Applying Biometrics to Door Access
Mixture of EquipmentA facility with perhaps several hundred doors would most likely have a large-scale access control system that monitors all the doors and reports that information back to a central location. Other equipment such as CCTV, alarm monitors, door position monitors and similar building security devices are likely to be included. On the other hand, a facility with only one or two doors would probably use stand-alone units only at those locations.
Normally, when a biometric characteristic such as hand geometry or a fingerprint is enrolled, the information is stored in an enrollment template within the biometric system. It then becomes the credential against which future access attempts are compared. Depending on the type of biometric, the size of the template may range from as low as nine bytes up to 512 bytes or more. Most access control systems now in existence do not have a data field for storing biometric templates, although some systems now are becoming available with the ability to manage this information. Over the next few years, most access control manufacturers probably will move in this direction until biometric devices are eventually integrated as much as any other device.
Templates at the DoorIn systems that control one or two doors, templates can be stored in the biometric device at the door. Where a large number of doors are controlled by biometrics, the issue can become more complex. If each door operates independently, people would have to be enrolled at each location, which could be a logistics nightmare. If the access control system has enough capacity, it may be able to handle the biometric templates and allow for the movement of that data through its existing network. If not, most biometric manufacturers have some type of software through which their devices can be linked together into a second network that can manage the template data. For example, HandKey readers use a PDA to move template data from location to another. Another method is to create a second hard-wired subnetwork through which the biometric devices can share data. With either approach, after a person is enrolled at one location, his or her template can be downloaded easily to multiple locations. A smart card can also be employed to carry the template to the biometric reader. With the template stored on the smart card, the card holder must have the matching biometric characteristic.
When an access control system does not manage biometric information, a technique known as card reader emulation mode is used to communicate with the access system. In a system that uses a card or some other credential in conjunction with biometrics, the user may first swipe a card or enter a PIN number. This information then is buffered in the biometric reader. When and only when the user verifies his or her identity through the biometric device, the card information is sent to the access control panel, just as if it came from a card reader. In effect, the biometric device looks like a card reader to the access control panel. The access control system does not know that biometrics were used, but the only way the user’s card or ID number gets to the control panel is if he or she biometrically verifies it.
Linked by SoftwareStand-alone devices consist of a biometric reader and a complete door controller for a single door. Users are enrolled at the unit by having the reader measure hand, eye or fingerprint dimensions and store these unique personal characteristics as a template. In a stand-alone system, this biometric template is stored within the device or carried on a smart card.
Software available from some biometrics manufacturers makes it easy to link individual biometric units into a complete door access system. In such a system, hundreds or even thousands of biometric readers conceivably can be linked together. Devices at individual doors are linked by the software (through RS422, RS485, ethernet or similar methodologies), but they also operate independently of each other. In this way, if network communications are lost, the units at each door will continue to function normally.
These software packages also make it possible to enroll people at a single location, deal with time zones, monitor the door in real time to detect tampering, forced openings or doors being held open too long. It also can unlock all the doors from a central location, download audit trails and generate reports. This type of system typically is not a full-featured access control system with CCTV or central alarm monitoring, but it provides complete door access control.
Front Door ApplicationsSometimes a single biometric device can be used to upgrade building security by installing it on the front door of the building or on the door leading from the lobby into the building. Many small- and medium-sized companies don’t require high security, but they all require a key to get in the front door. Using a biometric device there instead of a key eliminates the problems of lost or forgotten keys, and unauthorized duplication and further provides audit trail information on who enters and when. It also eliminates the hassle of card or key management for one or two doors. With biometric access control for access to the building itself, some smaller companies may not even require interior access control. Others can get by with a card system or other restricted access on only a few critical doors, such as server locations.
If a biometric device is planned for an outdoor location, it is important to ensure that it is designed to handle the environment. Some types of biometrics perform better in outdoor locations than others. Although billed as outdoor versions, not all maintain their stated performance levels when installed outside. Adapting a biometric design for outdoor use often requires more than just providing a weather shield, and some climates may require different features than others, such as heaters for low temperatures.
Performance of some biometric devices also can be affected by conditions that are seldom considered when designing an access control system. Among these are cold and dry conditions, wet conditions, skin conditions and lighting.
What’s Ahead for Biometrics?The next trend may well be the use of smart cards, which can store biometric template information on a card the user carries. This eliminates the need for the system to store the large volume of template data and distribute across network readers. For companies with multiple locations, it allows employees to access several facilities without having to be enrolled at each site.
When the card is used to access the system, the cardholder must validate that he or she is the authorized user of that card. This is done when the system recognizes that the user’s biometric information matches the template on the card.
While the initial cost of smart cards may be higher, they will find use in applications where the benefits outweigh the costs, or where the smart cards can be used to perform other functions that enhance their value. One such area is in airport security, where existing security systems may not be able to handle the large influx of data associated with biometric templates. However, if this information is carried instead on smart cards, biometric access control becomes much easier to implement.
There are, of course, numerous biometric applications.
One example: Hydro-Quebec’s Gentilly-2 nuclear generating station is enforcing security, physically restricting non-qualified, non-trained personnel from hazardous zones, and implementing a log of personnel and visitors’ comings and goings with HandKey hand geometry readers. The readers, which authenticate users by the shape and size of their hands, not their keys, cards or codes, are used at all entrance turnstiles, the exit turnstiles and boundaries of administration/production radiological zones.
“Every employee, even the chairman of Hydro-Quebec himself, as well as visitors to the facility, have to enroll on the HandKey to be admitted to the site,” says Louis Rivard, IT systems designer at the Gentilly-2 station. “We chose hand geometry for its ease of use, reliability and high accuracy. Also, versus making our people have to give their fingerprints and/or being forced to have retinal scans, the hand geometry approach was the easiest to introduce. In fact, at implementation, the employee response was excellent.”
According to Rivard, the Canadian jurisdictional authority in nuclear matters was very satisfied with Gentilly-2’s initiative to improve its security with such a technological approach. The generating station was able to provide better compliance, easing the renewal of their operations permit.
“We are now in a pre-project to upgrade our system,” Rivard adds. “Hand geometry will remain our major biometric approach to authenticate people.”
IR Recognition HandKey hand geometry readers are a high-security mainstay of the U.S. nuclear plant industry, used on 97 of 103 facilities.
SECURITY Magazine research indicates that numerous utilities will be implementing higher level security with help from the Federal government. SECURITY Magazine’s Web site at www.securitymagazine.com boasts a DAILY NEWS service which covers utility security, government security and fighting terrorism news.