Much of what’s happening centers on mutli-technology cards including biometrics and smart chips.
Which technology should be chosen: fingerprint, hand geometry, voice verification, retinal or facial recognition? Which one is accurate? Which is least expensive? What does it take to have a solution implemented? Is the information secure?
PC-basedThe PC-based approach is where the biometric identifier is gathered from a remote source and sent to an application that resides on a PC for verification or identification.
Most biometrics started out using this configuration, and as optimization and algorithms were improved, dedicated hardware components took over.
This configuration has an advantage in that memory and storage space is abundant and cost effective. The disadvantages are numerous. Because this configuration requires the use of the PC for access, the biometric PC, the PC that is running the access control software and the network between them must be 100-percent operational at all times that the biometric devices could be in use. Additionally, a limited number of devices are supported, sometimes just one device per biometric PC.
StandaloneThe standalone approach is a simple way to add a biometric layer to an existing access control system. The output from this device is typically Wiegand and is compatible with the majority of existing access control systems. This is a simple configuration to implement and can be retrofitted quite easily.
The standalone unit can use a common credential (card or PIN) to perform verification at the unit. Upon successful verification, the initiating credential is output to the access control system as a Wiegand card.
This is an attractive option on a few doors for which only a handful of individuals require access. Due to the enrollment/deletion process, limited reporting capabilities, and the potential for complete biometric bypass, this configuration is not suitable for exterior doors or larger installations.
Portable databaseThe portable database approach involves the storage of the biometric template on a credential (i.e. smart card) and not in the access control system or the biometric device. The biometric device verifies the biometric template on the card and outputs a Wiegand card swipe.
Integrated template managementThe integrated template management approach involves the storage of the biometric templates at the intelligent controller of the access control system. These templates are enrolled at the PC using the access control system software and downloaded to the controller over the existing communications path. There is no need for a separate network and additional software to download templates. The templates are always available and stored in a secure location. Adding encryption to the communications path, such as FIPS 197 AES 128 bit, which is used by the federal government, will encrypt the biometric templates as well.
Sidebar: Wedded to EmbeddedSo says Scott Moody, president and CEO, AuthenTec, Melbourne, Fla. “In the enterprise and commercial markets, biometric sensors can restrict access to specific devices and files, as well as identify ‘who’ is accessing the network and ‘when’ – both crucial aspects of new IT security initiatives like Sarbanes Oxley or HIPAA compliance.”
What’s more important, this additional level of security is also enabling new mobile applications – such as m-commerce – and features and functions such as fast user switching, fast application switching, secure password replacement and scrolling capabilities, all at the simple swipe of a finger on a cellular phone or PDA.
According to Moody, some new advanced sensors even read below the surface of the skin – making them more secure, and capable of reading virtually every finger – under any conditions.
Bill Spence of Recognition Systems (IR Security, Carmel, Ind.) sees value from embedded biometrics at the door. He believes that, when biometrics is embedded, neither PC nor other IT elements are involved in managing the database at the door. In some instances, this level of integration can be achieved without reporting to an external access control system. If one is not authorized to enter, the reader at the location, without checking elsewhere, tells that person that they cannot enter. Likewise, if authorized, that person can enter without the reader having to verify from a remote location.
In addition, smart cards can store both the user’s ID number and a biometrics template on the card. Because of this, there is no need to distribute templates across a network of readers or require the access control system to manage biometric templates.