cyber security, including surveillance camera feeds, access control and alarm systems for physical security, as well as dashboards and web apps for cyber security applications. Today’s advancements in technology and computing power not only have increasingly made security systems much more scalable, by adding hundreds, if not thousands, of more data points to an SOC, but the rate at which the data comes in has significantly increased as well. Accurate monitoring and surveillance This has made monitoring and surveillance much more accurate and effective, but also more challenging for operators, as they can’t realistically monitor the hundreds, even thousands of cameras, dashboards, calls, etc. in a reactive manner. Lacking situational awareness is often one of the primary factors in poor decision making In order for operators in SOC’s to be able to mitigate incidents in a less reactive way and take meaningful action, streamlined actionable data is needed. This is what will ensure operators in SOC truly have situational awareness. Situational awareness is a key foundation of effective decision making. In its simplest form, ‘It is knowing what is going on’. Lacking situational awareness is often one of the primary factors in poor decision making and in accidents attributed to human error. Achieving ‘true’ situational awareness Situational awareness isn’t just what has already happened, but what is likely to happen next and to achieve ‘true’ situational awareness, a combination of actionable data and the ability to deliver that information or data to the right people, at the right time. This is where visualization platforms (known as visual networking platforms) that provide both the situational real estate, as well as support for computer vision and AI, can help SOCs achieve true situational awareness Role of computer vision and AI technologies Proactive situational awareness is when the data coming into the SOC is analyzed in real time and then, brought forward to operators who are decision makers and key stakeholders in near real time for actionable visualization. Computer vision is a field of Artificial Intelligence that trains computers to interpret and understand digital images and videos. It is a way to automate tasks that the human visual system can also carry out, the automatic extraction, analysis and understanding of useful information from a single image or a sequence of images. There are numerous potential value adds that computer vision can provide to operation centers of different kinds. Here are some examples: Face Recognition: Face detection algorithms can be applied to filter and identify an individual. Biometric Systems: AI can be applied to biometric descriptions such as fingerprint, iris, and face matching. Surveillance: Computer vision supports IoT cameras used to monitor activities and movements of just about any kind that might be related to security and safety, whether that's on the job safety or physical security. Smart Cities: AI and computer vision can be used to improve mobility through quantitative, objective and automated management of resource use (car parks, roads, public squares, etc.) based on the analysis of CCTV data. Event Recognition: Improve the visualization and the decision-making process of human operators or existing video surveillance solutions, by integrating real-time video data analysis algorithms to understand the content of the filmed scene and to extract the relevant information from it. Monitoring: Responding to specific tasks in terms of continuous monitoring and surveillance in many different application frameworks: improved management of logistics in storage warehouses, counting of people during event gatherings, monitoring of subway stations, coastal areas, etc. Computer Vision applications When considering a Computer Vision application, it’s important to ensure that the rest of the infrastructure in the Operation Center, for example the solution that drives the displays and video walls, will connect and work well with the computer vision application. The best way to do this of course is to use a software-driven approach to displaying information and data, rather than a traditional AV hardware approach, which may present incompatibilities. Software-defined and open technology solutions Software-defined and open technology solutions provide a wider support for any type of application the SOC may need Software-defined and open technology solutions provide a wider support for any type of application the SOC may need, including computer vision. In the modern world, with everything going digital, all security services and applications have become networked, and as such, they belong to IT. AV applications and services have increasingly become an integral part of an organization’s IT infrastructure. Software-defined approach to AV IT teams responsible for data protection are more in favor of a software-defined approach to AV that allow virtualised, open technologies as opposed to traditional hardware-based solutions. Software’s flexibility allows for more efficient refreshment cycles, expansions and upgrades. The rise of AV-over-IP technologies have enabled IT teams in SOC’s to effectively integrate AV solutions into their existing stack, greatly reducing overhead costs, when it comes to technology investments, staff training, maintenance, and even physical infrastructure. AV-over-IP software platforms Moreover, with AV-over-IP, software-defined AV platforms, IT teams can more easily integrate AI and Computer Vision applications within the SOC, and have better control of the data coming in, while achieving true situational awareness. Situational awareness is all about actionable data delivered to the right people, at the right time, in order to address security incidents and challenges. Situational awareness is all about actionable data delivered to the right people Often, the people who need to know about security risks or breaches are not physically present in the operation centers, so having the data and information locked up within the four walls of the SOC does not provide true situational awareness. hyper-scalable visual platforms Instead there is a need to be able to deliver the video stream, the dashboard of the data and information to any screen anywhere, at any time — including desktops, tablets phones — for the right people to see, whether that is an executive in a different office or working from home, or security guards walking the halls or streets. New technologies are continuing to extend the reach and the benefits of security operation centers. However, interoperability plays a key role in bringing together AI, machine learning and computer vision technologies, in order to ensure data is turned into actionable data, which is delivered to the right people to provide ‘true’ situational awareness. Software-defined, AV-over-IP platforms are the perfect medium to facilitate this for any organizations with physical and cyber security needs.

