|
||
|
|
|
              |
|
 |
 |
||||||||||||||
|
 |
|
||||||||||||
By William Van Winkle |
||||||||||||||
The Eyes Have It According to a 2004 study by the National Institute of Standards and Technology (NIST) spanning 25,000 users, the false accept rate for fingerprint biometrics is 1% while the false reject rate is 0.1 percent. (Admittedly, this probably failed to account for advanced latex molding espionage.) Reporting from the International Biometric Group in mid-2005 conducted across over 1,200 users in indoor environments showed that iris recognition had a 0.94% false accept rate and a 0.99% false reject rate. Lest you get bogged down in these numbers, let’s pause for a second. There is a difference between biometric results under controlled academic conditions and the real world. On one hand, we have NIST saying that its 2006 study results show no meaningful difference in acceptance accuracy between iris scanning, long considered the most infallible of biometric methods, and facial recognition done with analysis of a very high-resolution image. On the other hand, we have Panasonic’s Gailing telling us that there has never been a report of a false acceptance with its iris scanners. To be fair, even Panasonic feels compelled to note that iris recognition carries a 1 in 1.2 million false acceptance rate, a number obtained by Dr. John Daugman of the University of Cambridge, the same researcher who in 2002 was able to identify the famous National Geographic refugee Afghan girl after 18 years through iris analysis. That all said, accuracy isn’t always the deciding factor in a biometric security solution. Sometimes corporate culture, environmental conditions, and other factors may become paramount.
“We are definitely seeing a rise in installations for high tech companies that demand a higher level of security for their facility.,” says Panasonic’s Gailing. “Fingerprint has the limitation of not being able to enroll or identify a small percentage of people. Facial recognition has limitations with head angles and lighting. The iris can be used in very low light because it’s infrared capture. The ultimate biometric would be one you didn’t have to interact with; you just walk up to it. There’s no touching involved. It just automatically and positively identifies you.” Panasonic’s lead product in iris scanning is the BM-ET200, a slick unit that lists for about $4,000. Using mirrors, LED indicators, and voice commands (requests, actually, since it says things like “please move a little closer”), the BM-ET200 captures both irises at a distance of roughly 12 to 15 inches. Recognition takes only 0.3 second. Panasonic offers an optional video camera module (BM-ETC202) so that security guards can record video of people trying to gain access via the iris scanner, and a smart card reader module for two-factor authentication is due by the end of this year. Some markets have been friendlier toward eye-based biometrics than others. Banking looked promising when Bank United implemented iris scanning in 75 ATMs, commonly referred to as “EyeTMs,” around Dallas-Fort Worth. Ninety-eight percent of EyeTM users had positive first experiences with the machines, some users migrated to Bank United just to be able to use the cutting edge machines, and 50% of users said that their favorite feature was no longer needing to hassle with an ATM card. Unfortunately, Washington Mutual acquired Bank United and killed the pilot program before its success could spread. However, one other ace in the hole for iris scanning is that it doesn’t carry the same broad-scale privacy concerns that apply to fingerprinting or facial recognition. “Typically, access control templates are proprietary to the company from which you buy the reader and cannot be run against, say, an FBI database,” notes Gailing. “For certain government applications, there are standard templates, but for access control, each vendor provides their own template. With iris, there are no databases to run scans against, although there may be in the future given that iris is the most accurate of all biometrics available on the market today.” As with other biometric technologies, Panasonic’s BM-ET200 works with most prominent physical security access software and server packages. As you dig into physical security, one name you’ll keep encountering is HID Global (www.hidcorp.com), which not only owns Fargo but also big proximity card reader names like Wiegand. And if you’re feeling lost in these partner names, realize that you’re probably going to be making friends with new distributors too. Panasonic’s three primary distributors for its iris cameras are ScanSource (www.scansource.com), Anixter (www.anixter.com), Northern Video Systems (www.northernvideo.com). The good news is that these distributors are highly specialized and more than willing to help new resellers understand the various pieces of a physical security solution.
