What is Biometric Data, and How is it used for Security Access Control?
An Introduction
Accessing secure buildings has been a problem for thousands of years, based on the idea of letting the right people to enter the space and keeping others out. Key locks, as we know them, became possible in the late 1700s and were improved upon for years, but suffered from the problem that keys can be lost, copied or stolen.
The first known electronic access control system was introduced in 1952 as a new type of product by a maker of key locks, Frank Best, founder of the Best Lock Corporation. The first design allowed users to have one of three different codes to enter a space. As computer technology advanced, PIN codes were replaced by punch cards, magnetic swipe cards and eventually the proximity cards most people use today. Although each of these types of electronic access control media were superior to keys and the prospect of rekeying doors often, they also each shared the drawbacks of being able to be lost, copied or stolen.
Due to the drawbacks in traditional access control media mentioned above, the use of biometric technology has moved to the forefront as a way to positively validate the identity of the person requesting access. The biometric devices have become faster and more accurate through the use of artificial intelligence (AI). This article will help to illuminate the types of biometric solutions that are prominent today and the pros and cons of each.
Biometric Data Types - what are our options
Fingerprints
As we all know, fingerprints are unique to each individual; even identical twins have unique fingerprints. Evidence has been found of the Chinese using fingerprints to authenticate identity as early as 600 years B.C. and Sir Arthur Conan Doyle wrote about Sherlock Holmes using fingerprints to identify a subject in the 1890 story, The Sign of Four. Ironically, not even Scotland Yard would begin using fingerprints to solve crimes for another eleven years.
Today, fingerprint readers have been installed on access systems as the primary or as an additional means of validating the user. Fingerprint readers have the largest existing installation base of all of the modes discussed. However, the Covid 19 Pandemic has made individuals and organizations uncomfortable with a technology where hundreds of people need to physically touch the same device daily, raising obvious hygienic concerns.
Pros:
- Cost effective versus some of the other types of biometric scanners
- Can be designed into a small form factor
- Relatively accurate
- Built on a standard and interoperable template
Cons:
- Does not work for all users
- Does not work in all conditions
- Need to clean finger surfaces and remove gloves, which adds friction to the process making using fingerprint scanners slower than other types of biometric scanners. This is troublesome for high traffic areas where delays in authentication can lead to bottlenecks at high turnover times.
- Fingerprint scanners have been spoofed by people who take impressions of users' fingerprints, which is difficult, but not impossible.
- Causes the user to need to touch the surface of the scanner, which is unsanitary - this was a unique factor in fingerprint access control being replace during the COVID 19 pandemic
Iris
Ophthalmologist Frank Burch first introduced the idea that our human iris could be used as a possible identification mode in 1936. That work got a boost in 1987 when Leonard Flom and Aran Safir proved that no two sets of iris were alike and patented the idea of using the iris for human identification.
Iris scanners are without question the most accurate means of detecting identification, as the human iris is unique and does not change over time. That said, users have difficulty learning to use the technology, because you need to line up your eyes at a specific point, which creates a learning curve early in the process. This same need to stop and align can add friction to the access control process.
Pros:
- Highly accurate in ideal conditions
- User consent is implied
- Used widely in multi-factor authentication as a second or third form of identification
Cons:
- High learning curve for users. Users need to align their eyes to the scanner, which can take some time to read; this delay causes users to move in and out, which restarts the reading process adding friction to the operation. Many jokingly call this action “chicken bobbing” as users are seen to move closer and further away from the scanner, which leads to significant frustration for users, especially early in the use of the technology, which can slow acceptance of the solution.
- Relatively slow to authenticate compared to other biometric solutions, which leads to friction in the access authentication. This is especially troublesome for high throughput doors or areas where any delays in authentication can lead to bottlenecks at high turnover times.
- Requires attended enrollment by a specially trained administrator to walk each user through the enrollment process. This requires each user to leave their work to be enrolled in the solutions, which adds significant downtime for any employer, but especially ones with larger workforces.
- Does not work for all users
- Does not work in all conditions
Palm
In the 1980s, Kodak employee Joe Rice created the first palm scanning device. In the 1990s devices that scanned for the vein patterns, using infrared light, in human palms accelerated the use of palm as a biometric modality. Hand geometry has also been used as a use of identification.
Palm readers have come a long way since these early days and are finding success in the retail space. Like iris readers, users do need to learn how to use the technology properly and it may not work for all users. Like fingerprint readers, there is a chance that users inadvertently touch the surface of the readers, which can create unsanitary conditions and lead to poor read results over time.
Pros:
- Fast, standards based authentication
- Improved throughput for access control
Cons:
- Medium learning curve for users to learn to use for access control
- Sensitive to certain lighting conditions, particularly difficult in sunlight, making the use of this type of authentication difficult if not impossible for outdoor applications.
- Does not work for all users
- Relatively slow to authenticate users, which causes similar problems to both fingerprint and iris, by adding friction in the access control validation process.
- Need to wipe hands to make sure the reader reads properly, which is frustrating and time consuming for users.
- Increased chance for users to touch surfaces leading to unsanitary use, like fingerprint scanners. Although most modern palm readers do not require users to touch the surface, the chances of touching the surface is significant. Germs phobias are common among the general population, but after the COVID pandemic the concern of coming into contact with germs is a common concern among all users.
Facial Recognition
As early as 1964, scientists began to use computers to recognizes characteristics of the human face. Woody Bledsoe, Helen Chan Wolf and Charles Bisson, working for an unnamed intelligence agency used a system of measurements for landmarks of the human face that measured the distances between markers on the eyes, nose, mouth and chin to distinguish the unique features of each face.
