Time and attendance, physical and logical access control applications, together and separately, are emerging as drivers in biometrics. Some enterprises have augmented traditional cards with biometrically-enhanced smart cards or moving further away from employee ID cards, replacing them with biometric systems. Such approaches reduce the overall cost of issuing, replacing and managing the physical cards with the added benefit of improved security, in some cases.
Then there is the impact of BYOD or “Bring Your Own Device.” Employees, especially the younger or tech-savvy ones, are using their own devices to interact with enterprise networks. As rumors swirl that the next iPhone will feature higher level authentication technology, there’s an increasing chance that BYOD will push biometrics into many enterprise businesses as well. Check elsewhere in this issue of Security magazine for more on BYOD.
Yet another identity advance is the CIV card.
Spurred in part by the Smart Card Alliance, enterprises can take advantage of the federal government’s PIV (Personal Identity Verification) standards and technology with the Commercial Identity Verification (CIV) credential, which leverages PIV-I specifications, technology and data model without the requirement for cross-certification built in for government workers. Any enterprise can create, issue and use CIV credentials according to requirements established within that enterprise’s unique corporate environment.
CIV Cards Bundled with Biometrics
While CIV is technically compatible with PIV-I, a CIV issuer need not comply with the strict policy framework associated with issuance and use of the PIV and PIV-I credentials. This allows corporate enterprises to deploy the standardized technologies in a manner that is suitable for their own corporate environments.
Specific to biometrics, PIV and CIV can use finger biometrics and soon iris, too.
Securitymagazine, by the way, hosted a recent Webinar on CIV credentials, sponsored by Quantum Secure. The briefing is available for free viewing at www.securitymagazine.com.
No doubt, however, biometrics has a checkered past with high error rates, expense, challenging enrollment procedures and concerns by some over the intrusiveness of various types of designs.
But times and technology have changed.
The systems are much more accurate. Some uses are more for convenience than higher security. People more clearly see advantages thanks to finger readers on laptops and cellphones, within passports as they have gone “e,” the evolution of healthcare systems that protect patient records and the threats from identity theft.
There is also now a diversity of biometrics approaches that, depending on the application, can more easily customize a balance among convenience, higher security and lowered intrusiveness.
Popularity, Convenience, Security
Finger and, to a lesser degree, hand geometry are most popular, with the latter a time and attendance long-timer. Still, there are plenty of users of iris, retinal, palm vein and facial solutions. There are also behavioral biometric technologies such as voice recognition (analyzing a speaker’s vocal behavior), keystroke (measuring the time spacing of typed words), gait recognition (manner of walking) and signature (analyzing the way you sign). Other developing techniques include DNA biometrics, ear shape, fingernails and even body odor.
Among the choices, there are numerous advantages and disadvantages. But, when it comes to security, accuracy plays the key role. For example, retinal has a vastly more accurate rate when compared to finger; but, at the same time, retinal is perceived as more “uncomfortable” than finger to some users.
Yet fingerprint biometrics, however, can provide a very high level of security.
For instance, Alfapass, provider of the security smart card system at the Ports of Antwerp and Zeebrugge in Belgium, is replacing an older biometric system at the ports’ registration stations with Lumidigm fingerprint readers. The Port of Antwerp is Europe’s second largest port, while Zeebrugge is the central port for Europe’s automotive industry and has the largest liquefied natural gas terminal complex in Europe.
Biometrics Across Myriad Facilities
A major access control need at the port facilities is unique identification of individuals in a more efficient manner, especially for those who travel between multiple port facilities. The solution: A single ID card covers all facilities rather than a different entrance card for each company at the port. Therefore, visitors to both ports carry a smart card from Alfapass, which includes the visitor’s biometric template. When reading the card, each facility has the option of also verifying the fingerprint stored on the card. By checking and verifying the fingerprint, facility personnel can assure that the card is being presented by its rightful owner.
“We have been using biometrics since 2005, but we needed a better solution to provide increased security that is easier for port visitors to use,” explains Piet Hadermann, operations manager. “Our former technology could not differentiate one person from another at the level of certainty and security we require. The false acceptance rate was much too high. Plus, some people, especially infrequent visitors, would forget how to use it from visit to visit.”
Another fingerprint solution is at Allam Marine offices building in East Yorkshire, United Kingdom. The install involves a Boon Edam Circlelock entrance, which provided standard access along with secondary opening actions from dedicated readers elsewhere in the building. One of the main benefits of the system is the ability to “latch” open the circle lock in the event of corporate open days, together with full biometric accountability, according to Martin Conley, IT manager at Allam Marine.
Hand geometry readers integrated with door controls also provides a nifty solution.
That is the case with Grand Rapids Community College (GRCC), which serves nearly 22,000 full- and part-time students in an eight-block campus located in the heart of the Michigan city’s downtown.
Of particular interest: the main computer data center and the cashier’s office, where substantial amounts of cash are handled. According to Scott Martin of GRCC’s facilities department, “Because we had a number of specific issues at play, the board of trustees asked us to investigate enhanced security measures. The first step in that initiative was to determine what access level and credentials were needed.”
Working with Ingersoll Rand Security Technologies, Martin selected HandKey readers, and each reader is a complete door controller that provides door lock operation, request for exit and alarm monitoring. All biometric data and decision-making capabilities reside locally to ensure that the doors are secure and will continue to operate properly even if all communications to the main access control computer are lost.
Impact of Tech Advances
A lot of what is being used or coming over the horizon depends on a small group of companies invested in algorithms that are at the heart of biometrics and the integrators that design biometrics into government, military and enterprise systems.
One example, Samsung Techwin America has partnered with FaceFirst to supply megapixel video surveillance cameras for a facial recognition system. The platform uses Samsung cameras to complement the proprietary facial recognition software system. Facial images captured by the cameras are automatically matched with watch list photos, and when a person of interest is identified, alerts are instantly sent directly to pre-provisioned computers, cellphones or cash registers.
A so-called military-grade system identifies individuals matching client records at the rate of millions of comparisons per second for transportation facilities and sports arenas or for entrances where people normally pass through without stopping such as at school and college campuses, corporate headquarters, financial institutions, warehouses and hospitals.
The concept of biometrics can also apply to data management security.
For example, Trianz, a global consulting and turnkey execution services firm, has a partnership with Watchful Software, with its data-centric information security solutions including automated watermarking and fingerprinting features. The approach allows dynamic classification and encryption of information to prevent unauthorized access to sensitive and confidential corporate information, not only within the corporate network perimeter but also when moved or sent externally.
Ira Horowitz, vice president – global alliances at Trianz and a former IBM executive, sees a growing need for diverse access identity management or AIM measures including advanced encryption algorithms, digital rights management and e-biometrics. “There are random numbers generating secure ID cards, of course. But some solutions can include pattern matching on a keyboard that are increasingly sophisticated,” he says.
Behavioral Biometric of Keystroke Dynamics
Around for a number of years, the approach uses the manner and rhythm in which an individual types characters on a keyboard or keypad. The keystroke rhythms of a user are measured to develop a unique biometric template of the typing pattern for future authentication.
Raw measurements available from most every keyboard can be recorded to determine dwell time (the time a key pressed) and flight time (the time between “key up” and the next “key down”). In addition, vibration information may be used to create a pattern in identification and authentication tasks.