Biometric Access Control - All You Need to Know

Written on the 28 March 2022 by Kerri Vandenberg

Biometric Access Control - All You Need to Know

Biometric access control is one of the most popular types of security systems on the market, and for good reason: it combines security and convenience in a way that no other access control system can.

Access control refers to the management of an access point, such as a door, turnstile, elevator, etc. so as to only allow entry to authorized users. While access control systems can be used for virtually any access point that uses an electronic lock mechanism, doors are the most common applications for access control.

Access control systems come in three types, based on:

1. What the user has (object-based):

The user must possess a specific object to be granted entry. Common types of object-based access tokens include:

  • Keys
  • Fobs
  • ID Cards

2. What the user knows (information-based):

The user must know a specific code to be granted entry. Common types of information-based access codes include:

  • Password
  • Pass-phrase
  • PIN number

3. Who the user is (biometric-based):

The user identifies themselves with their own body using biometrics. Common biometric modalities include:

  • Palm vein
  • Fingerprint
  • Iris scan
  • Face recognition

Why Are Biometrics Used in Security Systems?

Traditional access systems have a critical vulnerability: objects and data can be shared or stolen, allowing someone other than the intended user to access the facility if they get a hold of them. This may or may not be a big deal depending on the level of security that is required.

For example, many coffee shops use a keypad on the bathroom door with the passcode (usually just four digits) printed on the receipt so that visitors aren't able to simply enter, use the restroom, and leave without ordering anything. Whether this is good customer service or not is beside the point. In this case, the thing that the lock is protecting (a public bathroom) doesn't exactly require Fort Knox-level security, so a simple keypad works just fine.

However, such a security system is unfit for anything that requires more serious protection. The problem with passcodes is that, because they are just information, they can be easily shared and distributed among an infinite number of people — even if those people aren't authorised.

Physical access tokens (such as keys, fobs, and ID cards) share a similar vulnerability: they can be easily lost or stolen, allowing whoever has access to the token to have access to the facility — regardless of whether the person accessing it is actually authorised.

Biometrics, however, don’t have this vulnerability. Because your unique biometric code is always with you, it is very difficult for anyone other than you to access it.

This is why, while not all biometrics are equal in terms of security, even some of the least secure biometric systems are still more secure than traditional security systems.

What Are the Benefits of Biometrics for Access Control?

The main benefits of using biometrics for access control are security, convenience, and reduced costs.

Security

1. Inherent to the user:

Since biometrics use a person’s unique biology to verify their identity, it is extremely difficult for them to be taken or used by anyone other than the intended user.

2. Difficult to duplicate:

Traditional access tokens such as keycards can be easily spoofed using a simple $50 keycard duplicator available on Ebay. This illustrates the security vulnerabilities of legacy access control systems. Biometrics, however, are generally much harder to spoof because most modern biometric systems use liveness tests to ensure that the biometric data is coming from an actual human and not a forged replica.

3. Easy permission management: 

With biometrics, admins can instantly grant or revoke access permissions directly from the console dashboard, allowing them to ensure only active, non-suspended users are given access.

Convenience

1. Can't be lost or forgotten: 

Biometric access control systems are remarkably convenient in that they allow authorised users to access the facility without needing anything other than themselves. Unlike traditional access tokens which can be lost, or passwords that can be forgotten, your biometric code is always with you, so you'll always have it when you need it.

2. Easy access:

Your biometric ID is always at hand, so no more fumbling in your pocket for a fob or ID card. With Keyo, your hand is your ID.

3. Efficiency:

Most biometrics are able to identify users in under a second, eliminating the inefficiency and time delays caused by manual identity checks, passwords, or PINs.

Reduced Costs

1.  Fewer Security Staff:

Biometric access control systems can save companies money by reducing the need for dedicated security staff to man access points. 

2. Zero Replacement Costs:

Access control systems that use physical tokens such as keycards and fobs incur an extra hidden cost: lost token replacement rate. Lost cards and fobs are an all-too-common occurrence. And this doesn't even account for the time lost by administrators going through the process of replacing them.

3. Protect Expensive Equipment:

The cost of potential security breaches outweighs the previous costs by an order of magnitude. In manufacturing facilities, for example, the use of machinery by unauthorised persons can void the warranty of the machine, creating enormous out-of-pocket costs to repair if it breaks.

What are the different types of biometrics for access control?

There are four biometrics that are most commonly used for access control:

1. Palm Vein:

Palm vein is a relatively new biometric that works by using infrared light to map the unique vein pattern of the palm. Unlike other biometrics, this pattern is internal to the body, which gives it several unique advantages that make it ideal for access control applications.

Pros:

Best-in-Class Security

Palm vein is arguably the most secure biometric due to how difficult it would be to reverse engineer. Since the biometric pattern is never exposed to the world, it would be extremely difficult for a hacker to build a replica that could be used to spoof the scanner.

Additionally, built-in liveness tests ensure that even if a person could somehow gain access to your palm-vein pattern and create a perfect replica of it, they still wouldn't be able to fool a scanner since actual blood flow is required.

Accuracy

Due to the large surface area being captured (the entire palm as opposed to just a fingerprint, for example), palm-vein captures more data points than any other biometric, making it the most accurate biometric on the market.

As such, the palm vein has the lowest False Acceptance Rate (FAR) and False Rejection Rate (FRR) of any biometric.

Privacy-by-Design

Palm vein records an internal rather than an external biometric. So unlike facial recognition (which can be captured from a distance without consent), palm vein can’t be captured without a user’s direct interaction with the scanner.

This is why palm vein is uniquely privacy-by-design.

This makes it the more trustworthy choice for users, while also making it easier for companies that use it to gain compliance with privacy regulations around the world (such as the GDPR).

Cons:

Potentially reduced accuracy in cold weather. Although this hasn't been practically demonstrated yet in real-world scenarios, extreme cold weather could theoretically reduce scan effectiveness due to cold temperatures restricting blood flow.

2. Fingerprint

When most people think of "biometrics," fingerprint is probably the first thing that comes to mind. The fingerprint is an old, time-tested biometric. The ancient Chinese used fingerprints to authenticate government documents, and the Babylonians used fingerprints to sign written contracts.

Today, it is used for a large variety of different applications, from identifying suspects at the scene of a crime and conducting background checks to authenticating payments and unlocking mobile devices.

Pros:

Low Cost

While price can vary significantly depending on the type of scanner, the fingerprint is generally a very cost-efficient technology. This makes it particularly suitable for mass production, hence its popularity as the go-to biometric in virtually all modern smartphones.

Well-known

Fingerprint's popularity as a biometric means that most people are already familiar with it, reducing the need to educate or train people on how to use it.

Cons:

Susceptible to wear, damage, and change over time

Fingerprints, more so than any other biometric, are vulnerable to wear and damage. Cuts, abrasions, and scars can alter fingerprints significantly enough that fingerprint scanners are no longer able to properly identify a person who was previously enrolled in the database.

Less Sanitary

Of all the biometrics mentioned here, the fingerprint is the only one that requires physical contact with the device. This makes it less suitable for applications where top-notch hygiene is especially important, such as in restaurants, food manufacturing facilities, and hospitals.

Susceptible to being collected and replicated by third parties

Since we leave our fingerprints on everything we touch, they are vulnerable to being collected by a third party. Once collected, they can be forged in a number of ways, such as via 3D printing. This makes less-advanced scanners (that don't have built-in liveness tests) vulnerable to spoofing.

3. Iris scan

The unique, highly-detailed pattern of the iris makes it a natural choice for biometrics. Iris scanners use infrared light and high-resolution cameras to create a detailed map of the iris, then convert this information into a template that becomes a person’s biometric ID.

Pros:

Stable

A person's iris patterns remain identical throughout their lifespan, making them a highly stable option.

Accurate

Because of the rich level of detail in the retina, scanners are able to capture a high number of data points, making it a highly accurate biometric. This accuracy is further increased in scanners that scan both eyes.

Cons:

Can be captured from a distance

Modern iris scanners can capture a person’s iris biometrics from over 35 metres away, creating privacy risks that are similar to facial recognition (albeit less extreme).

4. Facial recognition

Face recognition has gained a lot of popularity recently. In airports, for example, airline companies are using this biometric as a way to quickly and conveniently identify travellers, reducing lines and allowing them to board more quickly.

However, this has created controversy because of the privacy concerns this technology poses. Unlike other biometrics, facial recognition can be captured from a distance, making it possible to be captured without consent.

Pros:

Convenience

Facial recognition is probably the easiest-to-use biometric since the person doesn't actually need to do anything to be identified. Recent smartphone models, for example, allow users to automatically unlock their phone just by looking at the screen.

Cons:

Privacy Risks

Since it can be captured from a distance, facial recognition opens up the possibility of being captured without consent, creating potential privacy and legal risks.

This isn’t a problem when it’s used on personal devices such as phones, since the biometric data stays on the device. However, when used in public to automatically identify people, facial recognition creates major privacy risks.

Less Accurate

Facial recognition has a higher False Acceptance Rate (FAR) and False Rejection Rate (FRR) than any other biometric. This is because it 1). FR measures fewer data points than other biometrics, and 2). Changes in appearance (such as facial hair, glasses, makeup, etc.) make it more likely to return a false negative.

Conclusion

There are several key reasons why biometrics are such a popular choice for access control. Traditionally, there is a trade-off in convenience when switching to more secure technologies, but biometrics is one of the few examples of a security upgrade that also increases convenience. It's the best of both worlds.

Because of this, biometrics are quickly becoming the go-to choice for access control purposes. Military-grade security combined with increased convenience and reduced costs makes it an obvious choice over traditional access systems.

However, not all biometrics are equal. Nonetheless, virtually any biometric will provide a major upgrade over traditional key cards, fobs, passwords, or PINs — while increasing user convenience and reducing costs at the same time.

 

In short: when it comes to access control systems, you can’t go wrong with biometrics.

 


Author:Kerri Vandenberg

Contact us now for a Quote.