Which is the right contactless biometric for you?

Which is the right contactless biometric for you?

The ongoing COVID pandemic has changed existing business practices globally; the access control industry is also experiencing the impact. Recently, organizations have started switching to touch-less authentication technology, which requires absolutely no human contact. In the blog, we have done a comparative analysis based on various security and user-experience-and-adoptability parameters of the most popular touch-less authentication systems for physical access control.

Facial recognition

Facial recognition has found a widespread usage in various industries, including the access control industry. Facial recognition technology first identifies various nodal points of an individual’s face using image processing technique; the extractor algorithm then converts facial features into a numeric code that is unique to each person. During verification, the person’s unique numeric code is compared to a database of known faces to find a match.

Mobile credentials

People may forget to carry an access card, but they never fail to bring their mobile phones. Hence mobile-based credentials have emerged as a suitable touch-less alternative to conventional access credentials such as smart-cards and biometrics. It is also securer alternative to smart cards that the smart phone credentials are uniquely generated for each mobile device using various proprietary algorithms. Moreover it stays safe behind multiple layers of security such as PIN/ password or biometrics. Mobile credentials use Bluetooth technology or NFC to transmit user credentials from a mobile device to an access control reader.

IRIS Recognition

IRIS recognition is an automated biometric identification method that uses mathematical pattern-recognition techniques on video images of one or both IRIS. Like a fingerprint, IRIS pattern is unique for everyone. There are two different stages of IRIS- scanning system, namely, enrollment and verification. First, the system scans the iris of each person using infrared light. Exposure to infra-red light shows the unique features of darkly colored eyes, that is not visible clearly under ordinary light. The extraction algorithm then converts these unique features into a simple digital code stored in the biometric database. During verification, the individual’s IRIS is scanned and matched with the IRIS profile in the database.

Contactless fingerprint recognition

Contactless fingerprint recognition is the latest type of biometric technology that is growing in popularity. The technology acquires the 3D fingerprint of four fingers for maximum accuracy, by just waving a hand over the sensor. The solution is highly secure, convenient and provides frictionless access experience with utmost precision.

Smart Cards

We refer to proximity cards or contactless smart cards by smart cards, which an access control reader reads without any direct contact. The Smart-card can even be kept in a wallet, and the reader can still read it. Different brands offer proximity cards of different read ranges, varying from anywhere between 1 to 4 inches. The smart-cards mostly operate at 13.56 MHz frequency, drawing the power from a reader itself using Electro-magnetic induction. That’s why the smart cards does not require any in-built batteries and therefore also referred as Passive Cards or Tags.

Comparison

IDCUBE has been a prominent player in the access control industry for 15 years and offers a Software platform for holistic Physical Identity and Access Management. The Platform supports all forms of physical identities such as touch-based fingerprints, contactless fingerprints, face, Iris, Finger-vein, palm-vein, mobile-credentials, Smart-cards including LF, HF and UHF, and QR-codes. Based on our real-world experience, we are presenting the analysis of various forms of touch-less credentials.

We have compared these credentials in terms of security, user-experience and adoptability. The various parameters taken into consideration are False Acceptance Rate (FAR), Failure to Enroll (FTE), Spoofing, Convenience to carry, False Rejection Rate (FRR), Speed and Cost of implementation. The parameters are broadly grouped under two categories: Security (FAR, FTE and Spoofing) and User-Experience-and-adoptability (Convenience to carry, FRR, Speed and Cost of implementation).

Refers to the percentage of cases in which a system falsely accepts an unauthorized user’s credentials. A highly secure system has a very low FAR.

Mobile credentials and smart cards being electronic; therefore, there is no scope for a false match during authentication. IRIS, Facial Recognition, and Contactless Fingerprint recognition forms have matured enough to give a very low FAR though there is still a possibility of false acceptance when the number of users is very high.

The percentage of cases in which the system fails to read a user’s characteristics due to various reasons. A biometric technology with very high FAR (referring to greater security) would tend to reject more.

Facial recognition system offers the lowest possibility of system failure-to-enroll a user due to each face’s characteristic uniqueness. On the other hand, IRIS and Contactless fingerprint may show a greater probability of system failure to enroll due to several issues such as compromised sensor quality, bad image quality due to pupil contraction and dilation under the effect of the visible light or dirty/ scarred fingerprints.

The mobile credentials are still at an early stage. Therefore, it showcases enrollment challenges with some versions of mobile OS and devices available in the market. On the other hand, an organization can issue smart cards on a large scale across a broad spectrum of users. This is synonymous to credential theft, where an unauthorized user impersonates a valid user to gain access. A malicious user performs spoofing by faking, cloning, or stealing the user’s biometric characteristics or credentials thus tricking the sensors into providing access to a wrong person.

