Over the past few years, biometrics has rapidly expanded into consumer applications, like the financial market for customer authentication, to payment services and withdrawing cash from ATMs in high-fraud markets. However, its adoption as an additional authentication factor for physical access control systems (PACS) and other enterprise applications, hasn’t been as rapid. But this is changing.

Biometrics offers numerous benefits at the door and throughout the enterprise. With the advent of new anti-spoofing capabilities, and its integration into secure trust platforms that protect privacy and support a variety of RFID credential technologies, biometric authentication is poised to deliver a much higher matching speed and better overall performance. This will dramatically improve an organisation's security, whilst enhancing user convenience.Newer solutions are overcoming security and convenience hurdles to help realise the full potential of biometrics

Challenges for biometric authentication

Biometrics fuses convenience and security while validating “true identity” versus identity that is associated to the possession of an ID card. As an example, biometrics prevents a user from taking someone else’s card and obtaining access to privileged resources. This adds the human element to traditional methods of authentication, strengthening security by combining something the user “is” with something the user “has” or “knows.”

According to the firm ABI Research in its May 2018 study, Biometric Technologies and Applications, the total fingerprint sensor shipments for the entire consumer market is “estimated to reach 1.2 billion worldwide for 2018, thus ensuring its market dominance.It has been far too easy for fraudsters to create a fake fingerprint and present it to a reader

Despite the benefits of fingerprint authentication in numerous consumer applications, there have been impediments to its broader adoption in the enterprise. While price has been one big roadblock, there have also historically been other reasons for its slower-than-expected growth.

First, many technologies are still vulnerable to spoofs and hacking. It has been far too easy for fraudsters to create a fake fingerprint and present it to a reader. Equally troublesome, older products have not been able to move users through the doors as fast as a simple ID card and reader. In general, all fingerprint capture technologies are not equal amongst older products, and there can be significant differences in performance.

Developing Technology Performance

Newer solutions are overcoming these security and convenience hurdles to help realise the full potential of biometrics. Their development has focused on three key areas:

  1. How fingerprint images are captured – if the image can’t be properly captured, the rest of the process fails
  2. The implementation of liveness detection to enhance trust – even in the case when the image is properly captured, if it is fake the system cannot be trusted
  3. Optimising performance through a combination of new technology and algorithms, whilst ensuring interoperability so the performance can be trusted.
The top-performing solutions capture usable biometric data on the first attempt for every user. They also speed the process of determining that the biometric data is not a fake
The skin is illuminated at different depths to deliver much richer data about the surface and sub-surface features of the fingerprint

Optimising capture

The quality of the captured image is critical, across all types of fingerprints and environments. Many customers choose sensors that use multispectral imaging because it collects information from inside the finger to augment available surface fingerprint data. The skin is illuminated at different depths to deliver much richer data about the surface and sub-surface features of the fingerprint The skin is illuminated at different depths to deliver much richer data about the surface and sub-surface features of the fingerprint.

Additionally, the sensor collects data from the finger even if the skin has poor contact with the sensor, because of environmental conditions such as water or finger contamination. Multispectral sensors work for the broadest range of people with normal, wet, dry or damaged fingers, across the widest range of usage conditions – from lotions or grease to sunlight to wet or cold conditions. The sensors also resist damage from harsh cleaning products and contamination from dirt and sunlight.

Liveness detection

Liveness detection is the ability to determine that the biometric data captured by the fingerprint reader is from a real living person, not a plastic fake or other artificial copy. An increasingly visible dimension of biometric performance in commercial applications, liveness detection is critical for preserving trust in the integrity of biometrics authentication. At the same time, it must not impede performance or result in excessive false user rejections.While liveness detection optimises performance, it is also important to ensure that this performance can be trusted

The most trusted multispectral imaging fingerprint sensors with liveness detection provide a real-time determination that the biometric captures are genuine and are being presented by the legitimate owner, rather than someone impersonating them. This capability leverages the image-capture approach of using different colors or spectrum of light to measure the surface and subsurface data within a fingerprint.

In addition to this optical system, the biometrics sensor features several core components, including an embedded processor that analyses the raw imaging data to ensure that the sample being imaged is a genuine human finger rather than an artificial or spoof material. Advanced machine learning techniques are used so the solution can adapt and respond to new threats and spoofs as they are identified.

While liveness detection and the underlying capture technology optimises performance, it is also important to ensure that this performance can be trusted. This requires adequate testing to ensure interoperability with template matching algorithms.

