A biometrics-embedded tablet can tag a guard upon entering the building & feed videoof what’s happening beyond secure doors as he/she moves through the facility The best way to make the case for biometrics is to consider a physical and logical access control scenario, according to biometrics vendor SRI Identity, a program from SRI International, one biometrics company. With advances in security technology, access control systems have come to play a bigger role in organisational efficiency and strategies. Expanding role of access control systems Imagine an employee sitting at their desk after entering a facility. The organisation can tailor access and information to that employee across all devices and interfaces (access points, laptops, tablets, smartphones) in a way that not only improves security, but also enables the organisation to track time and attendance, manage inventory control, and, in effect, to integrate biometrics into a broader operational system. SRI Identity's (IOM) solutions offer an efficient, fast and non-invasive method of controlling physical and logical access, says Steve Perna, Executive Director, Products and Solutions Division, SRI International. “Enterprises can maintain high security without slowing things down,” he says. Consider the efficiency and productivity gains for a workforce with the use of biometrics. In hourly and shift-based businesses such as retail, hospitality and manufacturing, time and attendance becomes more accurate (no more “buddy punching”) and automated. It also becomes more convenient, eliminating all the extra steps between punching in, recording hours, processing payroll and performing analytics. SRI Identity technology The ability to push information out to the edge based on the individual’s access level, location and other factors is a powerful capability, says Perna. A biometrics-embedded tablet could, for example, tag a guard upon entering the building, and feed video of what’s happening beyond secure doors as he/she moves through the facility to better situational awareness. SRI’s recently launched a biometrics-embedded tablet – equipped with its (IOM) technology – combines the accuracy and convenience of iris biometrics with the functionality and customisation of the Android enterprise computing platform. This enables one device to support workflows including physical access control, time and attendance, inventory control, company messaging as well as addition customisable applications. Today, biometrics are seeing heavy use in mobile devices as well as banking applications, says Robert Fee, Director of sales, access control, Zwipe. Applications have seen the greatest uptick in replacement of passwords and log-ins, specifically in web and mobile based applications. Biometrics, as a form of security, has the potential to replace current forms of security, including physical, logical and web, he says. Therefore, considering the number of physical keys, access cards and credit/debit cards currently in the marketplace, the potential is excessively large. The primary value proposition of using biometrics over traditional security is that itdramatically enhances security by providing two-factor biometric authentication Enhanced security with biometric solutions Fee says the primary value proposition of using biometrics over traditional security (in the case of access control) is that it dramatically enhances security by providing two-factor biometric authentication: your fingerprint. The days of using a PIN for two-factor are gone since PINs can be passed on from employee to employee to non-employee. “The vast majority of electronic access control (EAC) systems in place today authenticate the badge, not the person holding the badge,” says Fee. “Where is the security in that?” Solutions such as Zwipe biometric credentials allow implementation of two-factor authentication without replacing a single reader. No database integration, protection, installation, wiring or maintenance agreements required. It provides more security without any additional steps. Taking the same amount of time to use a biometric product as a traditional PIN-based card or swipe card, a biometric solution will offer greater security and ease of use, according to Zwipe. Zwipe specifically addresses privacy concerns by never storing a person’s fingerprint. The company creates unique templates that, by themselves, have no value other than within a Zwipe-based solution. Plus, the biometric engine within a Zwipe device is independent of the RF transponder that communicates to an external device, such as a physical or logical access reader. There is no biometric data being communicated between a Zwipe device and reader. Zwipe is the biometric reader. Entering physical access control market “We have physical spaces and virtual spaces, and the differences between them are becoming fuzzy,” says Jason Chaikin, President of biometric company Vkansee, which specialises in fingerprint capture for payment, data and other sectors, including physical access control. He notes that biometrics might be used to control an entrance to a building as well as entry into a network on a computer in the