printer friendly version

Contactless identification

‘Hands-free’ technologies have existed for some time, but the onset of the COVID-19 pandemic has renewed – actually, supercharged – interest in contactless identification devices for access control and similar needs. It’s pretty clear why: in the past, contactless technologies may well have been considered a convenience item, or a luxury item. Today, they are being recognised as a critical health and safety item that can quite literally save lives. That’s quite a status upgrade!

At the same time, contactless technologies, and contactless biometric technologies in particular, have made tremendous progress both in terms of capabilities and accuracy in their ability to perform identity confirmation. This makes them ideal for use in access control systems, time and attendance systems, and similar applications where fast, touch-free identity confirmation would be preferred, cutting down the chances of contagious disease transfer.

Here’s an overview guide to two of the best available contactless identity confirmation technologies, along with some tips on choosing the right one for your needs.

Facial recognition

The conversation has to start with facial recognition. For the purposes of access control, time and attendance, and similar applications, facial recognition is an automated system that compares a detected face, presented for identification, with a stored set of authorised facial data. These systems cannot detect the identity of people that are not registered in the system. If a match is found, then the facial recognition system reports that match to whatever systems it is integrated with.

Facial recognition technology has come a long way since it first came to market several years ago and has become more familiar to general populations by being built into smartphones and other consumer and business products. Sensor and software advancements have dramatically improved both the performance and accuracy of facial recognition, while bringing the cost down to a range where it can be deployed for general access and security purposes.

Here are a few core characteristics that you should look for when evaluating facial recognition readers.

Sufficient built-in lighting: Most facial recognition devices make use of infrared (IR) LEDs to illuminate presented faces, but low IR illumination can be washed out in ambient conditions with bright light, such as near windows. Be sure the device under consideration has sufficient IR illumination to function in the brightest light at the intended location.

Complex pixel intensity analysis: Two-dimensional pixel analysis can perform poorly in conditions where shadows or ultraviolet light components are present. Better systems make use of three-dimensional pixel intensity distribution analysis to improve recognition accuracy.

Appropriate ergonomics: Make sure the device under consideration can be mounted or adjusted in such a way as to allow for all potential users to present themselves without unnecessary stooping or other contortions.

Performance: Devices must have the performance to make match/no-match determinations quickly to maintain sufficient entry/egress traffic.

Sufficient processing power and memory: While the above point depends in part on embedded processing power, the best devices have processing and storage overhead so that future enhancements can be implemented without replacing the devices.

Options for dual-factor authentication: For a higher level of security, implementing two-factor authentication provides powerful benefits. Look for a system that has options for supplemental no-touch identification methods, such as RFID proximity cards or smartphone mobile access.

Mobile access

One exciting non-contact identity confirmation technology that is gaining traction is the use of smartphones as credentials. With this technology, a person wanting access brings their smartphone into close proximity with the reader. A non-contact wireless link is recognised, and access is granted to authorised staff. A fairly short operating distance, typically 10 centimetres or so, prevents unintentional triggering.

At first glance, the use of smartphones as credentials may seem to be similar to the use of proximity access cards, and in some senses it is. Identification is made on the basis of something you have – but there are important differences. First, staff tend to track and guard their phones very carefully, so not only would a misplaced phone be recognised quickly, but there are built-in features for many phones that would allow for quick location and retrieval.

Second, the communication between the phone and the reader is more secure than card formats such as RFID, so it is difficult or impossible for someone to intercept or steal the access data. Organisations like these have advantages, and when the cost of access cards can also be eliminated, the choice to shift to mobile access is easy.

Here are a few core characteristics that you should look for when evaluating mobile access systems.

Multi-format capabilities: Smartphone feature sets vary, but every current phone incorporates NFC (Near Field Communication), BLE (Bluetooth Low Energy), or both. Make sure any system being considered is compatible with both of these common wireless protocols.

Remote credential delivery: With today’s distributed and mobile workforce, the security or facilities manager may not be in the same location as every staff member. Look for a system that has a provision for remotely delivering access credentials to the phones.

Background mode: Some of the benefits of a hands-free identity confirmation system are lost if the users have to locate, wake up, and unlock their phones. Look for a system that can support a ‘background mode’ that allows for access credentials without the need to wake up the phone.

Encryption: It is also vitally important to ensure that all data is encrypted throughout the process of issuing, using, and making changes to access credential authorities to maintain organisational security. For any system under consideration, look for an independent auditing agency certification that the system has been reviewed, tested, and is in compliance with applicable information security standards, such as ISO 27001.

Share this article:

Further reading: