The number of users and audit trail entries is limited in a standalone configuration by the available memory and varies among each manufacturer. Source: Security Industry Association (SIA) White Paper "Biometrics in Physical Access Control"

Ask systems integrators and security equipment manufacturers about biometrics-based access control systems and you will get a wide range of views on pricing and adoption trends. Some systems integrators say they use biometrics only rarely; that prices have come down only a bit, if at all; and that biometric devices are likely to always be a niche market.

Even some manufacturers that offer biometrics equipment are rather unenthusiastic about the market. Less than 5 percent of access control readers sold use biometrics, according to manufacturers’ estimates. With such low volumes, some people say that prices – which are about three to nine times as much as traditional card readers, depending on the technology used – are unlikely to change much.

But talk to enough people and you will discover small but growing minorities within both the systems integrator and manufacturer communities that are having significant success with biometrics.

For example, CHS Inc., a Farmingdale, N.Y.-based systems integrator, is selling 10 to 20 times more access control systems that include biometrics than it did in recent years. “We used to do one or two a year,” notes CHS president Jeff Goldat. “Now we’re doing 30 to 40.”

Goldat has seen the increase primarily among Fortune 1000 customers. “They don’t use biometrics for their overall access control system, but they use it in high security areas, including computer rooms and cash rooms,” Goldat notes, adding that the increase has been driven in large part by improvements in technology. “Reliability has increased ten-fold,” he says. “Two or three years ago, we were leery of using biometrics.”

Despite the cost, some customers like the added level of protection that biometric readers provide for high-security applications. Because a user’s unique fingerprint, iris or other personal characteristics are scanned in order to gain entry, biometric readers help prevent an unauthorized user from gaining access by using someone else’s credentials.

That capability also is facilitating new applications that are driving increased use of biometric readers. “Biometrics are becoming more popular because they’re being used for more than just security – people are also using the technology for payroll systems,” notes Joe Hassan, president of Certified Security Systems, a Jacksonville, Fla.-based systems integrator. “You can’t fool the system. You can’t have someone punch in and out for you because biometrics are unique to you.”

Like CHS, Certified still relies primarily on traditional card readers, which outnumber biometric readers sold by a 10-to-1 ratio. But biometric readers are gaining in popularity, in part because their cost has come down 25 percent to 30 percent over the past few years, Hassan says.

In this network configuration, biometric devices are linked to a host computer. Source: Security Industry Association (SIA) White Paper "Biometrics in Physical Access Control"

Reader Types

Both CHS and Certified rely primarily on fingerprint-based systems when they use biometric readers. These seem to be the most popular type of biometric reader, in part because they are less expensive than other types of readers.

Hand geometry readers are a bit more expensive than fingerprint readers, but may work better in certain environments, explains Beth Thomas, product manager for reader manufacturer Honeywell, Oak Creek, Wis. Unlike fingerprint readers, hand geometry readers do not require users to remove latex gloves, making them more suitable for laboratory environments, she points out, adding that hand geometry readers also may work better in areas with a lot of dust.

Iris readers typically are used in the highest security environments. The chief advantage of using iris recognition, rather than a fingerprint, to identify a person is its high level of uniqueness, explains Tim Meyerhoff, business development manager for Panasonic Security Systems, Secaucus, N.J., which offers an iris recognition system.

“Iris recognition has the lowest probability of false acceptance,” he maintains. “The currently deployed systems have a false acceptance ratio of 1 in 1.2 million for a single eye and approximately 1 in 44 trillion when both eyes are identified.”

That extra level of security comes with a hefty price tag, however – about two to three times as much as fingerprint readers, according to Peter Boriskin, director of product management for manufacturer Tyco Fire & Security, Boca Raton, Fla.

In a full biometric integration, the access control software handles the template management and communications to the biometric units. Source: Security Industry Association (SIA) White Paper "Biometrics in Physical Access Control"

Identification and Verification

Of course, the cost of the readers is only part of the total cost of a biometric system. Other costs that also must be considered depend on the approach used to ensure that a user’s reading is a valid one. Because fingerprint systems are the most commonly used, we will focus on them, although the same issues also must be addressed with other biometric technologies.

