Biometrics attitudes turn 180 degrees

Where once biometrics instilled fear in people, dredging up images of futuristic Bladerunner-type societies where everyone is a number, they're now pretty much old hat. If you walked into the Rosslare booth at ISC West, for example, you'd notice what was “new” about their fingerprint readers was the design. They're prettier now (and, to be fair, the enrollment is easier).

In fact, said Wallace Seaborn, president and CEO of Integrated Biometrics, “the privacy argument has turned 180 degrees.” Because of increasing fears of identity theft and financial-transaction fraud, “it used to be, 'Why do you want my fingerprint?' Now it's, 'Why don't you want my fingerprint?' People are for anything that makes it less likely they'll have their identity stolen.”

So, how do physical security integrators capitalize on that philosophical shift? First, said Vijay Kumar, senior product manager for biometrics at Schlage, don't bother focusing on the technology anymore; focus on the application. How do biometrics make lives easier than smart cards or other access control technologies? He said Schlage dealers, for example, have had a lot of success on university campuses with the company's hand reader technology, where college kids are likely to forget their cards in their dorm rooms and are constantly haggling with guards to get into the rec center. “It prevents people from using each other's cards,” he said, “but you can also talk ROI. With a hand reader, there's no need to have as many guards manning the campus locations, dealing with kids who don't have their cards or issuing new cards.”

Kumar even sees the “old” quality of the hand reader, which has been basically the same for 15 years, as an advantage.

End users “want something that's going to work,” he said. “Dealers and integrators don't want a product coming back. The fact that a product might be older is fine. There's a fear factor on the new stuff.”

Like any maturing technology, just the fact that your product “works” isn't good enough anymore. Manufacturers are differentiating themselves with throughput rate, false negative rates, and, maybe most importantly, whether the technology can be “spoofed” - as in, with a rubber finger or a (sorry to be gruesome) chopped-off finger.

The Integrated Biometrics fingerprint reader, for example, incorporates a light-emitting sensor that lights up so an image can be taken when it comes into contact with a live finger. “We won't light up unless it's a live body,” Seaborn said. “You haven't seen that before.”

As well, the vein technologies made by Identica (back of the hand) and Fujitsu (palm of the hand), require live bodies.

Further, said Mark Cohn, vice president of integrated security programs at Unisys, these alternative biometrics are increasingly accepted by the general public. That's partly because the novelty has worn off, but it's also due to an understanding that these alternative forms can offer more privacy protection. “Fingerprints you can leave behind on a glass in a bar; they're not really private information,” Cohn said. “But your vein patterns are less likely to be somehow captured and used against you.”

How you store that biometric information is important, too. Many companies are moving to a store-on-token approach, or something like what Privaris does, where the biometric is actually on the token instead of on the wall, but Cohn said not to be too taken in with that architecture, as it does present problems. While there are ways to ensure tokens and smart cards are tamper-evident, “that will keep high school kids and people without sophisticated technology honest, but there are still threats to the system,” Cohn said. “And how do you deal with the cases where the token is lost or unavailable or unreadable? Does your guard just let people in if they look okay? That's where a central database with biometric information would be a useful thing. Otherwise you end up with a back door that can stay open.”  SSN

New opportunities with biometrics exist in the marketplace, but now, more than ever before, the solution you choose, and the architecture you choose, will be under intense scrutiny, both from the security director and the general public.