Advances in Touchless Biometric Technology Drive Leap from Legacy Access Control Systems
Security Technology, December 2021
Fast, cost-effective 125 kHz proximity technology has been the backbone of physical access control systems since card readers appeared 30 years ago. Over time, security limitations and the inherent inconvenience of a card that can be lost, stolen, or easily copied began to drive those systems toward obsolescence. Newer 13.56 MHz processor-based technology using symmetric keys that are more secure is a step forward, but it’s costly, still susceptible to hacking/duplicating, and equally inconvenient.
Rather than stay with cards or badges alone, organizations are enhancing their existing credentials with mobile solutions. This migration to mobile credentials still creates challenges. Complexities in managing credentials across a range of devices that are upgraded regularly, apps that may not be interoperable, and pushback from constituents not wanting third party software installed on their personal devices are hurdles that need to be addressed.
Facial recognition systems are at the center of the conversation when it comes to touchless or frictionless biometric solutions. Biometrics offer the advantage of granting access to the person, not just his or her credential, making biometrics the more secure—in the sense that they cannot be shared—and most convenient option. Now, the convergence of two scenarios have brought them to the forefront:
- Biometric technology, commonly used in mobile devices, laptops, and civil identity systems like passports, is becoming more widely accepted.
- Recent advances in chip technology have addressed issues of accuracy, speed, and cost that have limited facial recognition technology’s practical use and have enabled new capabilities.
Biometrics are not only driving a migration from older, less secure proximity technology to more secure and frictionless solutions, they’re also driving organizations to envision and derive more value from physical access control systems overall as the demands on them grow.
Increased Accuracy and Speed, Lower Costs Through Machine Learning
Early facial recognition systems were hampered by transaction issues that were also security risks— they were easily spoofed with photos or videos of an individual, and weren’t always accurate or reliable, causing backups at access points. The new generation of these solutions is based on chip technology that can process data not only on capable devices/readers, but also at the edge: the door. With this ability, computer vision and machine learning increase accuracy and help facial recognition algorithms recognize differences like glasses, or masks, and, most importantly, verify “liveness,” enabling them to distinguish an individual from a static photo or even video of his or her face.
As algorithms have continued to improve, facial recognition systems based on this new level of horsepower at the door can now operate in real time, with the best algorithms processing a face against its database like the human brain analyzes images—about 15 times per second. And in that time, capable software can authenticate a person three times. Essentially it re-runs the data against increased thresholds to determine to a high degree of certainty that the live person at the device is the individual matching the facial data in the database.
With much of the processing happening at the edge, the client itself is much thinner than earlier iterations of the technology and can utilize a standard server for enrollment and template distribution—not the heavy-horsepower, purpose-built server required with early-stage facial recognition systems, which were expensive and prone to single points of failure.
Capabilities Beyond Access Control
While the increased accuracy, speed, and reduced cost of facial recognition systems make them a strong alternative to credential-based solutions, it’s the additional capabilities they offer that deliver value to organizations. More than a credential reader, facial recognition systems can use their edge processing and machine learning capabilities to also quickly process transactions, count people, recognize tailgating, match people they encounter with a database of persons of interest, and immediately alert security. They can act as a mask-check, and with the ability to process voice over IP, provide intercom functionality at doors.
Facial recognition systems simplify the process of onboarding remote employees, as well as pre-registering visitors to enter a building. Users can receive secure links to send digital photos to be converted to numeric reference templates so when they arrive on site, their host is alerted of their presence. In addition, operating in a video modality enables organizations to set up permissions for some people to be able to escort others through an access point, and leverage other IP cameras that may already be in a facility to compare and check multiple feeds. All of these features are built on a touchless and frictionless platform ideally suited to a current- and post-pandemic era.
Multi-factor capabilities are also simplified with biometric solutions, as access devices are now connected. For example, if what’s on the other side of a particular door requires additional access, a push notification can be sent to a mobile device with another level of authentication. Or for individuals who opt out of sharing biometric data of any kind, connected biometric solutions can issue a QR code on the spot that sends a PIN to a mobile device to enable access.
In the event that a facial recognition database is breached, the methodology used to store a digitally hashed face print cannot currently be reverse engineered. Technologies are also emerging that do not store any data at all on the client/reader device but pull it temporarily to authenticate access or authorization—which the individual can allow or decline—then disappear.
With card-based access control systems aging out and technology advancements in biometric solutions enabling exceptional accuracy, low bias and new capabilities, organizations are taking a fresh look at the value biometrics can provide. They now can bypass the limitations of credential-based solutions altogether and do more at the door.
John Cassise is the senior director of product management, SAFR at RealNetworks.