All fingerprint systems work by comparing a live reading against a template, a previously recorded reading from a user. One approach is to maintain a database of all authorized users and to search through it until a match is found – a process known as “one-to-many identification.”

The advantage of this approach is that it does not require the user to carry a card or remember a password. Boriskin says he has seen increased use of such systems for gyms and other lower-security installations where people may be prone to forgetting a card or PIN.

The disadvantage of this approach, however, is that throughput is quite slow, because the system must look through the entire database until it finds a match, making it unsuitable for high-traffic areas.

A variation on this approach is to assign each user a personal identification number, which he or she enters into a keypad co-located with the reader. The system then pulls up the stored template associated with that PIN and checks whether it matches the fingerprint that has just been presented to it, an approach known as “one-to-one verification.”

Although adding the keypad increases installation costs a bit, it minimizes throughput time substantially. Alternatively, some clients may use an access card reader to pull up a user’s template, or for an extra level of security, some people may opt to use a traditional access control card reader plus a PIN – for an additional cost, of course.

Whether based on identification or verification, though, any system that relies on a database of templates has another drawback. If users need multiple readers, the database has to be stored at each reader. Traditionally, this meant that someone had to update each reader any time there was a change in the database.

More recently, readers have been introduced that could be networked together, typically via an RS-485 connection, enabling updates to be shared among all readers either by exchanging information directly between readers or by having all readers draw information from a central database.

This approach adds to the initial installation cost for a biometric system, but according to Goldat, has enabled biometrics to be used in areas where they were not practical before. Networking capability has made a huge difference in the popularity of fingerprint readers beginning about three or four years ago, Goldat notes.

In this Wiegand integration, the biometric devices are linked to the host computer and the door module in a biometric reader network. Source: Security Industry Association (SIA) White Paper "Biometrics in Physical Access Control"

Smart Card

A third approach is a one-to-one verification that eliminates the need for a database altogether. Instead, each user’s fingerprint template is stored on a smart card, which the user presents to an integrated fingerprint/ smart card reader. The reader then checks whether the current fingerprint reading matches the one stored on the smart card.

This approach adds the cost of the smart card to the system, but because biometrics generally only protect a portion of a facility, users typically will need some type of access card anyway.

Smart cards cost about 20 percent to 30 percent more than a graphics-quality proximity card and often can be used for additional purposes, such as stored value applications, notes Doug Cram, vice president of sales and marketing for AWID Inc., Atlanta, which manufactures fingerprint readers. Also, because the readers used with smart-card-based systems do not require on-board storage and networking, their cost is lower, he asserts.

Despite improvements in biometric technology, however, some say the market will be hampered until it achieves more than just incremental cost improvements.

It may sound a bit like the classic chicken-and-egg problem – prices will only go down if volumes go up, but volumes will only go up if prices go down. However, new government initiatives have the potential to give biometrics a significant boost by putting the technology in government locations with as many as 5 million users within five years.

Side bar: FIPS Standard Could Boost Biometric Sales

Although biometrics could be viewed as a market that is still waiting to happen, an important government security initiative has the potential to change that. The initiative, known as Federal Information Processing Standard (FIPS) 5201, affects about 5 million federal employees and contractors and will require many facilities currently protected by proximity or magnetic stripe readers to upgrade to a smart-card-based system. For the highest security applications, that smart card also will include fingerprint-based biometrics.

The deadline for these upgrades is the fall of 2007, notes Peter Boriskin, director of product management for Tyco Fire & Security, Boca Raton, Fla. But, he says, “Some early adopters already have begun the transition.”

Boriskin believes the government initiative will drive others to adopt smart cards, including biometric-based smart cards. “There are a lot of non-governmental organizations and commercial entities that work with the government, and you have a lot of people crossing between local and federal government facilities,” he notes.

If local and state authorities as well as the federal government adopt the new access control standards, Boriskin estimates that the total number of users affected could be as high as 20 million. Although not all of these people would use biometrics, the technology could still see a significant volume increase, which in turn could help generate cost decreases that could help spread adoption even further.