Biometric Basics

Dec. 1, 2015
Biometric-based access control readers can be used in stand-alone or in conjunction with a proximity card, smart card, or a unique PIN

The word “biometrics” pertains to the use of physical, biological characteristics as a means of identifying people. Common physical attributes that often are employed for this purpose include fingerprints, finger vein patterns, palm geometry, facial recognition, retina and iris, voice, and others.

In time the list will likely include genetic identifiers, which will be even more secure and fault free than the technologies now in place in the biometric access control market. In this regard, it’s important to note that biometrics does not provide 100 percent results in terms of accuracy. But the industry as a whole has found ways to compensate for this that actually creates a powerful identity tool for physical security purposes (see sidebar 1 for further information on the issue of errors).

In this story we'll discuss the basic premise behind biometric access control, we'll look at the technologies that serve fingerprint analysis and hand geometry, and we'll look at a handful of biometric access control readers now on the market and the systems that serve them.

In a typical biometric access control system, a sample of each user's chosen biological trait is captured and then converted into a data template using a mathematical algorithm. In some systems a backup template also is acquired while in others only one is sufficient. Templates are saved in the reader; an on-site host computer;’ a Cloud-based processing system (if one is used); and a credential, such as a smart card.

The system compares the user's real-time finger or hand print to the template. At the time of enrollment, or at a subsequent time, information on the user will be utilized to determine “if” the biometric credential is valid, “which” door(s) he/she is permitted to enter, and “on” which days of the week and time of day they are authorized to access the facility.

System architecture usually consists of a head-end host computer as well as individual access controllers. These controllers are designed to accommodate at least two access readers at one or two doors, also called “portals.” They commonly contain all the necessary I/O’s (Inputs/Outputs) to monitor doors, receive and process REX (Request to Exist) requests, determine identity, and release doors and gates.

Biometric-based access control readers can be used in stand-alone or in conjunction with a conventional means of personal identification for verification and authentication. Examples include a proximity card, smart card, or a unique PIN (Personal Identification Number) in conjunction with a traditional keypad.

Two readers at a single door are common in some applications where one is placed inside the portal and the other outside. This arrangement allows the access control system to track users as they enter and leave the premises. The result is an accurate, real-time accounting of everyone inside the facility at any moment of the day, which is a valuable tool to have during an evacuation, if and when one should become necessary. This also is ideal when it comes to creating an accurate audit trail of all events that take place in the system. It also makes it possible to perform a time-and-attendance function so employees do not have to manually ring in and out of a time clock.

Biometric Identifiers

Fingers and hands are perhaps the predominant means used to determine the identity of people as they come and go from tool rooms, computer rooms, utility rooms, entire commercial buildings, government facilities, and other secure areas. According to the The International Biometric Foundation (IBF), “Hand Geometry and fingerprint are the two most widely used technologies in access control applications.” For this reason we’ll restrict our discussion to biometric technologies with an emphasis on fingers and the hand.

The popularity of fingerprint identification relates to the fact that law enforcement long ago began developing the technology, which means it’s a dependable, stable means of determining individual identity. Most fingerprint readers effectively map the finger, extracting 30 or more minutiae thereon, of which only as few as 10 have to match to declare access.

Minutiae is not the only method used in fingerprint identification. “Instead of using minutiae, some systems perform matches on the basis of the overall ridge pattern of the fingerprint. This is called global matching, correlation, or simply image multiplication or image subtraction,” says Lawrence O'Gorman, of Veridicom Inc., Chatham, NJ; author of 2 Fingerprint Verification.

 Modern systems commonly use an optical or solid-state imager of some kind that captures the unique essence of an individual's fingerprint, storing it as a data template.

 “There are two primary approaches to capturing the image, optical and silicon-based sensors that measure capacitance. The two most widely used methods for comparing the captured image are pattern and minutia based” (Understanding Error Rates in Biometric Access Control, IBF, Haverhill, Suffolk, United Kingdom).

"HID Global has a unique fingerprint sensor that operates based on a multi-spectral imaging technology," says Bill Spence, vice president of sales, Biometrics, with HID. "We're able to dial out the negative effects of age, dirt, finger pressure, and common environmental conditions that can often be problematic in capturing a clear, concise image of the user's finger."