Broader Biometrics Our focus on iris and fingerprint solutions is meant to highlight the easiest market access points, not to rule out other biometric options. Diebold, for example, manufactures its PassVault machines equipped with palm geometry readers able to measure 96 data points on the hand. The PassVault controls access to bank vaults. Diebold and NCR have both dabbled in biometric ATM machines. The field of voice biometrics has increasing potential given the rise of VoIP adoption. On the face recognition front, this technology took a painful beating after law agencies jumped on surveillance following the 2001 World Trade Center attack. Reports of real-world inaccuracies were rampant in the press, and little has been heard about this biometric since. Yet development has continued, and NIST data presented in 2006 showed that the state of the art in 2002 suffered under a 20% recognition failure rate. The goal in 2006 is a 2% failure rate. So while it’s not quite ready for widespread adoption, advances in 3D imaging and analysis are getting us much closer to commercial viability. Perhaps most significantly, the NIST study shows that at least three recognition algorithms availability today surpass human’s accuracy in making difficult (similar but different) face matches, and nearly all algorithms are better than humans on matching easy face pairs. According to the most recent US Contact Center Report, there are 18 billion inbound calls annually in which call takers spend an average of 20 seconds (and thus 65 cents of payroll) verifying caller identity. VoiceVault (www.voicevault.com), which sponsored the report, makes software that can enroll and verify callers according to their voiceprints. While we could not find statistics on VoiceVault’s effectiveness, a 2004 study on MIT’s Lincoln laboratory speaker recognition system found a false accept rate (approving the wrong person) of 2% and a false reject rate (denying the right person) of 10 percent. Obviously, it’s better to have a lower false accept rate at the risk of sending more people into live support for verification. As call centers and other businesses find more ways to integrate speaker recognition in their operations, look for the technology to increasingly migrate into physical security. As you contemplate how biometrics can fit in with your client base, realize that physical security may only be your foot in the door. By eliminating logon hassles, biometrics can increase workstation productivity and drop IT support times. Many applications can link file and folder encrypt/decrypt functions to biometric authentication. One interesting ROI benefit for biometric access systems is an elimination to “buddy punching,” the ubiquitous practice of having a buddy punch your time card while you’re “just a few minutes away.” Because biometric systems can be correlated to attendance systems, the savings to companies can be, according to one estimate by Synel Industries, up to 10% per employee per year. The trick may not be to sell your customer on the technical merits of biometrics but to present biometrics to him as a solution to his existing problems. If his chief problem is a need for extreme security in key locations, then don’t hesitate to push a two- or even three-factor physical security approach.
Securing Equipment We drew a line early on between environmental and mechanical security. In fact, there is a gray zone between these two in which channel resellers can fit quite comfortably: physical asset protection. There are actually so many recent statistics about the effects of shoddy asset security in businesses that we can’t come close to repeating a decent representation here. But just to give you a sense of the need for more reseller intervention consider these: In 2006, the Ponemon Institute reported that 81% of companies admitted the loss of at least one laptop containing sensitive information within the preceding year. To make this distinction between hardware and data value clearer, Safeware Insurance stated in 2004 that over 600,000 laptops were stolen that year, with hardware losses accounted at $720 million but proprietary information losses at $5.4 billion. Symantec’s 2007 Internet Security Threat Activity Research showed that 54% of all identity theft-related data breaches result from the loss of a computer or data storage medium. And one more telling stat from Ponemon: The cost of preventative security measures is, on average, four times less than the cost of a breach. “Our biggest challenge is to get people to do something about security,” says Jerry Raymond, president of Datamation Systems, a 45-year-old vendor and OEM of security and document management solutions. “In a way, it’s like how people need to think about what might happen before they buy insurance. Some customers are proactive and understand that there’s more to it than just replacing equipment. When you lose your wallet, nobody says, ‘Aw, damn, now I gotta buy a new wallet!’ It’s the disruption of functions that take place as well as the cost of reconstructing and reestablishing what they do. But often people don’t address this kind of security until they’ve had a costly, catastrophic loss.” For system builders and VARs, Datamation’s most intriguing offerings will probably be its secure enclosure carts. These are welded steel, multi-shelf units on wheels, available with varying degrees of integration. The DS-MMPC line, for example, has a street price of $825 for the empty version, $990 when pre-wired for power and sound, and $1,950 when fully integrated with an entire A/V projector outfit that’s ready to land at a customer site. This might sound spendy, but recall that many multimedia projectors cost multiple thousands of dollars, never mind the supporting PC and other equipment. But just because a Canon Realis SX50 streets at four grand doesn’t negate that it only weighs 8.6 lbs. and is easy to tuck under an arm. Not only is protecting this equipment valuable to customers, so is being able to safely store it in the environment where it’s normally used. The extra cost of integration pays off in less tangible ways, such as cable management and eye appeal in front of clients. Datamation carries several cart styles, including laptop models designed for eight to 36 notebooks—a smart solution in situations such as enterprise fleets or university computer labs. Company vice president Joe Mazza notes, “Our resellers have a lot of success selling these carts along with their own brand of notebooks, access points, hubs, etc. into the K-12, government, and college/university segments.” But also know that Datamation provides lock-down devices made to secure notebooks, desktops, and towers to desks. The PC locks into the enclosure or pad, and this in turn adheres, bolts, and/or cables to the desk. No-theft warranties are an add-on option. For more mobile-oriented users, probably the best asset protection name in the business is Targus with its DEFCON line. At heart, DEFCON products are thin, galvanized steel cables with different types of locks on them. Targus makes no claims about these being protection against a serious, determined thief. Instead, DEFCON products are designed to deter “opportunistic theft.” If someone wants to steal a notebook and finds one locked by a steel cable to the desk, he’s likely to just move on to the next notebook.
