‘Bolt-on biometrics’ for the college and university campus
08 November, 2004
category: Biometrics, Education, Library
Whether viewed as sci-fi, Orwellian, or other, most observers agree our day-to-day use of biometrics will increase rapidly over the next few years. On campus, the reality is that biometric implementations are likely even more immediate. That means you should get involved, or at least pay attention. Here are three examples for biometric implementations that can let you realistically begin deployments on your campus. We call them bolt-on biometrics because they can likely attach to your current campus card infrastructure.
So what is a biometric and why should you use it?
In the context of campus programs biometrics are simply any measurable characteristics of your body that can be used as an identifier. Most people view the biometric as an extension of the numerous identities already used on campus. As programs strive to provide additional security and convenience, biometrics offer new set of solutions.
Several biometric vendors have realized that the easiest path to success comes from adding to, rather than replacing existing systems. This is especially true in security applications where infrastructure is costly and difficult to change. They developed biometric components designed for integration with your current infrastructure. While not quite plug and play, these offerings do significantly lower barriers to implementation.
Taking the biometric test drive
Physical security is a great place for initial biometric exploration. Even if your campus card or identity program does not work directly with security today you still can have a role and benefit from early work with bolt-on biometrics.
Before your biometric test drive, pick your population. Biometrics shine for small population, high security applications. Your campus may be host to a high profile or high-risk lab with very limited access. Or likely you have a secure computing facility that requires tight control. If you do not already have groups or areas that have expressed interest in biometrics, these offer some possible test beds.
Once you have a likely location, pick your biometric. For brevity’s sake, this discussion covers three specific options. Each was chosen because it can attach to a wide range of access control systems without substantial software integration-thus the concept of bolt-on biometrics. Of course, your security provider may have other components available and you should consider all your options.
Each of our bolt-on biometrics provides multiple methods of communicating with access control systems, or even operating as independent access control systems. Several different biometrics are being aggressively promoted for both security and transactions with technology from dozens of vendors. Two popular choices are finger scanning technology from Bioscrypt and hand geometry solutions from IR Recognition Systems.
The ‘Veri’ series of readers from Bioscrypt utilize a finger scan in conjunction with a card reader or pin pad. A user presents the system with a hand-entered (keyed in) number or swipes/scans an ID card. Next the user places their finger on the sensor for verification. The reader compares the stored template (matching the keyed-in or card-read ID number) with the template of the presented finger. If they match the number is passed up to the access control system via the security industry standard wiegand output. It’s important to note that the reader handles the biometric verification while the access control system determines privilege based on the number.
Each of the readers comes in several configurations for two-factor authentication, generally a keypad and/or a card reader along with the biometric reader. This allows the user to identify himself to the system either by presenting the card or keying in the ID number. Keypads are inexpensive to deploy but have substantial management costs. Mag stripe, prox and contactless smart cards can all be used with both hand and finger readers, although the contactless smart card does have some distinct advantages.
Although targeted for access control, this same deployment topology could be applied to either financial transactions or privilege verification. Instead of the wiegand output, clock and data outputs can mimic mag stripe readers, or serial output can be used to interface with more intelligent systems. Once someone on your campus starts to use biometrics for access, it is almost inevitable the card programs will see requests to use it elsewhere.
Both the Bioscypt and the IR devices outlined above compare the presented biometric against a template in a locally stored database. This presents two key problems for large installations with multiple readers. How was the template communicated to the reader and how many can the reader store? The wiegand protocol used for physical access control only communicates one way, so local databases at each reader must be populated manually or via a second serial or Ethernet connection. That just adds more cost and complexity to the system. Once populated these local databases have limited storage. Even with extended memory the Hand Key II from Ingersoll-Rand tops out at thirty-two thousand users. With turnover, even a mid-sized institution can exceed this in time.
Storing the template on the ID card
Contactless card technology represents a potential solution for both template management and memory limitations. Using a contactless card to store the biometric template, the need for databases handling an entire population’s templates is eliminated. In essence, each person carries their template with them on their ID card.
Storing the template on the card allows the user to always carry their template with them, eliminating both distribution and storage issues. Bioscrypt and Hand Key both have options for enabling contactless cards. Biometric verification ensures that it is the cardholder presenting the credential (by comparing the template created by the reader with that stored on the card) while the access control system operates as normal, authenticating that the wiegand or other id number from the card is entitled to the requested privilege. Biometrics can be bolted-on with no software modification to the existing system.
Obviously, the card solves some problems and make the participation of the card program desirable, but is it compatible with existing card program applications? The answer is an emphatic “Yes.” iClass(tm) (from HID) and other contactless smart cards are widely available in the CR80 card size/form factor, with options for ABA mag stripes, contact smart cards and proximity chips. Several major printer manufacturers even have modules for encoding iClass and other contactless chips during personalization.
Now we have biometrics – utilizing existing infrastructure and working with the card program. This experience can reinforce the card program’s place as the arbiter of campus identity. While your IT or security groups may be the key drivers for biometrics, only the card program is positioned to handle enrollment and management on a campus wide scale. Whether now or later, your card program will become involved. Being proactive early in the process gives your card program a voice in the policy and implementation discussions that will affect your business. Dealing with identity issues everyday gives card programs a unique, valuable perspective as your institution moves forward with this technology.
To learn more about biometric concepts, read the series of Frequently Asked Questions developed by the author to accompany this article.