Biometric Access Control

The regular prox-card system does not provide access to the inner sanctum, Joe's actual office suite: He must enter through a door equipped with a biometric lock and handle that use scan thermal imaging technology

The regular prox-card system does not provide access to the inner sanctum, Joe's actual office suite: He must enter through a door equipped with a biometric lock and handle that use scan thermal imaging technology. The handle measures the temperature differences between the peaks and valleys of his fingerprints and creates recognition points.

Unlike typical optical reader locks, "we're not storing actual fingerprints, and we're not leaving a fingerprint when you access the lock," says Gary Kut, director of sales at Tychi Systems, a Salem, N.H., company that makes biometric locks using the technology.

Scan thermal imaging, a relative newcomer to the security lock arena, is more commonly used in engineering to check the density of materials such as a bridge girder or a small part for the Space Shuttle, to make sure materials are being made to performance specifications, Kut says. It has also been used by emergency rescue teams to locate avalanche victims.

The demand for biometric locks continues to grow as prices come down and companies find new uses for keyless access, but security is the number-one concern. Almost half of all company data breaches are not the result of a hacker but of a lost or stolen laptop, memory device, PDA, memory stick, CD or DVD, according to a survey by Vontu, a security software firm now part of Symantec. More than 60 percent of those incidents are caused by an "insider threat" -an employee.

"Even an executive working on confidential information is not apt to pick up keys and lock the door to go down the hall" for a few minutes, Kut says. "It takes seconds for someone to go in the door, grab a PDA and walk out with it." Even if the intruder has a registered fingerprint, the locks keep an access log of the last 2,000 entrants. The log registers the entrant's name and the date and time he entered and left the room. The price of a BioKnob bio-lock system ranges from $599 to $699 at Tychi Systems, depending on the style of the door handle, but the technology is the same. All hardware and software is included in the lock. No special installation is required, according to the company.

While fingerprint technologies are more widely adopted, retinal scanning is growing in popularity, and facial recognition technologies have advanced from traditional 2-D, to 3-D scanning.

Bioscrypt, a division of L-1 Identity Solutions in Stamford, Conn., offers 3-D face recognition technology that makes it possible to collect more data points than the previous 2-D technology. For instance, while 2-D face recognition relies on such data as the distance between the eyes, 3-D scanning relies on structural information, such as the skull curvature, which doesn't change over time or as a result of facial swelling caused by an accident or weight loss or gain, unless it's extreme. Expect to pay as much as $45,000 for a sophisticated 3-D face reader for access control, while face recognition readers for network access can cost as little as $20 to $30 per user.

Other lesser-known technologies are breaking into the market as well. Palm vein authentication devices read the very complicated, hard-to-reproduce vein patterns found deep within the hand. Fingerprints, in contrast, are based on making contact, and can be "lifted" from a glass surface and duplicated using commonly found ingredients.

A key advantage of palm vein authentication, product vendors say, is that it uses "no touch" technology, enabling it to be used when hands are dirty or wet, or even if the skin surface is scratched. Since the hand never touches the sensor's surface while being scanned, it is ideal for germ-sensitive environments, such as a laboratory. Palm vein authentication devices also record the name, date and time of each entrant's arrival and departure.

Israel-based BioGuard Components & Technologies launched its Palmguard biometric authentication system in April. The desktop device is a combination of Fujitsu's PalmSecure biometric palm vein authentication sensor and a smart-card reader or writer device. When a user positions a hand 3 cm to 6 cm above the sensor's surface, the sensor emits a near-infrared beam to the palm, according to BioGuard's website. The light beam passes the skin layers and reaches the veins. The reduced oxygen in the blood flowing back to the heart absorbs the near-infrared light. This absorption will be recorded by the sensor's camera as a raw image, which is then encrypted.

The encrypted data is transferred to the sensor's template library software, which converts and compresses the encrypted, raw image to a template with a size of approximately 1KB. Then the final template is encrypted again.

-Stacy Collett

SUBSCRIBE! Get the best of CSO delivered to your email inbox.