(Access Control & Security Systems Integration Via Thomson Dialog NewsEdge) In today's digitally-advanced world, the way we identify ourselves has changed dramatically. For example, people may choose to assume new identities in Internet chat rooms or through personal e-mail accounts. Sometimes, alternate identities are assigned to us.
For instance, when we show up at the office, we may be asked to present a badge to an access control reader to verify that we have access to our place of work. If the badge is recognized, the door opens. We do not own the badge, and the reader has no idea who is carrying it; but the company has given it to us as an identifier for access to the building.
Upon entering the workplace, most of us start the work day by turning on a computer and connecting to a corporate network. To log on, a username and password are typically required for verification. This username may be a combination of given name and surname, something usually decided upon by the IT department. The password is likely some form of alphanumeric characters, digits or symbols that must be changed periodically.
Additionally, we may need a different card to access restricted areas in the organization, either within the same building or within a remote location. Multiple passwords are also required to access various computer applications, Web sites or networks. As employees, we have to keep track of a multitude of digital identities.
The Other Side
Looking at this situation from the company's point of view, the management of staff digital identities is typically achieved using separate systems for physical access control, run by the facilities department, and logical access control, under the guidance of the information technology department.
So how can we resolve this issue of multiple digital identities in order to make systems simpler and more secure?
One answer is to merge the systems that support these functions. Since all the aforementioned new digital identities are the property of a single organization, it makes sense to manage them so that they are shared across the enterprise.
The problem is that the facilities department does not want to give up its privileges as the sole provider of physical access control credentials, and the IT department does not want to lose its role in governing logical access control.
Achieving Convergence (News - Alert)
To provide a compelling argument for convergence of physical and logical access control, vendors are rounding out technologies by integrating the administrative capabilities of physical access control with logical access software. This integration can greatly reduce the overall costs of administering such systems. To achieve this, Identity and Access Management software (the logical access enabling technology that often features Single Sign-On and network log-on functionality) is being used in tandem with physical access control readers and credential and policy management software.
With this advancement, it is now possible to leverage the technology from a single source to set policies and enable a single identity to be the access control credential across the enterprise.
The reduced cost due to integrated identity management tools and the enhanced security afforded by a unified policy engine are two driving forces behind the convergence.
An integrated security system also has the benefit of combining the large number of disparate authentication methods under a single system. It can also manage a large number of token, password, smart card and biometric technologies.
As previously mentioned, for logical access it is common to use a password as a method of authentication. However, other forms, including tokens, cards and biometrics, may also already be in use. With a credential management system as a component of the larger identity and access management system, these authentication factors can all be supported and associated with the identity.
The most convenient way to minimize the number of required credentials would be to use a type of record that is supported by both physical and logical access control systems. Two primary examples of such technologies are biometrics, specifically fingerprint biometrics; and smart cards. These authentication techniques could also be brought in over time as an organization transitions away from having to support a multitude of credentials. The use of biometrics for physical access control has grown tremendously over the past number of years and will continue to grow in the years ahead. According to data compiled by industry analyst Frost & Sullivan, global sales of physical access control readers with biometrics represented less than $50 million in revenue in 2002 but will grow to more than $650 million in 2010. These plug and play readers are integrated with the access control panels of the major integrators using the same communication protocols, thus allowing easy replacement of the non-biometric readers.
The Benefits of Standardization
Over the course of the past few years, standards for biometric data have been established, not just for biometric data interchange formats, but also for the scanners or image capture devices that are used. This standardization now enables the interchange of vendor technology and does not lock-in purchasers to a single vendor.
The development of standards for fingerprint biometrics such as ANSI/INCITS 378 for minutiae matching has created a baseline for interoperable technologies. In May 2006, results of the National Institute of Standards and Technology (NIST) MINEX04 testing provided an analysis that demonstrated the interoperability of minutiae-based algorithms. It demonstrated that biometric data created with one vendor's technology would work with technology from other vendors. Now, as long as an organization purchases from biometric vendors that comply with these standards, there is no longer the concern of having a closed system.
Bridging the gap of physical and logical access control, particularly through the use of biometrics, can also be provided by PC manufacturers. These vendors are now integrating biometrics into their platforms and eliminating the need for peripheral biometric devices. Fingerprint scanners have found their way onto a great number of portable PCs. There are also keyboards with scanners built in for desktop PCs.
With fingerprint biometric readers for physical access control (that are interchangeable with standard equipment), off-the-shelf computers that incorporate fingerprint biometrics and a software platform to manage the policies required for physical and logical access control, it is now possible to allow employees to maintain a single identity throughout the enterprise, while minimizing the cost of deployment and enhancing the security of the system.
Dr. Colin Soutar is chief technology officer and executive vice president of research and technology for Bioscrypt., Markham, Ontario.
Copyright 2006 by Prism Business Information. All rights reserved.www.prismb2b.com