Hand geometry is another means of determining the identity of a user requesting access to a facility. This type of reader performs this task by examining more than 96 measurements related to the user's hand. This includes the shape and size of the hand as well as the length, width, and height of the user's fingers. Not all the measurements have to match in order to declare a user is valid to unlock the door. The threshold of identification can be varied up or down in order to improve detection of unauthorized individuals while allowing valid users to pass unimpeded (see sidebar). This also applies to fingerprint analysis.

No matter which flavor of biometric identification you select, there’s a learning curve, one that anyone can master. The only way to do this, however, is to dig in and make it happen. You may want to start with the products and manufacturers listed below.

The following products involve the use of fingerprints and hand geometry. Each one is manufactured by a highly respected company in the physical security market. Use the links provided to get more information on the biometric readers of your choice.

HandKeyII 

The HandKeyII biometric hand geometry reader made by Allegion, a Schlage company, provides increased security when identifying users by employing the size and shape of the human hand. The open-architecture of the HandKey system allows for integration with almost any access control system that uses the Wiegand data protocol for communications over 802.11 (WiFi), Ethernet, RS485, or RS422. Allegion's HandKey product can be used in standalone or in a multi-door access control network and will accommodate from 512 to 191,488 users.

According to Allegion, “Hand Geometry is a robust, industrial biometric that has been trusted to secure a wide variety of applications at various security levels: critical facilities like data centers and transportation hubs, healthcare facilities, financial institutions, education installations from dorm rooms to athletic facilities and of course various commercial buildings.”  

For more information, go to: http://bit.ly/1QPkLHr.

CV-940 Fingerprint Reader

The CV-940 is a biometric fingerprint reader made by Camden Door Controls of Mississauga, Ontario, Canada. It will accommodate standalone as well as network integration. It comes equipped with a biometric fingerprint sensor and can be configured for two-factor access using either a proximity card reader or keypad. The two-factor approach adds a heightened degree of security. The CV-940 will store up to 9,500 fingerprint templates inside the reader’s memory.

 “You can order the fingerprint reader alone (CV-940) or in combination with keypad or proximity reader,” says David Price, marketing manager with Camden Door Controls of Mississauga, Ontario, Canada. “The networkable version uses the Wiegand protocol to communicate with a centralized access control system whereas in stand-alone mode relays are used to lock/unlock doors and perform other duties. We believe the technology behind the CV-900 is proven and stable enough to be used independent of other access devices.” For more information, go to: http://bit.ly/1KmxrQE

Zodiac iClass II

The Zodiac iClass II fingerprint reader by Cansec of Mississauga, Ontario, Canada offers heightened security by utilizing a 16-bit iClass credential with a fingerprint scanner. If the fingerprint template matches the one captured in real time, and if the template  is associated with the iClass credential, the Zodiac iClass II will unlock the door to allow the individual to enter. The reader uses the Wiegand data protocol which means it can be used on almost any access control system on the market. In terms of number of users, because fingerprint templates are stored on the smart card that accompanies the user, the Zodia iClass II will accommodate an unlimited number of individuals.

According to Cansec, “The reader compares the live fingerprint scan to the template stored on the credential. If they match, the Wiegand data on the credential is sent to the access control system where it is processed just as if it came from a normal  prox reader.”  For more information, go to: http://bit.ly/1KmxuvV.

SID220 Finger Access Control Reader

The SID220 fingerprint access control reader manufactured by SekurID was designed for low to medium traffic indoor environments. The multi-spectral fingerprint imaging sensor works where other competing conventional technologies fail. The SD220, along with its accompanying controller, will accommodate up to 10,000 users.

According to Marco Quintero, CEO with SekureID Corp. a partner of HID Global, “The SID220 uses multiple wavelengths of light to capture an image of both external fingerprints and identical “internal fingerprints,” which is the foundational capillary bed. Unlike conventional fingerprint technologies used in most access control readers today, the SID 220 performs under a variety of conditions including wet, dirty, dry, moisture and bright ambient light. Best of all, the SID220 authenticates even if the external print is damaged or obscured.”

For more information, go to: http://bit.ly/1jUqIbl.