What New Technologies And Trends Will Shape Video Analytics?
What New Technologies And Trends Will Shape Video Analytics?

The topic of video analytics has been talked and written about for decades, and yet is still one of the cutting-edge themes in the physical security industry. Some say yesterday’s analytics systems tended to overpromise and underdeliver, and there are still some skeptics. However, newer technologies such as artificial intelligence (AI) are reinvigorating the sector and enabling it to finally live up to its promise. We asked this week’s Expert Panel Roundtable: What new technologies and trends will shape video analytics in 2021?

Tackling The Challenge Of The Growing Cybersecurity Gap
Tackling The Challenge Of The Growing Cybersecurity Gap

The SolarWinds cyberattack of 2020 was cited by security experts as “one of the potentially largest penetrations of Western governments” since the Cold War. This attack put cybersecurity front and center on people’s minds again. Hacking communication protocol The attack targeted the US government and reportedly compromised the treasury and commerce departments and Homeland Security. What’s interesting about the SolarWinds attack is that it was caused by the exploitation of a hacker who injected a backdoor communications protocol.  This means that months ahead of the attack, hackers broke into SolarWinds systems and added malicious code into the company’s software development system. Later on, updates being pushed out included the malicious code, creating a backdoor communication for the hackers to use. Once a body is hacked, access can be gained to many. An explosion of network devices What has made the threat of cyberattacks much more prominent these days has been IT's growth in the last 20 years, notably cheaper and cheaper IoT devices. This has led to an explosion of network devices. IT spending has never really matched the pace of hardware and software growth Compounding this issue is that IT spending has never really matched the pace of hardware and software growth. Inevitably, leading to vulnerabilities, limited IT resources, and an increase in IoT devices get more attention from would-be hackers. Bridging the cybersecurity gap In the author’s view, this is the main reason why the cybersecurity gap is growing. This is because it inevitably boils down to counter-strike versus counter-strike. IT teams plug holes, and hackers find new ones, that is never going to stop. The companies must continue fighting cyber threats by developing new ways of protecting through in-house testing, security best practice sources, and both market and customer leads. End-user awareness One of the key battlegrounds here is the education of end-users. This is an area where the battle is being won at present, in the author’s opinion. End-users awareness of cybersecurity is increasing. It is crucial to educate end-users on what IoT devices are available, how they are configured, how to enable it effectively, and critically, how to use it correctly and safely. Physical security network A valuable product that tackles cybersecurity is, of course, Razberi Monitor™, which is new to ComNet’s portfolio. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem. Monitor™ is a software platform that provides a top-down view of the physical security network and ecosystem It monitors and manages all the system components for cybersecurity and system health, providing secure visibility into the availability, performance, and cyber posture of servers, storage, cameras, and networked security devices. Proactive maintenance By intelligently utilizing system properties and sensor data, Razberi’s award-winning cybersecurity software prevents problems while providing a centralized location for asset and alert management. Monitor™ enables proactive maintenance by offering problem resolutions before they become more significant problems. Identifying issues before they fail and become an outage is key to system availability and, moreover, is a considerable cost saving.