The accuracy of biometrics depends on each biometric’s “degrees of freedom”

Facial and body behavior analytics can identify people “without interfering
with the pace of life”

Biometrics companies throughout the security marketplace are expanding the functionality of their systems for a variety of uses. This article will take a look at what several companies are up to.

SRI International’s identity solutions seek to bring convenience, speed and security to existing workflows. SRI’s Iris on the Move (IOM) biometric systems can add the value of knowing precisely “who” to an organisation’s specific applications – from physical access control and workforce management to logical access to digital content – without altering typical user behaviour or existing workflows. The multimodal systems are deployed globally in a wide variety of environments, including government facilities, corporate and college campuses, construction sites, and mission-critical data centers.

SRI’s IOM biometric solutions deliver the accuracy of iris recognition to many form factors. The systems meet the growing demand for seamless and convenient authentication in markets such as security, transportation and healthcare, according to the company.

Non-invasive biometric identification

FST Biometrics provides identity management solutions that deliver a high level of security “without interfering with the pace of life.” FST Biometrics’ In Motion Identification (IMID) technology uses a fusion of facial recognition and body behaviour analytics to deliver accurate, non-invasive biometric identification of authorised users to facilitate seamless access to entry points.  

Implementing FST Biometrics’ IMID system is not significantly more complicated than a card-based system, according to the company. Both types of systems require equipment to be installed and users to be registered. IMID says it is considerably more accurate than traditional systems, with a standard margin of error of three false accepts per 10,000 entries. The threshold can be adjusted to be more stringent depending on client needs.


HID Global biometric solutions feature liveness detection capabilities that ensure proof of presence by preventing the use of fake fingerprints
HID Global's biometric solutions are used in a variety of applications, including
accessing ATMs, securing access to controlled medicines and medical
records, and securing borders

HID Global’s biometric authentication makes it possible to know with certainty who is performing a transaction. Biometrics is the only authentication factor that can be directly coupled with a person’s unique physical identity and unequivocally validates it, according to the company. HID Biometrics offers this certainty along with greater security and convenience, and no additional complexity for the user. The company’s solutions are used worldwide in a variety of applications, including accessing ATMs, securing access to controlled medicines and medical records, and securing borders. Solutions include sensors and modules that use the company’s patented multispectral imaging technology that improves reliability, performance and security by using multiple sources and types of light. Advanced polarisation techniques extract additional, unique fingerprint characteristics from both the surface and subsurface of the skin. Solutions also feature liveness detection capabilities that ensure proof of presence by preventing the use of fake fingerprints or “spoofs.”

Readers, panels and portable scanners

ZKTeco designs and manufactures a variety of biometric readers and panels, distributed through a global network of resellers. Complementing an RFID product line, ZKTeco’s biometrics product lines consists of 1) stand-alone indoor and outdoor fingerprint readers; 2) access control panels that can store and match fingerprint templates on the panel itself; 3) non-intelligent slave fingerprint readers that merely forward fingerprints to the panel for subsequent matching and door-unlock decisions; and 4) two multi-biometric stand-alone readers— one recognises face and fingerprint, and the other recognises finger-vein and fingerprint. Most models can either be connected directly to a door lock (stand-alone) or they can be connected to a ZKTeco panel (or any third party access control panel) via Wiegand protocol.

Zwipe’s core technology of a low-power, biometric algorithm enables the company to incorporate its product into several form factors, including credentials, credit cards and wearables. Zwipe has taken global leadership in creating unique, low-energy, biometric algorithms, powered by internal battery or by advanced radio frequency energy harvesting technology. Without the need of a battery on board, the product can be implemented in products that previously would not have been able to have a biometric element.


The biometric template data for a Zwipe Access card owner only resides on the Zwipe device, not some external system database that can be hacked into
Zwipe’s portable access control device provides the benefits of biometrics
without needing to change out existing door readers

Zwipe’s access control product is essentially a small, portable biometric scanner that can fit in your pocket. The device provides the benefits of biometrics without needing to change out existing door readers, which saves the customer installation and integration cost that is usually more than the cost of the new reader. The only change is replacing the user’s current credential with the Zwipe Access card.

Zwipe’s ability to utilise the energy from the RF field, be it from POS terminals or any NFC/ISO14443 reader to conduct authentication directly on the batteryless device, has expanded its market reach. Plus, the biometric template data for that card owner only resides on the Zwipe device, not some external system database that can be hacked into or a wall-mounted reader that has hundreds of templates that can be stolen.

