Security trends


computer-logical-access-security

By Charles Balcomb, managing director, Databac

Economic crisis or not, the security sector is full of activity and research continues apace. Some interesting developments are in the pipeline in terms of both technologies and applications. Smart cards will get smarter, contactless will go long-range, biometrics will boom, applications will integrate and the mobile phone will join the arsenal of ID credentials along with cards and tags.

The rise of UHF

UHF (ultra-high frequency) technology is making tentative forays into barcode territory. Its long read range coupled with a low manufacturing cost makes it a more advanced, flexible and versatile contender in situations such as luggage tracking and inventory control in shops. It is also highly robust: a UHF tag can be read through water and when attached to metal.

UHF has been around for a while, but the international standard EPC Generation 2 makes the technology that much more viable, not only across the supply chain, but also for the identification and tracking of people.

Gen 2 enables the design of small antenna configurations that fit on the smallest of vials, while anti-collision algorithms mean that scanning a large stack of products does not present any difficulties. This brings obvious advantages to pharmaceutical supply chains, for example, where a single technology can be used throughout, from product to pallet, streamlining the process and making it that much more secure.

In terms of people, UHF has huge potential in applications that involve long-range identification. For example, real-time tracking of people in a building brings immediate benefit for health and safety. In an emergency, not only would a list be available of persons present, but also their exact whereabouts on the premises. Beyond security applications, there are countless scenarios in which UHF can lead the way. In racing, for example, drivers and athletes can be tagged for unequivocal race results. Event and conference organisers can gather valuable information on visitor movements. As usage grows, ever more inventive applications will appear.

The barcode is not about to disappear, however. Its price and practicality secure its position in the market for many years to come. UHF usage across the supply chain may now be a real possibility, but it may be some time before all those involved adopt the technology in favour of the existing standard.

Nor will existing RF technologies be phased out. On the contrary: read-only 125KHz will still have its place, as the readers are more economical than UHF readers and price will dictate the need for these products. Read/write 13,56MHz (Legic, NXP, etc) is very established in the market, with a large user base and a huge number of complementary products.

Where contact chip cards are concerned, high-end products like Java Card (JCOP 21/31) will be on demand for multiple secure applications, while dual interface cards will push combined contact and NFC (near-field communications) applications.

UHF’s many advantages should nevertheless ensure it finds a place alongside barcode and chip technologies, perhaps not in a logistical setting to begin with, but more likely initially for the identification of people.

Biometric boom

Identity theft has become a big driver in the uptake of biometric technologies. As public resistance to biometrics starts to ebb and the Big Brother fear factor recedes, biometric verification starts to take its rightful place as one of the most secure methods of identification. Iris, facial and fingerprint biometrics are already being trialled and indeed used in some countries for fail-safe identification in immigration / cross border control and passport applications.

Fingerprint systems are already widely used and accepted, but palm vein systems are set to take their share of the market. Convenient and secure, they are very user-friendly as a wave of the hand is all that is required by the user to gain entry or operate a system. Facial recognition is easier to use still and requires nothing more than standing still for a few seconds. Use of this user-friendly technology is already established in crime prevention for identifying individuals in crowds, for example, though usage will become more mainstream and more one-on-one. In fact, facial recognition is increasingly used for secure access at nurseries and schools, where security concerns override the usual cost drivers – this technology comes with a serious price tag.

Vein recognition is also being applied for access to computers. Fujitsu’s Palm Secure palm vein technology is built into PCs and mice for secure logon and Hitachi has recently launched a contactless finger vein PC logon device.

The combination of two or more biometric technologies – multimodal biometrics – is the ultimate in secure identification. Several systems, such as Tab Systems’ smarti, are already on the market which combine voice, face, mimic and/or fingerprint recognition.

Yet this rise in biometrics does not spell the death of the card, which it could be seen to replace. Instead, one will likely boost the other.

Alarming news reports of lost records and data theft means that many people do not want their data to be stored in a place outside of their control. ‘Match-on-card’ and similar systems make this unnecessary. With these systems, biometric and other data – including fingerprints, palm prints, photographs, personal data and access rights – are stored, not on a central database, but rather in a card or other device which the user keeps at all times. When users approach a reader, for example, they scan their fingerprint and card. The reader compares the fingerprint to the image held on the card. If it matches, access is granted. Even if such a card is stolen or lost, it would mean that only a single record is compromised and can easily be restored.

Multi-application systems

Whatever technologies are used to verify a person, one trend is forging ahead. Security systems are converging and merging with other systems. Access control, logical access, building automation, time and attendance, network logon, security and PKI are all becoming one. It is not surprising as they are not very different in essence. Each application requires the identification of an authorised person to activate a pre-programmed task, such as open a door, log the date and time, open a software program or switch on the air-conditioning.

Multi-application cards by Databac Group and other manufacturers have been around a long time, where a single card operates with various systems for different functions. Dual interface cards are the latest iteration of multi-application smart cards.

However, the systems themselves are now merging. The smarti system mentioned above is one successful example of a combined biometric solution for access control, time and attendance and building automation.

Web-based systems are ideal for extended enterprises. Integrated security systems can leverage corporate intranets to enable them to function around the country or even worldwide. How users access these systems will differ, but a mixture of smart cards and biometrics is one likely scenario.

Can I read your mobile, please?

The vehicle for user ID will move beyond traditional cards or tags or even the latest biometric readers. Newer generations of mobile phones could well be used for access control, time recording and PC logon. After all, the chip inside could easily be programmed to integrate with access control and other security systems.

For the moment, usage of verification technology is restricted to access to the mobile phone itself as a theft deterrent. Phones with facial recognition started coming out of Japan a few years ago and a new phone from Sharp will go on sale in April boasting a verification time of one second. Voice recognition in mobiles has also been tested, while models already exist with built-in fingerprint readers.

It is a short step from here to integration with security systems. Company mobile phones, iPhones, Blackberries and the like may well be used as credentials. The mobile phone can become an effective device to access security systems. Beyond personal applications like instant messaging and taking photos (and, in Japan, opening car doors, public transport and payment), its future includes corporate and security functions such as ID, access, clocking in and more. Identifying data can be stored locally on a mobile for a possible ‘match-on-phone’ verification process. Picture the scenario: users activate their company mobile using their fingerprint and, on arriving at the office, hold the phone up to a chip reader, while speaking a voice code and standing still for a second for a facial scan. The system checks the voiceprint and facial image against the templates held on the phone and grants or denies access accordingly. It is not so far-fetched. Users would just need to ensure they keep their mobile charged up!

Multimodal biometrics, in conjunction with the real-time verification of data held on a chip within a card, tag or mobile phone, is tomorrow’s standard for banks and prisons. At some point in the future, DNA records may act as the main identifier, whereas the portable holographic projector is an ID verification method to be developed by future generations.

Charles Balcomb, Managing Director, Databac
Charles Balcomb has been involved in the manufacture and application of identity cards and ID systems since 1981. He has worked on many new ID card developments, with an emphasis on the introduction of recyclable and durable cards into the market.

– ENDS –

1485 words

For high-resolution images to go with this feature, please contact summit_media@compuserve.com

Issued by:
Databac Group
Tel: +44 (0)20 8546 9826
Fax: +44 (0)20 8546 1026
Email: enquiries@databac.com
Web: www.databac.com

Editorial contact:
Mariam Khan
Summit Media Services
Tel: +34 93 265 0084
Email: summit_media@compuserve.com

©Databac Group