Choosing the right biometric technology in the new normal

Access & Identity Management Handbook 2021 Access Control & Identity Management

Nowadays, positively identifying an individual requires more than a badge or a PIN. Biometrics, widely acknowledged as the most accurate form of identification, is increasingly incorporated into the security protocols across industries. We explore the various biometric modalities available and review how the market has been impacted by the current pandemic. Furthermore, we share recommendations for successful biometric deployments in this very special context.

When what you have and what you know … are not enough

Multi-factor authentication is very famous in the security industry. It consists of increasing the security level by requiring something you have (a token such as a badge or a card), something you know (a PIN code or password) and/or something you are (your physical attributes like biometrics).

Tokens and PIN codes can be stolen, shared or broken. This is not the case with biometrics. Biometrics are the only means of authentication today which can ensure that, for instance, the person passing through a gate is a genuine employee with actual access rights. Coupled with the right biometric access control technology, all business rules and regulations can be enforced specifically for the person trying to gain access, and depending on the use case: compliance for mining, health check, sobriety check, etc.

Long gone is the time when biometrics were reserved for government agencies. Today, it can benefit everybody, from companies to gated communities.

Which biometrics?

Biometric data are extracted from a human body part (a face, a finger or an iris) through the isolation of multiple reference points converted via an algorithm into a digital record (‘template’). This template is stored in the biometric device or on a server, and used as the reference for comparison with data extracted by the device each time an individual requests access. Once the two data sets match, the individual gains access.

So, how do we select the appropriate biometrics to meet our needs?

Adoption/acceptance: The chosen type of biometric modality (facial, iris, fingerprints) depends on the use case’s security requirements and preferences, but can also be influenced by cultural habits, beliefs, or others.

Accuracy: With biometrics, trust is paramount. Users must trust and be confident that the system can positively identify them every time, all the time. It must be true whether one person or 10 000 people use the system, but it must also be true if using the system for verification (1:1) or for identification (1:n). The difference between verification and identification is simple but the complexity is exponential.

Verification happens when someone presents a token (card or badge) which is associated to a biometric template. In this case, the system will test the biometric data presented against the biometric template linked to the token number. With identification, no token is involved. The algorithm must determine if the person in front of the reader is indeed allowed or not. Identification is much more complicated and requires some specific expertise.

Anti-spoofing: Biometric equipment installed to provide a high level of access security must not be easily manipulated. It must therefore use efficient anti-spoofing hardware and software mechanisms, like false finger detection for a fingerprint reader and 3D/infrared cameras and image processing for facial recognition devices.

Algorithms: Together with hardware components like the sensor for a fingerprint device or cameras for facial recognition, algorithms provide the processing power and speed. We recommend selecting products from vendors that develop their own algorithms and that rank high in the very stringent NIS[1] evaluations.

Speed: High-speed processing is key for efficient operations, from an office building to a residential estate. The appropriate systems must offer throughput of at least 30 users per minute per device to provide fluidity and avoid queues. It is paramount when a large number of people need to get access or leave a site as quickly as possible (whether it be a 1000-person shift or resident(s) entering a community by car).

End-user convenience: This is key for user adoption. If users have trouble using a system or struggle to be identified first time, they will resist its use. This also includes changing conditions throughout the day. When a system functions identically with various light conditions, it saves much frustration for users.

Enrolment: This is a key process whereby user biometric features are first captured for subsequent authentications. This needs to be secure and frictionless.

Deployment: The bulk of the cost of deployment usually comes from integration with your existing PACS (physical access control systems) and doors, turnstiles, speed gates, etc. Therefore, to reduce deployment hazards leading to increased project complexity and costs, it is advisable to select vendors integrated with mainstream PACS and hardware providers and with a proven record of successful implementation.

OPEX: As with other systems, the TCO (total cost of ownership) and ROI (return on investment) have to be considered rather than the initial capital investment only. The TCO is impacted by criteria such as quality and reliability. Selecting vendors with field-proven experience and a strong support, maintenance and repair network is paramount for efficient support when needed.

