Do you have a customer that requires additional access control at specific locations within their facility but no budget for a total rip and replace? Maybe they are concerned with hacking or data compromise. For electrical contractors (ECs) who know about on-card biometrics, this is an opportunity, not a problem. There are readers on the market that can be used for proximity access control and read biometrics embedded in the cards, offering dual authentication of users.


According to Kim Humborstad, chief executive officer of Zwipe, based in Oslo, Norway, users of card-based proximity head-end readers have some concerns about system compromise. They know that, for $200 or less, their proximity system can be violated. After all, proximity systems use passive authentication, and the card sends the same 32 bits of data each time, so it is easy to mimic.


“Inexpensive card-sniffing/hacking devices can be bought online that will pull the card number and replay it at critical access points,” Humborstad said.


Customers with an entire installed infrastructure of proximity readers may not be happy to hear they need to tear out all of these readers to better secure their facilities. Some might be advised to add a personal identification number (PIN), but that means piggybacking keypads on the readers or replacing devices. In addition, PINs don’t provide the high level of security required, also running the risk of compromise.


Biometrics—such as fingerprint, facial recognition and iris technology—authenticate the person at the door. Fingerprint technologies are the most affordable and reliable. In a perfect world, facilities would have a biometrics reader at every door that needs higher security. But, while biometric technology continues to gain momentum and was worth about $200 million in 2014, price remains a barrier, according to Blake Kozak, senior analyst for IHS Technology, Englewood, Colo.


Lifting the print


Outfitting an entire facility with biometrics is costly and not in most budgets. However, what if the biometric was put directly on the card? The proximity card credential with on-card fingerprint reading would provide all of the benefits of the proximity card and eliminate its two most glaring deficiencies—not knowing who is holding it and the potential for compromise.


“A biometric card quickly reads the user’s fingerprint in less than a second,” Humborstad said. “Eliminating the problems of solely deploying proximity cards, the wirelessly powered biometric card lets users authenticate themselves directly on the card through a fingerprint or thumbprint. Only then will the card system activate the lock. This is much more secure than using a standard proximity card, which verifies only something the user carries and can easily be duplicated.”


Scott Lindley, president of Farpointe Data, Sunnyvale, Calif., said one of the easiest solutions to the access control conundrum is two-factor validation. Users need to have something—the authorized card or tag—and they need to know something, such as a PIN.


Lindley said biometrics is preferred because it verifies that you are who you say you are.


“That’s why card-based biometrics is so enticing,” he said. “It lets users authenticate themselves directly on the biometric card through something they are, a fingerprint, without having to add a biometric reader to existing smart card or proximity readers. To use it, ISO 14443-compliant smart card reader users do not need to replace equipment with new products. The readers they now use will be able to provide the benefits of biometric authorization by simply incorporating the card into their systems in the same way they incorporate smart cards through current offerings.”


In addition, the biometric card is more secure than other solutions on the market. Fingerprint data is captured by the on-card fingerprint scanner and stored only inside the card. No exchange of data is conducted with external systems, providing secure template management. It also eliminates concerns about privacy. The card is unique to the user, and only the authorized cardholder can activate card communication with the reader. When a positive match occurs, the biometric card activates communication with the lock or reader in the same way as other ISO 14443 contactless smart cards.


ECs as problem-solvers


No longer do end-users need to worry about quickly replacing proximity card readers to secure their facilities.


“With a biometric proximity card [or biometric smart card], security managers and their integrators can use biometrics on high-security openings, such as a hospital pharmacy, IT server room or special research lab, without having to switch out their proximity readers for biometric readers,” Humborstad said.


Biometric cards can be issued to key staff, providing the security benefits of two-­factor biometric authentication without changes to existing access control system software or proximity readers. Administrators simply add the biometric card to their system in the same way they incorporate their current proximity cards, extending the life and return on investment of their installed systems.