Facial recognition received a boost when the Defense Advanced Research Projects Agency (DARPA) and the National Institute of Science and Technology (NIST) rolled out the Facial Recognition Technology (FERET) program in the 1990s to encourage the private sector to develop facial recognition systems that could be used for mass identification.
Facial recognition systems have advanced more than any of the modalities so far discussed via the application of AI technology. Both accuracy and speed have improved significantly in recent years, as has the ability for some of these technologies to adapt to changes in appearance over time. The largest strike against facial recognition has been its application to recognize the identities of subjects who have not consented to the use of this technology. When deployed as a technology to authenticate users who do consent to using the technology, it is the fastest and least invasive of all of the biometrics reviewed.
Pros:
- Little or no training for users is required
- Enables frictionless and passive experience
- Hygienic - most systems are touchless
- Can be used in single factor authentication and higher security multi-factor authentication systems
Cons:
- Users have concerns that their facial recognition profiles can be used beyond the use of access control - fears for privacy.
- Not all facial recognition systems are as accurate as others and lower grade solutions have been proven to have difficulty detecting accurately with certain races of people.
- Many of these systems require a custom integration with the specific access control systems, which can be time consuming to build and costly to purchase and maintain.
- Many systems are based on comparing the person’s face to a static image, which can increase the chances of exposing Personally Identifiable Information, which can lead to a misuse of the individual’s personal data.
- Another concern with using static images as the basis for comparison is that everyone’s appearance changes over time due to natural aging, fluctuation in weight or hair color. This causes systems that compare to a static image to eventually fail to authenticate due to these natural changes. This causes frustration for the user who fails to gain access and needs to re-enroll. This is also frustrating for Administrators, because these failures are not uniform and happen randomly over time, which causes users to feel that these systems are not working properly.
Alcatraz AI Pioneers Facial Authentication in 2019
Early in its development, Alcatraz AI developed a model that uses the tenants of facial recognition, but adds features that most facial recognition systems do not employ. Alcatraz encourages all of its customers to implement an “Opt-In Model” which, as the name implies, allows users to make an informed decision on whether to use the technology. Tools have been created to guide customers to adopt policies that comply with all existing privacy laws.
Many of the pros listed below detail how Facial Authentication is superior, not only to facial recognition, but to all of the other biometric media used today.
Pros:
- Provides fast, frictionless access control authentication. This allows users to speed through access points as quickly as with an access card, arguably faster as they don’t need to fumble to pull out and use a credential. This eliminates the bottlenecking delays that abound with fingerprint, iris and palm readers.
- The Alcatraz solution significantly reduces, if not eliminates privacy concerns. Alcatraz encourages all Customers to use an Opt-In model, which informs their users prior to the implementation of Facial Authentication and asks them to “opt into” using the system. The patented Alcatraz model does not compare users to a static image, instead is based on a 3D Digital Profile that is created during enrollment. Using the Artificial Intelligence tool Machine Learning, these Digital Profiles detect and adjust for minor changes in appearance due to aging or fluctuations in weight or hair color, which ensures accurate authentication, virtually eliminating the need to ever re-enroll.
- Incredibly fast enrollment process with three different options for enrollment, including:
- Manual Enrollment - Each Alcatraz Rock device can be put into enrollment mode, which guides the user through the enrollment process without the need for an Administrator to guide them through the process. This typically takes less than 20 seconds to complete per user.
- Automatic Enrollment - As the user uses the existing access control system by swiping their credential, the Alcatraz Rock is building their 3D Digital Profile. Over a series of 4 to 5 badge swipes, the Digital Profile is completed and the user can begin using the face to authenticate. Thousands of users can be enrolled in hours and days, without interrupting their regular schedules.
- Mobile Enrollment - Alcatraz Cloud customers can take advantage of a new form of enrollment, which enables Administrators to send out a secure email to users who click a secure link that guides them to a single-use web application that allows them to enroll without needing to download an app to their device. The web application guides the user through the enrollment process using the camera built into their device, allowing them to enroll anytime from anywhere. This allows customers to enroll large work forces, even in geographically remote locations without significantly interrupting work routines.
- No integration required - Alcatraz works on all access control systems that use Wiegand or OSDP credentials without the need of a dedicated integration
- The Alcatraz Rock validates liveness by using 3D scanning to verify that the person is real and not presenting a printed picture or photo on a phone or tablet.
- The algorithm Alcatraz employs has been independently tested by NIST and has been found to be incredibly accurate and has been found to virtually eliminate bias based on race.
The Alcatraz Facial Authentication model is superior to all of the biometric systems discussed above for various reasons.
- Speed - It is significantly faster than fingerprint, palm or iris, and even traditional proximity cards - eliminating friction in the access control validation process, which is especially important in high traffic areas during key workforce traffic times.
- Clean - Facial Authentication creates a more sanitary workplace by not requiring users to touch common surfaces.
- Universal - Facial Authentication will work for all users, unlike fingerprint or palm.
- Easy to Implement - no integration is required for most access control systems and the enrollment process is much easier and faster than all of the biometric technologies.
- Easy to maintain - by employing Machine Learning, any need to ever re-enroll a user is virtually eliminated, ensuring the same experience for the user on the 1,000th access attempt as their first.
If you are interested in learning more about Facial Authentication from Alcatraz AI, please reach out to use at sales@alcatraz.ai to schedule a demonstration.