1. All Resources
  2. Components

Biometric Credentials

Biometrics - A Tool for Access Control

Biometric security systems have been gaining enormous traction at the turn of the millennium, with a surging prevalence in the belief that such systems offer much greater security as compared to older modes of access like key cards and PIN numbers. It is also believed to be more convenient as well; entry into a secured space is literally at the end of your fingertips. Here, we share some basic knowledge on biometric systems, and what they mean for your security and privacy.

Some of the most common biometric recognition softwares deal with physiological data on a person, such as fingerprints, eye retinas, face, and voice recognition. Such information is first uploaded into the security system in a process termed as “enrollment”. This process in turn converts such data into an algorithm that measures the probability of a successful entry using the wrong data, and calibrates that probability to a minicuous number.

 In other words, biometric systems do more than match-up pictures of fingerprints: it uses math to secure your access as well.

 More advanced versions of biometric systems have incorporated behavioral metrics (behaviometrics) into the system as well. These could include length of time required to type in a PIN number, how much pressure is applied on the fingerprint scanner etc. Then there are advanced biometrics recognition softwares that go under your skin for the data it needs, such as brain-wave scans and heart-rate monitors. As the technology develops more rapidly, the way biometric systems are utilised also becomes more varied. Instead of simply enabling access to a space, biometrics are now associated with payments, ATMs, personal mobile devices, and even phone services.

How secure are biometric systems?

The perks and conveniences of biometric access are plenty. Firstly, it does away with security tokens, which means no more worrying about being stuck outside the office each time you forget to bring your key card with you for lunch. The front-end system is simple to manage as well; all you have to do is input data of a person into the system, and there is no need to issue/confiscate physical tokens for access.  The uniqueness of each person’s biodata also ensures that it is difficult to duplicate. For that to be possible, someone will have to lift complete biodata off a user (think lifting a fingerprint), or break into the back-end database of the biometric system.  To make such systems even more secure, some systems utilize more than one biometric to confirm a user’s credentials. For example, you can run both fingerprint scans and and measure the pressure applied simultaneously. Such systems are known as multimodal biometric systems (as opposed to regular unimodal biometrics), hence enhancing the access to your space.

Kisi Products
Regain Full Control the Easy Way

Discover what makes Kisi the most advanced cloud access control solution.

Biometrics can be combined with other security systems as well, and the most common ones seen are keypads and fingerprint scanners. We actually see the application of such technologies more frequently than we take note of: the iPhone 6S actually allows unlock by scanning your fingerprint while you input your device passcode. InvisibleExisting problems with biometrics While biometric access is a great front-end solution, it does come with issues pertaining to data management, privacy, and costs, all of which we will cover over here.  Managing the biometric data of users is a very sensitive affair. It all comes down to an issue of trust: who should have access to add, modify, and remove users from the system? Who should have access to the same data that could be used for other locations, such as an immigration checkpoint or an ATM? Think of it as managing email passwords for users, where the same password is being used for other accounts like Facebook and even iBanking. Whoever is in charge of that information should have exceptionally high security clearance, and must be ready to shoulder the responsibility if the data gets compromised.  This leads us into the issue of privacy. It can be argued that if this data is so dangerous if leaked, it should not be recorded by private companies in the first place. Some places therefore ban or restrict any systems that complies biometric data of users, especially in Europe; the face-recognition application on Facebook is banned on Europeans.  The cost of biometric systems are enormous as well, going for anything between $5000 to $10,000 for fingerprint scanners, data-base management system, and installation. This excludes the costs of installing an electronic lock on your door (if you do not already have one), and any monthly premiums that you have to pay just to keep the system up and running.  Given issues over privacy and costs, biometric security is still primarily preferred at government buildings and high-security installations (like banks and oil research centers). While the technology associated with biometrics is becoming less expensive over time, it also means that ubiquitous usage of biometrics could (unfortunately) compromise the safety of your personal data. 

For more information:

https://www.techopedia.com/definition/26990/biometric-system

https://www.nsa.gov/ia/_files/factsheets/i73-009r-007.pdf

http://www.technovelgy.com/ct/Technology-Article.asp?ArtNum=12

https://support.apple.com/en-us/HT204587

Just starting?
Download our Access Control guide

Get this full guide in PDF format, plus other great security content from Kisi. We're offering this guide as a free download and you will also be signed up to get content from the Kisi blog.

Download Guide
Kisi Download Guide