Category Archives: Uncategorized
Biometrics in the Workplace
By Robert Gailing, SmartContactless
With recent events in mind, employees are demanding that companies around the world look at new security measures to protect them and the companies themselves. In fact, according to a Harris Interactive survey, conducted for Privacy & American Business, a majority of employees feel that their employers should be strengthening ID procedures for entering premises and accessing computer systems, as well as doing more detailed background checks on job applicants.
In addition, thirty-five percent felt that their employer should do more detailed background checks on current employees. One such technology, which will aide companies and employers with these tasks, is biometrics.
What is biometrics?
Let´s start with the basics. What is biometrics? Well, in simple terms, it is a type of personal identification that utilizes a unique physiological or behavioral characteristic not shared by any other individual, such as a fingerprint or the iris of your eye. In other words, only you have this particular characteristic.
There are several different types of biometric technologies: iris eye scan, retinal recognition, facial recognition based on specific characteristics, fingerprint recognition, hand geometry, voice recognition, infrared imaging, keyboard dynamics and handwriting dynamics. All are based on characteristics considered to be unique to the individual, though some are more reliable than others. For instance, it is common knowledge that no one person has the same iris pattern as another. Therefore, this would be a reliable technology. On the other hand, systems that utilize voice recognition or keyboard dynamics (the pattern in which one types words on a keyboard) would be less reliable, since voices can be mimicked and typing styles copied.
For the purpose of this paper, we are going to focus on automated iris recognition. Basically, what that means is that an employer implements a iris-based biometric system and enrolls employees (which only takes a few minutes per person) creating an iris template, which is stored in the database for future verification. Then employees must have their eye “scanned” — which is just a camera taking a picture of an eye — and template verified in order to gain access to a facility. And there you have it…automated iris recognition systems…in its most simple form.
What does biometrics do?
Now, let´s talk about what kinds of applications biometrics provides, why employers are looking at this technology to secure their facilities and what it means for you, the employee. First of all, biometrics can be used for things such as pre-employment screening, background checks, facility access control, IT network access control, payroll, and time and attendance, just to name a few.
Companies are faced with various threats to their security, such as employee identity theft, vandalism, cheating or what´s often called “buddy punching” (when an employee clocks another employee in or out who is not present at the time) and equipment theft, to name a few. By implementing biometric systems, employers can control who has access to what equipment, prevent fraudulent time and attendance entries and protect their assets from theft.
Additionally, employers face significant costs attributed to replacing lost or stolen building keys or access cards, and correcting time and attendance issues, all of which can be eliminated with the use of a biometric access system. It´s easy to enroll employees, taking only a few minutes, and then the company has an identification database of all employees, and can restrict access to particular parts of the buildings based on specific clearance levels. It´s that easy.
As an employee, biometric systems have advantages for you as well. For instance, instead of having to carry around office keys or access cards, you simply bring your eye or your finger with you….which hopefully you do anyway. Best of all, you´ll never misplace your eye or your finger, as many people often do with their keys and cards. Additionally, it automates many processes you may currently be doing by hand, such as clocking in and out. This way, you never have to worry about forgetting to clock in, since your eye or fingerprint will do it for you.
A day in the life…
Need an example? Let´s visit with Alison, an employee of XYZ Company, which uses multiple biometrics throughout its facilities. Alison will start her day entering the building. She simply looks into the iris camera, which then matches her “template” to the one stored in the database. A template is a version of your iris as a complex mathematical equation, or algorithm. This algorithm cannot recreate your iris. Once a mathematical equation, always a mathematical equation.
Sorry for the slight diversion….now, back to Alison´s day. Her iris template is verified by the database and she is granted access to the facilities. Additionally, the time and attendance system used in conjunction with the reader has also clocked her in…and so her day begins. Now what? Well, in order to gain access to her company´s network or her computer, her identification must again be verified. This is to prevent those authorized with building but not network access from stealing valuable company information. She places her finger on her keyboard-mounted or USB reader, and once again, her identity is verified. She now has access to her computer and all her company information and can go about her day. This is basically how the beginning of a typical day with biometrics would go. Now that wasn´t so bad, was it?
How safe is it?
You might think employees would resist such a system. However, that´s not necessarily the case. In fact, according to the survey, four out of five employees and managers said they would be willing to have an ID card issues by their employer that would have on it their photo, basic personnel information and a biometric identifier, such as an iris or fingerprint.
But what about your privacy and personal information? How safe is it? Well, rest at ease…your personal information is perfectly secure and, as we mentioned before, your iris or fingerprint cannot be recreated. Biometrics developers have integrated safety measures into their systems to protect you, the employee. For instance, all information is encrypted within the reader, so even if someone did “crack into the system,” they would also have to break the complex code to retrieve any of your personal information…an event which is unlikely to occur.
