Security: Biometric Access Control

In these security-conscious days, airports and other facilities are calling for access systems that use people’s unique physical characteristics.

Thanks to the rapid evolution of information technology on which many of its systems are based, the security industry has been forced to play constant catch-up to a bewildering array of new applications and technologies.

Access control is a typical example where current developments will make obsolete all but the most advanced of today’s high security installations. For more than a decade, Proximity RFID (radio frequency identification) cards — otherwise known as building access “swipe” cards — have been the staple of any good security system.

At airports and similar facilities where security is sensitive, a second level of verification is generally required on the non-secure side of doors to critical areas. Until now, a PIN (Personal Identification Number) has been used to provide this second level of protection. Although generally effective against intruders using found or deliberately duplicated cards, the PIN does not truly verify the identity of the cardholder. To do that, each card has to be matched to a specific individual through some form of physical verification. Biometrics offers that solution.

Biometrics in its simplest form can be nothing more complicated than verifying a cardholder’s face against an image stored in a database or on a picture pass. Unfortunately, this visual verification usually requires human input, is prone to error because people’s physical appearance changes, and it does not perform well where there are high traffic volumes.

To solve these problems, researchers have experimented for more than 20 years with almost every imaginable physical characteristic. Their efforts have been focused on finding a human feature that remains static and that resists duplication. The system also has to be convenient, reliable, compact, with fast throughput and low cost.

Techniques include signature dynamics (pen pressure and velocity when signing a name), keyboard dynamics (the specific timing between keys when typing a name on a keyboard), infrared facial imaging, voice recognition, retinal scan, etc. Regardless of the characteristic being measured, the goal is the same. Measure it and store a digital representation (referred to as a template) for subsequent use to authenticate the identity of its owner.

Most of the technologies above have been successfully implemented in some form, but typically they have been used in facilities with low throughput and where cost is not a significant issue. Through technical advances, biometric verification has become faster. It uses one-to-one comparisons of a user-supplied identification number with the stored biometric template.

Historically, the major difficulty in applications such as airports has been the need to implement a system that can support large databases spread over a large geographic area, while operating reliably at high volumes. To do this the template must be stored where it can always be retrieved at the location where the user is requesting access.

Templates can be stored in one of three places: at a host computer, at the reader itself, or in a portable database device carried by the user. Until very recently, virtually all biometric systems have stored the templates in a host to which the readers are networked, or in the readers themselves.

In the case of host-stored templates, the host computer must have appropriate software as well as high performance communications tying the readers to the host. Unfortunately, the system cannot verify a template if the network is down, forcing the system to operate in a degraded mode, or simply locking out all users. Additionally, cabling, computers and software tend to be duplicated with the access control system, increasing both the cost and complexity of the system’s installation and maintenance.

Storing the template in the reader appears to alleviate these problems, but in a system with even a modest number of readers it is not a solution. First, users are required to have their own templates stored in every reader where they will require access. If templates are stored in the readers, the reader memory needs to be large enough to hold the largest population of templates required, which can be costly. Second, management of reader templates is a challenge, requiring staff to visit every reader each time a template is added or deleted. The need for physical multiple enrollments could be eliminated by networking the units back to a master enrollment unit or a computer that broadcasts the templates to all readers, but now you are faced with the need for a duplicate template management system similar to the host system.

Finally, there is the portable database approach. This simply means that users carry a coded credential device that, in addition to declaring who they are, contains his or her own user’s template. With this solution there is no duplicated network wiring, host or host software, no need to modify access control software, and no issue about the capacity of the template reader. The limiting factor until now was the storage device. Fortunately there are now programmable chips and Smart Cards that offer the necessary speed, capacity and ability to be reprogrammed multiple times. These devices offer the promise of a high performance, cost effective and reliable biometric access control solution.

Controlling access to equipment

Increasingly airport operators and airlines are struggling with how to restrict the operation of equipment to authorized personnel.

Baggage belt start-up, passenger boarding bridge operations, and general services equipment are typical examples. By requiring a user’s airport access control credential to activate a restricted system, the airport or airline ensures that the operator has the necessary training and has a sanctioned need to operate that piece of equipment. Additionally the access control system can provide an audit trail to investigate incidents of equipment misuse and damage. The technology behind access control is ideally suited if it can be integrated into the equipment. Obviously, there are hurdles to cross in implementing this type of integration, particularly in cases of multiple ownership. However, the potential to improve safety and efficiency with limited incremental costs is very attractive.

Complex infrastructure

The complexity of the communications infrastructure to support security systems is also expanding. The transition is forcing us to implement distribution systems that parallel typical information technology networks in complexity and cost.

It is now common to find medium to large access control systems with data gathering panels connected through standard 10 or 100Mb Ethernet networks. The approach provides a high performance standards-based network on which to build higher performance applications. Similarly, large facilities are requiring remote video surveillance feeds from more user groups distributed throughout the building. To accommodate these needs there is a movement away from the traditional discrete co-axial and fibre cable point-to-point solutions to widely distributed, interconnected, video network nodes, and in some instances to high-performance, fully redundant, network backbones.

The group that is responsible for security management has to provide this increasingly technically complex and expensive infrastructure while also facing pressure to reduce capital and maintenance costs. Interestingly these people are finding support with the airport information technology group. Airport IT managers, for example, are recognizing that a security system represents a high performance mission-critical application that they can support on their IT backbone. The approach enables both groups to share the costs of developing and maintaining the infrastructure.

Dan Butler, P.Eng. is senior project manager, special equipment, airports group of Marshall Macklin Monaghan (MMM) of Toronto.