building. Additional safeguards can include confirming that a person trying to access a network from a computer in the building is also on record as having entered the building. “It brings together silos of information so we don’t have the weak links we have now,” he says. Chaikin says physical security devices are on his company’s radar. “I think biometrics should be on a lot more doors than they are now. Our new smaller size sensors can add biometrics for an extra $20 or so per door. The ability to locate the sensor safely under glass opens the doors to outdoor applications in a variety of harsh environments.” “People are willing to give a new look to biometrics, but the physical access control market is more conservative, so it will take more time,” says Chaikin. “When you contact companies, they are willing to give it a shot. Agile companies will start adopting new biometrics that work quite well – you will see a quick rampup.”
More fingerprint scanners being embedded into mid-range smart phones willspur the growth in availability of mobile wallets When Apple included a fingerprint scanner on the iPhone, everything changed in the biometrics market. What used to be exotic or even dubious instead became normal and everyday. Any negative connotations about biometrics were wiped away in an instant. “Since the release of Apple’s Touch ID, and subsequent similar products from Samsung and other mobile device manufacturers, we have not seen any negativity; the opposite in fact,” says Robert Fee, Director of Sales, Access Control, Zwipe, whose access product is essentially a small, portable biometric scanner that can fit in your pocket. Mobile payment services driving biometrics adoption Pushing growth in biometrics adoption across all markets is greater adoption of biometric payment services such as Apply Pay and Samsung. A study from Juniper Research, Hampshire, U.K., finds that increased rollout of contactless payment services using fingerprint scanners will push the number of biometrically authenticated transactions to nearly 5 billion by 2019, up from less than 130 million in 2015. At present, there are only two services that use fingerprint scanners for authentication – Apple Pay in the U.S. and U.K. and Samsung in the U.S. and South Korea. However, both services are expected to be launched in several additional markets in 2016, and the convenience of the scanner is likely to make it a primary mechanism for transaction authentication. More fingerprint scanners in mid-range smart phones will spur growth in availability of mobile wallets. Also contributing will be a growing acceptance of contactless infrastructure at the point of sale (POS). Need for biometric data security & user privacy Juniper Research also commented on the need for security of biometric data. “When a password or PIN is hacked, the consumer can simply get a replacement,” says Dr. Windsor Holden, research author of the Juniper Research report. “When biometric data – fingerprint, iris, facial – is stolen, the consumer’s online identity could be irretrievably compromised.” The number of biometrically authenticated transactions will push to nearly 5 billion by 2019, up from less than 130 million in 2015 Biometrics has been ready for “prime time” for five years or more, says Jason Chaikin, President of biometric company Vkansee, which specialises in fingerprint capture for payment, data and other sectors, including physical access control. Apple’s incorporation of biometrics on the iPhone has created a real-life use case and a resulting “buzz” that will open the door to many other biometrics uses, he says. Privacy has been a key point both driving and inhibiting biometrics, he adds. “The issue with privacy is that you are only as strong as your weakest link,” says Chaikin, and security must extend to the every step of the process, from how the biometric is captured to how biometrics are stored and transferred, requiring encryption at every stage. Vkansee miniature optical fingerprint sensor Vkansee has developed a new sensor that could be used on a smart phone or any number of other devices. The smaller 2-millimetre optical fingerprint sensor, in effect, takes a photo of the finger for more accurate and reliable fingerprint authentication. Previously, optical fingerprint sensors such as those used by governments and civil authorities worldwide, have been larger – about 2x2 inches – too big to be used in embedded devices, for example. By miniaturising the familiar technology, Vkansee is paving the way for its greater use in smart phones, computers, tablets, automobiles, and physical access control. The small module can be mounted under a device’s glass screen so it’s not as susceptible to environmental elements. Currently the product is on the third run of pre-production samples; it will go into full production in 2016. In contrast, the capacitive sensors currently embedded in mobile phones and other devices emit a small amount of electricity and then measure how much of it is returned to the sensor – more from ridges in a fingerprint than from valleys – to build a map of the fingerprint. Users must touch the sensor directly. Manufacturers