Extensive interoperability testing must be performed by skilled and independent third parties like the National Institute of Standards and Technology (NIST) so that performance data can actually be trusted in all template-matching modes, and not simply a vendor claim.
The first requirement for incorporating biometrics into a physical access control solution is a secure trust platform

Trusted performance

The top-performing solutions capture usable biometric data on the first attempt for every user. They also speed the process of determining that the biometric data is not a fake, and they quickly perform template matching to reject impostors and match legitimate users.The card/mobile plus finger mode is one of the fastest-growing two-factor authentication use cases for securing access to both physical and digital places To trust this performance, though, the focus must be elsewhere: on interoperability with template-matching algorithms. Extensive interoperability testing must be performed by skilled and independent third parties like the National Institute of Standards and Technology (NIST) so that performance data can actually be trusted in all template-matching modes, and not simply a vendor claim.

Template matching modes

  • Template-on-card and card/mobile + finger modes using “1:1” template-matching profiles authenticates a person’s identity by comparing the person’s captured biometric template with one that is pre-stored in a database.
  • Template-on-device mode for finger-only authentication using “1:N” matching compares the person’s captured biometric template against all stored biometric templates in the system).

The card/mobile plus finger mode is one of the fastest-growing two-factor authentication use cases for securing access to both physical and digital places.Cryptography prevents any man-in-the-middle attacks while also protecting the biometric database

As an example of how to deliver trusted performance, HID Global uses the top-ranked NIST certified MINEX III minutia algorithm to ensure interoperability with industry-standard fingerprint template databases. This interoperability ensures that today’s systems, which are based on much more powerful hardware than in the past, will perform accurate 1:N identification of a full database in less than a second.

Physical access control integration

The first requirement for incorporating biometrics into a physical access control solution is a secure trust platform designed to meet the concerns of accessibility and data protection in a connected environment. The platform should leverage credential technology that employs encryption and a software-based infrastructure to secure trusted identities on any form factor for physical access control, access to IT networks and beyond.

Cryptography prevents any man-in-the-middle attacks while also protecting the biometric database. This system also must encompass remote management of all readers and users, spanning all onboarding as well as template loading and enrolment activities for supported authentication modes.

Biometrics data must be handled like all sensitive and identifying information, and properly architected system designs will always consider and protect against both internal and external threats and attacks
Properly implemented, biometrics solutions with liveness detection also protect privacy – if you can’t use a fake finger, it is meaningless

Other important focus areas include configuration and administration, plus all logs, reports and monitoring.New system architectures and data models have been created to protect personal information and maintain user privacy It should be possible to manage biometric readers as groups or individually over the network, and tools should be available to allow system administrators to manage all configuration settings from time and data to language, security and synchronisation. The system should enable continuous live monitoring of authentication, alerts and system health, and provide a rich set of associated reporting tools.

There are also backend implementation decisions to be made, including how a biometric authentication system will be seamlessly integrated into third-party systems. This is another major pain point of biometric technology. To simplify deployment, application programming interfaces (APIs) should be available for direct integration of the biometrics authentication solution with the access control infrastructure.

Privacy considerations

Properly implemented, biometrics solutions with liveness detection also protect privacy – if you can’t use a fake finger, then even if you did obtain someone’s fingerprint data, it is meaningless. Strong and updatable liveness protection is critical if biometrics are to eliminate the need to use PINs or passwords.Strong and updatable liveness protection is critical if biometrics are to eliminate the need to use PINs or passwords

Biometrics data must be handled like all sensitive and identifying information, and properly architected system designs will always consider and protect against both internal and external threats and attacks. New system architectures and data models have been created to protect personal information and maintain user privacy.

Beyond the encryption of the data itself, there are now many good alternatives available for building highly secure and well protected systems, including the use of multi-factor and even multi-modal authentication to maintain security even if some identifying data is compromised.

Today’s modern fingerprint authentication solutions are on a fast track to deliver a unique combination of ease of use, availability and convenience and higher security to physical access control systems.

With their latest improvements in liveness detection, system architectures, performance and ability to be easily incorporated into access control solutions, they seamlessly combine security and convenience to make them a viable option when accessing a facility, networks and services. These solutions deliver a higher confidence of “who” is being admitted through the building’s front door, where it really matters.

Share with LinkedIn Share with Twitter Share with Facebook Share with Facebook
Download PDF version

Author profile

Wayne Pak Director of Product Marketing, Physical Access Control Solutions, HID Global

In case you missed it

What is the impact of lighting on video performance?
What is the impact of lighting on video performance?