IRIS and contactless fingerprint credentials are least likely to be spoofed. It is challenging for a malicious user to acquire both of these credential types without the user’s knowledge. The contactless-fingerprint and Iris devices are further equipped with matured anti-spoofing algorithms.  In comparison, it is much easier to acquire someone’s photograph or video. A hacker then attempts to spoof a facial recognition device by presenting the photograph, video or 3D mask of the user. Though most of the branded facial recognition systems come with anti-spoofing algorithms, it requires more work to make it foolproof against sophisticated attacks such as face masks.

An intruder can easily steal or clone (unless encrypted) a smart card, for unauthorized usage. In comparison, mobile-credentials offer much better security than smart cards in terms of cloning attacks but there remains a possibility of a mobile-device getting stolen.

Following is the overall comparison score of touch-less credentials in terms of security-

Contactless Credential Score
IRIS 4.3
Facial Recognition 4.3
Contactless fingerprint 4.3
Mobile Credentials 4
Smart Cards 3.7

Table-1: Overall Security score

Convenience to carry is a crucial criterion towards user-experience. The more intangible or portable a credential is, the easier it is to be used.

Any biometric credential, including Facial Recognition, IRIS or Contactless Fingerprint is a unique physical characteristic of a person, impossible to separate them. On the other hand, smart-cards are the least convenient option to carry, as people tend to forget or lose them. It’s an additional burden. Users are much less likely to forget to bring or lose their mobile devices as it has become an inseparable part of our daily life. Facial recognition, IRIS and contactless fingerprint are clear winners here.

The FRR refers to the percentage of cases when the system rejects an authorized person’s credential. A system with high FRR would require unnecessary and repeated attempts by a user, to access a facility. A biometric access control system    with higher FRR would generally mean lower FAR as it offers greater accuracy but would lower the user experience. Smart-cards and mobile-credentials being electronic are the most convenient for users, with zero FRR, implying that an authorized user will always get access to a restricted zone.

On the other hand, in case of IRIS and Contactless-fingerprints, certain users (though a tiny percentage) might need multiple attempts or make adjustments for the credentials to get accepted.  Images suffering from motion blurriness, camera diffusion, noise due to transmission, out of focus, presence of eyelids and eyelashes, head rotation, gaze direction, camera angle, reflections, contrasts, luminosity and problems due to contraction and dilation effects often lead to a high FRR in IRIS recognition systems.

The facial recognition system has a much higher FRR as compared to IRIS and Contactless-fingerprints. In the field of image recognition, facial recognition is quite complicated, where camera distortions and noise are the most common issues. On top of that natural environment of the user creates a complex background for the system. To deal with the issue, the system often requires good face detector to isolate the real face from the other parts of the image.  Translation, rotation, occlusion and scaling variations in images may also lead to high FRR.

Poor illumination, variations in facial expression and makeup/hairstyle also cause variations, leading to unnecessary attempts by the user.

User authentication speed refers to the time lapse between the user showing their credential for verification and the system authenticating via 1: N matching and unlocking the door/gate.

Speed of authentication is the highest in smarts cards, mobile credentials and contactless fingerprint. Facial and IRIS recognition systems require proper alignment of the user’s face/IRIS with the device and at a specified depth of field for authentication. In an IRIS device the depth of field is even narrower. Hence it takes a while for adjustment before an image can be captured. It is safe to say that out of all the contactless credentials smart cards, mobile IDs and contactless-fingerprints are the fastest for user authentication.

Cost of implementation involves the total expenses to install or implement a system. This may include the infrastructure requirements, cost of hardware and software.

The device and system implementation cost for Contactless-fingerprint is highest, followed by IRIS, facial recognition and mobile credentials. The least expensive of all is a Smart-card.

In terms of user experience and adoptability, we have provided the following scores to the touch-less credentials:

Contactless Credential Score
Mobile Credentials 4.5
Contactless Fingerprint 4
Facial Recognition 4
Smart Cards 4
IRIS 3.8

Table-2: User experience and adoptability

Combining Security, Experience, Adoptability parameters, the table-3 shows the overall scores for touch-less credentials.

Contactless Credential Score
Mobile Credentials 4.28
Facial Credentials 4.14
Contactless Fingerprint 4.14
IRIS 4
Smart 3.86

Table-3: Grand Average

Please follow and like us:
RSS
Follow by Email
X (Twitter)
Visit Us
Follow Me
YouTube
YouTube
LinkedIn
Share