Biometrics Made Easy

Dec 1, 2007 12:00 PM, By Randy Southerland

When Privaris CEO John Petze recently visited a corporate customer to talk about the company's new plusID technology for biometric security, he knew he had some convincing to do. For many companies, biometrics is perceived as involving a costly, infrastructure-heavy appliance to maintain vast amounts of personal data on a central server.

Now Petze had to convince them that technology had bypassed that perception. Fortunately it wasn't very difficult. Even as the sales call was taking place, the corporate security manager was busy programming the front door to allow access using a small handheld token featuring a fingerprint sensor. The device contains personal data that, when matched to the user's fingerprint, releases a signal just like a traditional access card to unlock the door.

This small device represents a paradigm shift for biometrics, and has been named 2007's New Product of the Year. The product was chosen as winner by a panel of judges and a tally of reader votes from 20 finalists in the sixth annual contest sponsored by Access Control & Security Systems magazine. The biggest problem is that it seems just a little too easy.

“Since biometrics was created, it's always been something that you screw to a wall,” Petze says.

The process - as he was able to demonstrate - is fast and easy compared to traditional biometrics systems, and works with traditional card readers such as those provided by HID Global, Irvine, Calif., as well as with Windows-based PCs for log-on. Those advantages mean less risk for the companies that want to use plusID.

“Trying out our technology doesn't require capital expense, swapping out systems and installing new software. There are none of those big hurdles to overcome.”

Since personal biometric data is securely held on the device and not in a company database, it reduces privacy concerns for the employee while reducing the risk of data breaches for the employer. The idea has caught the attention of some of the biggest names in the industry, including HID Global.

“The plusID's unique approach to identity verification, including complete compatibility with HID's trusted credentials, gives end-users the ability to deploy a biometric solution easily and quickly without the cost of adding new readers,” says Mark Scaparro, vice president, HID Global.

HID is getting set to distribute Privaris' plusID product, and it's also the first product licensed by HID to use Virtual Credentials provided by the new HID idBank system.

This idBank system provides users with the ability to emulate HID and other popular access control credential formats using form factors other than the traditional card. Identity information is loaded from the idBank secure container onto a non-card device, such as Privaris' plusID, during a secure provisioning process using specialized enrollment software.

HID has worked closely with Privaris to make plusID compatible with its own products and ready to be used by the company's customers.

“There is a broad range of needs for companies that want to secure their doors, from a 10-person company to a 10,000-person company,” says Daniel Bailin, HID Global director of product management. “On the HID side, we needed to build a method that we could use to deliver the virtual credentials to the point of use. They're loaded on to the plusID [device] in a secure manner that is also convenient and easy to use.”

In developing plusID, privacy was one of the driving forces for Privaris co-founder and chief technology officer Barry W. Johnson.

“We thought that a much better way to do it was to distribute biometric information,” he explains. “We put the information on a device that is yours, that you carry, that only works for you. It allows me to be in control of my biometric data while offering the convenience of identity verification for necessary transactions.”

Johnson, who is an associate dean and professor of electrical and computer engineering at the University of Virginia, recalls that Privaris grew out of an extended group discussion on how to create a better, less privacy-threatening approach to biometric security.

“I pulled a car key out of my pocket that had a door opener on it — you know the little thing that is about an inch and a half square that you use to open your car door — and threw it on the table,” he recalls. “And I said ‘I want one of these that will only work for me, that can grant me access and authorize my transactions.’ That was the defining moment in the creation of the company, and we felt that there could be a large number of applications for such a device if one could ever be created.”

Johnson assembled a team of engineers - including a number of his former students - and set off to create a device that could embody the ideals of those initial discussions. While the need seemed obvious, creating such a device in a small yet reliable form factor wasn't easy. In fact, there was no shortage of technically astute critics who told Johnson he would never be able to get the processing in such a small device that could handle biometrics, much less make it secure. The naysayers contended “those things don't exist nowadays, and there is no way you would be able to make it cost effective,” he recalls.

The industry seemed to be going in the other direction. In the days after Sept. 11th, many authorities were focused on central database approaches. In addition, the market was slow to recognize that there was an alternative to having to collect fingerprints and then match against the contents of the database.

As prototyping progressed, Privaris worked closely with Broadcom Corp., an Irvine, Calif.-based provider of semiconductors for wired and wireless communications, which was developing a secure processor with integrated radio frequency identification (RFID) technology.

“We had developed some technology we felt would be applicable in what we would call secure processing or trusted processing, the ability to do processing of data in a secure and trusted manner,” says Joseph Wallace, senior director for Broadcom's Security Line of Business.

The result was the embedded BCM 5890 processor that performs all fingerprint-processing onboard the plusID device, thus eliminating the need for a biometric database.

Privaris' success and acceptance by the market has been aided by a growing recognition of the need for a simpler, yet more secure approach to identity verification. News of frequent data breaches are common, and the risk and liability for companies holding biometric data is considerable.

Setting up the device for a new hire at a company is simple, according to company officials.

“Instead of handing the employee a little white access card, I hand them a plusID token. I connect it via a USB cable to my computer that's running our enrollment software, and the employee merely has to swipe his or her finger across the fingerprint sensor three times, for the device to build a template of the fingerprint,” Petze says. “Next the Enrollment Administrator ‘drags and drops’ the physical access credential - the card number that will be associated with the device - onto the device. Once that is done, the device is sealed and no one else can use it. It's now ready to be used for physical and/or logical access.”

“Something that almost all customers find extremely positive and compelling is that the biometric data no longer has to be collected from the individual, stored by the organization or protected by the organization. All of the other data that an organization may want to maintain is still kept the way they've always kept it,” Petze says.

He recalls that when he first joined the company, the biggest attraction for him was that it made sense purely on a personal level.

“I had 36 different passwords written down in a little black book,” he says. “It was a disaster. So I immediately said this product makes sense to me in my life. It addresses challenges that we are facing as a society that have to be resolved.”

Petze recalls that, for the first time, he saw that someone had found a way to use the “good things about biometrics.” This includes the high reliability of an identity verification method that had seen vast improvement from its early, more mistake-prone days.

“And, [Privaris] found a way to use that without saying that I have to give up my privacy or forcing organizations to replace their existing security infrastructure,” Petze says.

ABOUT THE CONTEST

Honoring excellence in new product development in the security industry, the New Product of the Year 2007 award showcases the most innovative product of the current year and recognizes the talent and commitment of the people involved in its development, from concept through sales.

Access Control & Security Systems magazine is proud to use the contest — now in its sixth year — to recognize inventive products that ensure security professionals are able to do their jobs more efficiently and effectively.

The panel of judges for the New Product of the Year contest includes prominent industry consultants, integrators and users, who evaluate the products on the basis of design ingenuity and market suitability during an off-site, private judging session at the ASIS International trade show. In addition to assigning scores to the various products, the judges participate in a round-robin discussion on which products are their favorites among the entries.

The judges' feedback determines the list of Top 20 finalists, which are announced during the ASIS show and in the October issue of the magazine. During an online balloting period, readers are given an opportunity to vote for their favorites among the Top 20 finalists featured at securitysolutions.com, where all the 2007 entries and the finalists are described.

Top 20 winners receive a plaque to commemorate their finalist standing and can use the New Product of the Year finalist logo in their marketing materials. The winner receives a trophy.

The details of the 2008 New Product of the Year competition will be announced in early 2008, and a Call for Entries will be available in time for the ISC-West show in Las Vegas in early April.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue