Embedded Biometrics Provide an Extra Layer of Security By Bill Spence Breaches of security are minimized in many ways. One way is to literally limit the windows of opportunity for infringement. For instance, if the database of those authorized for access to a facility is not reliant on networking hardware systems, the chance for someone to infiltrate the system is reduced as are the possibilities of downtime. One cannot hack what’s not there. What’s not there cannot break down. That’s what embedded biometrics add to a system. When biometrics are embedded, no PC nor other IT elements are involved in managing the database at the door. In some instances, this level of integration can be achieved without reporting to an external access control system. If one is not authorized to enter, the reader at the location, without checking elsewhere, tells that person that they cannot enter. Likewise, if authorized, that person can enter without the reader having to verify from a remote location. Embedded systems come in two different varieties. One has been used for some time and is seldom even thought of as an embedded system. It’s the standalone biometric reader, which manages biometric templates within the reader. The other is newer, where the biometric template management is actually performed by a smart card. Standalone biometric systems have been employed since the late 1980’s. The Recognition Systems HandKey II reader providing access to a unique private library and museum at the New York Weill Cornell Medical Center is a case in point. The museum is so secure that it is only accessible to a very small group of people. “It was imperative that access be secured because of the value of our library and the museum’s contents,” explains Ben Scaglione, director of security at New York Weill Cornell Medical Center, which along with Columbia Presbyterian, makes up New York Presbyterian Hospital, one of the most comprehensive university hospitals in the world. “People come from all over the world to review and look at the books and artifacts located here.” According to Scaglione, New York Weill Cornell has a magnetic stripe system for the rest of the facility. However, the museum presented a special problem, needing something extremely reliable and foolproof. Instead of verifying a card or code, the HandKey reader verifies the person who is at the entrance. The exclusive users simply enter their unique ID numbers on the HandKey’s keypad and present their hands to gain entry. No other equipment or system is involved. Smart cards, embedded biometrics in your wallet What’s being installed at major seaports is but one example of how a smart card can store both the user’s ID number and hand geometry template on the card. Because of this, there is no need to distribute hand templates across a network of handreaders or require the access control system to manage biometric templates. This means integration to any existing access control application is greatly simplified and additional network infrastructure costs are eliminated. Since the template only resides on the card, the solution also eases individual privacy concerns.  Providing the best of smart cards and biometrics, the solution provides dual authentication by requesting both the right card and the right person. A smart card reader is embedded into the biometric reader. A plastic cardholder is affixed to the side of the unit. The verification process takes approximately one second and is virtually foolproof. In most applications involving smart cards and embedded biometrics, hand geometry is preferred since a hand template uses up only 9 bytes versus an average of 300 bytes required by fingerscan readers per finger. The Port of Antwerp in Belgium, the second largest port in Europe and the tenth largest in the world, just installed an internet based I.D.-verification and credentialing card-management system employing electronic and biometric technologies. More than 8,000 credentials have already been recorded by the system. When fully deployed, it is estimated that credentials for more than 20,000 longshoremen, truck drivers and other employees and visitors requiring access to the port will be validated and recorded by the system. Each of the 20,000 electronic identification smart cards are equipped with radio frequency identification (RFID) technology allowing them to be read up to 10 centimeters away by each reader, facilitating fast movement through access points. The system stores information about employee certifications, work experience and access restrictions, as well as biometric identifiers. However, the hand geometry template of each card recipient is prerecorded on directly on each credentialing card for use at the terminals using the biometric hand readers. Template management remains on the card, not in the system. When the smart card is presented to the smart card reader embedded in the HandReader, the user is requested to place their hand on the HandReader. It then compares the hand’s length, width, thickness and surface area with the template stored in the smartcard to verify identity. The process takes approximately one second and is virtually foolproof. Whether using embedded biometrics in a smart card system in which many people must be credentialed or using a standalone biometric reader with its embedded biometrics at an access point used by few people, embedding biometrics should be considered in any access control overview. Throughput – A Key Biometric Spec Hand geometry and fingerprint readers cover 80 percent of biometric access control applications. Implementing these two technologies under a single platform, users can create technology alternatives, fitting the appropriate biometric technology to every access point. A key variable as to which technology should be used where is throughput. For instance, handreaders handle any population volume with ease while providing impeccable reliability. With dramatically lower false reject and failure to enroll rates, their value grows as the number of users and/or transactions increases. Not only do they keep the bad guys out, handreaders ensure the good guys gain access in any size application. This flexibility is why they cost a little more.” In small applications with 50 or even 100 people, the inconvenience caused by the higher error rates of fingerprint readers is not a big deal. However, when more people create large numbers of transactions, such as 50,000 to 250,000 daily transactions at San Francisco International Airport, it's a very big deal. “Hand geometry is the best biometric solution for our needs,” explains MCI’s James Callahan, a 23-year veteran of the security industry and retired federal counter-intelligence agent. MCI uses handreaders to access offices and rooms at their server and web locations in California, England and Maryland. “It is important to know that information is secure both logically and physically. We need to provide a high level of assurance that people are who they claim to be. We must prevent unauthorized access to hardware and critical information. “We also need flexible, fast authentication with a biometric that handles a large population without holdups,” Callahan adds. “It is important to get employees quickly in and out. According to my research, approximately two to four percent of the population can’t use fingerprint technology because of dry skin. This makes finger scans impractical for large populations. If you have 1,000 people to push through a day, you can’t afford to create a work-around for the 40 who can’t get through.” Handreaders are also the choice if the installation is outdoors or in harsh environments. Both readers are at ease in office environments. Where Fingerprint Readers Bring Value Fingerprint readers complement handreaders by being a low-cost biometric that is best used on doors accessed by less than 100 people. Issues generated by the higher error rates exhibited in fingerprint technology end up being a minor inconvenience rather than a major hassle. For low volume openings, cost is a key consideration and fingerprint products meet that need. This has been a major growth area for fingerprint products. They'll also squeeze into small areas, like at the door to a medical cabinet. By using both biometrics, companies can mix and match handreaders and fingerprint readers within the same facility, ensuring the best combination of cost and technology is implemented at every door. About the Author: Bill Spence is the Biometrics SBU Manager Ingersoll-Rand Security Technologies, Recognition Systems. PHOTO LINK: http://www.brighamscully.com/photos/rsi/Chesterfield-high.jpg FINGERKEY READER: http://www.brighamscully.com/photos/rsi/FingerKey%20Headon.jpg At New York Weill Cornell Medical Center: http://www.brighamscully.com/photos/rsi/cornellhigh.jpg Smart card HandReader: http://www.brighamscully.com/photos/rsi/smartcardH.jpg