of sensors installed in today’s mobile devices include Fingerprint Cards AB (FPC), Sweden, and Synaptics, Santa Clara, California. Chaikin contends semi-conductor-based technology has reached its limit in terms of resolution, thus the need for an optical sensor that can be embedded in a device. (see bigger image)Vkansee created a fingerprint optical sensor to address the limits met bysemi-conductor-based technology in terms of resolution Vkansee’s new, miniaturised optical sensors are priced comparable to capacitive scanners, and have 2,000 pixel per inch resolution to capture “Level 3 details,” such as sweat pores and the shapes of fingerprint ridges. A byproduct of the greater resolution is to make it more difficult to fool the reader with a molded fake fingerprint. Beginning in 2016, smart phone and other device companies – including electronic access control companies – will be evaluating the Vkansee sensor with an eye toward embedding it into a variety of devices. “As the size of sensor gets smaller, it becomes important to be able to see deeply in the finger to get an accurate identification even on a small sensor,” says Chaikin. Speed, accuracy and convenience SRI International’s latest generation of biometrics products is following the trajectory of the evolution of mobile phones from a single-purpose device to today’s multi-function smart phone. “Just as we now expect smartphones to do a lot more than support voice calling, our offerings are using the speed, accuracy and convenience of biometrics to converge security and operations for enterprise workflows,” says Steve Perna, Executive Director, Products and Solutions Division, SRI International. “In years past, both customers and installers of biometrics were disappointed with the broken promises of what biometric technology could deliver,” says Larry Reed, CEO, ZKAccess. “Yes, today’s sales of biometrics are hampered.” But he adds that biometrics is making a big comeback. Driving the trend is the proliferation of smart phones with built-in finger readers (and soon-to-be face readers), improvements in biometric technology, reduction in the cost of biometrics.
A number of misconceptions exist about the capabilities and technology ofbiometrics, perpetuated in popular culture by films and TV Like many categories in the security marketplace, the biometrics market suffers its share of misconceptions, ranging from misunderstanding of the technology to underestimating its utility for a broad range of uses. Misunderstandings created by pop culture Contributing to the problem of understanding is the popular culture. “Popular movies such as James Bond and Mission Impossible have created many misconceptions and misunderstandings regarding biometrics,” says Robert Fee, Director of Sales, Access Control, Zwipe. “We all see them create perfect copies within minutes, and enter buildings or highly secured areas. If it was that easy, there would not be a multi-billion-dollar-a-year industry.” Another misconception that comes up is that a fingerprint template stored on one device works exactly the same with any other biometric device, says Fee. There is also a misconception that someone can steal and use a digital version of a person’s unique biometric, says Phil Scarfo, VP Worldwide Marketing, Biometrics, HID Global. “Some of the more advanced technologies like multispectral imaging [from HID Global] can identify human tissue as authentic, quickly detect fraudulent materials and respond and adapt to new vulnerabilities with a ‘learning’ capability that keeps up with new threats,” he says. Another misconception is that all biometrics devices and solutions are created equal. “What may be right for a mobile device and consumer application is not sufficient for commercial or enterprise applications,” says Scarfo. While there is the fear by some that biometrics poses a threat to personal privacy or a potential permanent loss of digital identity if it is stolen or compromised, it is far outweighed by the measureable benefits, he says. Ironically, the focus historically has been more on the potential risks rather than the benefits, adds Scarfo. Biometrics binding digital identities to individuals Most people don’t fully appreciate the critical importance of biometrics in an increasingly complex world of digital identities and ever-expanding ecosystem of ID cards, phones and other devices, says Scarfo. Biometrics is the only true means of linking or binding digital identities to the individual, determining who is actually using the system, and verifying whether he or she is a legitimate user for a myriad of new mobile and on-line applications. “The ability to securely link or bind digital identities to ourselves will simplify life and make it more secure,” says Scarfo. “Intelligently coupling what we have with who we are is a much better way forward in today’s complex digital world.” Misconceptions also persist around cost and ease of use, according to Steve Perna, Executive Director, Products and Solutions Division, SRI International. “Today’s biometrics systems are reliable, cost-feasible (particularly from a lifecycle cost perspective), and deliver ease