Dark video images contain little or no information about the subject being surveilled. Absence of light can make it difficult to see a face, or to distinguish the color of clothing or of an automobile. Adding light to a scene is one solution, but there are also new technologies that empower modern video cameras to see better in any light. We asked this week’s Expert Panel Roundtable: what impact does lighting have on the performance of video systems?

Alarm.com adapts during pandemic to enable partners to ‘succeed remotely’
Alarm.com adapts during pandemic to enable partners to ‘succeed remotely’

As a cloud-based platform for service providers in the security, smart home and smart business markets, Alarm.com has adapted quickly to changing conditions during the coronavirus pandemic. In the recent dynamic environment, Alarm.com has kept focus on supporting their service provider partners so they can keep local communities protected. “We moved quickly to establish work-from-home protocols to protect our employees and minimise impact on our partners,” says Anne Ferguson, VP of Marketing at Alarm.com. The Customer Operations and Reseller Education (CORE) team has operated without interruption to provide support to partners. Sales teams are utilising webinars and training resources to inform and educate partners about the latest products, tools, and solutions. Alarm.com’s partner tools are essential for remote installations and support of partner accounts. Helping customers remain connected Adapting to challenges of the coronavirus pandemic, Alarm.com is further investing in solutions that help customers remain connected and engaged. The company has created a resource hub called “Succeeding Remotely” that provides tools, tips and news links that partners can use to adapt their business operations. From adjusting sales and installation techniques to maintaining cellular upgrades, Alarm.com is helping partners stay connected to customers remotely, keep their teams trained, and address rapidly evolving customer concerns without rolling trucks.The company has created a resource hub called “Succeeding Remotely “Additionally, after seeing all that our partners are doing to support their local communities in need, we were compelled to highlight those efforts with ongoing videos called Good Connections, which we’re sharing with our partner community to spark more ideas and ways to help,” says Ferguson. “Though our partners have experienced varying degrees of disruption to their business, we’re inspired by their adaptability, ingenuity and resilience,” says Ferguson. “Along with establishing proper safeguards for operating in homes and businesses, our partners are leveraging our support resources more heavily, while our entire staff has worked tirelessly to deliver new, timely resources.” Do-It-Together solutions Alarm.com partners are successfully employing Do-It-Together (DIT) solutions, focusing on 3G-to-LTE upgrades, and pivoting to new verticals like commercial and wellness. Many are also streamlining their business operations and taking advantage of virtual training opportunities to enhance their technicians’ skills and knowledge, says Ferguson. Do-It-Together installs involve depending on customers to perform part or all of the installation process. Partners can send customers fully configured kits with mounting instructions, or technicians may guide customers on a remote video call. Alarm.com’s tools, training and products help partners modify remote installation options depending on each customer’s needs. End users can validate the Alarm.com Smart Gateway with their central station that sensors they have mounted were done correctly using the Alarm.com mobile app Alarm.com Smart Gateway For example, the Alarm.com Smart Gateway can be pre-configured with indoor and outdoor cameras for easy customer installation and to reduce the likelihood of future service calls. Also, end users can validate with their central station that sensors they have mounted were done correctly using the Alarm.com mobile app. “DIT is helping our partners continue onboarding customers and avoid backlogs,” says Ferguson. “We’ve been pleasantly surprised by the resiliency and level of future investment that our residential and commercial partners have shown in the face of adversity,” adds Ferguson. For example, a significant number of business customers have used the slow period to install systems that are typically too disruptive to put in during normal business hours. Similarly, service providers are adopting new technologies or business models, such as cloud-based access control. “They’re often saying to us, ‘I’m going to take this opportunity to make changes to improve our business,’ and have been working closely with us on training and business consulting to support their efforts,“ she says. Shift to the cloud Ferguson sees a growing preference for cloud-managed surveillance and access systems over ones that have historically been run on-premise. The technology itself is attractive, but especially driving change is the enhancement to the daily lives of service providers and customers, which have been strained during this time. “The foundational benefit of our cloud-based solution is the hassle-free, seamless customer experience it delivers,” says Ferguson. “We make this possible by taking ownership of the servers, software maintenance, firmware updates, health monitoring, and more. With cloud technology, these aspects become invisible to the customer and take a lot off their plate, which is more important than ever.” End users can take advantage of Smart Tip video tutorials to help with DIT installations, or they can use the Alarm.com Wellcam to connect with loved ones anywhere.End users can take advantage of Smart Tip video tutorials to help with DIT installations Partners can attend training workshops focused on remote installation tactics, while driving consumer interest in new offerings through Alarm.com’s Customer Connections platform. The goal is to make it simple for partners to stay connected to their customers to maximise lifetime account value. “We are well-positioned to endure the pandemic because of the strength of our partners in their markets along with our investments in technology, hardware and our team,” says Ferguson. “As restrictions slowly lift, there is cautious optimism that the residential, commercial, property management, plumbing/HVAC, builder and other verticals will recover quickly. We believe that as more partners adopt the DIT model and add commercial and wellness RMR, they will find increasing opportunities to deploy security, automation, video, video analytics, access and more throughout their customer base.”

