printer friendly version

Fingerprints are so 1999

According to Transparency Market Research, the global biometrics market is projected to achieve a compound annual growth rate of 13,3% by 2031, reaching an estimated value of $136,18 billion (including all industries, not only security). Within this market, the facial recognition segment is expected to reach a valuation of $16,74 billion. This anticipated growth highlights the increasing adoption of biometric technologies across diverse industries, driven by advances in security protocols, user authentication processes, and personalised service offerings.

To say that biometrics use has grown in the African market is an understatement. From physical access control to time and attendance, digital verification, and even identity authentication, biometrics have become part of our lives (and even our phones). SMART Security Solutions asked two companies active in this market for their input into the state of biometrics in the local security market. Our answers come from:

• Walter Rautenbach, MD of Suprema Africa.

• Eason Zhou, Technical and Product Manager (Access Control and Intercom and IFPD) at Hikvision South Africa.

SSS: A few years ago, South Africa experienced a boom in biometrics based on fingerprint recognition. In the COVID years, there was a move towards facial recognition, which has continued to find favour in many situations. What do you see happening in the biometric access control market?

Rautenbach: Fingerprint technology is still very popular. Contactless and face have grown in appeal due to the convenience and solution-driven flexibility they provide in our mobile-centric society, where many of us carry a biometric device in our pocket. However, the motivation to upgrade all existing systems is insufficient to justify the cost. That said, both new and existing site expansions are increasingly exploring facial recognition with vigour.

Fingerprint solutions, however, still provide the added benefit where there is a need to close the identity chain, for example, in cases where the data used for criminal clearance and access is the same. This ensures closed identities, making it difficult to breach security via modality obfuscation.

Additionally, the growing integration of AI into facial recognition technology is now being applied to enhance fingerprint systems. This fusion improves algorithms and reduces false acceptance rates, resulting in faster, more accurate identification. We are now seeing on-the-edge matching with advanced protection against fake finger intrusions catering for database sizes not previously envisioned.

COVID certainly brought to light the many benefits of contactless solutions, but their simple conveniences stand out today rather than their impact on our health.

Looking ahead, modalities using imaging, such as palm and iris, will continue to evolve as camera technology advances, but so will face technology. Popularity is often driven by price and implementation. The availability of palm recognition using mobile device cameras is an interesting trend, even if it is only to improve security through increased modalities.

Iris is still an old favourite when it comes to uniqueness, especially among identical twins, as well as high speed and accuracy. Hopefully, technological improvements will soon allow for effective recognition from several metres away.

Zhou: Fingerprints are still a hot seller, but the proportion is dropping, and the trend will not change in the future.

Contactless access control has become popular due to the pandemic, but it will not lose its popularity just because the pandemic has gone. People have realised that contactless access control reduces the risk of spreading disease and provides a more efficient and secure means of access control and related applications.

Palm and iris are the two other contactless biometric technologies apart from facial recognition. I think they are not as popular as facial recognition because they are still a little pricy, and the speed is not as fast as facial recognition. In some scenarios, users who are not able, or comfortable, using their faces might suit palm and iris.

SSS: Is biometrics becoming popular for digital access, such as logging into your computer via biometrics?

Rautenbach: Yes and no. In enterprise systems, we would like to see faster developments in this field, as we have discussed the convergence of logical and physical access for quite some time. However, I presume corporates are proceeding cautiously. The distributed workforce and general complexity have kept the focus on individual consumer demands, hoping to find a way to transfer the benefits of private consumer solutions to the broader corporate environment. Alternatively, it may be that the responsibility is being shifted to individuals themselves – after all, it is their identity, so is it their responsibility?

The benefits of biometric access are well known, with convenience and enhanced security at the top of the list. It is, however, a bit more complicated. When we look at this, we should consider two main categories, the first being me as a consumer wanting to use biometrics to access my PC. The second is me as a corporate user wanting to log in on my PC to gain access to corporate resources – and this is without taking ‘bring your own device’ into account, which we will rather put aside for now as it makes the challenge exponentially more complicated.

In the case of personal access, it is quite simple, following the same ‘safe’ principle as on mobile, where the data resides on your device under your custody, and it is your problem. Looking at corporate strategy and resources, it is, or it could be, a different ball game. Yes, corporates could decide to use the standard Active Directory (or its competition) with usernames and passwords, where the local user that wants to use biometrics adds a local biometric profile to mask passwords as part of sign-on. This is easier because it remains the individual’s problem.

However, the caveat is that if person X enrolls himself as person Y, then access to Y’s profile will be seamless and unauthorised. This is on one PC; what if person Z enrols himself on another PC as person Y, which means we have two different biometric profiles acting as person Y. This raises the case for these central authorities (AD and the like) to manage user biometrics centrally.

Both providers and corporate users fear taking on the responsibility of managing this data, which is the same as Apple’s (and others) stance of ‘localised profiles only’. For this reason, it is not offered off-the-shelf, although solution developers are given the freedom to develop such solutions on their own. As noted, this can get complicated, and perhaps this explains why the convergence between logical and physical access is not forthcoming.

Zhou: Yes, it is becoming popular because most smartphones support biometric login, and more laptops also have fingerprint and face login options. I think most users are not too concerned about using that because the technology is mature, and big names stand behind it.

SSS: Are we seeing more integration of biometrics beyond access control to similar fields, such as visitor management and intercoms?

