What is Biometric Access Control?
The word Biometric is made up of two separate words, bio meaning biological, and metrics meaning measurements. Put more simply, biometrics are biological measurements. This means they are used mainly in identification and as a powerful form of access control. Fingerprints, facial measurements, vein patterns and much more are all characteristics that belong to you and ONLY you, making biometric access control systems an extremely powerful form of security. In sciency/techy terms, biometrics is the measurement and statistical analysis of people’s physical and behavioural characteristics.
There are two types of biometric identifiers:
- Physiological Characteristics: The shape or composition of the body. Examples include; fingerprints; DNA; face, hand, retina or ear features; and odour.
- Behavioural Characteristics: The behaviours of a person. Examples include; typing rhythm; Gait; gestures; and voice.
The technology in this industry is constantly advancing and making giant leaps forward in terms of the future of security. Scientists, right now, are currently looking into advancing biometric access control systems by looking into the following:
- Brainwave signals – Our brainwaves are individualized and unique which means they could work like our fingerprints.
- Electronic tattoos – Companies like Motorola have already developed this to a certain degree. It consists of a small barcode tattoo and an authentication pill you need to take daily for it.
- Password pill – A microchip powered by the acid present in the stomach. Once swallowed it would create a unique ID radio signal that can be sensed from outside the skin, turning the body into a password
The difference between biometric authentication and biometric identification is that authorisation involves matching one submitted biometric feature to a specifically authorised template. Identification, rather than looking to issue a positive credential, is the aim to simply find a match within a database. For example, the police taking fingerprints in order to find criminals and those associated with criminals. Gaining/requesting access is biometric authentication whereas discovering something about a scanned individual is identification. One main thought people have about biometric systems is that they’re easily broken into (Just think back to James Bond breaking into a safe with a stolen fingerprint and fake retina contact lens), whereas in reality these feats are near impossible with decent well-made systems. If you buy cheap, poorly made systems then they are bound to have flaws and be easily broken into. So avoid buying cheaply made systems for your security! Check out one of the leading security experts in Pretoria!
Which Biometric Access Control Systems Are Available?
There are lots of biometric systems in use and development today! From visual biometrics like fingerprint recognition to behavioural biometrics like Gait.
Here’s a quick list of the various biometric access control systems you can find today and you might hear about in development:
- DNA Matching (Chemical Biometric): The identification of an individual using the analysis of segments from DNA.
- Ear (Visual Biometric): The identification of an individual using the shape of their ear.
- Retina Recognition (Visual Biometric): The use of pattern of veins in the back of the eye to accomplish recognition.
- Iris Recognition (Visual Biometric): A more accurate and advanced version of retina recognition, it uses the features found in the iris to identify an individual.
- Facial Recognition (Visual Biometric): The analysis of facial features or pattern for the authentication or recognition of an individual’s identity.
- Fingerprint Recognition (Visual Biometric): The use of the ridges and valleys (minutiae) found on the surface tips of a human finger to identify an individual.
- Finger Geometry Recognition (Visual/Spatial Biometrics): The use of 3D geometry of the finger to determine identity.
- Gait (Behavioural Biometrics): The use of an individual’s walking style or gait to determine identity.
- Hand Geometry Recognition (Visual/Spatial Biometrics): The use of the geometric features of the hand such as the length of fingers and the width of the hand to identify an individual.
- Odour (Olfactory Biometrics): The use of an individual’s odour to determine identity.
- Signature Recognition (Visual/Behavioural Biometrics): The authentication of an individual by the analysis of handwriting style; in particular the signature. “There are two key types of digital handwritten signature authentication; Static and Dynamic.
Static is most often a visual comparison between one scanned signature and another scanned signature, or a scanned signature against an ink signature. There is technology available to check two scanned signatures using advanced algorithms.
Dynamic is becoming more popular as ceremony data is captured along with the X, Y, T and P Coordinates of the signor from the signing device. This data can be utilised in a court of law using digital forensic examination tools, and to create a biometric template from which dynamic signatures can be authenticated either at the time of signing or post signing and as triggers in workflow processes.
