By Wayne Pak
From the August 2018 Issue
Biometrics have rapidly expanded into consumer applications like the financial market for customer authentication to payment services and withdrawing cash from ATMs in high-fraud markets. Its adoption as an authentication factor for physical access control systems and other enterprise applications hasn’t been as rapid, but this is changing.
Biometrics fuse convenience and security while validating “true identity” versus identity that is associated with possessing an ID card to offer numerous benefits access control and other enterprise applications. With the emergence of new anti-spoofing capabilities and its integration into secure platforms that protect privacy and support numerous credential technologies, biometric authentication is poised to deliver a much higher matching speed and better overall performance. This will dramatically improve an organizations security and enhance user convenience.
Despite the benefits of biometrics, there have been impediments to broader enterprise adoption. While price has been a significant roadblock, there have historically been other reasons for slower than expected growth. First, many technologies are still vulnerable to spoofs and hacking. It has been far too easy for fraudsters to create a fake fingerprint and present it to a security reader. Equally troublesome, older products have not been able to move users through the doors as fast as a simple ID card and reader can. In general, all fingerprint capture technologies are not equal among older products, and there can be significant performance differences.
Newer solutions are overcoming these security and convenience hurdles to help realize the full potential of biometrics. This development has focused on three key areas: 1) how fingerprint images are captured; 2) the implementation of liveness detection to enhance trust; and 3) optimizing performance through a combination of new technology and algorithms.
Across all types of fingerprints and environments, the quality of the captured image is critical. Many facilities choose sensors that use multispectral imaging because it illuminates the skin at different depths to collect information from inside the finger, augmenting available surface fingerprint data.
Additionally, the sensor collects data from the finger even if the skin has poor contact with the sensor due to environmental conditions such as water or finger contamination. Multispectral sensors work for the broadest range of people with normal, wet, dry or damaged fingers, across the widest range conditions (from lotions or grease to sunlight or wet, cold conditions). The sensors also resist damage from cleaning products and contamination from dirt and sunlight.
Liveness Detection And Trusted Performance
Liveness detection is the ability to determine that the biometric data captured by the fingerprint reader is from a living person, not a plastic fake or other artificial copy. An increasingly visible dimension of biometric performance in commercial applications, liveness detection is critical for preserving trust in the integrity of biometrics authentication. At the same time, it must not impede performance or result in excessive false user rejections.
While liveness detection and the underlying capture technology optimizes performance, it is also important to ensure performance can be trusted. Top performing solutions capture usable biometric data on the first attempt. They also speed the process of determining the biometric data is not fake and quickly perform template matching to reject impostors and match legitimate users.
To trust this performance, interoperability testing must be performed by independent third parties like the National Institute of Standards and Technology (NIST), so that performance is based on data that can be trusted in all template-matching modes:
- template-on-card and card/mobile + finger modes using “1:1” template-matching (one of the fastest-growing two-factor authentication use cases for secure access to physical and digital places); and
- template-on-device mode for finger-only authentication using “1:N” matching.
Physical Access Control Integration
Incorporating biometrics into access control systems requires a secure trust platform designed to meet the concerns of accessibility and data protection in a connected environment. The platform should leverage credential technology that employs encryption and a software-based infrastructure to secure identities on any form factor for access to doors, IT networks, and beyond. Cryptography prevents any man-in-the-middle attacks while also protecting the biometric database. This system also should encompass remote management of all readers and users, spanning all onboarding as well as template loading and enrollment activities for supported authentication modes.
There are also backend implementation decisions to be made, including how a biometric authentication system will be integrated into third-party systems. This is another pain point of biometric technology. To simplify deployment, application programming interfaces (APIs) should be available for direct integration of biometrics authentication solutions with the access control infrastructure.
Properly implemented, biometrics solutions with liveness detection also protect privacy—if you can’t use a fake finger, then even if you did obtain someone’s fingerprint data, it is meaningless. Strong and updatable liveness protection is critical if biometrics are to eliminate the need to use PINs or passwords.
Biometrics data must be handled like all sensitive information, and properly architected systems will always consider and protect against both internal and external threats. Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multi-factor and even multi-modal authentication to maintain security even if some identifying data is compromised.
Today’s fingerprint authentication solutions are on a fast track to deliver a combination of ease of use and higher security to access control systems. With the latest enhancements in liveness detection, system architectures and performance, these combine security and convenience to make them a viable option for secure access to facilities, networks and services. These solutions deliver a high confidence of “who” is being admitted through the building’s front door, where it really matters.
Pak is director of product marketing, physical access control solutions with HID Global, a provider of trusted identity solutions. He has nearly 10 years of experience in the technology sector, with a primary focus on identity and security solutions. Pak earned his degree in computer science and mathematics from the University of Toronto.
Do you have a comment? Share your thoughts in the Comments section below or send an e-mail to the Editor at [email protected]