Higher “degrees of freedom”, better biometrics

The accuracy of biometrics depends on each biometric’s “degrees of freedom,” says Hoyos Labs. For example, the voice has 5 degrees of freedom; the face provides 20 degrees of freedom, while one fingerprint can provide 30 degrees of freedom. At the higher end of the spectrum, an iris scan can provide 245 degrees of freedom, enabling identification of one person among 10 million. Combining biometrics measures adds to the scope of accuracy. Scanning two eyes provides an iris scan accuracy of more people than the population of the planet. Hoyos Labs has a system that scans four fingerprints to provide 150 degrees of freedom. “The higher the degrees of freedom, the better the biometric,” says Hector Hoyos, CEO of Hoyos Labs, which provides software to enable every major biometric – face, iris, voice and fingerprint – to be captured with a smart phone and applied across a myriad of industries.  

Download PDF version

Author Profile

Larry Anderson Editor, SourceSecurity.com

An experienced journalist and long-time presence in the US security industry, Larry is SourceSecurity.com's eyes and ears in the fast-changing security marketplace, attending industry and corporate events, interviewing security leaders and contributing original editorial content to the site. He leads SourceSecurity.com's team of dedicated editorial and content professionals, guiding the "editorial roadmap" to ensure the site provides the most relevant content for security professionals.

In case you missed it

Has the gap closed between security fiction and security reality?
Has the gap closed between security fiction and security reality?

Among its many uses and benefits, technology is a handy tool in the fantasy world of movie and television thrillers. We all know the scene: a vital plot point depends on having just the right super-duper gadget to locate a suspect or to get past a locked door. In movies and TV, face recognition is more a super power than a technical function. Video footage can be magically enhanced to provide a perfect image of a license plate number. We have all shaken our heads in disbelief, and yet, our industry’s technical capabilities are improving every day. Are we approaching a day when the “enhanced” view of technology in movies and TV is closer to the truth? We asked this week’s Expert Panel Roundtable: How much has the gap closed between the reality of security system capabilities and what you see on TV (or at the movies)?

BCDVideo signs OEM deal with Dell EMC: positive impact for surveillance storage
BCDVideo signs OEM deal with Dell EMC: positive impact for surveillance storage

In a significant move for the video security market, BCDVideo has announced that it is set to become Dell EMC’s OEM partner in the video surveillance space. For nearly a decade, the Chicago-based company has been known as a key OEM partner of Hewlett Packard Enterprise (HPE), providing storage and networking technology to security integrators on a global scale. This latest partnership will allow BCDVideo to take their offerings to the next level. BCDVideo Vice President Tom Larson spoke to SourceSecurity.com to discuss the reasoning behind the deal, and how the programme will benefit partners, integrators, and end-users alike. Expanding BCDVideo's product offering For BCDVideo, the HPE OEM programme has been widely acknowledged as a success, allowing the company to leverage a globally recognised brand and provide high-quality, reliable solutions across video networking and access control. Nevertheless, explains Larson, HPE server solutions are primarily suited to large-scale enterprise projects, and are therefore unable to accommodate for the growth in small- and medium-sized surveillance applications. The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering, building on success in the larger enterprise market to offer tailored solutions to SMEs. Our aim is to look at all best of breed technology to serve the video surveillance marketplace, and that means multiple partnerships” Support for integrators By leveraging Dell EMC’s sophisticated digital storage platforms, BCDVideo will now be able to offer a more cost-effective solution to integrators, without sacrificing the resilience and IT-level service that BCDVideo is known for. With access to Dell EMC’s expansive global sales and technical teams, the company hopes to expand its reach, all-the-while providing partners with around-the-clock technical support and a five-year on-site warranty. Customers should be reassured that BCDVideo will continue to offer HPE platforms, service, and support. “Our aim is to look at all best-of-breed technology to serve the video surveillance marketplace, and that means multiple partnerships,” says Larson.  “The addition of Dell EMC to our portfolio is a major win for BCDVideo, for Dell EMC, and for our integrators.” The global collaboration with Dell EMC will allow BCDVideo to open up a broader product offering Meeting surveillance market demands At the technology level, assures Larson, Dell EMC’s server offering is well suited to handle the increasing video resolution and growing camera count demanded by the surveillance industry. At the larger end of the spectrum, the company’s Isilon Scale-Out NAS solution can handle tens of petabytes of data, making it ideal for large-scale security applications such as city-wide surveillance and airport security. Dell EMC storage solutions are already proving successful at major international airports including Dubai and Abu Dhabi, each with a camera count in the 1000s.Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market” For Dell EMC, the new partnership means the ability to expand on this success in the enterprise market, leveraging BCDVideo’s surveillance expertise and high-level customer service to offer tailored solutions for lower-volume applications. Since its inception, BCDVideo has differentiated itself in the security space by providing a high level of IT service to integrators making the transition to IP systems. By combining resources, the partners will be able to service VMS and analytics companies, software vendors, and access control providers, as well as traditional business integrators. Ken Mills, General Manager Dell EMC Surveillance, explains: “Surveillance storage is not just about capacity, it is also about performance and reliability. Dell EMC and BCDVideo together are ensuring our customers get the right solutions designed for the surveillance market.” Accomodating for growth BCDVideo is well placed to accommodate this anticipated growth. Last year, the company opened a new 51,000-square-foot global headquarters in Illinois, home to 90 separate stations within their Innovation Center where each system is customised according to integrator needs. The new facility allows for expanding business with new and existing partners in the security market.

How to manage physical security data in compliance with EU GDPR
How to manage physical security data in compliance with EU GDPR

Until recently, data laws have differed from one country to the next. This meant that for those organisations conducting business or protecting assets abroad, they needed to localise both their infrastructure and policies dependant on the country they were operating in. However, with the impending arrival of the EU GDPR (General Data Protection Regulation), which comes in to force on the 25th May this year, all of that will need to change. Data management in CCTV surveillance Surprisingly, despite the fact that much has been written about the impending EU GDPR, very little attention has been devoted to the process of ensuring compliance for the operation of video surveillance, access control and other physical security systems. The EU GDPR dictates that businesses adhere to specific governance and accountability standards with regards to the processing of all data. As this includes such a large scope of data, any public or even private organisation using CCTV to monitor publicly-accessible areas must pay attention, as monitoring the public on a large scale is by default considered a high-risk activity. This includes information that shows who a person is, where they are and any other specifics about them.We have seen organisations defining corporate standards for their physical security systems based around IT standards and technologies According to numerous market research studies, many organisations are yet to take the necessary steps in order to review the new regulations and ensure the necessary changes are made to meet these obligations. To date, we have seen organisations defining corporate standards for their physical security systems based around IT standards and technologies. With the implementation deadline of the new regulations fast approaching, these should be in a better state of readiness, with standardised processes, common organisational approach and technology. Enhancing industry awareness of compliance  What’s more, a lot of legacy systems or disparate systems are still out there, and these may still have been entirely commissioned and operated by location-specific security teams. Regardless as to where your organisation stands in terms of technology, it is important to participate in the GDPR review with a greater sense of urgency.  The EU GDPR dictates that businesses adhere to specific governance and accountability standards with regards to the processing of all data Tony Porter, the UK’s Surveillance Camera Commissioner, has been incredibly vocal in recent months with regards to making security system operators aware that their activities will be subject to the GDPR and to signpost them to relevant guidance from the ICO. For those actively seeking to ensure their businesses are compliant, his organisation’s independent third-party certification is a great place to start. However, with just a few months until the regulation comes into force, it is unfortunate that his organisation is not yet in a position to confirm this will be sufficient to demonstrate compliance with the EU GDPR. Ensuring regulatory preparedness With this being said, there are still a number of steps organisations can take to ensure they are well-prepared when the law comes into play: Get involved in the GDPR discussion If you haven’t already, proactively initiate a GDPR discussion with your legal team and ask for their guidance. Conduct a gap analysis to identify what works and what might require improvement in accordance with the new regulation. Then engage your consultants, integrators and manufacturers who should be able to advise on appropriate solutions. In the vast majority of cases, it should be possible to upgrade the existing system rather than ‘rip out and replace’.The appropriate use of encryption and automated privacy tools is a logical step Adopt privacy by design Under the terms of the EU GDPR, data that is anonymised or pseudonymised is likely to be low-risk. The appropriate use of encryption and automated privacy tools is therefore a logical step. For example, video redaction that blurs out people’s faces in video unless there is a legitimate reason to reveal their identity can minimise the dangers of having security cameras deployed in public spaces. Seek out certified and sanctioned organisations, such as the European Privacy Seal group ‘EuroPriSe’, a professional organisation whose purpose is to ensure companies meet the ‘GDPR-ready’ privacy compliance standards. Consider cloud-based services Owners of on-premises video surveillance, access control or ANPR systems are responsible for all aspects of EU GDPR compliance, including securing access to the systems and servers storing the information. However, by working with an approved cloud provider it is possible to offload some of these responsibilities. For example, we partner with Microsoft Azure to offer these systems ‘as a service’. This pathway significantly reduces the customer’s scope of activities required to ensure compliance and is highly cost-effective. Yet it is important to realise it isn’t a full abdication of responsibility. You remain accountable for ensuring data is classified correctly and share responsibility for managing users and end-point devices.  With data laws changing around the world, businesses need to seriously consider how their security technology investments will help them manage risks in order to keep pace. With the GDPR deadline approaching, it is the ideal time to re-evaluate practices, partner with forward-thinking vendors and adopt technologies that will help meet privacy and data protection laws. This way, businesses can minimise risk, avoid costly penalties and be ready for anything.