Not a revolution, an evolution

Biometrics continue to gain acceptance, but ‘any integrator that says a lot of their business is biometrics, I'd like to talk to them'
Thursday, May 1, 2008

The science building on campus may see thousands of students pass through the ivy-framed doors each day, heading to Bio 101 or organic chem classes. But do you really want each and every one of them to have easy access to the Level 3 biohazard chemicals in the lab on the second floor?
It's that sort of layered security ramping that's providing a market for biometrics in a variety of similar situations, according to the manufacturers of the technologies and the integrators who install it.
Little or no security may exist on the exterior building doors. But that's not the case with sensitive areas inside. For example, the armory or evidence room inside a police station may be protected with biometrics, suggested Terry Wheeler, chief operating officer and president at Identica Corp., which makes a back-of-the-hand vascular pattern ID device. Likewise, he said, extra security can be called for in sensitive areas in university buildings, which can hold everything from animal labs to nuclear reactors.
A growing area where this sort of increased protection is seen is in corporations' data rooms, said Daved Levine, owner of Albuquerque, N.M.-based integration firm SCI Inc.
"With the oversight now of HIPAA, Sarbanes-Oxley, there's greater awareness to protecting that data," said Levine. "Where you might have a card reader on the outside of the building, it's not unheard of to have biometrics on the door to the computer room."
Ryan Zlockie, vice president of marketing and product management at Bioscrypt, noted that heavily regulated industries that must meet strict identity management and access control requirements have traditionally been the early adopters of biometrics for access control.
"They recognize that multi-factor authentication, incorporating biometric solutions, can not only secure their sensitive data and mission critical applications—they can do so in a way that keeps the access control process simple for employees," said Zlockie in an e-mail interview.
Bioscrypt's fingerprint solutions are being used by the financial, government, transportation and IT sectors, while its face-recognition technology is being used by organizations, "such as those in the gaming and hospitality sectors," which have large work forces, allowing the quick authentication of thousands of employees at shift change.
Biometrics has also crossed into the mainstream, suggested Zlockie, and is on its way to becoming the standard for secure access control.
That said, Levine noted that biometrics is "a very small part of our business."
"Any integrator that says a lot of their business is biometrics, I'd like to talk to them," said Levine. "We feel that biometrics have a niche application."
Likewise, Steve Piechota, vice president/partner at Netronix Integration Inc. in San Jose, Calif., said about five percent of the work his firm does is in biometrics.
Eric Bowman, principal engineer with Northrop Grumman's IT unit, said he's been in biometrics for about 15 years. He's seen it grow steadily, but it's been "not as much of a revolution as a slow evolution."
But, Levine said, "there's no question that biometrics deployments are increasing." He said he saw two main reasons: the prevalence of smart card technology and the filtering of proven technologies, and the increased public awareness of security needs since 9/11.
Identica's Wheeler said his company sees three main markets for its technology: security access control, time and attendance and credential verification.
The company has done a lot of work with the ports of Halifax and Vancouver, in Canada, on access control solutions. Cold weather and dirty hands might cause problems with fingerprint scanners, but scanning the under-the-skin vein patterns on the back of the hands works well in those sorts of situations, he said.
The workers carry the templates on a smart card with them, so the scan and matching algorithms aren't kept on the ports' computer system, but are rather kept by the employees. That helps alleviate privacy concerns, said Wheeler.
The company is developing the credential verification market, where a daycare would use the scan to ensure that the person picking up a child is authorized to do so. Fitness centers are also interested in the technology, to allow members 24-hour access without having to provide staffing, said Wheeler.
And Wheeler said the time and attendance market should be significant for Identica about a year from now. It's essentially a punch-clock sort of application. Employees who have to punch in and out of work sometimes swipe somebody else's card, signing in for a coworker who's not really there.
Stopping that with biometrics provides a clear return on investment for companies, said Wheeler, and a number of industrial facilities have been using hand-pattern devices for this purpose for years.
Piechota said he's seeing biometrics at the convergence of physical and logical security—where employees are authorized to get into a building, and then can log onto their computers, all verified by biometrics.
Bowman, of Northrop Grumman, said he's also seeing a big push from customers for lights-out applications. Any location with a camera network can utilize facial recognition technology to scan crowds to pick out wanted persons, or even walk-away Alzheimer's patients, he said.
The search algorithms have improved so much that humans can almost be out of the loop, he said.
"Sometimes there are hiccups, but the technology still progresses forward," said Bowman.
The problems he's observed in the past, said Bowman, have often been based in a lack of end-user training in how to use the biometrics.
Bowman said a trend today is the fusing of the biometric modalities to provide even more accurate security solutions—combining finger, face and iris technology, for instance.
But Levine noted that as smart as biometrics are getting, the knowledgeable installation remains critical. How you physically put the architecture together is important, he said.
Some of the common mistakes he's seen include putting a fingerprint reader outside in cold weather (it's hard for them to read without warming the reader), or putting bio readers at doors that require fast throughput—and then wanting the system host-verified, slowing down access through layered computer demands.
"Depending on the engineering applied, it's not just knowing that a bio can read a face or a thumb, it's how you use it," he said. SSN