Security

Hand Scanners, Iris Readers and Fingerprint Readers Help Protect Networks

Biometric technology strengthens network security, saves time and eases help-desk headaches.

by / August 16, 2009 0
Previous Next

Screens that scan your eyes, machines that read images of your hands or face, computers you access with your fingerprint instead of a user name and password -- these were once the stuff of science fiction. But in the real-life IT world, biometric technology -- authenticating users based on their physical characteristics -- has gradually become fact.

Government agencies are using biometrics to enhance security in access control, but this technological endeavor, like most others, also can be applied to save time and effort. And since time and effort equal money, biometric deployments also can produce some nice savings.

Hand in Hand

Tahlequah, Okla., uses 11 "hand-punch" terminals -- which record user handprints -- to track and manage 129 city employees. The system replaced paper time sheets, according to Sue Stacy, Tahlequah's human resources director.

"It's just awesome. That's all I can say about it. Before, when I did payroll I had to go through all the time sheets and look to see who took a vacation day," she said. Stacy also needed to post vacation time and other time-related information publicly so others could see it. "Now I don't do that. It's all right there for me," she said.

Tahlequah uses Schlage HandPunch 3000 terminals to record employee handprints. The terminal has a flat metal plate with pegs that ergonomically direct the hand for proper placement. When an employee enrolls in the system, he or she places their hand on the plate three times, and the 3-D hand template is registered in the human resources office and associated with a unique identification number. When employees clock in or out for work, they enter the identification number, place their hand on the terminal, and the handprint is verified against the registered template and identification. The verification process takes seconds.

The terminals -- or clocks, as Stacy and others call them -- record when someone clocks in or out. Stacy uses software from NOVAtime to access the data and see who is clocked in or out and for how long. There are no timecards or paper reports involved.

"I can sit here at my computer, and I can pull a time and it tells me whether Joe Smith is at work or not. It shows whether he's punched in or if he's punched out or if he's off that day," Stacy said. "Somebody calls in and says, 'Hey, is Joe here today?' 'Well, I don't know. Let me check.' I can look to see if he's clocked in or out."

Employees also can view their time and attendance history from their work computers, which eliminates the need for them to contact Stacy or her colleagues.

"They have the ability to go in and look at their accrual time -- how much time they have for sick leave or vacation or comp time," she said.

Eight terminals are linked to the city's network, and three remote locations use a dial-up connection to transfer information to the human resources department. Tahlequah deployed the system in 2004. Ed Goss, the city's IT manager, also thinks the technology has spared Tahlequah from laborious, paper-based timekeeping procedures of the past.

"They were doing it by paper and you can imagine -- chaos, confusion, even in a small city, trying to keep a lot of different paper records up-to-date," he said.

A Better Password

In California's San Bernardino County, biometric technology eased the burden on help-desk employees in the Auditor Controller-Recorder Department. Employees touch a fingerprint reader to log on to the network, which eliminates the need for them to remember passwords. This has reduced by 90 percent the number of "lost password" calls to the department's IT help desk.

"That particular type of help-desk request, which were lost or forgotten passwords, plummeted. We rarely get those now," said Patrick Honny, the department's information services manager. They do, however, still receive calls from people who object to having biometric devices as part of the authentication process.

In 2003, the department deployed fingerprint-reading technology from DigitalPersona. Readers built into the department's computer keyboards capture users' fingerprints. The authentication software integrates with the department's Microsoft Active Directory network.

Fingerprint readers also are used to authenticate people who are submitting title insurance documents electronically. This is more secure than passwords, Honny said.

"It's hard to share your thumb or your finger, where it's very easy to share a password. So we found that it worked out well for us and continues to work out well for us," he said.

It's All in the Eyes

The Jefferson County, Colo., Sheriff's Office has many functions, one of which is to track inmates and arrestees as they enter and leave county facilities. Personnel use portable readers that scan the human eye's iris to verify inmate identities.

Special Duty Officer Jim Prichett said the technology strengthens security. "The false rejection rate is almost nonexistent. The probability that a biometric system will fail to identify an enrollee -- it's not going to happen," he said.

A 2004 article in Hi-Tech Security Solutions journal, Iris Recognition -- Debunking the Myths, claimed that the human iris is unique even between twins or between right and left eyes, and that iris-recognition technology is the most accurate biometric. The iris is also stable from age 1 until death.

Prichett estimates that the technology -- which has been in place since 2000 -- has shaved about 10 minutes off the verification time. The office used to take longer with the ink fingerprinting process.

"We no longer do it, but we used to capture a single index fingerprint upon initial arrest, and that inked right-finger index print would follow the individual through his stay at the facility," he said. "And at the end of his stay here, as he was about to exit, we would take another fingerprint and then we would have to examine the two prints to ensure that it's the same individual leaving."

A handheld reader in the sheriff's office can capture a video image of the human iris from three to 21 inches away, depending on the camera used. Prichett estimated that the county has indexed between 90,000 and 100,000 irises. When an offender is first booked, both irises are captured, but any time after that only one iris must be scanned for verification.

The sheriff's office has six readers located in various units, including one in the booking station to capture new arrests, two in the work-release facility to track inmates who leave to work for the day, and one in the inmate services unit to track inmates coming and going for court or to other facilities.

After the identifying information is collected from a scanner, it's verified against information contained in a bar code on an offender's bracelet. The sheriff's office still uses other identification procedures, including photography and digital-fingerprinting procedures.

"I guess the biggest thing we were looking for is some way to, with absolute certainty, ensure that the person we booked into our is the same individual that's leaving the facility," Prichett said. "So that you don't have an opportunity where inmates would trade wristbands or change their identity or something of that nature."

Prichett estimated that the sheriff's office pays an annual licensing fee of about $2,400 for all six units, which were provided by L-1 Identity Solutions, along with accompanying proprietary software that was built specifically for the office.

Hilton Collins

Hilton Collins is a former staff writer for Government Technology and Emergency Management magazines.