Access Control: Selecting Biometric Readers
Morphowave technology from Idemia.
Biometrics isn’t just fingerprint readers anymore – new technologies and new management solutions are changing the nature of the technology, making access faster and sites more secure, while defending the privacy of users.
SELECTING biometric access control readers has never been harder yet the power of the technology has never been so great. The best systems offer high security, low latency, very low false acceptance/rejection rates, affordability and clever technology application that bridge some of the key complaints biometrics have faced over the years, including slower entry times compared to card readers.
There’s plenty for integrators to think about here. There are some relatively simple fingerprint readers that slot into access control solutions seamlessly, while other biometrics demand more complex integrations – you might be better speaking with suppliers of management solutions to uncover what works best with the systems you use before diving in. Other variations include the fact some readers – I’m thinking Morpho here – have the ability to read multiple fingerprints during a ‘wave’ scan, which increases security and reliability levels.
Cost is another complexity that will require thought. You have to approach biometrics with TCO in mind. The whole card library thing has been the source of recurring revenue for many suppliers for decades. The costs are not huge for a small card library but multiply them by 200 or 5000 and deploy higher security prox cards that can only be sourced from a handful of suppliers and suddenly the equation changes completely. With biometrics, users walk around with their ‘credential’ attached to them – they can’t lose it or give it to a workmate – that makes management easier and less expensive.
Data security will also need to be considered and this will mean bringing in IT people and having some serious chats with biometric suppliers. Good solutions will store vectors rather than full biometrics and they’ll be encrypted to the eyeballs. You want that surety. You’re also going to need to convey the dependability of the selected technology to your management team, as well as to users themselves. Not everyone likes biometrics and with a big group of users some cat-herding is inevitable. When all else fails, consider using the biometric reader integrated into everyone’s smart device.
People are less threatened by a device they live with, despite its inherently greater vulnerabilities. Because modern access control solutions tend to reside on networks, another key development is improved cyber security of devices, which may incorporate elements of biometric identity, often in coded form designed to ensure the data can’t be re-engineered to reveal the biometric layer from which it was drawn. Working out which of these performance vectors is the most important can be challenging.
According to Paul Garnaut of NetDigital Security, the Australian distributor of Suprema biometric readers, the most important aspect of any biometric product is the accuracy of the identification.
“This relates directly to the quality of the algorithm used to store and secure the users biometric data,” Garnaut says. “A premium product will have very low false acceptance rate (FAR) and false rejection rate (FRR) ensuring accuracy in identification. Ease of installation is very important, the quick 2-click enrolment process employed by Suprema in its BioStar 2 software is a perfect example.”
End users often request biometric readers because they are seeking a reader technology that offers the highest possible levels of security. But that puts the onus on the integrator to ensure the biometric technology they choose is high security and can be delivered in a way that ensures higher security is provided at an operational level. Also important is that biometric data is protected at all times.
According to Garnaut, any biometric product is only as secure as the underlying technology it is based on.
“Suprema’s high quality, proven algorithm is extremely resistant to spoof attacks (false fingerprint or fake photograph), but it is important to note that no technology is 100 per cent immune,” he explains.
“High quality biometric products employ a proprietary secure algorithm to ensure accuracy of the identification is achieved. Again, it’s important to understand that no technology can be 100 per cent immune to attack, though Tier 1 products, such as Suprema, offer the maximum possible resistance to all forms of attack and error.”
What’s the most reliable biometric technology in Garnaut’s opinion – fingerprints, face recognition, something else?
“All high-quality biometric products should provide a reliable solution for identification, however, ease of use is paramount for any system,” he explains. “Facial recognition is rapidly gaining traction as the simplest system to use and also avoids issues associated with fingerprint, finger vein and retina type devices. It is important to consider that not all devices are the same and it’s vital to confirm a solution’s anti-spoofing capabilities (false fingerprint or fake photograph). A proven track record is also important when considering which product to deploy.”
Something else that’s vital is getting network security right with biometric readers.
“Any system that employs network connected devices must consider its network security,” argues Garnaut. “If and when vulnerabilities are identified a Tier 1 supplier will develop and distribute software and firmware to rectify the vulnerability quickly and efficiently.”