Rautenbach: Yes, without these solution developments, I would lose interest in biometrics. The possibilities are endless. It is a simple concept, however, not always easy to achieve: Where do we need to identify someone to gain access to assets or services? Or, on the negative, where do we want to know of people on the naughty list? Those are areas we can extend into if we have not done so already.

The list is endless; most have already been done and are also mostly siloed. What I mean is that it is easy to offer integrations in closed systems, but when will we have a unified identity that can be used across systems? Most importantly, when will we have it with my privacy being the top priority, my identity secure, and without a big brother who can touch, control, revoke, or share my data?

Zhou: Yes. Access control, time and attendance and visitor management are the three most common fields where our biometric devices are integrated with third-party software. We provide multiple integration methods, including APIs, gateways and cloud platforms for different application scenarios.

SSS: What does your company do to ensure the cybersecurity of its biometric systems, including cloud solutions, from the reader to the server?

Rautenbach: The key is to keep an eye on technology trends – not the good trends, but how people break good systems, which is a full-time job. For each hacking defence, another is in development, and therefore, it is never done and dusted.

To achieve this, Suprema complies with continuous ISO 27001 and ISO 27701 certifications. However, this is not the ‘be-all and end-all’, as rapid advancements in cybersecurity also necessitate ongoing dedicated R&D; to stay ahead.

Some general principles remain the same. Data stored on devices and servers needs to be encrypted, as does data in transit, and all of this must be done with best practices such as TLS, whether 1.2 today or 1.3 tomorrow.

As mentioned, data needs to be encrypted at all times for cloud solutions, but most importantly, access needs to be regulated and controlled. The latter is the challenge, as manufacturers can implement all the best practices, which can be voided by simple credential sharing.

Zhou: As an international manufacturer, we are committed to establishing efficient, safe internal control systems that follow the compliance requirements of different industries and countries, such as the Cybersecurity Law of the People’s Republic of China, the General Data Protection Regulation, etc. Hikvision conforms with ISO/IEC 27001, ISO/IEC 27701, and ISO/IEC 29151 to ensure cybersecurity. Hikvision devices use secure transmission protocols, encrypted data transfer, and storage to ensure cloud security.

SSS: This is not about biometrics, but how do you recommend your readers are secured when placed outdoors?

Rautenbach: It depends on the environment. However, our prescriptions in this regard are minimal, as secure and proper implementations will ensure that any tampering will result in all user data being erased (which is encrypted, though still destroyed, to prevent brute force decryption attempts over time). The device is locked down and cannot be used elsewhere without the original encryption certificate. This is a bit of a learning curve as it can be tempting to steal a beautiful access terminal only to discover it is not usable, or in the case of our clients, they may realise that if they lose their key data, not even the factory can recover it.

Zhou: Start by selecting the correct product according to the environment (IP rating, light conditions, etc.). Then, add a secure module or controller instead of just a terminal in an unsecured environment, and use an external device or protection against device tampering.

SSS: How important are multi-modal options in the market (biometrics, cards, PIN, QR code etc.)?

Rautenbach: It depends on user security requirements. People sometimes forget that biometric authentication is based on the best estimation of the fact that a person matches against his previously enrolled biometric data again. No match, with possibly the exclusion of DNA, is 100%, and therefore, industry standards regulate the False Acceptance Rate.

For example, Suprema’s fingerprint readers have three sensitivity settings: Normal, Secure, and More Secure. When set to the highest sensitivity, with 500 employees enrolled, the real-world FAR will be less than 1 in 10 000 000. To put that in real terms, if each of the 500 employees touches the fingerprint reader twice a day, every workday of the year, on average, a company would have one false acceptance every 37.8 years.

Implementing multi-modal options exponentially increases this because, in the case of cards, the user has to ‘have’ something else in their possession. In the case of PIN, the user has to ‘know’ something else. If you want to go to a ‘Mission Impossible’ implementation, including a combination of all these will get you there and are offered and supported by all devices (PIN only for devices supporting input).

That said, biometrics accuracy is continuously improving, particularly with AI and advancements in sensing/camera technology, making biometrics more secure daily. I advise you to know your vendor’s FAR rates and certification of the same and verify that you will not need to replace your device to take advantage of algorithm enhancements.

Zhou: Complex passwords are exponentially more difficult to crack than simple passwords, and multi-authentication is an effective way to improve your access security level. No biometric is 100% secure; face recognition is a relatively safe and convenient biometric, but it still has false readings and difficulty in differentiating identical twins.

SSS: What are the latest biometric products and solutions you are offering the market?

Rautenbach: Suprema is renowned for its ongoing new product releases. However, 2025 will be one of the first years where the primary focus will be on enterprise software releases and enhancements. This year, Suprema is concentrating on dynamic security implementations that allow for swift responses to emerging security threats, customisable software enabling users to shape our solutions to their needs, seamless management of enterprise-level big data implementations for faster operations and efficiency, and, most importantly, even better and faster ways of integrating Suprema into your operations. The strong focus on cloud-based solutions will be supported in these developments and further extensions of current cloud offerings. Keep a close eye on https://tinyurl.com/yv6y8hxz.

Zhou: Our 341 and 342 series facial terminals have been our most popular products this year. We have also launched the new DS-K1T344 series, featuring an improved industrial design and enhanced functionality, which I believe will become our flagship product in 2025. Additionally, we have introduced a palm and vein reader module that is compatible with our existing DS-K1T673 facial terminal series. As for fingerprint recognition, we have updated our DS-K1T807 model to offer better user interaction as an alternative to the DS-K1T804 terminal.

Share this article:

Further reading: