Identity: The Critical Security Factor
Mark Clifton, CEO, Princeton Identity
There are many factors that impact the effectiveness of security programs, ranging from camera selection and placement, to password strength policy and even the reliability of power systems. But, perhaps the single most critical factor for security is one that cuts across many aspects of its implementation: the concept of identity. Many aspects of security depend on authorizations and permissions held by an individual; opening a particular door, allowing visitors, issuing keys, accessing inventory, etc. In each case, maintaining security depends on correctly identifying the individual and matching them with the correct authorizations and permissions.
How can the identity of a given individual be verified? Traditionally, there are three modalities that have been used to verify the identity—and the authority—of a person for security purposes:
- Something they have, such as an access card
- Something they know, such as a password
- Something they are, such as their fingerprint
This last category is now more commonly known by the term “biometrics”.
The category of biometrics has the strongest link to an individual’s actual identity. It is difficult, if not impossible to falsify your biometric information. In our daily lives, we almost always confirm the identity of the people who we know using a version of biometrics – we recognize the face, the body size and shape, and the voice of our friends, family and coworkers. It is only for people who we don’t know that we shift to other methods; for example, airport security screeners look at your driver’s license or passport to verify your identity. Even in that case, many governments and airports are looking for technology to securely speed up verification at high traffic airports. Stakeholders throughout the airport security process are increasingly turning to biometrics as a solution for secure passenger flow and employee access control.
Raising Access Control Security
Let’s consider how identity impacts security – with regard to access control, for example. Many, if not most, access control systems for retail and business facilities today use card readers to enable access. But the link between an access card and the true identity of the individual who is carrying that card is both tenuous and vulnerable – the card can be stolen, or lent to others. Thus, card readers provide a relatively low level of security, since the card reader cannot know the identity of the person holding the card with any level of certainty. Recent events in Belgium regarding lost or stolen identity cards at nuclear facilities only serve as a significant reminder that cards and credentials are not adequate for identity authentication and access in today’s world.
In contrast, a biometric reader is linked much more strongly to the actual identity of the individual. Thus, using biometric readers instead of card readers for access control immediately provides a significantly higher level of security because of that link to identity.
Removing Barriers to Biometrics
If we know that biometrics work better than any other type of identity verification, why are they not the standard? Part of the answer is that until recently, the affordability and basic effectiveness of card readers and keypads were considered “good enough” for most applications. The higher cost and complexity of the available biometric readers, which deliver a higher level of security, were reserved for high-security facilities, such as sensitive government facilities, research labs and data centers, where they were used extensively.
Today, improved technologies have made biometric identification much more available at competitive costs. Tablet computers and mobile phones are available with fingerprint sensors for authorizing access. Some even have basic facial recognition. These are not gimmicks; they are substantially more secure than a four-digit passcode. With most organizations now giving more attention to managing risk, cost-effective biometric readers are being implemented in a growing number of security systems, displacing card readers and keypads, to provide a higher level of security.
Among all the available biometrics, the one most rapidly gaining ground is iris recognition. It is as fast and simple as taking a selfie, and does not require any physical contact with a sensor. An iris cannot be shared or stolen, and iris readers cannot be fooled by makeup, hair or clothing changes.
Princeton IdentityTM (PI) has enormous experience in iris recognition, and offers a powerful lineup of identity readers tailored for different circumstances. PI is the industry pioneer and leader in confirming the identity of people with longer standoff distances, and even while they are moving. PI products can read through eyeglasses and sunglasses, in diverse weather conditions, outdoors or inside. There simply is no faster, more accurate method of automatically confirming the identity of authorized individuals.
With all these advantages, it is easy to see why iris readers will be the next big thing in access control and identity verification. Come see our Princeton Identity products in action at ASIS 2016.