When Worlds Collide
Physical and information security are becoming one. All year, this sentiment has been at the forefront of access control discussions. Our 2016 FindBiometrics Year in Review was forwarded by Don Erickson, CEO of Security Industry Association, and he asserted:
“SIA, as the world’s leading association for security solutions, sees this convergence occurring between physical and information security technologies, and we are dedicated to making this transition work for the businesses we serve. Biometrics technology has long played an important role in both of these security paradigms, and will continue to as the industry continues to evolve.”
The conversation has continued since then, most recently at the K(NO)W Identity Conference, where FindBiometrics President Peter O’Neill hosted a panel on the topic. Meanwhile, new products are coming to market that take advantage of innovations in mobility, NFC, and remote provisioning, promising to effectively bridge the gap and unite logical and physical access credentials under one universal ID. The trend is clear, and the demand is obvious: if all our keys are digital, my identity ought to be enough at every access point.
Biometrics are an integral part of the equation as information and physical security worlds begin to merge. And this week for Physical Access Biometrics Month we’re going to examine why biometrics are a natural fit for bridging the two paradigms.
The Idea of Universal Access
At a simple level, access control is a matter of credentialing. A trusted person is given a token that can be used to grant him or her access to a restricted space that’s off-limits to people who don’t have similar permission. In a basic physical access example, you have a key to your front door that grants you access to the private space of your home.
Functionally, on the abstract level of ‘a trusted person with a token,’ the password to your Netflix account is the same thing, even though the transaction of using the token is entirely digital. While a key is something you have and a password is something you know, both are used to open a closed space under the assumption that you having/knowing them entitles you to said access.
Readers of FindBiometrics will no doubt bristle at my use of weak authentication in the above examples. Physical keys, passwords—these access credentials are imperfect security. They can be stolen, forgotten, and lost. As implied above, just having possession of a key or knowing a password does not necessarily prove the person gaining access is the person granted a credential. You don’t know or have biometrics, you are biometrics. You can’t lose your face or forget your fingerprint. Somebody can’t steal your palm vein patterns. Biometrics are thought to be more trustworthy, more secure, and more convenient for this reason, but most importantly for the purposes of this discussion: biometrics are a common authentication factor between the digital and physical worlds.
And therein lies the key to bridging the gap between physical and information security. Increasingly we are seeing multimodal biometrics solutions offered for physical and logical access control separately, but from an end user perspective, the universal access is becoming a functional reality. If your fancy new Land Rover unlocks via facial recognition as you approach, and you confirm your Mastercard transaction with a selfie, you are using your face in a physical and logical access capacity. The same goes for using the biometrics on your phone to leverage the device as a key-card at work, and scanning your fingerprint to authenticate past your phone’s lock screen. Sure, technology scanning your body may differ from case-to-case, but in the end it’s all reading the same unique key: your body.
A Future When Only Identity Matters
As biometrics become more integrated in day to day life, our relationship with access control is becoming more intuitive and a future of universal biometric access seems inevitable. With some research predicting biometric technology reaching true ubiquity on smartphones in a matter of years, the burden is turning to service providers, enterprises, and public facilities to catch up and take advantage of biometric proliferation. Such progress is already happening behind the scenes, with a common refrain from security vendors at this years’ ISC West conference being, ‘customers are no longer asking if they should get biometrics, but rather which biometrics to get.’
Indeed, deployments of physical access biometrics in public-facing scenarios are becoming more common, with health clubs and even retirement homes making the upgrade. And from a user experience perspective, the end result is very much the same as using the infrared face scanner on their new laptop, that is to say, frictionless and secure.
In the end, biometric security turns your body into the ultimate master key for all our needs, both digital and physical. As strong authentication based on biometry continues to proliferate, the functional differences between digital and physical security will all but dissolve, bringing us to a truer relationship with what it means to be granted access.
Stay posted to FindBiometrics throughout May as we continue to put physical access in the spotlight. Be sure to follow us on Twitter so you don’t miss a beat.
May 25, 2017 – by Peter B. Counter