Personal authentication in the age of digital transformation is creating both opportunities and challenges. Those tasked with safeguarding the physical security of any given location now have the opportunity to create seamless, intuitive access control experiences, but this must go hand-in-hand with an increased scrutiny on security.
To address this, the Taiwanese government has introduced a number of new security control evaluation protocols, with one section specifically dedicated to the use of facial recognition for access control. Already a common sight at airports where travelers can scan through automatic eGates, this biometric solution is primed to expand beyond high-security use cases.
From giving employees access to an office building to unlocking the front door of a private home, access control solutions that use facial recognition are becoming more common. It is therefore imperative that those building them and implementing them do so in a way that balances the convenience that they want, with the enhanced security that they need.
Why use facial recognition for access control?
Access control solutions have long been built around three key factors of authentication: something you have; something you know; or something you are. What someone has, such as an ID badge, can easily be lost, stolen or shared. This means that it is relatively simple for someone other than the original pass holder to obtain and use it fraudulently. Similarly, what someone knows, for example a passcode, can easily be compromised if shared with the wrong person or ‘shoulder surfed’.
Biometric authentication is built around the final pillar; something you are. Traditionally security personnel have conducted this type of verification manually through visual checks. This can, however, expose a business to the subjective decision making of the staff. It also requires them to pay staff to perform this operation full time, making it a far more expensive option.
Facial recognition technology validates this “something you are” by comparing the biometric data presented at the point of access request, with the previously enrolled template stored on file. This means that only those with a previously enrolled and approved biometric scan can pass verification, eliminating the risks of lost, stolen or improperly shared credentials.
This fully automated verification process therefore also enhances the user experience. Being locked out after forgetting or losing your keys can be a thing of the past as users can use their biometric features as their proof of authentication. It is also important to note that removing the need to interact with solutions like access control PIN pads is significantly more hygienic. And while key cards and other supporting access control provisions may still be required as an additional precaution, investment in these does not need to be prioritized to the same extent. By automating the full process using facial recognition, the level of security can be elevated while also reducing staffing and management costs.
Key considerations for your access control solution.
The level of security required from an access control system is always proportional to the value of the asset being protected and the perceived risk that it faces. Each use case has both a variable risk factor and unique needs. A system protecting a shared office building must prioritize convenience and speed to authenticate a large number of employees, whereas a secure government facility is likely to sacrifice convenience for enhanced security. Households have different needs again, where security will be key for the occupant, but also cost will also be a factor.
Facial recognition technology can therefore be adapted to find a balance between cost, convenience and security. High performance depth, RGB or Near Infrared cameras are all available, each with their own benefits and limitations. Meanwhile, liveness detection mechanisms can help determine if the presented biometric data is coming from a human being or if a fraudster is trying to use a photo, video, or wearing a mask of an authorized user to gain access using their likeness. The technology used and the way that it is implemented can be adapted to meet the needs of each use case.
It is also important to consider the environment within which the system will operate. Changes in lighting or the image background can influence its performance, and if not properly calibrated can cause frustrating false rejections or dangerous false acceptances. Similarly, the system must perform the same regardless of the age, gender or race of the person seeking to gain access. It must also be able to account for variable accessories such as glasses, masks, makeup, and facial hair. Devices and systems must therefore make sure that the hardware, software and algorithm they select is able to perform consistently in the environment it needs to.
From innovation to widespread adoption.
Thanks to the face scan security features available in the majority of modern smartphones, many users are already familiar with the technology. This means that one of the main hurdles of adoption – user education – is already well underway. Implementation and enrollment can therefore be a smooth process, but this is only the case if onboarding and the final user experience match the seamlessness of the technology itself.
Hurdles to implementing a suitable solution and driving adoption can be overcome by leveraging a robust testing strategy and certification protocol. Through expert consultancy and state of the art hybrid evaluation methods, experienced partners such as Fime are supporting the development of solutions that balance security with convenience while optimizing performance. By benchmarking the facial recognition system against key performance metrics and Presentation Attack Detection (PAD), solution providers can prove that their systems will perform at all phases from subcomponents to the final implementation.
The future of access control in Taiwan.
By developing specific certification recommendations for facial recognition access control products, Taiwan is pushing its solution providers to keep up with the ever-advancing needs of the ecosystem. This drive for excellence has benefits for every stakeholder.
Getting it right first time is critical for facial recognition solution providers. A person cannot change their face in the same way that a password or ID card can be replaced, and with the combination of social media and artificial intelligence, it is now easier than ever to obtain and replicate an image of any given person. Testing and certification is vital to safeguarding this user data, as a failure here would undermine end-user trust.
Fime has contributed and collaborated with Taiwan’s Institute of Information Industry to propose evaluation thresholds and testing methodologies for facial recognition access control device security standards. By providing this expertise, Fime is giving vendors in Taiwan the tools that they need optimize their products and get ahead of future requirements for access control solutions, while ensuring their brand is protected through conformance requirements. In doing so, Taiwan and its solution providers are bringing about a new era of access control solutions that champion convenience without compromising on security.
Learn more about enhancing biometric systems:
How can testing and certification secure trust in biometrics?
Enhancing the user authentication experience with behavioral biometrics.
The impact of environmental conditions on biometric authentication.
This article was first published by ASMAG on July 12 and is reproduced with permission.