Controlling Access with a Wireless Biometric

In today's ever-growing global economy the management of facilities and employees, in terms of physical access control, is an extremely difficult task. The multitude of threats to the digital and physical assets of an enterprise, organization or agency has steadily risen in importance. With the field of security receiving daily news updates the challenge is being faced by most everyone involved with them or affected by them. Few are left untouched by the possibilities when an event occurs.

In many areas, such as airports and shipping ports, financial service areas and pharmaceutical and other health service areas, including military and government domains, there are enormous public pressures to implement measures that will increase overall security, reduce identity fraud and protect the value in a given physical or intellectual property. The focus we have here is on the physical access control, where the perimeter security of a given facility is being augmented by software that accepts or denies the individual access requests by way of certain gateways. In the same ballpark are the vaults, elevators, internal doors, other building entrances and more.

Growing Concerns
One major concern with access control, when using the current biometric systems, is their rate of success. This has repercussions when marketing biometrics, because if you cannot generate consistency, you cannot raise the level of adoption; for a system to get beyond the trial stage, a bit more is needed than what a laboratory, with its generous parameters, provides. When a list of false-negatives and false-positives is critically reviewed, it is generally higher where real-world conditions prevail. This is because the identity of someone -- the individual who has given-up the particular biometric under review -- is much dependent on the random, inherently unpredictable fluctuations in sensor apparatus, and for each of these there is a preferred technique for how it should be used. Even the sensor brand needs to be noted, if a different one is used there will be no match when the enrolled person has their-next-capture compared with the filed template. Other causes are due to the mostly passive state that a template represents and the complexity level in the interpretive algorithm that the security software uses, et cetera.

For every false negative there is one person whose lost their acceptance. Now it is true that this may only affect the system that checks them in, but if the person at the gate cannot get to their job, we have a problem. For the false positive, where someone will be getting to places they do not belong in, the problem is far worse: at least in the first case, with the Type 1 error, the template being used may be retried, but this is not possible when an unknown someone has already entered the plant -- or a bug of some sort has already infected the network. Type 2 errors, such as this, are often enough found retroactively. Now it may be usual that this occurs shortly after the damage is done, but sometimes it is long after, and much, much too late to rectify.

The Tipping Point for Acceptance
User-acceptance is another large issue for the biometrics industry. In the corporate, institutional and governing worlds, where the highly educated will often gravitate to, there is some suspicion aimed at biometric information: how it is captured, who handles it, where it gets deposited and more. When it is considered that a lot of these people will write for publication, i.e.: blogs, most everyone can weigh-in on whether or not mass-adoption should even be considered. There are some real psychological and sociological problems that may be stemming from biometric access control, which lead to highlight human factor concerns. Ultimately, it is the human experience that helps to define and determine which technologies are acceptable.

The physical interaction with a biometric station or scanning device is one such concern. It will often last less than a minute, but the time spent in front of it, coupled with the touch of it, would often just-be-enough to remind the registered individual 'why they should' continue to put up with the general intrusiveness of it all. On a psychological level, the idea of going through a machine interface is quite confronting in nature, and it often leads to a general disapproval of that particular technology, which is counter-intuitive if the aim is to have wide-spread installations.

Another major issue is compromised autonomy, which could be as simple as the employer who is keeping on a central server the identification of some irreplaceable part of the physical make-up of an individual, or worse, losing it. Either scenario can cause a loss of trust, both in the level of authority that allowed it to happen, and in the security systems of that enterprise. Another view of the issue is the loss of personal freedoms and what, philosophically, that will mean to the individual. To date though, the benefits arising from the biometric installations have not been overpowered by any of these issues -- but there are real concerns that must be addressed if the biometric industry is to reach a higher acceptance level. No doubt, the tools that can solve the human factor issues will be inline to become a dominant force in this industry.

Three Ways to View The Issue
When discussing access control there are three statements that are used in the evaluation of a biometrics' level of use, reliability and acceptance: "What you bring", which refers to things like smart cards, keys (both physical and digital) and ID cards; "What you know", which refers to passwords, codes and answers to specific questions; and "What you are", which refers to the physical or behavioural characteristic that the biometric is 'brought in' to analyze. In the first two statements, there are things that can easily be compromised or shared. A smart card might be given to 'a friend or two' and a password can be handed out like candy. How this is attacked is usually accomplished by coupling methods together, often with biometric scanning being one of them, but even still, there are levels of compromise that will occur. Looming large is a common misunderstanding; where a thing has been taken, a part of our being, there is a feeling of loss that cannot be helped -- no matter the statements of policy that will say in no uncertain terms, "the use of your biometric is only for basic security, it will be kept totally safe and, when you are no longer with us, it gets destroyed" ... and the like. What is often reported about databases can erode the confidence level.

The Elements We Bring to Access Control
Under "What you bring", which essentially is procedural, we have replaced the smart card, for example, with your gait biometric, as taken from your footware. Here, what you are bringing is strictly the biomechanical state of your particular movements, with an exacting emphasis on your walk. From this, there is a wireless interaction between you and the given barrier. There is nothing at all like the physical interactions that are needed with current biometric installations and scanners. This is all due to the difference in approach -- literally. When a gate, door, elevator or something else is approached, within yards of it there is going to be communications between your handheld and security software in the 'door-set'. The new procedures will make an entrance through the barrier a simple incident, and accepting or rejecting the individual can happen yards before the door and yards after it, as well as right at it (and do so with the possibility of multiple hits on your deliverable biometric). This should lead to an easing of anxiety at making an entrance, as well as easing the congestion that can gather there, and a greater human experience.

For the first time an intelligent environment can be acquiring your ID, with your permission obviously, without intervening actions. If you are registered and you have inadvertently approached the door to a room you were not cleared for, your handheld can receive an automatic signal, the common vibration perhaps, which is information enough for you to veer away without embarrassment. By working with the space that surrounds a door, or whatever it is that needs a secure environment, the individual user of the area, whether passing through or engaged in some way, can be made aware of security requirements. The alarms and whatnot should only come alive when protected areas are forced in some way, and an individual, who has at least the minimum of rights for being in certain places, should receive their due.

A very simple, yet obvious, improvement in the area of access control is the use of your gait to derive the biometric read. Gait is an emerging biometric technology, but due to the technologies currently in use (processed imagery from high-resolution cameras), an individual gait has seen difficulties when deployed for security purposes. With an entirely new take on the nature of gait biometrics we can shift the focus from an objective (camera) capture of the necessary data to the more internal physiological changes that a person will go through when they are walking. This is data that is both generated and monitored -- because it is based on the 'soft-machine' that is our new footware. Because we change the medium of how biometric gait data is generated, there are new methods that work with persistent information, and these are the methods that can help secure an area.

< back