Biometrics and the #newnormal

With concerns surrounding contamination from surfaces, contactless biometrics have gained traction in the #newnormal.

Facial recognition is a natural alternative that comes to mind, but the emergence of facial mask requirements, which cover part of the nose and the entire mouth and chin areas, poses a new challenge for facial recognition devices. Technology companies are currently re-training algorithms to take this new constraint into account and improve performances.

Iris capture devices that by definition only scan the users’ irises are not impacted by this constraint, but they have other drawbacks in terms of speed and throughput capabilities, as well as a less favourable user perception, that limits them to specific use cases (for instance surgery rooms or laboratories).

Contactless fingerprint capture devices are a very efficient alternative. There are various options on the market, with the IDEMIA MorphoWave Compact being one. 3D images of four fingerprints are captured in a quick and fully touchless hand movement above the sensor. This innovative technology is already widespread, as it can provide high throughput, is very accurate and enables immediate user adoption. It is currently the preferred solution for real estate complexes in South Africa.

With COVID-19, we experienced a notable demand increase for contactless biometric readers like MorphoWave that scans and verifies four fingerprints in less than a second through a fully touchless hand movement, and VisionPass, the 2020 SIA Award-winning facial recognition device, designed with clients and users and that features a 2D+3D+infrared camera set and advanced anti-spoofing mechanisms.

[1]National Institute of Standards and Technology


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Gallagher Security releases Command Centre v9
Gallagher News & Events Access Control & Identity Management Integrated Solutions
Richer features, greater integrations, with the release of Gallagher Security’s Command Centre v9 security site management software designed to integrate seamlessly with various systems and hardware.

Paxton’s Net2 secures medicinal cannabis facility
Paxton Access Control & Identity Management Healthcare (Industry) Videos
Paxton’s Net2 access control has been installed at Highlands Grow, a fully licensed industrial-scale cultivator, producing cannabis for medicinal and recreational use.

Lock down your access control with Alcatraz AI
C3 Shared Services Healthcare (Industry) Access Control & Identity Management AI & Data Analytics
Alcatraz AI, represented in South Africa by C3 Shared Services, changes access control by harnessing the power of artificial intelligence and analytics at the edge, where facial recognition becomes the essential credential autonomously.

Effective access control
Flow Systems Access Control & Identity Management Products & Solutions
Flow Systems has introduced its new Extra Heavy Duty Industrial Rising Vehicle Barrier, which provides a high level of protection. It is a traditional-looking control barrier with the benefits of high-level physical protection.

Newport Aquarium replaces traditional locks and keys
Paxton Access Control & Identity Management Entertainment and Hospitality (Industry)
Newport Aquarium wanted to replace its old security system with an easy-to-use and high-security access control solution to keep the animals, visitors, and staff safe. The solution was Net2, a PC-based access control system that offers centralised administration.

Securing easy access
Suprema neaMetrics Access Control & Identity Management
Securing access to hospitals and healthcare institutions presents a unique set of challenges, because these facilities operate 24/7, have highly ‘open’ access in public areas and require a strict level of security.

Reliable mass notification
Access Control & Identity Management
The use of voice alarm and voice evacuation systems within the healthcare industry ensures a safer and more reassuring environment in the event of an emergency.

Protecting our most vulnerable
Access Control & Identity Management
In a nation grappling with the distressing rise in child kidnappings, the need for innovative solutions to protect our infants has never been more critical. South Africa finds itself in the throes of a child abduction pandemic.

New generation of cyber-focused controllers
Gallagher News & Events Access Control & Identity Management Products & Solutions
The C7000 gives users an opportunity to leverage their hardware and firmware to build a platform designed to catapult their organisation into the future, with cybersecurity baked in from inception.

New T&A terminal features revolutionary AI technology
Suprema News & Events Access Control & Identity Management AI & Data Analytics
Suprema has launched BioStation 2a, the world’s first deep learning-based fingerprint recognition solution, providing powerful access control features and an improved ability to extract templates from low-quality fingerprints.