A Biometric Access Control System recognizes patterns as a method of authentication based on specific types of biometric data from a person.
What is Authentication?
The access control industry describes the process for access as authentication, or when a person's identity has been confirmed.
- Single Factor Authentication- This is “what you carry”, such as an access card. A card is adequate for identification and authentication, unless it is borrowed, stolen or cloned.
- Two Factor Authentication- This is “what you know”, such as a Personnel Identification Number (PIN) in addition to "what you carry".
- Three Factor Authentication- This is "what you are", such as your biometric data, plus what you carry, and what you know. Your biometric data is based on your physical characteristics that are unique to you; be it voice, hand, fingerprint, face or iris.
Factors to consider when choosing the right system:
Age Range of Users and Work Environment
Some biometric technologies are age dependent. For instance: A biometric fingerprint reader does not well with young or old people. This is from a combination of two major factors. The reference points for a biometric fingerprint reader are the fine lines/minutia of the finger. Young hands/fingers have immature prints and the reference points across the finger are immature or poorly defined. Similarly fingerprints of “older” people / staff may be worn down to the point that like the children’s fingerprints – they are poorly defined. This is also NOT exclusive to these two groups, and there are about 3-4% of the population that have “bad” prints. Also another dynamic is the work environment; where a person may have occluded prints because of calluses on their fingers from hard hand usage this might prevent a reasonable image from being captured by the reader.
Certain technologies lend themselves to certain environments. Outdoor cold and wet environments prevent hand geometry readers from working well as they require heat, otherwise the image may be occluded by rain, snow, sleet, ice, etc... This can often happen to fingerprint readers; if they are not in a sheltered environment. Lighting effects good facial images and similarly requires thought in placement, usage and throughput.
Environment- Biologically Clean
Certain sites require care in the type of biometric sensor that is to be deployed. Hospitals and Medical Centers have concerns for and require a biologically clean environment. Any sensor that requires direct contact, either in a 2D or 3D environment will be problematic. Similarly in schools where many students might use the same device for access, there is a risk of spreading infections by direct transfer with the biometric device.
Throughput- Number of Anticipated Users
Certain biometric readers take time to use and are more suited to areas where traffic is light. As a rule of thumb, think 3 seconds for standard entry with Two factor authentication. If the client needs Three factor authentication, allow 5 seconds if it is a fingerprint. Facial recognition is faster, as is Iris scan – but it takes more training and may not be suitable given its higher initial cost, and the parameters of the installed site.
Access In and Out
Where/when high security requires tight control; the end-user may require biometric access readers in and out of the facility. This is often required in unmanned remote sites, where the transactions are subsequently linked to a Time and Attendance report or “on-site” report.
Lighting, Ambient or Controlled
Some biometric devices need good light – thus both Facial Recognition and though less so, Iris Scan readers, need consistent light at the readers. Poor reads may limit throughput and validity of the transaction.
Offsite Management and Storage
Be aware that biometric readers create a larger template data size than a normal access credential by a factor of as much as 10:1 . That storage, and the transmission of the data, requires forethought as historical records and the sheer size of the initial image take up room either at the controller or the server. Thus fewer people may be able to be stored in the local controller and mass storage devices need to be larger to accommodate the larger amount of data. In some later generation biometrics applications; the “biometric” template is stored on the card. This significantly reduces the online storage costs.
Risk, Government Contracts and R&D Development
Certain R & D sites and Government entities might require additional security beyond the standard TWIC/PIV card. These may include areas where very tight control may limit the types of biometric solutions that can be deployed. A full containment suit does not lend itself to a biometric fingerprint. In those environments, an IRIS recognition reader may be the only practical biometric solution, reading through say a gas mask. It is critical that the environment is known and the associated “security risk” is recognized before deployment.
Most of the “passive” card technologies have been copied and equipment is available to duplicate these cards from suppliers such as Amazon and Alibaba, to name a few. Passive and active cards can also be “sniffed” and “echoed”.