Exclusive: How biometrics and mobile access control are providing increased benefits for users
Share this content
HID Global’s Todd Seeley explains how biometrics and mobile access control are providing increased benefits for users.
People have long used trusted identities on cards to enter buildings and access its resources and services. The user IDs that the access control system employs to grant or deny access are issued by a trusted source, giving organisations the confidence that card holders are who they say they are. The user IDs cannot be copied to another card or media, but this does not preclude someone from sharing a card. The card may also be lost or stolen, creating the additional opportunity for unauthorised access.
The use of mobile trusted identities and biometrics, along with the transition to managing trusted identities in the cloud, is solving these challenges while also creating the opportunity to make user experiences more convenient and enjoyable.
Using mobile devices for access has two key security advantages. First, people do not generally share their mobile device with others, as they might do with an ID card. Second, before any transaction is initiated, both the system administrator and the mobile device user have the opportunity to require a successful device authorisation.
In addition to these advantages, mobile access brings another important benefit: the cloud-based identity management systems to which they are connected.
In a cloud-based management system, a trusted identity is data that can represent anything from an employee ID, credit card or driver’s license to a loyalty card or ticket to an event or performance. Cloud-based systems are already used to load credit cards into people’s mobile wallets so they can make purchases. They allow data for these and other applications to be securely created, delegated, delivered and presented.
One of the first examples of cloud-based trusted identity management was the HID Seos platform technology. At the heart of the platform is a cryptographically protected secure vault for storing identity data that is used to access buildings and their resources and services. The platform also enables the secure creation, delegation and delivery of this identity data by providing a secure connection between a system backend to a user device. Once the identity data has been securely transmitted to a user’s mobile device, they can conveniently open doors, be admitted into entertainment venues, interact with banks and other retail or financial systems and more.
With trusted mobile IDs and a cloud-based identity management system in place, organisations can further improve convenience and security by adding biometrics such as fingerprint and facial recognition. These biometric technologies significantly improve the user experience when accessing buildings, venues, devices and services, while ensuring privacy is protected.
Biometric solutions improve the user experience and enhance security by eliminating the need to enter a username, password, or other information, such as a credit card number. The system knows definitively that users are who they say they are. It also knows the user’s intent, such as logging into a network, or executing a financial transaction.
User privacy and data security
While some believe that biometrics jeopardises privacy, these solutions actually improve privacy, especially when combined with cloud-based ID management. The software provider’s end user license agreement (EULA), signed by customers during enrollment, not only defines what the application is but should also state that the biometric data is anonymised. It should also stipulate that, when users select the option in the application (e.g., banking application, loyalty account application, etc.) for their biometric template to be captured, the data is only used for that particular app. In other words, the camera will not be turned on unless the facial biometric option has been selected for that app. The EULA must also prohibit data sharing.
To further improve privacy protection, all personal information including photographs and biometric data, as well as all transaction information, should be encrypted. This information should also be stored in a separate location on the network.
The mobile-based access solution should also include the use of document scanning and authentication technology so it doesn’t just capture the image of a government-issued ID but can also read and validate that it is real. For many applications there also must be a secure way to perform biometric matching, which is the process of comparing the user’s actual finger or face to a digital representation, or template, of this data that is stored on the user’s phone. The template must first be transferred from a cloud-based ID management system to the phone and, later, from the phone to biometric readers. After approaching the biometric reader and having either a fingerprint or face captured, the user places the phone on the reader to securely transfer the template and a comparison is made. An ID such as an anonymised loyalty account number can then be used to alert the backend system that the desired transaction can be executed.
The entertainment, banking and government sectors have been among the first places where cloud-based ID management and biometric solutions have been deployed. In the UK, Birmingham City Football Club uses cloud-based ID management to give its fans more convenient ticketing and a better experience while at the stadium – leveraging the ease of technology upon entry and allowing for the use of digital vouchers during the game to purchase food and drinks. Venue owners and their event sponsors can reward fans through loyalty program experiences and collect data from fan apps that provide insights into their interests, behaviours and demographics. This enables organisations to personalise future game, competition and giveaway experiences and design digital vouchers to optimise brand visibility and exposure. With the addition of biometrics, this engagement model will eliminate the need for fans to carry and manage money or identification while attending events.
In Brazil, biometrics has transformed the banking user experience. All major banks there are using fingerprints captured by Multispectral Imaging (MSI) technology to protect billions of ATM transactions annually. Customers simply present their card, place their finger on the sensor and receive their cash withdrawal in 20 seconds or less, virtually eliminating the vulnerabilities and inconvenience of PINs. Biometrics have also been implemented in several government identity and payment distribution systems across Central and South America.
Technologies like Ultra-Wideband (UWB) wireless connectivity are expected to become ubiquitous on mobile devices and will be combined with biometrics to create even better user experiences. UWB makes it possible to measure distance and determine a target’s relative position with unprecedented accuracy and security and is expected to co-exist with Near Field Communication (NFC), Bluetooth and other technologies to enable truly seamless experiences by providing device position with a much higher level of assurance, reliability and granularity.
When combined with biometrics, UWB will enable users to prepare their transaction on a mobile banking app ahead of time. When they arrive at the ATM or teller window, they will be able to authorise a transaction by simply “signing” with their face or finger. For transactions at the fast-food drive-through window, barcode scanners will be replaced with a simple, seamless and convenient wireless transaction at or before the pickup window. In retail and grocery stores, adding UWB to biometrics solutions will enable a faster and more consistent biometric-matching process at a Point-of-Sale (POS) terminal.
These and other advances will enable many new experiences that can be accessed using only one’s face or finger for identification, without jeopardising privacy and security. Biometrics solutions paired with a cloud-based identity management system will enable product and service providers to know who is using their systems, while delivering a more convenient brand experience that maximises user satisfaction and loyalty.
To find out more information visit www.hidglobal.com
This article was originally published in the October 2021 edition of International Security Journal. Pick up your FREE digital edition here