Introducing identity control

November 2011 Access Control & Identity Management

Ideco’s Marius Coetzee talks about how identity management is changing.

In an interview with Hi-Tech Security Solutions, Marius Coetzee, CEO of Ideco, outlines the principles of identity control.

As the disciplines of access control and identity management draw closer together, there is an opportunity to combine technologies and expertise from both disciplines in order to create business processes that are faster and more secure. Currently, there is little convergence between major players in the two fields – companies like Novell are not specialists in user-authentication and biometric companies like Morpho are not specialists in identity management.

Coetzee recognises that there is a clear and pressing need to encourage thinking around a new discipline – identity control. As he explains, “At Ideco, we want to encourage interactions that will provide a stronger link between two functions that are often quite separate – how we identify people and how that identity is managed.”

Linking recognition and response

For many years there has been a clear division between these two functions. Coetzee suggests that this division has been reinforced because authentication technologies are completely different to those employed within traditional identity management. And so are the companies that develop and deploy the technologies.

“We are talking about the difference between recognition and response”, says Coetzee. He draws an analogy with the differences between our senses and our thinking.

“We recognise elements around us through our senses. We see them, hear them, touch them and smell them. And we respond accordingly. Of course, the two are deeply interrelated but, as functions, they are utterly different. Our response is a function of our level of competency or the ability to influence or direct behaviour or the course of an event – this is the definition of control.”

In identity-based systems, the link between recognition and response is fundamental. For example, a physical access control system relies on its ability to recognise and respond appropriately, to either grant or deny entry.

Response can also be reactive or proactive. A proactive response will anticipate many other criteria such as potential risks and compliancy criteria before access is granted.

Coetzee says, “The accuracy of the response depends entirely on the accuracy of the recognition. Poor recognition means poor response.”

To illustrate this point, he uses the example of a card-based access system. “A modern card system is 100% effective at recognising cards. Consequently, it will react with 100% accuracy. That is the great strength of such systems. It is also their greatest weakness, they can only recognise cards. The person using the card is irrelevant to these systems. I can use your card and you can use mine. Card recognition is what it is, card recognition.

“The same weakness applies to systems that work with PINs and passwords. They are designed to recognise codes and lack any ability to recognise the person using the code. And yet we still persist in using them as the foundation for most identity management (IdM) solutions out there.”

Bridging the identity gap

Coetzee refers to this disconnect between recognition and response as the identity gap. He points out that many systems are able to manage and track a multitude of activities based on the authorisations that are allocated to system users. “We see high levels of competency in this regard within modern workforce management solutions that not only handle access and time worked, but also govern requirements relating to occupational health and safety.

“In terms of response, modern IdM solutions within IT also deliver high levels of functionality concerning access and activity.”

In any of these systems, it is obviously problematic if user-recognition relies on cards, PINs or passwords. It comes back to the fact that poor recognition leads to poor response. The wider the identity gap becomes, the more control organisations lose. If you cannot recognise users, if you cannot identify people, then you cannot hope to control what they can do.

Obviously, the purpose of an identity-based solution is not to control and manage cards or pins and passwords. Its objective is to manage people such as employees, partners, suppliers, contractors and customers within a set of rules that govern their access and activity.

Coetzee sees fingerprint biometrics as an obvious way to reduce the identity gap because they are so much more effective at recognising people: “The technology allows us to move much closer to achieving the twin goals of identity control: accurate recognition and accurate response.”

“It is this ability that has prompted thousands of SA organisations to replace cards and PINs with fingerprint recognition in order to reinforce the integrity of processes that control access and activity.”

The power of recognition

The benefits of narrowing the identity gap extend far beyond physical access control; the following areas are heavily reliant on recognition:

* Financial transactions: EFTs, payment cards and billing management systems.

* IT systems: managing and monitoring who does what, where and when.

* Licensing systems: motor vehicles and firearms.

* Civil identity solutions: passports, border control and ID documents.

In each of these areas, the process of confirming identity has become increasingly automated and is frequently performed remotely. A consequence of this automation is that the ability to recognise people has been diluted.

“Personal interactions have been replaced by interactions between people and systems. For example, we routinely conduct our financial transactions without dealing with somebody who actually knows and recognises us. Instead we use PINs and passwords and consequently are exposed to the widely-publicised risks of identity fraud.”

Coetzee suggests that competent identity control systems should be able to:

* Accurately recognise the identity.

* Proactively ensure compliance.

* Reliably direct the appropriate response.

* Diligently build audit chains that link identity with activities.

Creating audit chains

A key outcome of recording recognition and response within an identity control system is the ability to produce audit chains that link people with their activities. Coetzee says that the significance of such audit chains is entirely reliant on accurate recognition. He explains, “If we build definitive links between people and their actions, we can simultaneously prevent and deter unauthorised activity within the system.

“Firstly, we can prevent such activity by accurately controlling who can do what. Secondly, a potent deterrent to unauthorised activity is created by recording what they have done. However, if recognition is poor, if the identity gap is wide because the system relies on cards or PINs, then there is a proportionately weak link in the audit chain and we cannot positively connect identities and activities.”


Credit(s)




Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

HID addresses identification challenges at ID4Africa
August 2019 , News, Access Control & Identity Management, Government and Parastatal (Industry)
Being able to verify people’s identities is critical for a nation’s growth and prosperity and yet HID says nearly half of all African citizens can’t prove who they are to vote, travel freely and receive government benefits and services.

Read more...
Came acquires Turkish company Özak
August 2019, CAME BPT South Africa , News, Access Control & Identity Management
Came broadens its market horizons and signals growth and consolidation in the Middle East.

Read more...
The benefits of electronic visitor management
August 2019, Powell Tronics , Access Control & Identity Management, Residential Estate (Industry)
Access control is a critical aspect of estate security as it represents the controls put in place to restrict entry (and possibly exit) along the outer boundary of the location.

Read more...
Addressing risks by means of access control layout and design
August 2019 , Access Control & Identity Management, Security Services & Risk Management
In order to develop a suitable, practical and appropriate security system for any organisation, it is essential to first develop a master security and life safety plan strategy.

Read more...
Secure hands-free access
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry)
Suprema’s facial biometric terminals bring no-touch access into secure residential estates, high-rise apartments and luxury homes providing fast, easy and intuitive user authentication with the added benefit of hygiene.

Read more...
MorphoAccess Sigma Extreme
August 2019, IDEMIA , Products, Access Control & Identity Management
MorphoAccess Sigma Extreme from IDEMIA is a touchscreen device with multiple recognition device interfaces (NFC chip reader, PIN and BioPIN codes, contactless card readers).

Read more...
Outdoor access terminals
August 2019, Suprema , Access Control & Identity Management, Residential Estate (Industry), Products
Rugged, dust- and weather-proof access control solutions that provide exceptional durability in extreme conditions is a strong requirement for many residential estates.

Read more...
MorphoWave Compact
August 2019, IDEMIA , Products, Access Control & Identity Management
The MorphoWave Compact captures and matches four fingerprints on either the right or left hand in any direction. It is robust to environmental factors such as extreme light or dust.

Read more...
MorphoAccess Sigma Lite
August 2019, IDEMIA , Products, Access Control & Identity Management
IDEMIA’s MorphoAccess Sigma Lite and Lite + are fingerprint access control terminals, offering time and attendance in and out function keys.

Read more...
Eliminating forced gate opening scenarios
August 2019, ET Nice , Home Security, Access Control & Identity Management
When activated by the gate forced open alarm feature, the transmitter transmits a wireless alarm signal up to 750 metres in any direction.

Read more...