of use,” he says. “Costs are being driven down across all aspects of the biometrics ecosystem, from underlying technologies and platforms to the devices themselves.” As prices reduce, functionality and features improve, and technologies become more mobile, biometrics is becoming an increasingly attractive form of security Misconceptions related to privacy There are also misconceptions related to privacy. People are apprehensive about sharing their biometric information out of fear of how their information can be exploited maliciously, says Arie Melamed Yekel, CMO, FST Biometrics. “However, these concerns are unfounded.” Much of an individual’s biometric information is already available publicly, whether registered through a governmental database, or facial/body/voice images and videos available on public social media profiles, he says. “In fact, entering one’s biometric information into a system such as FST Biometrics’ is much more secure since we take care to encrypt our data and protect our users,” he says. ZKAccess sees a big misconception is that biometric devices capture the actual image of a person’s fingerprint or face when enrolled. This creates a privacy concern for users that their fingerprint/face image can be compromised and subsequently used or shared without their permission, resulting in personal and/or financial harm to them. Biometrics do not capture live images. "Biometrics and fingerprinting are not the same,” says Larry Reed, CEO, ZKAccess. The commonly observed method of “fingerprinting” (seen on television and in hospitals/government facilities) is also known as an AFIS (an Automated Fingerprint Identification System, which uses digital imaging technology to obtain, store and analyse fingerprint data and originally used by the U.S. Federal Bureau of Investigation [FBI] in criminal cases). However, commercial biometric systems do not store/match actual images. Instead, biometric devices capture and store only a few dozen minutia points on the finger or face, apply proprietary mathematical algorithms, and convert those minutia points into binary code (i.e., a series of zeros and ones). “If you were handed a pencil and told to draw someone’s face by using 40 to 50 dots, would anyone recognise the face you drew?” Reed asks. “This is how biometrics capture, store and match templates. Only binary code is used.” Early adopters of fingerprint readers Some misunderstanding of biometrics stems from suboptimal experiences of early adopters of fingerprint readers for access control, says Steve Perna. “But the truth is that, in most cases, organisations didn’t try and abandon biometrics,” he says. “More likely they never adopted it due to stories they heard that impacted public perception. In other cases, higher prices dampened enthusiasm.” However, Perna says these impediments to adoption continue to fade, as prices come down, functionality and features improve, and as biometrics become inherently mobile and can deliver benefits beyond access control, such as time-and-attendance tracking, inventory management and logical access to other applications.
The universe of biometric authentication applications is expanding rapidly invertical markets such as healthcare and retail Once used mostly to secure high-value government facilities, biometrics are now a basic tool used in a variety of vertical markets. This article will look at some of those opportunities. For healthcare organisations, for example, biometric authentication is being used for secure medical dispensing to streamline workflow and control drug diversion, and for securing access to electronic medical records, e-prescriptions, and patient registration. “These are just a few of the many examples of today’s rapidly expanding universe of biometric authentication applications,” says Phil Scarfo, VP Worldwide Marketing, Biometrics, HID Global. “We are seeing the transition of biometrics into broader markets,” says Steve Perna, Executive Director, Products and Solutions Division, SRI International. “By making biometrics easier to use and implement, we see changing public perception and adoption spreading to mass market applications such as financial/banking account access control, personalised healthcare, mobile payments, as well as residential market access control.” Biometrics-embedded tablet devices In terms of market potential going forward, Perna expects to see consumer applications grow substantially because prices are going down, while performance and ease of use are vastly improved. An example of this is increased activity around biometrics-embedded tablet devices, which can provide the mobility and flexibility to be used for numerous applications beyond access control. Tablets are also accelerating the shift of consumer/employee access control from passwords (weak) to iris recognition (strong), while ensuring an individual is accessing information over a network – or a company is providing information to individuals – that only they are entitled to see. “We’re really talking about security in general,” Perna says. “Biometric-embedded tablets can make guard tours easier to track and monitor, and enhance data communications