Many organizations are implementing biometric access controls to help ensure security policies are effective. By incorporating a biometric into authentication and identity verification procedures, an extra measure of precaution is taken that improves the certainty that the person is who they say they are. Biometrics utilize physical, behavioral, a combination of both physical and behavioral characteristics to identify a person (Zorkadis and Donos, 2004). Of the many biometrics available for use, fingerprinting is one of the oldest and most widely used. As Zorkadis and Donos, describe,
The oldest biometric technique, electronic fingerprint recognition, has undergone extensive research and development, especially in the last three decades, mainly because of its exploitation by law enforcement authorities. (Zorkadis and Donos, 2004)
A comparison of the Hirsch Verification Station, the GE Security V-Station (Prox), and the L-1 Identity Solutions Bioscrypt 4G V-Station provides an example of the criteria that must be evaluated when selecting biometric solutions, especially fingerprint scanners.
There are several considerations when selecting a biometric system. Cost is always a factor – business solutions must be cost-effective. The false acceptance rate (FAR; the percentage chance of a false positive), the false rejection rate (FRR; the percentage chance of a false negative), and the cross-error rate (CER; the percentage where the FAR equals the FRR) are important statistics to consider when evaluating biometric systems. FAR, FRR, and CER provide insight into the error rates associated with a biometric device. Another important factor is the time for verification to occur. The faster the verification time, the less obtrusive the solution will be to users. Table 1 shows a comparison of three fingerprint scanning stations that also incorporate card readers and pin pads.
Table 1 Comparison of Three Fingerprint Stations
Verification Station RUU-201
|L-1 Identity Solutions Bioscrypt
|Device Type||Combined Smart Card reader, proximity card reader, pin pad, and fingerprint scanner||Combined proximity card reader, pin pad, and fingerprint scanner||Combined Smart Card reader, proximity card reader, pin pad, and fingerprint scanner|
|Cost||$1944 per station||$1766 per station||$2175 per station|
|FAR||0.01% – 0.001%||0.2%||Not listed|
|FRR||0.01% – 0.001%||1.0%||Not listed|
|CER||Not listed||0.1%||Not listed|
|Verification Time (s)||1.5||<1||Not listed|
|Compliance with||INCITS 378-2004
ISO 1443-A, B
|None listed||UPEK TCS1
All three of the fingerprint scanners under consideration utilize minutiae scanning, as opposed to correlation-based scanners. “Minutiae are unique characteristics such as ridge endings, bifurcations, and divergences” (Zorkadis and Donos, 2004). The L-1 Identity Solution should be eliminated from consideration immediately based on the fact that the company does not include any error information on its web site or product data sheets. FAR and FRR are essential for evaluating biometric devices. While slightly more expensive, the Hirsch reader has significantly better performance from a FAR and FRR perspective. The Hirsch device will rarely produce false positives and false negatives. By contrast, the GE device will generate a false negative every 100 uses. For a large facility, this could become a nuisance.
In addition, the Hirsch device incorporates several important security features. The pin pad scrambles the order of the keys and is unreadable from side views – these measures discourage “shoulder surfing.” Also, the Hirsch device, when used with a smart card, stores the enrolled fingerprint encrypted on the smart card instead of on the device. The enrolled fingerprint is unlocked when the pin is entered, then compared to the scanned fingerprint. This mode of operation adheres to recommendations that Zokadis and Donos make regarding storage of biometric data (Zokadis and Donos, 2004). The GE and L-1 devices store the enrolled fingerprints in the devices.
Biometrics as an authentication and identification solution is growing in popularity. Fingerprint scanning is a stable, mature, and reliable biometric technology. There are several factors that should be considered when selecting biometric solutions, including cost, FAR, FRR, and timing. The evaluation of three devices from Hirsch, GE Security, and L-1 Identity Solutions demonstrates the factors that should be considered.
Zorkadis, V., & Donos, P. (2004). On biometrics-based authentication and identification from a privacy-protection perspective: Deriving privacy-enhancing requirements. Information Management & Computer Security, 12(1), 125. Retrieved from http://proquest.umi.com.library.capella.edu/pqdweb?did=644926181&Fmt=7&clientId=62763&RQT=309&VName=PQD