Another issue that may concern installers is managing the process of integration – whether this process will involve a high-level or low-level interface, or whether an integration already exists in the chosen management software.
“Some access control systems have developed high level interfaces to biometric products in the market,” Garnaut explains. “For instance, Suprema offers a complete access control solution built around its biometric products. From edge-type network connected fingerprint and facial recognition products, to RS-485 OSDP fingerprint slave readers connected to CoreStation, Suprema has a complete access control and T&A solution for the most demanding security needs.”
How important is training when it comes to biometrics, or are the latest readers very easy to operate?
“Modern biometric products are very intuitive to use, it’s important the software is simple and easy for the user to operate,” Garnaut says. “Suprema’s BioStar 2 has an easy to navigate menu that works within Google Chrome web browser that can be operated in conjunction with the BioStar 2 Cloud platform.”
According to Garnaut, biometrics should not be seen as only for larger high security sites.
“A biometric solution is ideal for any business large or small that needs to ensure the true identity of the person using the system,” he says. “Large business or small, more and more organizations are moving to biometrics to ensure the identity of staff and visitors alike, with the aim to eradicate or substantially reduce identity fraud.”
Something else that will be on the minds of many installers is cost – taking capital expense into account, is biometrics less expensive in the long run than managing a card library?
“There is a cost saving in not using physical cards because there’s no requirement to re-issue lost, stolen or damaged cards,” Garnaut says. “In terms of cost savings, biometric technology if far less expensive if you consider total cost of ownership.”
Over at NoahFace, Geoff Cropley says the most important characteristics of a biometric reader include the ability for it to perform multiple functions.
“This gives versatility to the customers at each door according to an organisation’s requirements,” Cropley explains. “For example, NoahFace enables facial recognition, 2-factor authentication and a compliance question within 1 device – it’s a solution that has a role to play in both large security sites and also smaller organisations.”
Cropley arges biometric readers are more secure than other authentication technologies.
“We believe biometric devices are far more secure than other technologies, as they enable the level of security to be adjusted if the entry requires a higher level of security,” Cropley explains. “The NoahFace system enables additional security levels to be dialled up or down according to varying threat levels and is able to be implemented throughout a building as required.”
Protecting users’ biometric data is part of this.
“In the case of NoahFace, data is encrypted on both the device and the cloud, and users must provide consent before their biometric data is collected and stored at the door,” Cropley says.
“Without a doubt facial recognition is the most consistently reliable technology because the face rarely changes. By contrast, finger scanner efficacy can be impacted by work related tasks which can affect the accuracy of the reader – for example, solvents used during the day which can affect the fingerprint quality.”
Total cost of ownership is a key strength of biometric solutions.
“Biometrics is definitely less expensive to manage both in terms of people required to manage and implement the system and physical cards – to keep install costs down it’s very important that readers are plug and play,” says Cropley. “And some readers, such as the NoahFace devices and software, can be seamlessly integrated with almost any access control solution.”
Another benefit of biometrics is that interfaces are intuitive – there’s no manufacturing of cards and no process to go through to order them or programme them.
“As with most technologies, training is important although solutions such as NoahFace are easy to use and its self-registration function is seamless, accurate and highly secure, thanks to an ability to deploy 2-factor authentication.”
Alan Thompson of Hills argues read reliability is the key characteristic of a biometric reader technology.
“The reader needs to be able to reliably read a biometric attribute, be it fingerprint or palmprint, that over time will not change,” Thompson says. “Obviously ease of installation and operation are important, too. This process should be no more complex than installing a classic card reader.”
The most reliable biometric technology in Thompson’s opinion is iris recognition, which is harder to alter and has less chance of a false reading. And he argues biometrics is less expensive in the long run than managing card libraries.
“Cards can be lost, broken or data can be corrupted leading to card replacement – card libraries also have to be managed,” says Thompson. “A biometric reader keeps same data available at all times and the characteristics are encrypted.
“Encryption is important as this data is stored on the network and must be safe from hacking or unauthorised editing as this data cannot be changed, unlike passwords or usernames.”