INTERVIEW: Colleen Dunlap, CEO, StoneLock

INTERVIEW: Colleen Dunlap, CEO, StoneLockFindBiometrics President Peter O’Neill recently spoke with Colleen Dunlap, CEO of StoneLock – a global facial recognition security company. The conversation begins with a brief overview of the company’s history, and why StoneLock’s near infrared facial recognition stands out in the competitive physical access market. Dunlap then speaks about the enterprise biometrics market and other verticals StoneLock is seeing success. The interview concludes with discussion of how Apple’s Face ID announcement in September 2017 has affected the biometrics industry at large, and a preview of what’s next from StoneLock.

Read our full interview with Colleen Dunlap, CEO, StoneLock:

Peter O’Neill, President, FindBiometrics: Can you tell us about the genesis of the company?

Colleen Dunlap, CEO, StoneLock: Facial recognition is the heart and soul of what StoneLock does, and we spent nearly three years, from 2010 to 2013, perfecting the algorithm and developing the hardware and software needed for our innovative products. Stemming from that hard work, we officially launched our products in 2013, and validated that all of the R&D work was in fact correct. Since our launch, we have never had to modify our facial recognition algorithm because of this intensive R&D upfront.

Between 2013 and 2015, StoneLock developed strong partnerships within the industry to bring our access control product into the physical security market. One of our first partnerships was with HID, which resulted in a multifactor integration using StoneLock’s facial recognition and their card reader. We quickly built additional partnerships with our PAC systems friends. This included engineering integrations with Lenel, Honeywell, and Tyco to name a few. Additionally, we became OEM partners with Tyco and AMAG, and have two more on the way.

Today, we are proud to have worked with all the top integrators and continue to support them through each phase of integrations with their customers – from proof of concept through implementation and production.

FB: What is it about your technology that is so attractive to larger physical access enterprise security players?

StoneLock: StoneLock instantly became recognized for our speed and accuracy by which we do facial recognition. We are a 100 percent near-infrared technology. Systems in the past have been very light dependent for facial; StoneLock is light independent which makes us a very easy fit inside of a building without having to retrofit for lighting or other physical factors. Customers differentiated us for how quickly our technology identifies a user (within a second) and the accuracy of our product (FAR rate of 0.004). For example, we can identify identical twins (which was first proven at CES in 2013). StoneLock is proud to have maintained the speed and the accuracy in all of our user applications.

As users validated that our product worked as we described it, the next question focused on “spoofing” it. In our industry, everyone asks “Are you spoof-proof?”, “Are you spoof resistant?” To date, we have not been spoofed. Our clients, end users, integrators, OEM partners and end users’ clients have not been able to get a single wrong person in on somebody else’s profile by spoofing the device. StoneLock has an adaptive learning capability of the captured biometric. What this means: we are not a snapshot in time. We grow with the user to maintain our accuracy and ensure only authorized users gain access.

FB: Spoof resistance is a very hot topic of the day. It is something that everybody is very aware of and talking a lot about, so congratulations on that.

Can you walk us through how your solution is ideal for large enterprises?

StoneLock: Absolutely. I’m going to back-track, then walk you all the way up through our current system. One of the most notable features for StoneLock is that we can stand-alone – and have done so since we first came to market. Our hardware features an external face plate, which is capturing what we need in order to create the biometric profile, and a secondary control box which sits on the internal, secure side to process that biometric. Our control box also has dry contacts so, as in the case of one of our legal customers, our solution can control the door to a records room or other sensitive area, it can send alarms and it can be self contained with no enterprise communication.

StoneLock can also be networked across an enterprise. The reason I brought up the fact that our stand-alone architecture is so distinctly different from typical biometrics is because of the changes that take place between the external face plate and the encrypted 485 protocol to the control box. If you remove a StoneLock unit from the wall, or from a staff door in an attempt to break into the building, we do not leave the open network access right there. We also do not, in that face plate, store biometric profiles. This means the only vulnerable component of StoneLock is a cosmetic door plate with some fancy lights and a camera. As an enterprise solution, the control box on the secure side is networked in with the PAC system. Through these integrations with the traditional physical security world, we can seamlessly go from a localized network to a global network very securely.

In September 2017, we launched a new platform called the StoneLock Gateway which moves StoneLock to the next level of delivering an enterprise solution by providing a migration path. As we were talking to clients, it became very evident that they desired a platform to integrate numerous PAC systems. For example, in the financial world, banks undergo many acquisitions, which come along with numerous different or independent systems. The challenge with biometrics is the seamless management, sharing, and deployment across different PAC systems. StoneLock’s Gateway enables this through its central management of biometric profiles to push and pull profiles based on accessibility and permissions to individual areas. Moreover, Gateway allows customers to tie into multiple different PAC systems. For our customers, this means there is no re-enrollment required, saving substantial time and providing a seamless and cost-effective security transition.

FB: You mentioned banking, financial institutions, etc. – what vertical markets are you focusing on? I’m assuming financial is one, what are some of the others?

StoneLock: Financial is certainly one of our verticals and we also play very heavily in healthcare. This includes everything from a one off pharmaceutical lab all the way up to your Fortune 100 pharmaceutical manufacturers. We are also heavily invested in the tech industry. Silicon Valley is one of our sweet spots. Additionally, we work with any and all companies that have data centers whether they are shared, rented space or self-owned and self-contained data centers.

As mentioned earlier, we partnered with HID to be multimodal and we often have a capacitive keypad integrated into our systems. Especially true for data centers and hospitals where biometrics may not always be required, we can deploy multimodal applications for either card and facial recognition or pin and facial recognition. This flexibility works well in an operating room where a doctor may not always be able to carry a card or touch a keypad. And beyond dual factor, we can also deploy three-factor. This is critical for dark data centers where a critical liability is present or enhanced security is needed.

FB: Some recent news that I’m sure you are pleased with is that Apple released their facial recognition feature on the iPhone X. We predicted this at FindBiometrics that this news would be as big as the introduction of Touch ID several years back, are you finding the same thing?

StoneLock: I get asked about this quite a bit and the most interesting point I like to make is that Apple announced that near infrared is a better way to think about facial – and deployed it in their iPhone X. As mentioned before, StoneLock utilizes 100 percent near infrared technology – and has been doing so since 2013. Apple’s agreement with a near-infrared approach makes me extremely happy.

Additionally, one of the things I want to highlight as different between us and Apple’s Face ID is Apple’s operations on a closed system: one user, one phone. This means Apple is looking for one user and not looking at one to many. StoneLock is always operating in an open environment that supports either one to one or one to many.

Apple’s Face ID is bringing greater awareness to the use of facial recognition in the physical security world. As a result, it is taking away some of the negative stigma that used to be associated with facial recognition 20-25 years ago.

FB: When Apple introduced Touch ID, we noticed that overnight the public opinion on biometrics changed from being creepy to cool and it hasn’t changed backed. The more that Apple moves into different modalities, is just very exciting as it makes the acceptability of biometrics so much easier.

What can we expect to see form StoneLock in the future?

StoneLock: I agree with you 100 percent on this positive shift in acceptance of biometrics. Our customers love the “cool factor” of today’s technology and Apple is helping this socialization of biometrics go faster. I like that.

As far as what is next for us, StoneLock is going to continue taking the best of what we do, and we are going to make our second-generation products have more open platforms to other hardware addons. For example, our Gateway platform is something that will continue to evolve and will especially position us well in a place like Europe where personal identity protection is in focus given the coming rollout of the General Data Protection Regulation (GDPR). StoneLock products do not contain personally identifiable information (PII) in the biometrics collected. We collect biometric information in binary forms, and we drop it in a reference file. Through the Gateway, StoneLock can transfer this data, create an audit trail, and manage the entire biometric trail for compliance purposes. Gateway is a very strong feature set for us in the EU market.

In addition, we will be bringing to market additional form factors of our facial recognition products and technology. Stay tuned for more information on this later this year! The most up to date information can be found on our website at

FB: It is certainly and exciting time to be in our industry and congratulations on your success. I look forward to meeting with you at ISC West in early April.

StoneLock: Thank you Peter. We are always at ISC West and look forward to seeing you and our many partners, customers and integrators there!