Still worried, well don´t. There are advanced systems that use smart cards, which will allow you to retain control of your template. Basically, instead of having your template stored in a company database, it´s stored directly on a card, much like a credit card. There is a chip on the card that stores your template, so when you want to gain access to your facility, you present the card then place your finger on the reader. The reader will match your iris or fingerprint to the template stored on the card. This way, you don´t have to worry about who has access to such information as it remains in your control at all times. And, should you lose the card, no one can gain access to the facility using it, since his or her iris or fingerprint won´t match, and no one can access the information stored on the chip, since it´s also encrypted. Either way, you´re covered.
If you´re still not sure about biometrics as a whole and your employers are looking at such solutions to protect their company´s assets, there is one thing you can do. Ask questions. Ask about the system. Ask about the company´s privacy policy. Find out all the information you need in order to feel comfortable. It may feel a bit like big brother in the beginning, but it´s not. This biometrics system can´t tell where you ate lunch or what you had. It can´t spy on you the restroom. It can´t follow you home at night and it can´t her what you say to other employees, whether work related or not. It´s simply a system to help your employers automate processes and protect their assets…and yes, they do consider their employees assets.
By Robert Gailing, SmartContactless
Do You Know Your Smart Card Technology?
Do You Know Your Smart Card Technology?
By Robert Gailing, SmartContactless (formerly ISLOG Americas) For almost 15 years, contactless RFID cards and tags have been changing the access control landscape. While the market has grown exponentially over that period, it is only recently that the cards and readers have evolved from simply transmitting numbers to complex multi-application card and reader environments that can perform multiple functions including security and encryption with flexible card structures. Advances in technology have made contactless cards and readers a must-have for all a company’s security and access control needs.
Contactless card technologies According to research analyst Blake Kozak, IMS Research, although smart cards are being used more in European countries than in the U.S., smart cards in the U.S. are beginning to see large growth, with proximity cards still taking up the greatest portion of the market. “Multi-technology readers are popular at the moment because they allow an organization to future-proof themselves,” explained Kozak. “Simply stated, this allows users to continue using their current technology until the funding and/or time is right to upgrade their system. The multi-technology reader will then allow them to upgrade more seamlessly.”
There are a variety of contactless card technologies available in today’s market. Proximity cards are the most prevalent, primarily because that’s what end-users are accustomed to using. These cards and tags communicate at 125 kHz and work when a card is brought within the area of the RFID field created by a reader. It’s very simple and easy to use, but is usually only good for one application. From a security standpoint, this card can only be secured using a specific format in the card or with a matching format between the card and reader. There are, however, newer and better options available.
– Contactless smart cards: These cards/tags communicate at 13.56 MHz, a much higher frequency than the proximity cards. The primary benefit of these cards is their larger memory capacity and ability to store vast amounts of information, such as history, employee information and biometrics (e.g., fingerprints and iris templates). Contactless smart cards are secured via multiple authentication methods, in that the communication transmission is secure between the card and reader – and different every time – so a hacker cannot “sniff” the information. Additionally, because the cards have wired logic memory (organized in fixed sectors, pages or applications), additional security can be added to protect information written to the cards through encryption or special passwords, more commonly known as “security keys.”
– Microprocessor cards: A variation on the contactless smart card, this type of card, as its name implies, has small microprocessors and memory on the chip. The bigger the card’s memory, the more application possibilities exist. For example, a card with 8 kilobytes of memory can potentially manage 28 applications. Depending on the applications, this card can be used to enter the parking lot/building, access IT/secure networks, biometrics, photos, time and attendance, secure printing and even cashless payments to manage the cafeteria or vending machine purchases, thus eliminating the need for multiple cards per person. And, you can create and arrange application sectors inside the memory storage to your liking, much like a hard disc on a computer.
Overcoming obstacles Despite the advances in card technology, there are many challenges that must be overcome before full adoption of these newer, bigger, better cards can be achieved. The primary challenge is overcoming the idea that proximity cards are the be-all, end-all access control solution. The bigger challenge is one you face as a dealer/integrator. Currently, you rely on a variety of people to provide information on customer cards – the customer itself, vendors, etc. Unfortunately, accessing information on existing cards from these sources can take time and energy. Vendors can take awhile to get back to you and, let’s face it, companies are notorious for not knowing their own card technology. This puts you in an awkward position when you’re in the field and are handed a card. “What we’re seeing in terms of new product development is that it’s more about combining multiple factors into one integrated system,” said Randy Vanderhoof, executive director of the Smart Card Alliance, Princeton Junction, N.J. “Methods of unlocking a door with a simple red/green light are being replaced with a much more intelligent controller, one that has the ability to have biometrics match to go along with the information that is on the card—adding a second level of security so someone can’t just pick up an access card and get into a building or a secured area. Controller devices are more IP-driven so that they’re not running on thin copper wire but instead running on the network backbone of the organization. These are the kind of advances that we see happening all the time in the electronic security industry. Part of that has been enabled by having more of a capable security badge technology, such as smart cards, that can provide features such as biometric match-on card, security digital images and certificates that can be validated in real-time to verify that the credential has not been revoked recently.