- Typing Recognition (Behavioural Biometrics): The use of the unique characteristics of a person’s typing for establishing identity.
- Vein Recognition (Visual Biometrics): The use of vein patterns in a person’s finger or palm used to identify an individual.
- Speaker Authentication & Identification (Auditory Biometrics): Speaker Authentication is the use of the voice as a method of determining the identity of a speaker for access control. Speaker Identification is the task of determining an unknown speaker’s identity.
Note: There IS a difference between speaker recognition (recognising who is speaking) and speech recognition (recognising what is being said). Voice Recognition is also confused; voice recognition a synonym for speaker recognition.
The main uses/applications of Biometric Access Control Systems
Biometrics are used for two things; Identification (Identifying an individual – Compares one too many in a database) and Authentication (Verification that an individual is who they say they are – Compares one to one). Biometric systems are slowly becoming part of our everyday lives, they’ve slowly found their way into many things we use and will continue to do so due to their accuracy in identification and authentication of individuals. Some of the main uses and applications of biometrics are as follows:
- Security: Old and outdated security methods are now becoming too easily hacked and are no longer strong enough to protect what’s important to us. Biometric systems are now becoming much more easily accessible and are finding applications in every role of security; protecting your phone with a fingerprint rather than pin/password, unlocking your doors at home, opening high-security gates and even opening your car! The security applications are almost endless.
- Border Control/Airports: Airports and Border control often come into contact with people who are not legally there. This can be in the form of security risks at airports to attempting to illegally cross a border. The application of biometric systems at the border is making crossing borders easier and more automated than ever. eGates and kiosks are helping to make the international experience of travelling easier for passengers.
- Finance: The use of biometrics in the finance industry is huge! Biometrics can really benefit financial transactions. Banking and finance are often the targets of major fraud plots, with people managing to access and complete transactions without much security stopping them other than a phone call from the bank. With the implication of biometrics in mobile and online payments, it’s now tougher for fraudsters than ever. This is obviously welcomed by the consumer when it comes to buying goods online and keeping their hard-earned cash safe.
- Fingerprint Locks: If you have something to protect then you usually put a lock on it, requiring a key, pass card or password to gain access; however, there’s a problem with that because keys, passwords and key cards are easily misplaced and lost! So with biometrics this is avoided because the key to your possessions is no longer what you have, it’s what you are! Your fingerprint is unique to you and therefore can never lose your ‘key’ again.
- Mobiles: This application is simple and has been around for quite some time now. If you have the latest smartphones then you probably have a fingerprint lockset, this means that your unique fingerprint (or anyone whose fingerprint you choose to set) is the only key to accessing your phone.
- Justice/Law/Forensics: The use of biometrics has been used in law for years. Fingerprints are kept by police, FBI and just about all law enforcement agencies. All of these are kept in a database and known offenders can be easily identified using just their finger. Some law enforcement also keeps records of DNA and even voice clips. All of this plays a huge part in keeping the public safe and tracking down wanted persons.
- Time/Attendance: Possibly everyone’s least favourite use for biometrics is the tracking of time and attendance (Unless you’re the boss). Biometric time and attendance technology has been brought into many workplaces to keep track of people entering and leaving the building. Punch cards were once the way to keep track of who was where and at what time but truant workers could always hand these to friends and get away with unearned wages. This also increased efficiency within the workplace because all time is recorded accurately and leaves managers to deal with more pressing matters than the 20 minutes extra someone took at lunch.
How Do Biometric Systems Work?
The idea behind biometric access controls sounds more complicated than it really is. Biometrics is essentially just a comparison. Whether the comparison is visible, invisible or behavioural, biometric authentication technology centres around the capture of a measurement and comparing it to a previously derived string of numbers, called a template. A template isn’t a whole image but instead is a code that describes certain unique features of said image within the context of a specific biometric technology. When a biometric is initially scanned into a system, a template is derived and stored either on a server behind a firewall or on a secure element on a device (like a phone), this is known as “enrollment”. After enrollment, any time a biometric is scanned into a system in a request to gain access, the measurement of the presented biometrics are compared to those already stored in the template. If there is a match, access is granted, if there isn’t then access is denied. It’s really that simple!
How Accurate Are Biometric Access Control Systems?
The accuracy and cost of biometric systems have, until recently, been one of the limiting factors in the adoption of biometric authentication solutions. However, the presence of a high-quality camera, microphones and fingerprint reader in many of today’s mobile devices means biometrics is likely to become a considerably more common method of authenticating users. The quality of biometric readers is improving all the time, but they can still produce false negatives and false positives. One problem with fingerprint biometrics is that people inadvertently leave their fingerprints on many surfaces they touch (You and I are doing so right now…), and it’s fairly easy to copy them and create a replica in silicone (Although fooling the scanner is near impossible unless you have a cheap version). People also leave tons of DNA everywhere they go and someone’s voice is easily captured via a recording. Dynamic biometrics like gestures and facial expressions can change but they can be captured by an HD camera and copied. Vein Recognition is a fairly accurate and safe method due to your veins being contained internally and not being transferred to surfaces via touch or captured via camera or recording. Biometrics, however, are a much safer and better alternative to passwords. A recent study by Ars Technica found that a password, no matter how ‘random’ can be broken quite easily. Ars Technica asked hackers to try and guess/break over 15,000 passwords, some of these were 16-characters (one was even as random as ‘qeadzcwrsfxv1331 – Which when you look at it and then your keyboard isn’t all that random). One hacker from the experiment was even able to crack 90% of 16,449 hashed passwords in under an hour!
What are the advantages of Biometric Access Control Systems?
Biometric systems are one of the safest and most secure identification and authentication security solutions around. This is a result of the many advantages they bring to everyday life, including security and ease of access (for those that should be gaining access). Some of the advantages of biometrics are:
- Security: Since biometric characteristics can’t be lost and are quite hard to steal and replicate, biometric systems offer a higher degree of security than typical authentication methods, such as passwords and passcards. Also biometric systems allow you to install two-step systems; these require two biometric characteristics to gain authorisation/access.
- Accountability: Since biometric characteristics can’t be shared with others, you can keep accurate logs of who has done what within a system, this is due to passwords being shareable and so the true identity of a user is not known, whereas biometric characteristics are unique to each person.
- Convenience: Biometric systems are convenient in environments where access privileges are required. Traditionally, in many authentication environments, a user may have multiple passwords. In the case of using biometrics, all of these passwords can be forgotten and you can use one biometric method instead.
- Justifiable Costs: The costs of a biometric system are difficult to estimate – this is due to the basic differences between systems as well as the technologies of the property. Many companies offer customisation, scalability and enrollment management. If you still think the costs are too much, just think about the flaws in your current system. All it takes is someone to lose a key, card or just a slip of the tongue and someone else can gain access. All of this can be avoided with biometric systems.
- Privacy: Many people aren’t confident when it comes to enrolling in a biometric system. This is usually because they’ve seen too many spy movies, where the system is hacked in a matter of 2.5 seconds and then their fingerprints are there for the taking. But this is unrealistic and has already been disproven because biometric systems have been used in the military, high-security bases/prisons and government buildings without breaches or hacks.
- Identification Is Accurate: Unlike a lot of other security systems that rely on passwords and access cards, one of the greatest advantages is the accuracy that biometrics provide. With a correct set-up system, biological characteristics like fingerprints and retinal scans provide completely unique data sets that cannot be easily replicated. This means unauthorised personnel can’t gain access.
- Easy to Use: Biometric systems are – once set up – extremely easy to use, as well as being able to identify people rapidly, uniformly and reliably. Minimum training is required to get a system working correctly and so cuts costs on password administrators. The systems are also very low maintenance, cutting further costs.
