Accessing and Assessing Biometrics

Anyone accessing highly sensitive areas must be authorized, and there is no better authorization code than a person's biological signature. Although some areas of this technology are still in the development stages, other areas, such as fingerprint readers, have already been widely deployed.

According to Acuity and International Business Group, the total size of the biometrics market in 2009 was between US$2.6 billion and $3.4 billion. Much funding has been placed into the development of biometric technology and it is no surprise since it may become the most failproof method of reading a person's credentials. “The higher the security level is for a site, the more expensive the hardware investment is since the more complex the system will be,” said Vincentius Liong, a veteran security system consultant. “Site security and accuracy are determined, adjusted and fine-tuned based on the asset and people protected, security threats and overall security level and comfort. One of the best ways to do this is by providing access according to the department and authority and by limiting access through customizing the front-end management software. Every department will have its own PC workstation, user name, password and access level authority to monitor and control its area of responsibility through their own PC.”

The use of biometrics such as fingerprint, hand geometry, iris recognition and facial recognition, along with RFID contactless smart cards, is now becoming common in high-security applications, Liong said.

A Unique Key
Each type of biometrics has different benefits and vulnerabilities in terms of cost and performance. The “correct” one is chosen based on the client's system and the level of security required, said Philip Verner, Sales and Marketing Manager for CEM Systems (a Tyco International company). “Fingerprint and iris recognition have proved to be the most popular methodologies of choice.” Issues such as the environment, networkability, ease of use, processing time and vulnerabilities must be assessed when choosing a biometric technology.

“Clients have generally opted for fingerprint as it is relatively low-cost, easy to use and widely available,” Verner continued. "As a more accurate option, iris recognition is chosen by some but has issues such as a higher price per unit and slower speed of authentication. Thus, a fully integrated finger biometric solution is recommended.”

According to Daniel Ong, VP of Certis Technology International, Certis CISCO Security, fingerprint is the preferred form of biometric identification as it is still the cheapest, fastest, most convenient and reliable mode of unique identification. “However, iris and face recognition are rapidly gaining market share,” said Stewart Hefferman, CEO of Omniperception. As markets evolve, vendors are forced to move to commercially available, off-the-shelf components, using open platforms so that the production costs, and more importantly, support and installation costs, are reduced. Standardized interfaces and protocols will equal such cost reductions, Hefferman said.

In spite of such developments, biometric technology still remains unaffordable for certain applications. Only a small percentage of the market is using biometrics — less than 10 percent, Enser said. However, many clients have shown interest; so, efforts are being made to reduce the cost of biometric devices. “Biometrics are being used, starting from small and straightforward access control systems, to foolproof time and attendance for SMBs and other complex and comprehensive applications for critical data centers and other industrial applications,” Liong said.

Currently, however, cards remain the primary access key for physical access control. “Biometrics, specifically fingerprint scanners, are more commonly used as a secondary or alternative security layer,” Ong said. On the other hand, there are instances where biometrics are used as the primary form of identification. Accurate identity authentication through biometrics becomes essential for certain industries where the number of employees is very large, and shift rotation and remuneration are normally calculated by the hour. By being able to use biometrics to schedule shifts, both time and money can be saved by eliminating the hassle of filling out and filing paperwork.

Challanges
Reliability is still an issue of concern and debate. Many believe that the technology has yet to fully mature and has greater error rates compared to other forms of credential verification. In the case of finger and hand scans, common problems in faulty reads are generally due to dirt, oily fingers and fingers with almost no fingerprint. “Different sensor modules such as silicon-based, optical and capacitive, along with the algorithms, provide different performance and reliability,” Liong said. “The environment must be considered. High-traffic, outdoor conditions, electrostatic discharge, impact and scratches, and various contaminants such as sweat, dirt and oil can all affect the results.”

In addition, recognition algorithms can be used to compare credentials with all the templates in the database. “The common practice right now uses a group-matching technique, which groups users and only does print comparisons with templates within that group. The larger the user database, the higher the probability is of acuiring a high false-acceptance rate.” Ong said.

In terms of installations, the most challanging installations take place when the training and knowledge possessed by the installer and/or user are poor. “ Most commercially available products are underpinned by robust R&D, and while this aspect of performance can always be improved, it is generally the simpler things that go wrong. Biometric systems are particularly susceptible to poor user experience if training is poor,” Hefferman said.

The Future
It has been noted that the penetration of biometrics has been somewhat slower than originally forecasted. “This is due to a combination of the recent economic downturn, cost and, particilarly, the complexity of such solutions,” said Timo Jauhiainen, VP of Sales & Marketing, Idesco. “Another likely attenuating factor that we suspect is a rise in privacy concerns over the storing of biometric data. A competitive market itself will continue playing the largest role in differentiating product offerings over the short term as companies seek to leverage advantage in either quality or pricing." As the industry evolves, it is inevitable that growing demands for performance in accuracy, speed, security and convenience will accelerate product differentiation.

Vendors will distinguish themselves by focusing on different types of biometrics, and there are emerging ones such as ear, nose, knee and bone scans. Others will concentrate on specific geographical locations where support and cost of sale can be kept low. “Diversification across geographical and vertical markets is key for survival,” Hefferman said. For many smaller organizations, identifying niche applications and ensuring they add value to the sales proposition are critical in remaining in the game.