”
ISLOG’s R.F.I.D. Suite– ReadCard™, FindFormat™, IDtransfer™ and DataWriter™ — is one solution that is available today. And here’s how a discussion might go with regards to this technology.
What is encoded on this piece of plastic you just handed me?
You need to know all about this card, including what technology it supports; who manufactured it; how much memory it holds (if any); what its serial number is; and how the card is organized. ReadCard is a software tool that can perform all these tasks in seconds. It allows you to respond quickly and accurately to your customer.
Can I use this card with the existing system?
The next challenge is to recognize, out of binary information, the specific format encoded on a card or tag. Today, as previously mentioned, you might have to send the card back to your vendor to determine formats, a task that can be quite time-consuming. FindFormat is a simple tool that can determine the format encoded on a card or tag in only a few seconds. Everyone in all levels of the supply chain can use and benefit from FindFormat, from field sales to technical support to the business development team, all of whom will be able to quickly answer questions such as whether the card can be used with the current system or whether more cards can be sold.
What can I do with this information?
Now that you can read and find the card’s information, the next logical question is what can be done with it. Today’s cards can be used for so much more than access control. IDTransfer extracts information from an RFID card such as CSN or other encoded data but it has many application possibilities. For integrators/dealers as a universal card enroller for all access control software, or as a tool that enables companies to develop support for RFID without costly development and integration. Moreover, it’s often used to run an executable file or execute a batch file with an RFID card, or even to populate fields in a third party software such as IDCenter.
Can I encode cards myself?
Today, you buy the cards already encoded. However, demanding customers require that card programming be done independent of the card provider; they don’t want anyone to know their security. DataWriter is a solution for encoding data to a 13.56MHz card or tag. Whether it’s MIFARE, DESFire v0.6, EV1 or another 13.56MHz, like iCLASS, DataWriter is compatible with industry-leading, card-management software such as IDCenter and AsureID, allowing you to organize the structure, determine and set the security keys in the card and readers and write to the card in specific formats and personalize the card in line with the printer.
With the increased acceptance of RFID and the growing market for contactless smart cards, the challenges associated with managing these new technologies can be difficult. Supporting products must be able to meet or exceed certain criteria – flexible solutions that cross different technologies and brands. Software tools take the mystery out of cards and put control back in your hands by providing access to important information, which up until now, was difficult to obtain.
Robert Gailing is the Vice President of SmartContactless (formerly ISLOG Americas) Smartcontactless is an ISG Vendor.
University’s adopt DataWriter to Encode Contactless Smart Cards
Newport Beach, CA — Starting in the Fall session, two major universities are issuing students and faculty identification cards with 13.56 MHz card technologies — migrating away from legacy mag-stripe technology to MIFARE® DESFire® EV1 contactless smart card technology using ISLOG’s DataWriter encoding software from SmartContactless.
One University is using DataWriter in stand-alone mode and the other – sold by Elliott Data — with a SP75 DataCard printer with DataWriter integrated with IDWorks printer software.
The Universities began the transition away from mag stripe to contactless smart cards in 2013 after years of research and discussions about card technologies for student and facility cards. The technology jump from mag stripe to contactless smart cards was a major one and required a detailed plan and strategy. One of the Universities already has a One-Card solution, but could not accomplish what they wanted with their current provider.
“We have the ability with internal staff to accomplish what we want with respect to the 13.56 MHz chip technology,” stated one Director of University Campus Card Solutions, “We really just needed a platform that would allow us to do so simply and more effectively and DataWriter provided that vehicle.”
DataWriter by ISLOG allowed the University to have the flexibility to add applications as they needed and at their discretion. It would allow them to work with other entities on Campus, as well as organizations off-site, to utilize the same card. DataWriter also allows the user or users to manage the secret keys in an anonymous way without exposing any information to outside parties.
Additionally, the University Card Center staff wanted to utilize key diversification but was told it would only be possible with a proprietary solution from their current vendor. DataWriter provided them the ability to support key diversification with SAM AV1 & AV2 NXP key diversification standards with their existing card readers.
Typical campus applications include access control, vending, food service, e-wallet, transportation, cyber security, parking and a host of other possibilities.
DataWriter is an open software application allowing users to develop and administer contactless smartcard solutions and strategies for their customers or their own organizations. DataWriter is used by Governments, Airports, Universities, Hospitals and Commercial businesses worldwide.
Case Studies
CONTACT SALES
Contact sales now at 855.58.SMART to get the latest product and pricing information for all our lines.
moreNEED TO OPEN AN ACCOUNT?
Need to open a new account? Call SMARTContactless Identity and Security Solutions at +1.855-58-SMART
moreTECHNICAL SUPPORT
SMARTContactless provides 1st level technical support for all our product lines. Our tech support line is open from 8:30 AM – 5:30 PM Pacific Time zone.
moreSEMINARS AND EDUCATION
No seminars scheduled at the moment. Check back later.
more