Biometric Systems in Academia

The deployment of biometric systems has increased significantly in academic institution for cashless catering system, automated system for recording attendance and automated biometric library systems. Biometric systems in academic institutions circumvent the limitations of traditional systems. Biometric systems in academic institutions are safe, secure and easy to use without using any password or secret codes to remember. The traditional security systems in schools may inconvenient staff and students as the student/staffs have to carry card at all times as required for the usage of the library, meals and record attendance which may be useful information for financial sponsors. In addition, traditional security systems using smartcard technology may prove to be very expensive as cards may be lost or damaged and require replacement while biometric solutions can not be lost. What is the annual cost for lost or damaged smartcards to your institution? Research analysts at Biometric Research Laboratory (BRL) have outlined three examples of biometrics in academic institutions. BRL is the research group at Namibia Biometric Systems (NBS) which conducts applied research in the implementation of Biometrics based solutions for both governments and commercial applications.

Cashless catering system: Financial sponsors pay in advance for students’ meals, crediting the students’ accounts with the amount paid in. The student or staffs then use this credit to pay for their meals on campus. Students or staffs can be identified at the till by an automated biometric system, with the cost of their meal being deducted from the credit paid in their account. There are several advantages to cashless catering. Students or staffs do not need cash to pay for their meals, reducing the opportunity for theft. Such systems can also speed up service in canteens and dining rooms.

Automated Biometric attendance and registration: Students register using an automated biometric system at the entrance of each lecturer. Entrance time and exit time is registered per students. Such systems can save considerable time and effort in taking registers. In addition, there is no opportunity for students to register absent students by using their smartcards or signing for them. Biometric systems can also help prevent unauthorised access to academic institutions. Attendance data can be used to help assess the impact of truancy on performance allowing any necessary steps to be implemented rapidly. This is an essential tool in performance management.

School library automation: An automated biometric system identifies and records the student’s name and the book/items they have borrowed or are returning. Thus giving staff more time to focus on other critical issues.

More information on the implementation of biometrics based solutions can be requested from info.@namibiabiometricsystems.com.

Why Use Biometric Authentication

The primary aim of Biometrics is to solve the limitations of the old traditional access controls to humans. More traditional means of access control include token-based identification systems, such as a driver’s license or passport, and knowledge-based identification systems, such as a password or personal identification number. In particular, traditional methods have the following limitations:

Weak passwords are easy to guess (by non legitimate user) and difficult passwords may be hard to remember (by a legitimate user). This could lead to a security breach where personal or business secrets are stolen by an outsider.

Sharing credentials is generally common with colleagues although this is forbidden by policy. A computer user shares his or her password with a colleague who requires access — even though, in most organizations (and in many security-related laws and regulations), this is forbidden by policy.

User convenience may not be possible using traditional security techniques. For example, users maintaining different passwords for different applications may find it challenging to recollect the password associated with a specific application.

Lost key cards can easily be obtained by non legitimate users. Often they have the name of the organization on them, so it’s like finding a key with an address on it, permitting the person who found it a free after-hours tour of the organisation.

Sophisticated Criminals have acquired great expertise in circumventing the old identification systems. This has resulted in a global rise of identity fraud and theft and the use of sophisticated means to evade detection.

By using biometrics it is possible to establish an identity based on `who you are’, rather than by `what you possess’ (e.g., an ID card) or `what you remember’ (e.g., a password). Biometrics is based on Physiological and Behavioural characteristics. Physiological characteristics include fingerprints, hand geometry, facial image, retina and iris. The behavioural characteristics are actions carried out by a person in a characteristic way and include signature, voice pattern, keystroke sequences and gait (the body movement while walking).

Planning for Biometrics Scenarios – Part 4

This article focuses on malicious software, malware, on a server that contains biometrics sensitive information. This scenario happens hundreds or thousands of times each day around the world. The impact of malware on a biometric server can be devastating. It is therefore critical to plan for this scenario. Planning for this scenario must consider at least the followings:

  • Clear definition of what is a malware.
  • Clear guidelines on the use of biometric systems.
  • Clear action plan to follow in an emergency situation.

The problem in this scenario is what you don’t know: Suppose you discover that a program with some sort of ill intent has been installed on a system containing your biometric database and you don’t know for sure what that program code may have done or had access to. In the worst-case scenario, it granted hackers direct access to that server (and possibly the rest of your network) and the hackers downloaded all the information to see what they could do with it. All the information on that system may be in the hands of someone that intends to do you harm. The biometric data on the database could have been compromised. The action plan to follow will depend on what action the malware performed on the database. If the biometric information was not compromised, all you need to do is eliminate the malware. On the other hand, if the biometric data was compromised, a strict action plan is required to ensure that the impact to the system and users is minimal.

Any action on the biometric database must address the followings:

  • What are the security requirements for the installation?
  • What is the legal, regulatory and public relations environment for the organization?
  • If the malware is well known to the antivirus/antispyware community, do you also know what it really does?

The other biometric scenarios to plan for are (i) high security hosting which focuses on a high volume of people requiring access to a highly secure facility and access is granted if you are on a master list of authorized individuals. (ii) Other Entry Access which focuses securing all the entry accesses to the facility including side entrances. (iii) Port of entry which focuses a high volume of people requiring access to a highly secure facility without the advantages of a master list for authorised individuals. (iv) And biometrics limitation scenarios which focuses on situations where the chosen biometrics technology may not be suitable.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com

Planning for Biometrics Scenarios – Part 3

The previous two articles outlined three main biometric scenarios to plan for such as high security hosting, other Entry Access and Port of entry. In summary so far:

  • High security hosting – Mainly concerned with a high volume of people requiring access to a highly secure facility. A master list of authorized individuals is kept and a manual check of each incoming person’s identification (usually a photo ID) is also conducted. It is obvious that the manual checks are challenging even for the highly trained guards to remember every individual on the master list.
  • Other Entry Access – Mainly concerned with securing all the entry accesses to the facility including side entrances. Consider a building which has a lobby with a security guard, does it actually require a biometric entry control for the lobby? Or does it depending on the size of the company and the size of the building, the security guard may recognize everyone who has a legitimate need for access.
  • Port of entry – Mainly concerned with a high volume of people requiring access to a highly secure facility without the advantages of a master list for authorised individuals. Traditional port of entry system depends to a large degree on how hard it is to modify or create a passport without being detected.

This article focuses on the fourth biometric scenario known as biometrics limitation scenarios. Badly researched biometric solutions are likely to encounter scenarios where the chosen biometrics technology may not be suitable. Biometrics limitation scenarios will present itself sooner or later depending on the size of the user population and how long biometrics has been employed as a solution. There may be situations where the specific biometric been captured doesn’t apply to someone because the required body part is either missing or just doesn’t conform to the parameters that the biometric system expects. It is also common for biometrics to fail even if the required body part or biometric trait is available for a variety of reasons. The problem is that there’s a pretty broad variation across our species, and some measurements make a lot of assumptions that are based on statistical norms. In order to a biometric solution to work effectively and efficiently, it is important to make accommodations for individuals who are not able to use the system.

Researchers at Biometric Research Laboratory (BRL) within Namibia Biometric Systems (NBS) will continue to further highlight the most common use scenarios and some possible pitfall scenarios for biometrics in the next few articles.

More information on the implementation of biometrics based solutions can be requested from info@namibiabiometricsystems.com