research pieces

Biometric Access Control Systems Everything You Should Know

Oct 1, 2019 by Beau Karlskin
image

Biometric access control is one of the most popular types of security systems on the market, and for good reason: it combines security and convenience in a way that no other access control system can.

Access control refers to the management of an access point, such as a door, turnstile, elevator, etc. so as to only allow entry to authorized users. While access control systems can be used for virtually any access point that uses an electronic lock mechanism, doors are the most common applications for access control.

Access control systems come in three types, based on:

1. What the user has (object-based):

The user must possess a specific object to be granted entry. Common types of object-based access tokens include:

  • Keys
  • Fobs
  • ID Cards

2. What the user knows (information-based):

The user must know a specific code to be granted entry. Common types of information-based access codes include:

  • Password
  • Pass-phrase
  • PIN number

3. Who the user is (biometric-based):

The user identifies themselves with their own body using biometrics. Common biometric modalities include:

  • Palm vein
  • Fingerprint
  • Iris scan
  • Face recognition

Why Are Biometrics Used in Security Systems?

Traditional access systems have a critical vulnerability: objects and data can be shared or stolen, allowing someone other than the intended user to access the facility if they get a hold of them.

This may or may not not be a big deal depending on the level of security that is required.

For example, many coffee shops use a keypad on the bathroom door with the passcode (usually just four digits) printed on the receipt so that visitors aren't able to simply enter, use the restroom, and leave without ordering anything.

Whether this is good customer service or not is beside the point. In this case, the thing that the lock is protecting (a public bathroom) doesn't exactly require Fort Knox-level security, so a simple keypad works just fine.

However, such a security system is unfit for anything that requires more serious protection. The problem with passcodes is that, because they are just information, they can be easily shared and distributed among an infinite number of people — even if those people aren't authorized.

Physical access tokens (such as keys, fobs, and ID cards) share a similar vulnerability: they can be easily lost or stolen, allowing whoever has access to the token to have access to the facility — regardless of whether the person accessing it is actually authorized.

Biometrics, however, don’t have this vulnerability. Because your unique biometric code is always with you, it is very difficult for anyone other than you to access it.

This is why, while not all biometrics are equal in terms of security, even some of the least secure biometric systems are still more secure than traditional security systems.

What Are the Benefits of Biometrics for Access Control?

The main benefits of using biometrics for access control are security, convenience, and reduced costs.

Security

  1. Inherent to the user

Since biometrics use a person’s unique biology to verify their identity, it is extremely difficult for them to be taken or used by anyone other than the intended user.

  1. Difficult to duplicate

Traditional access tokens such as keycards can be easily spoofed using a simple $50 keycard duplicator available on Ebay. This illustrates the security vulnerabilities of legacy access control systems.

Biometrics, however, are generally much harder to spoof because most modern biometric systems use liveness tests to ensure that the biometric data is coming from an actual human and not a forged replica.

  1. Easy permission management

With biometrics such as Keyo, admins can instantly grant or revoke access permissions directly from the console dashboard, allowing them to ensure only active, non-suspended users are given access.

Convenience

  1. Can't be lost or forgotten

Biometric access control systems are remarkably convenient in that they allow authorized users to access the facility without needing anything other than themselves.

Unlike traditional access tokens which can be lost, or passwords which can be forgotten, your biometric code is always with you, so you'll always have it when you need it.

  1. Easy access

Your biometric ID is always at hand, so no more fumbling in your pocket for a fob or ID card. With Keyo, your hand is your ID.

  1. Efficiency

Most biometrics are able to identify users in under a second, eliminating the inefficiency and time delays caused by manual identity checks, passwords, or PINs.

Reduced Costs

  1. Fewer Security Staff

Biometric access control systems can save companies money by reducing the need for dedicated security staff to man access points. According to Salary Expert, The average salary for a gate guard in the US is about $32,000 a year. Add this to the fact that multiple guards are needed for different shifts, and the cost of employing guards to man access points becomes significantly high.

  1. Zero Replacement Costs

Access control systems that use physical tokens such as keycards and fobs incur an extra hidden cost: lost token replacement rate. Lost cards and fobs are an all-too-common occurrence. For example, a study done by Tile on lost student ID cards found that:

  • 19% of students in the US lose their ID card every year
  • 3.8 million cards are lost every year
  • ID cards typically cost anywhere from $5 - $50 to replace, with an average replacement cost of $22 per card
  • Resulting in a cost of around 83.6 million dollars spent each year on replacing them

And this doesn't even account for the time lost by administrators going through the process of replacing them.

  1. Protect Expensive Equipment

The cost of potential security breaches outweighs the previous costs by an order of magnitude. In manufacturing facilities, for example, the use of machinery by unauthorized persons can void the warranty of the machine, creating enormous out-of-pocket costs to repair if it breaks.

What are the different types of biometrics for access control?

There are four biometrics that are most commonly used for access control:

1. Palm Vein

Palm vein is a relatively new biometric that works by using infrared light to map the unique vein pattern of the palm. Unlike other biometrics, this pattern is internal to the body, which gives it several unique advantages that make it ideal for access control applications.

Pros:

  • Best-in-Class Security

Palm vein is arguably the most secure biometric due to how difficult it would be to reverse engineer. Since the biometric pattern is never exposed to the world, it would be extremely difficult for a hacker to build a replica that could be used to spoof the scanner.

Additionally, built-in liveness tests ensure that even if a person could somehow gain access to your palm-vein pattern and create a perfect replica of it, they still wouldn't be able to fool a scanner since actual blood flow is required.

  • Accuracy

Due to the large surface area being captured (the entire palm as opposed to just a fingerprint, for example), palm-vein captures more data points than any other biometric, making it the most accurate biometric on the market.

As such, palm vein has the lowest False Acceptance Rate (FAR) and False Rejection Rate (FRR) of any biometric.

  • Privacy-by-Design

Palm vein records an internal rather than an external biometric. So unlike facial recognition (which can be captured from a distance without consent), palm vein can’t be captured without a user’s direct interaction with the scanner.

This is why palm vein is uniquely privacy-by-design.

This makes it the more trustworthy choice for users, while also making it easier for companies that use it to gain compliance with privacy regulations around the world (such as the GDPR).

Cons:

  • Potentially reduced accuracy in cold weather

Although this hasn't been practically demonstrated yet in real-world scenarios, extreme cold weather could theoretically reduce scan effectiveness due to cold temperatures restricting blood flow.

2. Fingerprint

When most people think of "biometrics," fingerprint is probably the first thing that comes to mind.

Fingerprint is an old, time-tested biometric. The ancient Chinese used fingerprints to authenticate government documents, and the Babylonians used fingerprints to sign written contracts.

Today, it is used for a large variety of different applications, from identifying suspects at the scene of a crime and conducting background checks to authenticating payments and unlocking mobile devices.

Pros:

  • Relatively cheap

While price can vary significantly depending on the type of scanner, fingerprint is generally a very cost-efficient technology. This makes it particularly suitable for mass-production, hence its popularity as the go-to biometric in virtually all modern smartphones.

  • Well-known

Fingerprint's popularity as a biometric means that most people are already familiar with it, reducing the need to educate or train people on how to use it.

Cons:

  • Susceptible to wear, damage, and change over time

Fingerprints, more so than any other biometric, are vulnerable to wear and damage. Cuts, abrasions, and scars can alter fingerprints significantly enough that fingerprint scanners are no longer able to properly identify a person who was previously enrolled in the database.

  • Less Sanitary

Of all the biometrics mentioned here, fingerprint is the only one that requires physical contact with the device. This makes it less suitable for applications where top-notch hygiene is especially important, such as in restaurants, food manufacturing facilities, and hospitals.

  • Susceptible to being collected and replicated by third parties

Since we leave our fingerprints on everything we touch, they are vulnerable to being collected by a third party. Once collected, they can be forged in a number of ways, such as via 3D printing. This makes less-advanced scanners (that don't have built-in liveness tests) vulnerable to spoofing.

3. Iris scan

The unique, highly-detailed pattern of the iris makes it a natural choice for biometrics.

Iris scanners use infrared light and high-resolution cameras to create a detailed map of the iris, then convert this information into a template that becomes a person’s biometric ID.

Pros:

  • Stable

A person's iris patterns remain identical throughout their lifespan, making them a highly stable option.

  • Accurate

Because of the rich level of detail in the retina, scanners are able to capture a high number of data points, making it a highly accurate biometric. This accuracy is further increased in scanners that scan both eyes.

Cons:

  • Can be captured from a distance

Modern iris scanners can capture a person’s iris biometrics from over 40 yards away, creating privacy risks that are similar to facial recognition (albeit less extreme).

4. Facial recognition

Face recognition has gained a lot of popularity recently. In airports, for example, airline companies are using this biometric as a way to quickly and conveniently identify travelers, reducing lines and allowing them to board more quickly.

However, this has created controversy because of the privacy concerns this technology poses. Unlike other biometrics, facial recognition can be captured from a distance, making it possible to be captured without consent.

Pros:

  • Convenience

Facial recognition is probably the easiest-to-use biometric since the person doesn't actually need to do anything to be identified. Recent smartphone models, for example, allow users to automatically unlock their phone just by looking at the screen.

Cons:

  • Privacy Risks

Since it can be captured from a distance, facial recognition opens up the possibility of being captured without consent, creating potential privacy and legal risks.

This isn’t a problem when it’s used on personal devices such as phones, since the biometric data stays on the device. However, when used in public to automatically identify people, facial recognition creates major privacy risks.

  • Less Accurate

Facial recognition has a higher False Acceptance Rate (FAR) and False Rejection Rate (FRR) than any other biometric. This is because it 1). FR measures fewer data points than other biometrics, and 2). Changes in appearance (such as facial hair, glasses, makeup, etc.) make it more likely to return a false negative.

Conclusion

There are several key reasons why biometrics are such a popular choice for access control. Traditionally, there is a tradeoff in convenience when switching to more secure technologies, but biometrics are one of the few examples of a security upgrade that also increases convenience. It's the best of both worlds.

Because of this, biometrics are quickly becoming the go-to choice for access control purposes. Military-grade security combined with increased convenience and reduced costs make it an obvious choice over traditional access systems.

However, not all biometrics are equal. This is why, after testing virtually every biometric on the market, Keyo finally settled on palm vein because of its military-grade security, accuracy, and privacy advantages.

Nonetheless, virtually any biometric will provide a major upgrade over traditional keycards, fobs, passwords, or PINs — while increasing user convenience and reducing costs at the same time.

In short: when it comes to access control systems, you can’t go wrong with biometrics.

Biometrics 101

To learn more about the pros and cons of all the most popular biometrics on the market today, check out our ebook.

DOWNLOAD EBOOK