Multiple factors of
authentication, including biometrics, can increase the probability that an
individual presenting a card to a reader is the same person to whom the card
was initially issued. Biometrics authenticates identity by measuring and
verifying an individual’s unique physical characteristics, such as
fingerprints, hand and face geometry, or patterns found in the eye’s
iris. Since these identifiers can’t be borrowed or stolen, biometrics
provide identity authentication with a strong degree of confidence.
Until recently,
biometric templates such as those for iris recognition were carried on a
plastic credential and presented for authentication by holding the card in
front of an iris recognition camera. Now, these same templates can be
carried inside an NFC-enabled smartphone along with other digital ID
credentials for physical and logical access control.
Going Mobile
Several trends are driving
the adoption of physical and logical access control on smartphones and other
mobile devices. The first is the inclusion of NFC technology on
smartphones, which provides an industry-standard short-range wireless link for
exchanging access control data across a several-centimeter distance so users
can “present” credentials carried on their phones to a reader. As the NFC
mobile payment model grows in popularity, it drives further demand for NFC
phones which can also be used in physical access control applications.
Smartphones that do not feature NFC technology can be securely upgraded to this
capability by using an NFC-enabled add-on device such as a microSD card.
Additionally, there is
now a new type of identity representation that operates within a trusted
boundary and uses the NFC-enabled smartphone’s secure element -- usually an
embedded tamper-proof integrated circuit, or a plug-in module version called a
subscriber identity module (SIM). This setup ensures that all
transactions between NFC-enabled smartphones, SIM cards and other secure media
devices can also be trusted inside the access-control managed
network.
Within this trusted
boundary, organizations can provision mobile access control credentials in
either of two very secure and convenient ways. One is to connect the
mobile device to the network via a USB or Wi-Fi-enabled link and use an
internet portal, similar to how traditional plastic credentials are
provisioned. The second option is to issue digital credentials over-the-air
via a mobile network operator, in much the same way that today’s smartphone
users download apps and songs. To do this, the NFC-enabled smartphone
communicates with a Trusted Service Manager (TSM), which interfaces either
directly to the mobile network operator (MNO) or to its TSM so that a key can
be delivered to the smartphone’s SIM card.
The mobile access model
offers a number of benefits. It eliminates credential copying, and makes
it easier to issue temporary credentials as needed, cancel credentials if a device
is lost or stolen, and monitor and modify security parameters when
required. The mobile model is also ideal for converged physical and
logical access, enabling smartphones to be used for multiple applications
including cashless vending, opening residential locks, accessing an on-line
physical access control reader, entering a building protected by an NFC-enabled
electromechanical lock, logging on to a PC, generating OTP software tokens to
log onto network devices, and implementing biometric authentication.
How Biometrics Work
Biometrics verify that a
card holder has been bound to his or her card, using something that can only be
possessed by the person to whom the card was issued. Biometric data is
unique to each individual, and cannot be forgotten, lost or stolen.
Because of this, biometric technology offers enhanced security as compared to
conventional identification methods. It does not rely on passwords, pin
codes or photographic ID, and is too complex to forge. Biometrics are
generally used as part of a verification system (which checks a biometric that
has been presented by an individual against the biometric in a database linked
to that person’s file – also known as a one-to-one system), or an
identification system (referred to as one-to-many systems because they are used
to identify an unknown person or biometric).
Biometrics has long been
used by the federal government, and is a key element of the latest federal
identity standards. For instance, the Department of Defense DoD) has
incorporated biometrics into the common access card (CAC) that controls entry
to DoD facilities and information systems. Biometrics is also an integral
part of the latest identity credentials for federal agency employees and
contractors. In 2005, the National Institute of Standards and Technology
(NIST) released Federal Information Processing Standards Publication 201 (FIPS
201), which defined the identity vetting, enrollment and issuance requirements
for a common, highly secure identity credential called the Personal Identity
Verification (PIV) card that leverages both smart card and biometric
technology. In 2006, FIPS 201-1 further specified that a facial image, as
well as fingerprint biometrics, be included on PIV cards.
If your office building
or facility is like most, people come and go throughout the day. Employees and
visitors need quick access to get their jobs done, and your business needs
security. So what is the best approach to ensuring secure access without
slowing things down?
Most organizations use a
variety of traditional methods to secure building access, from security
officers to RFID cards, PINs, key badges, and electronic locks. But traditional
access control approaches are not meeting increasingly complex and
multi-faceted security challenges. Security managers are beginning to explore
biometric identification such as fingerprints, voice patterns, and iris
recognition—all of which have proven more reliable than passwords or tokens.
Codes and cards are
easily lost, forgotten, stolen, or shared. Estimates vary, but simply resetting
or replacing passwords and cards can cost between $150 and $200 per employee or
customer per year. Badges, pin codes, and even some biometric solutions can
impede the free flow of facility access. And clumsy, antiquated, vulnerable,
and limited access control systems expose an organization to dangers such as
theft or fraud. So if you are looking to buy biometric and access control cards
visit Allindiayellowpage.com to get details about biometric and access
control security cards suppliers in your city.