Quick History of Biometrics
Biometrics First Use: The first use of biometrics for identification and authorisation appeared in the 1800’s with a system of body measurements known as Bertillonage; named after an anthropologist and police desk clerk, Alphonse Bertillon. The system took eleven bodily measurements including standing height, sitting height (trunk and head), the distance between fingertips with arms outstretched, as well as the size of the head, right ear, left foot and digits and forearm. As well as distinct personal features, such as; eye colour and scars. The problem with this was that it soon became clear it was inaccurate. This is because it was a system of measuring human physical traits and different people could get different measurements for various body parts as well as more than one person matching all measurements.
First Use of Fingerprinting: Fingerprints were first found to have been used in the 14th Century China but as a signature purpose rather than identification or authorisation. The first use in terms of biometric history did not develop until the 19th Century when Dr. Henry Faulds noticed fingerprints could help identify criminals. Around 1900’s Francis Glaton announced that no two fingerprints were the same. This announcement led to the creation of the Edward Henry fingerprint classification system.
DNA Analysis: One of the newer biometric methods, challenges of other biometrics from defence attorneys and critics lead to the development of DNA analysis to confirm the identity of a person, especially when it came down to criminal convictions. As the science of DNA analysis developed so did devices that allowed personal identification possible. The current possibility of two people sharing the same DNA profile is 1 in 100 Billion (World population is only 7.6 billion as of 2017). One of the most recent breakthroughs in DNA analysis is the creation of a device by The University of Arizona that will perform DNA analysis in a matter of hours rather than weeks.
Iris Recognition: Iris recognition photographs the iris, then scans the iris at a later date (when someone tries to access something protected by the scanner) and compares the two images to each other, if they’re the same then the person is the same. Iris recognition has grown substantially due to the concerns over identity fraud and other abuses of the law. Iris recognition is one of the newest biometric access control systems, as developments in optical science technology had to come a long way before the companies could develop such a system. One company that has managed to create such systems is AOptix Technologies, which can scan an iris from more than 6 feet away from the subject.
India’s National ID Program: India isn’t the only country to start using biometric identifiers in personal identification, but their project – Known as Aadhaar – is possibly one of the most ambitious. Already the largest biometric database in the world, the goal is to secure cataloging of biometric data (fingerprints, iris scan, photo) as well as demographic area (name, address, mobile number, gender, age etc) for each of their 1.25 billion residents. Currently, 550-million people have enrolled and India has assigned 480-million Aadhaar numbers as of 2013 and aims to have everyone catalogued in the next several years.
What does the future hold for Biometric Access Control?
With technology advancing at such a substantial rate new biometric systems are being developed and adapted, some of these include:
In 2009, with the desire to improve “the ability to identify individuals who may intend harm to the nation”, the U.S. Department of Homeland Security looked into ways to use body odour as a method of uniquely identifying individuals. Changes in odour could potentially be evidence of deception.
Japanese researchers have found that by using 3D imaging they were able to identify a person gait (walking style) to correctly identify the individual 90% of the time. The use of gait and the analysis of the way barefoot interacts with the floor has been shown to correctly identify individuals as much as 99.6% of the time. The idea is still in development and no model is yet sufficiently accurate or marketable.
The content of your password isn’t the only unique thing about it – researchers found that analysing the speed and rhythm with which users type entry keys enhances reliable authentication.
Iris scanners are one of the most accurate ways of using the human face as a method of identification, but a team of researchers at Bath University in the UK had an idea – what if they weren’t? They developed a program called PhotoFace to analyse the human nose and categorise them into six main types: Roman, Greek, Nubian, Hawk, Snub and Turn-Up. The upside to this is that the human nose is harder to conceal than the eyes, the downside is that it – unfortunately – is less accurate than iris scanners.
Another team of Japanese researchers developed a system that uses 400 sensors in a seat to identify the pressure points and contours of the human rear end. The “derriere authenticator”, is claimed to be 98% accurate and could be developed to increase car security.