Biometrics to the door and across the enterprise
Biometrics to the door and across the enterprise
Over the past few years, biometrics have rapidly expanded into consumer applications like the financial market for customer authentication to payment services and withdrawing cash from ATMs in high-fraud markets. However, its adoption as an additional authentication factor for physical access control systems (PACS) and other enterprise applications hasn't been as rapid. But this is changing.
Biometrics offers numerous benefits at the door and throughout the enterprise. With the advent of new anti-spoofing capabilities and its integration into secure trust platforms that protect privacy and support a variety of RFID credential technologies, biometric authentication is poised to deliver a much higher matching speed and better overall performance.
This will dramatically improve an organisation's security while the enhancing user convenience.
Overcoming obstacles
Biometrics fuses convenience and security while validating 'true identity' versus identity that is associated to the possession of an ID card. As an example, biometrics prevents a user from taking someone else's card and obtaining access to privileged resources.
This adds the human element to traditional methods of authentication, strengthening security by combining something the user 'is' with something the user 'has' or 'knows'.
According to the firm ABI Research in its May 2018 study Biometric Technologies and Applications, the total fingerprint sensor shipments for the entire consumer market is "estimated to reach 1.2 billion worldwide for 2018, thus ensuring its market dominance."
Despite the benefits of fingerprint authentication in numerous consumer applications, there have been impediments to its broader adoption in the enterprise. While price has been one big roadblock, there have also historically been other reasons for its slower-than-expected growth.
First, many technologies are still vulnerable to spoofs and hacking. It has been far too easy for fraudsters to create a fake fingerprint and present it to a reader. Equally troublesome, older products have not been able to move users through the doors as fast as a simple ID card and reader.
In general, all fingerprint capture technologies are not equal among older products, and there can be significant differences in performance.
Newer solutions are overcoming these security and convenience hurdles to help realise the full potential of biometrics. Their development has focused on three key areas:
1) how fingerprint images are captured (if the image can't be properly captured, the rest of the process fails);
2) the implementation of liveness detection to enhance trust (even in the case when the image is properly captured, if it is fake the system cannot be trusted); and
3) optimising performance through a combination of new technology and algorithms while ensuring interoperability so the performance can be trusted.
Optimising capture
The quality of the captured image is critical, across all types of fingerprints and environments. Many customers choose sensors that use multispectral imaging because it collects information from inside the finger to augment available surface fingerprint data. The skin is illuminated at different depths to deliver much richer data about the surface and sub-surface features of the fingerprint.
Additionally, the sensor collects data from the finger even if the skin has poor contact with the sensor because of environmental conditions such as water or finger contamination. Multispectral sensors work for the broadest range of people with normal, wet, dry or damaged fingers, across the widest range of usage conditions - from lotions or grease to sunlight to wet or cold conditions.
The sensors also resist damage from harsh cleaning products and contamination from dirt and sunlight.
Liveness detection
Liveness detection is the ability to determine that the biometric data captured by the fingerprint reader is from a real living person, not a plastic fake or other artificial copy. An increasingly visible dimension of biometric performance in commercial applications, liveness detection is critical for preserving trust in the integrity of biometrics authentication. At the same time, it must not impede performance or result in excessive false user rejections.
The most trusted multispectral imaging fingerprint sensors with liveness detection provide a real-time determination that the biometric captures are genuine and are being presented by the legitimate owner, rather than someone impersonating them. This capability leverages the image-capture approach of using different colors or spectrum of light to measure the surface and subsurface data within a fingerprint.
In addition to this optical system, the biometrics sensor features several core components, including an embedded processor that analyses the raw imaging data to ensure that the sample being imaged is a genuine human finger rather than an artificial or spoof material. Advanced machine learning techniques are used so the solution can adapt and respond to new threats and spoofs as they are identified.
While liveness detection and the underlying capture technology optimises performance, it is also important to ensure that this performance can be trusted. This requires adequate testing to ensure interoperability with template matching algorithms.
Trusted performance
The top-performing solutions capture usable biometric data on the first attempt for every user. They also speed the process of determining that the biometric data is not a fake, and they quickly perform template matching to reject impostors and match legitimate users. To trust this performance, though, the focus must be elsewhere: on interoperability with template-matching algorithms.
Extensive interoperability testing must be performed by skilled and independent third parties like the National Institute of Standards and Technology (NIST) so that performance data can actually be trusted in all template-matching modes, and not simply a vendor claim.
Physical Access Control Integration
The first requirement for incorporating biometrics into a physical access control solution is a secure trust platform designed to meet the concerns of accessibility and data protection in a connected environment.
The platform should leverage credential technology that employs encryption and a software-based infrastructure to secure trusted identities on any form factor for physical access control, access to IT networks and beyond.
Cryptography prevents any man-in-the-middle attacks while also protecting the biometric database. This system also must encompass remote management of all readers and users, spanning all onboarding as well as template loading and enrolment activities for supported authentication modes.
Other important focus areas include configuration and administration, plus all logs, reports and monitoring. It should be possible to manage biometric readers as groups or individually over the network, and tools should be available to allow system administrators to manage all configuration settings from time and data to language, security and synchronisation.
The system should enable continuous live monitoring of authentication, alerts and system health, and provide a rich set of associated reporting tools.
There are also backend implementation decisions to be made, including how a biometric authentication system will be seamlessly integrated into third-party systems. This is another major pain point of biometric technology. To simplify deployment, application programming interfaces (APIs) should be available for direct integration of the biometrics authentication solution with the access control infrastructure.
Privacy considerations
Properly implemented, biometric solutions with liveness detection also protect privacy - if you can't use a fake finger, then even if you did obtain someone's fingerprint data, it is meaningless. Strong and updatable liveness protection is critical if biometrics is to eliminate the need to use PINs or passwords.
Biometrics data must be handled like all sensitive and identifying information, and properly architected system designs will always consider and protect against both internal and external threats and attacks.
New system architectures and data models have been created to protect personal information and maintain user privacy.
Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multi-factor and even multi-modal authentication to maintain security even if some identifying data is compromised.
Today's modern fingerprint authentication solutions are on a fast track to deliver a unique combination of ease of use, availability and convenience and higher security to physical access control systems. With their latest improvements in liveness detection, system architectures, performance and ability to be easily incorporated into access control solutions, they seamlessly combine security and convenience to make them a viable option when accessing a facility, networks and services.
These solutions deliver a higher confidence of 'who' is being admitted through the building's front door, where it really matters.
By Wayne Pak, Director Product Marketing with HID Global.