Interview with John Cassise, CEO, Innometriks
fB: Can you please give us a brief background of your company, when did you start?
I: Innometriks was founded in 2008 around a seasoned team pulled from the industry. The group has extensive experience with existing authentication technologies, and knows well the limitations of current products on the market. We recognized that there was a better way to do it. From that we put together an architecture that provides strong smartcard and biometric authentication technology that meets the market’s real need – an authentication product that is easily integrated into a customers existing access control environment, yet provides a realistic path forward to meet evolving compliance standards.
fB: Can you take a minute and review some of the solutions that you provide?
I: Yes, for example we built our solution on an architecture somewhat similar to a PC. Our approach was to design an embedded Linux solution that allows various options for peripherals, the same way that a PC purchased at a computer store can be configured with different peripherals’ to meet different needs. Our readers are designed around the same principle. We allow for multiple fingerprint scanner options, multiple smartcard options and legacy add-ons such as a magnetic stripe reader. And we also develop the reader firmware the same way. We allow you to load a new application onto the reader much like you would load a new application onto your smartphone. You have a lot of flexibility, both from a peripheral options standpoint, and the range of authentication mode available.
fB: Which markets were you initially focused on with your solution?
I: In the very beginning we focused on the most demanding end of the market, the extreme outdoor environment segment that most existing products could not operate in. The airports, the seaports, military base entrances… all those places where you are dealing with environmental elements like direct sunlight, rain, snow, saltwater and extreme temperatures.
fB: You have been focused on government applications or as you mentioned a lot of physical access, your technology would also benefit any large scale commercial application, is that correct?
I: Absolutely, and since the very beginning we’ve offered readers with scaled back features, eliminating those not needed in the commercial space to accommodate more price sensitive applications.
fB: Can you describe the PACS void for us, PACS being Physical Access Control System?
I: That is a very open question depending on your point of view, but from our standpoint the void exist because access control systems were designed around authentication devices that are fairly simple, with limited intelligence. If your requirements demanded strong authentication for access, like smartcard and biometrics, they didn’t really have much to offer. If you went to a Lenel or whoever and said, “ Hey we want fingerprint” they’d say, “OK you can go to Bioscrypt or Sagem”, and you would just hope that the readers and the access control system would work together. What we did is base our reader design, our solution design, around the typical functionality of a PACS and bridged the gap backwards. The bridge requires components at both the enrollment and the authentication ends of the PACS environment. For example, in a FIP201 environment we have enrollment modules that facilitate PIV/TWIC/CAC card validation and cardholder data harvesting. Several large PACS providers have integrated our enrollment module seamlessly into their control console applications. We also offer standalone enrollment modules. Our authentication readers communicate directly with PACS panels via Wiegand, plus they leverage network capabilities to pull authentication elements from the enrollment database, check revocation list, etc.
fB: Can you describe your involvement with some of the large scale government programs such as TWIC and PIV etcetera?
I: We now have a modular product line called the Cheetah that allows you to start with a smartcard only core, then add various backplanes to extend the core unit to whatever level of authentication is necessary. The Cheetah’s backplane options mirror the phased approach recommended by SP800-116 and match the threat level or threat condition present in a PIV, TWIC or CAC environment. Maritime ports that use our readers include the Port of New York, the Port of Houston, the Port operators in Long Beach and the Port of Albany. These ports were thrust into multi-factor TWIC authentication. It was a requirement mandated by the Coast Guard and TSA. Smooth and efficient movement of material is their primary concern and security affects how efficiently they do their business. So building an access control solution that doesn’t impede the flow of trucks in and out of the port, yet meets the Coast Guard compliance was very important. Each of those ports is unique, with different cargo volumes, cargo types, cargo movement modes, etc. All of these factors impact the security solution requirements. Then on the other end of the spectrum we have projects at the Pentagon where it’s common to hear, “We have 50,000 people a day coming into this facility.” In high volume, high throughput environments we believe that just one modality of biometrics is not enough. What’s required is a multi-modal solution that offers both iris-at-a-distance and fingerprint authentication, and allows an individual to choose which authentication technology works best for them.
fB: Are you looking at global opportunities for your technology?
I: Absolutely. We are still a young company, a small company that must avoid being spread too thin. We’re not actively going out and seeking business in other countries directly, but we’ve had partners bring us into international deals. We have several prison and federal police implementations in Mexico. Our readers are implemented at shipping facilities in Brazil and Nigeria. What we do internationally is typically spawned from our work in the US. For instance in Belgium we are doing a port project there called the Alfapass project, which is a commercial mirror image of the TWIC program work we’ve been involved in.
fB: Well if you’ve got a good solution in the market place the word spreads fast.
I: Exactly and that is our approach for the time being. Innometriks is a product development and manufacturing company, so we really seek the strength of our partners to bring us into new markets.
fB: And speaking of partners I think you work with the Lumidigm sensor, is that for its performance in harsh environments?
I: Initially we used Lumidigm’s Venus for its performance in harsh environments, but we now use the Mercury Series scanner as well. The Mercury is built on the same technology as the Venus, but is smaller and less expensive. It really boils down to the unparalleled performance of the Lumidigm scanner. The majority of our customers, even those that have the option to use a lower cost scanner indoors, will opt to go with the Venus scanner because it of its capability and performance. We have also teamed up now with Secugen to provide a product that has the FBI accreditation when that is a requirement. Again this really just speaks to us realizing that it is not one size fits all. Customers have different environments, requirements and use cases. We believe we have the ability to provide the right product with the right features and scalability to fit whatever our customers dream up today and into the future.
fB: I understand you will be at ISC West this month, what will you be highlighting there?
I: We’ll be highlighting our new 600 MHz dual core processor board. The new processor board allows us to execute several new features we’ve had in the works for some time, features that will enhance the capability of the reader. We also have a new product called the Rhino Touch which is a touch screen kiosk that incorporates contact, contact-less, and magnetic stripe read capabilities, plus a Lumidigm biometric sensor. Its initial function is to test PIV and TWIC cards by running them through a sequence of test to verify that they are fully functional – full certificate validation, fingerprint verification, personal data, etc. If a security officer thinks a card may be in question they can run it through the full test in less than a minute to validate the card, the user against the card and the data on the card. We also plan to evolve the product to be used as a self-enrollment station. An individual arriving at a new facility will walk up to the enrollment kiosk, validate their credentials, be verified against the card fingerprint template and their PIN number, and have the self-enrollment queued to proceed through access rights process at the facility.
fB: Well John you certainly have a lot going on and I look forward to stopping by your exhibit area at the ISC, April 10-13 Las Vegas, to see some of the new things you are showing.
I: I look forward to seeing you there.
fB: Thanks very much for speaking with us today.
I: Thank you Peter.