There are at present 17 different SKUs in the DEFCON line, most of which involve 4-digit combination or key locks on 6-foot or short eyelet cables. (The eyelets are handy for dangling a new device off of an existing security cable.) There’s a new retractable DEFCON 1 model (ASP29US) that not only protects a notebook but also secures other personal belongings. The PA400U features a retractable cable with 4-digit lock, but it adds a motion sensor, so if the lock is moved or the 3-foot cable cut, the unit will emit a piercing, 95 dB alarm. Again, these locks are deterrents, not heavy-duty protection like something from Datamation. Someone walking around with a 12-inch, handheld wire cutter can probably slice through the average Targus or Kensington cable. This is why Targus came up with its ASP10US DEFCON CL Armor Combination Lock, which is a conventional combination lock cable wrapped in steel ringlets for double protection. To get through this, someone would have to show up with bolt cutters. “We also have the VPCL—Video Port Combination Lock—with metal housing that connects into the VGA port,” says Al Giazzon, vice president of marketing communications for Targus. “This has a pass-through cable with VGA connectors on it, so one port goes into the motherboard of a notebook, projector, or LCD monitor and the other port connects to the video cable. It’s very secure, because on some notebooks the slot lock can be easily broken and the notebook is still usable. With the Targus VPCL, you can’t use the notebook if you break off the VGA port. You’ll crack the motherboard. The pass-through cable uses a screw-mount into the VGA port, then there’s the lock that goes over the screws, which you can’t remove without the key or a combination.” Giazzon adds that Targus scores a lot of sales due to regulatory compliance needs. In fact, one of the largest national hospital chains, working to enhance its HIPAA compliance in the light of an increasing shift to notebooks, just ordered a mass of Targus security cables to be installed on every desktop and notebook PC on every hospital floor. So don’t just think that there’s not much profit to be made in $30 cables. You only need the right accounts looking for ways to improve their security in affordable ways. Yet after all this, bolt cutters still happen. There will always be inside jobs, even though you’ve helped clients take steps to minimize them. And according to the FBI, 97% of stolen computers are never recovered. However, there’s still something you can do to help protect those assets after they’re stolen. Absolute Software (www.absolute.com) makes a line of software products called Computrace. The Computrace Agent is a client that can be embedded in the BIOS—a popular move with several major OEMs. Alternatively, the Computrace application can be installed to the hard drive after the PC build. Computrace software reports location, user, hardware, and software information to Absolute’s Monitoring Center when the PC is connected to the Internet. Not only will this let admins track assets and generate asset reports, but if the computer is stolen, Absolute will provide location information (derived from IP packet path data) to local law enforcement. The police, in turn, can procure the subpoenas necessary to go snag the hardware. There’s also an option called Data Delete that can automatically wipe sensitive data in the event of theft. According to Absolute, the company manages to recover three out of four lost or stolen computers that contact the Monitoring Center, and if the system can’t be recovered in 30 days, the customer will receive a refund on the price of the software. (There are, of course, terms and conditions fine print.)
Absolute also has an end-user play called LoJack for Laptops meant for installations with 10 or fewer systems. (For any old schoolers who may have missed the last two decades, the original LoJack is an RF device planted in a vehicle that lets police track the item when stolen.) This is essentially the same Computrace application tied to Absolute’s Monitoring Center, only now packaged for retail and stripped of all corporate asset tracking features. It’s simply an add-on piece of software you can include with whitebook purchases. The end-user purchases subsequent annual subscriptions directly from Absolute. Going Beyond Physical The key to reseller success in physical security may well revolve around the idea of multitasking. A client may want smart cards to perform one primary task in an organization, but you’ll have a competitive advantage if you can devise other needed jobs for that technology, all of which should have ROI benefits. You see this same idea in Computrace with asset tracking, in biometrics with logon timesavings, and so on. You’re a value-add reseller. The object is not only to sell physical security but additional value-adds on top of it. You may discover that offering a free upgrade to the Targus DEFCON Notebook & iPod Lock Combo set when an iPod is purchased with a notebook is the missing ingredient that will let you start dabbling in iPod sales and, more importantly, their accessories.
With video surveillance, the point is either to deter theft or assist in recovery after theft. If customers can keep their eyes on those purposes rather than getting fixated on the technology solution, then their minds should be open to physical security methods to achieve the same goals. Help them into this mindset, be creative in how you design solutions for ROI across several fronts, and your business should find greater safety in increasing sales. |
||||||||||||||
 Back to top
|
||||||||||||||
Copyright © 2007 RAM Magazine. All rights reserved.
Do not duplicate or redistribute in any form. |
||||||||||||||
