printer friendly version

The benefits of biometrics in access control

The goal of any access control system is to let authorised people, not just their credentials, into specific places. Only with the use of a biometric device can this goal be achieved.

A card-based access system will control the access of authorised pieces of plastic, but not who is in possession of the card. Systems using PINs (personal identification numbers) require that an individual only know a specific number to gain entry. But, who actually entered the code cannot be determined. On the contrary, biometric devices verify who a person is by what they are, whether it be their hand, eye, fingerprint or voice.

There are many highly publicised implementations. Since 1991, at San Francisco International Airport, hand readers have produced millions upon millions of biometric verifications, with more than 50 000 produced on high volume days. They span the entire airport, securing more than 180 doors and verifying the identity of more than 18 000 employees. The use of biometrics at San Francisco is airport-wide and fully integrated into the primary access control system.

Issues to consider

Biometrics eliminates the need for cards. Says Bill Spence, director of marketing for IR Recognition Systems: "While dramatic price reductions have lowered the capital cost of the cards in recent years, the true benefit of eliminating them is realised through reduced administrative efforts. For instance, a lost card must be replaced and reissued by someone. Just as there is a price associated with the time spent to complete this seemingly simple task, when added together, the overall administration of a card system is costly. Hands are not lost, stolen or forgotten. They also do not wear out or need to be replaced."

The most critical factor in the success of a biometric system is user acceptance of the biometric device. There are several factors which impact acceptance. Spence believes that first, the device must cause no discomfort or concern for the user. This may be a subjective issue, but it is important to fully explain any concerns users may have. If people are afraid to use the device, they most likely will not use it properly and that may result in them not being granted access.

Second, it must be easy to enroll people. People get frustrated having to go through the process over and over again. From the get-go, they are predisposed against the system. Third, the biometric must be easy to use. People like things that are simple and intuitive. How many times have you been frustrated at a card reader that gives no indication of which way to swipe the card?

Fourth, the biometric must work correctly. If a biometric is working properly, it does two things. It keeps bad guys out and lets good guys in. And, it does so quickly.

If the goal of an access control system is to control where people, not credentials, can and cannot go, only a biometric device truly provides this capability to the end user.

Implementing enterprise level access control systems

Zev Freidus, senior product manager for GE Interlogix on these outlines some of the basic themes common in implementing enterprise level access control systems:

Centralised control with local options

To harness the benefits of a truly enterprise system, security management must be able to delegate virtually all aspects of the security system to appropriate authorised personnel, resulting in effective distribution yet maintaining centralised control of the system. In effect, a company can have multiple, separate security systems for administration purposes but still maintain centralised control. For instance, an African-based company may want system hosts in Africa, Asia, the United States and Europe. The security director for each region can be delegated the task of configuring doors, managing employee access, integrating with specific alarms and other tasks. Yet, the master control in Africa will still have ultimate control of all three servers.

Such multiple synchronised, geographically dispersed servers are especially important for alarm monitoring. The networked distributed configuration also protects the organisation from total network outages. For instance, if the network in one region suffers a malfunction, it has no bearing on the other regions.

Integrating the security management system into the corporate system

Today, the various components used in the typical access control system are not only disconnected, but from different manufacturers. They do not and will not integrate with each other. All too often, they employ incompatible hardware or proprietary, unsynchronised databases or completely inconsistent user interfaces that compete for space and attention. Such systems are inefficient and need many people to manage them.

Such a dilemma is good for physical access control, though. Access control systems have been down this path before. It was not that long ago that access control systems did not provide graphical Windows-like interfaces. Without such standards, you could not tell whether it was your video card, clone PC or printer that was not supported. Even the most sophisticated companies have this problem today as security managers continually try to stay one step ahead of obsolescence with increasingly band-aid solutions.

What has been needed is a complete command and control integration platform that integrates all aspects of security and facility management within a single screen. Such a platform would provide a completely open architecture with published APIs, plug-and-play compatibility, cross-platform support, adherence to industry standard and the ability to seamlessly create a modular facility environment. With it, you would have a single, intuitive, integrated console that lets you protect and manage your business.

Defining the platform

First of all, the platform would need to be tightly integrated with the security management system, offering advanced access control, alarm monitoring, intrusion detection, fire alarm, intercom and personal safety/duress systems, credential production, and employee and visitor management functionalities. Additionally, though, the platform would address and enhance security management system capabilities by integrating digital video from multiple manufacturers as well as integration and support for fire, intrusion, personnel and complete facility management.

In a similar manner, interfaces for alarms and events should be tailored to each system operator function, or location, to display the most relevant information. Such an interface would enable an operator to filter multiple facilities to show just the desired information, such as those currently in alarm state or in a sensitive geographic region. These techniques would reduce screen complexities and speed decision-making. Seamless integration would mean the physical access control departments, as well as other groups in the enterprise, would have the freedom to select different technology vendors, relying on the command and integration control platform to handle the integration.

A new respect for standards

In this new world of physical access control and IT convergence, 'open' is the operative word. Multivendor support is only achievable through the use of IT industry standards such as XML, TCP/IP, SNMP, LDAP and SMTP. The platform must support commercial off-the-shelf operating systems such as Red Hat Linux and Microsoft Windows in its many flavours, database platforms such as Microsoft SQL Server, MSDE, Informix, IBM DB2 Universal Server and Oracle Server, user directories such as LDAP and MS Active Directory, networks such as Ethernet, report generators such as Crystal Reports and common administrative utilities for system backups and fault tolerance. Likewise, it must seamlessly integrate with external applications, such as time and attendance systems, and peripheral devices such as printers.

With such standards, enterprises are able to achieve realtime, bi-directional data exchange and actions between security systems and other infrastructure and applications, including HR and ERP systems. Management of people's access rights become streamlined with policy-based management across physical and logical security. With one step, an enterprise can set up or delete a complete set of access rights for any employee.

Share this article:

Further reading: