Guide published to aid biometric authentication in automatic access control deployment

Ingenium Biometrics and the UK’s Centre for Protection of National Infrastructure (CPNI) have jointly released a new report to help formalize the process for organizations to ensure their security systems are effective.

The report explores biometric authentication applications in automatic access control systems (AACS) with the goal of encouraging “knowledge-sharing in pursuit of increasingly secure and resilient systems.”

The document starts by describing different types of AACS and their traditional components, including devices such as tokens, readers, and keypads, as well as biometric sensors and processing applications that fall under the category of biometric automatic access control systems (BAACS).

The second section of the report provides operational requirements that should be considered when selecting and evaluating the use of a biometric system. These include access control boundary choices, the performance of the biometric system, as well as ease of use, cost, and user compatibility.

In this section, Ingenium and CPNI also clarify that biometric authentication can be single factor (biometric only) or multi-factor (token and biometric). The report covers various biometric modalities used for access control, and explains the basics of multi-factor authentication for extra security.

“For low-security environments, it could be sufficient to use a biometric on its own (single factor solution),” reads the document. “For higher security environments a biometric should be used in conjunction with other authentication factors such as a smart card token (multiple factor solution).”

Among the strengths of using a biometric system to authenticate to an AACS, the report highlights the fact that biometric information cannot be shared (except via a presentation attack), lost, or stolen, in a way a physical token can be. It also cannot be forgotten or guessed in the way a knowledge-based authenticator can be and is unique to the person.

Additionally, Ingenium and CPNI claim that biometrics is the “only way that you can be certain of the physical presence of the enrolled person.”

However, the report also explores the challenges of using biometrics for authentication, for instance, the fact that the process is “inherently probabilistic.”

“This means that the biometric comparison is not between two things that should be identical (such as authenticating using a password or cryptographic key stored in a smart card), and this introduces an underlying error to the system.”

These errors can be minimized, however, by following a series of steps, says the report.

These include ensuring good quality data is captured and a high-quality template is created, training the user population in how to present their biometric characteristic to the sensor, understanding the trade-off between security and performance, and making sure that an appropriate biometric system is selected for the operating environment.

The second section of the report also explores threats to biometric systems, with a particular focus on presentation attacks.

“To mitigate against this, the biometric system must have liveness and presentation attack detection (PAD) capabilities. The performance of the PAD capability should form part of the performance assessment.

Section 3 of the CPNI report covers the process of designing a biometric AACS and preparing the system for implementation.
It considers the key components required to build a biometric AACS, including enrolling the biometric characteristics, selecting a multifactor solution, determining the operating conditions, and managing enrolments, template storage, and data security.

A section dedicated to choosing a biometric modality is next, which analyzes facial, fingerprint, iris, and palm and finger vein recognition. This part of the report also explores privacy and data protection legislation designed to keep biometric data safe, together with exception handling practices.
Finally, the CPNI concludes with two sections about the installation and maintenance of an AACS that includes biometrics.

The collaborative report between CPNI and Ingenium Biometrics comes almost one year after the company was selected as one of the providers of trial support services for the UK’s immigration self-enrollment scheme.