COVID-19 worries boost prospects of touchless biometric systems
COVID-19 worries boost prospects of touchless biometric systems

Spread of the novel coronavirus has jolted awareness of hygiene as it relates to touching surfaces such as keypads. No longer in favour are contact-based modalities including use of personal identification numbers (PINs) and keypads, and the shift has been sudden and long-term. Both customers and manufacturers were taken by surprise by this aspect of the virus’s impact and are therefore scrambling for solutions. Immediate impact of the change includes suspension of time and attendance systems that are touch-based. Some two-factor authentication systems are being downgraded to RFID-only, abandoning the keypad and/or biometric components that contributed to higher security, but are now unacceptable because they involve touching. Touchless biometric systems in demand The trend has translated into a sharp decline in purchase of touch modality and a sharp increase in the demand for touchless systems, says Alex Zarrabi, President of Touchless Biometrics Systems (TBS). Biometrics solutions are being affected unequally, depending on whether they involve touch sensing, he says. Spread of the novel coronavirus has jolted awareness of hygiene as it relates to touching surfaces such as keypads “Users do not want to touch anything anymore,” says Zarrabi. “From our company’s experience, we see it as a huge catalyst for touchless suppliers. We have projects being accelerated for touchless demand and have closed a number of large contracts very fast. I’m sure it’s true for anyone who is supplying touchless solutions.” Biometric systems are also seeing the addition of thermal sensors to measure body temperature in addition to the other sensors driving the system. Fingerscans and hybrid face systems TBS offers 2D and 3D systems, including both fingerscans and hybrid face/iris systems to provide touchless identification at access control points. Contactless and hygienic, the 2D Eye system is a hybrid system that combines the convenience of facial technology with the higher security of iris recognition. The system recognises the face and then detects the iris from the face image and zeros in to scan the iris. The user experiences the system as any other face recognition system. The facial aspect quickens the process, and the iris scan heightens accuracy. TBS also offers the 2D Eye Thermo system that combines face, iris and temperature measurement using a thermal sensor module. TBS's 2D Eye Thermo system combines face, iris and temperature measurement using a thermal sensor module Another TBS system is a 3D Touchless Fingerscan system that provides accuracy and tolerance, anti-spoofing, and is resilient to water, oil, dust and dirt. The 2D+ Multispectral for fingerprints combines 2D sensing with “multispectral” subsurface identification, which is resilient to contaminants and can read fingerprints that are oily, wet, dry or damaged – or even through a latex glove. In addition, the 3D+ system by TBS provides frictionless, no-contact readings even for people going through the system in a queue. The system fills the market gap for consent-based true on-the-fly systems, says Zarrabi. The system captures properties of the hand and has applications in the COVID environment, he says. The higher accuracy and security ratings are suitable for critical infrastructure applications, and there is no contact; the system is fully hygienic. Integration with access control systems Integration of TBS biometrics with a variety of third-party access control systems is easy. A “middleware” subsystem is connected to the network. Readers are connected to the subsystem and also to the corporate access control system. An interface with the TBS subsystem coordinates with the access control system. For example, a thermal camera used as part of the biometric reader can override the green light of the access control system if a high temperature (suggesting COVID-19 infection, for example) is detected. The enrollment process is convenient and flexible and can occur at an enrollment station or at an administration desk. Remote enrollment can also be accomplished using images from a CCTV camera. All templates are encrypted. Remotely enrolled employees can have access to any location they need within minutes. The 3D+ system by TBS provides frictionless, no-contact readings even for people going through the system in a queue Although there are other touchless technologies available, they cannot effectively replace biometrics, says Zarrabi. For example, a centrally managed system that uses a Bluetooth signal from a smart phone could provide convenience, is “touchless,” and could suffice for some sites. However, the system only confirms the presence and “identity” of a smart phone – not the person who should be carrying it. “There has been a lot of curiosity about touchless, but this change is strong, and there is fear of a possible second wave of COVID-19 or a return in two or three years,” says Zarrabi. “We really are seeing customers seriously shifting to touchless.”