instantly in both directions.” Iris recognition guarantees that the person checking in is the right person at each station. With the SRI tablet, they can access real-time surveillance video or other information as they respond to an incident. For routine maintenance reporting, a broken pipe or burned-out bulb can be recorded on the spot – automatically triggering maintenance processes. These activities are typically conducted, with no authentication, through handheld data loggers and other devices for future download. Performing these functions on one tablet eliminates multiple steps and increases accuracy. Biometrics-enabled tablets and devices provide mobility and flexibility applicationsfor users across multiple markets Perna points to the use of SRI’s biometric computing platform in a warehouse scenario. Warehouse access – as well as any secure areas or cages within – can be controlled by the same device that interfaces with the inventory management system. Picked items could be instantly recorded for a precise audit trail that limits theft. Usually this is done with a combination of cards or PINS, handheld devices, remotely managed systems and even paper pick lists. With the integration of security and businesses processes you know exactly who is at the location and exactly what they’re doing while they’re there. FST Biometrics In-Motion Identification (IMID) FST Biometrics reports the company’s In-Motion Identification (IMID) is being deployed in greater numbers by large corporations and residential buildings to secure facilities that are used by thousands of people daily. However, FST Biometrics’ solutions provide benefits beyond security. The IMID product line also saves time and money, says the company, by shortening the time it takes to enter and exit an access point and eliminating the need for keys and cards – and the replacement costs associated with them. “In addition, we are starting to see FST Biometrics’ solution being used in consumer loyalty programmes as a way to provide better user experiences and services,” says Arie Melamed Yekel, CMO, FST Biometrics. “We believe there is a huge potential in this space for biometrics.” An application that illustrates the use case is a customer who has enrolled in the loyalty programme of a coffee shop chain. Upon entering a location in the chain, the customer’s identity is verified via the IMID system. Without having to present any card, the customer is offered his regular coffee and promotions tailored to his/her preferences and previous purchases. Once the customer makes a purchase, payment is applied to a previously registered account, to which relevant discounts are applied. The company has experienced growing sales and increased interest in the last few years.” The products’ newest generation includes integration with C-Cure by Software House (Tyco), a major physical access control system. In-Motion scanners can also be applied in retail markets to scan customersand access their loyalty scheme account ZKTeco fingerprint readers Hundreds of ZKTeco’s IP68-rated fingerprint readers protect passengers and crew from unauthorised access to hundreds of doors on a few multi-million-dollar super yachts. “We also protect chickens (livestock) from dangerous predators/poachers and environmental conditions that exist if their enclosures are not protected,” says Larry Reed, CEO, ZKAccess. “We protect the homes, parking garages and wine cellars of some rich famous celebrities. And we protect the outhouses (bathrooms) of a campground proprietor wishing to discourage non-paying patrons from using/vandalising the toilets.” ZKTeco has been in business over 20 years and has tens of thousands of customers; therefore, it’s difficult to specify a single solution, says Reed. “In very modest terms, we simply make ‘electric switches’ that only operate once the authorised user first presents for identification their fingerprint, face and/or more recently, their finger vein,” he says. “Our ‘switch’ has been used to control doors, gates, fences, elevators, computer server cages, trash compactors, balers, forklift trucks, medical and gun safes, motorised robots, students’ locks and key locks. Our biometrics are used to control anything that is protected or operated by a low-voltage electric motor. The obvious benefits are improved security, added convenience, and avoidance of regulatory fines.” Call for CIPS-006 compliance There has been strong biometrics demand from organisations required to comply to NERC Critical Infrastructure Protection, specifically CIPS-006: Physical Security of Critical Cyber Assets. The standard specifies two-factor authentication, which typically means, replacing existing readers and running new cabling. Zwipe eliminates that need and locks the card to a single card owner, says Robert Fee, Director of Sales, Access Control, Zwipe. “Zwipe devices cannot be borrowed or loaned to anyone, and issues related to lost or stolen credentials are greatly reduced,” he says. “Plus, if an organisation wants to use a biometric reader with on-reader template storage, that device becomes a critical device requiring additional physical security protection.”