to a PC, which allows control of all the HK IIinstallations from one location.

Several HK II readers are also protecting thecomputer facilities at Internet Gold.

At Tel Aviv University, the School of ElectricalEngineering has installed a system to controlaccess to its clean rooms. Only authorised per-sonnel can enter and exit the facilities at designatedtimes. A special key pad connected to the HK IIis used to confirm that the person requesting exithas not exceeded the time they are allowed in thefacilities.

The unit is also used as a biometric punch clock.This allows the School to bill clients accurately fordevelopment time spent on their projects. Theproblem with systems using PIN codes or mag-stripe cards is that they can easily be tricked toincrease the apparent number of hours worked.

The Israeli military are using readers to securefacilities holding secure documents. This partic-ular system has been piloted for just over twomonths and has put the false acceptance rate(FAR) at a level of 99.99%. According to Opticon,if the pilot proves successful approximately 20units will be installed.Contact: Yona Flink at Opticom Technologies,Tel: +972 3 5100170, Fax: +972 3 5100171,email: opticom@mail.iol.co.il

Education/Physical Access Control

Biometrics are recognisedin schools security report

A seven-year study into school security hasrated biometrics as the highest security option forensuring secure entry to buildings and class-rooms.

The study by the Department of Energy’s(DOE) Sandia National Laboratories (Btt March’98, p11) put biometrics ahead of security guards,ID cards and PIN cards in security terms.

The handbook aims to offer practical guidanceto school officials on many aspects of security,including video surveillance, weapons detectiondevices, entry methods and duress alarms.

For entry control, the study highlighted thestrengths and weaknesses of each approach aswell as typical costs (see Table 1).

Biometrics are seen as a high cost option in thestudy with stand-alone units costing US$1,200-US$5,000 and networked systems overseeing sev-eral doors costing between US$10,000-US$50,000.The security guard option, however, is moreexpensive, costing between US$8,000-US$30,000per year per guard depending on region.

News

4 • Btt December 1999/January 2000

SSttrreennggtthhss WWeeaakknneesssseess CCoossttss**

SSeeccuurriittyy gguuaarrdd Can do more than check ID Boredom may lead to carelessness US$8,000-30,000((IIDD ccaarrdd oorr ootthheerr mmeeaannss ooff IIDD)) Prevent multiple entry Possible dishonesty (checks required) per guard per year

Notice strange behaviour Failure to notice false ID

IIDD ccaarrdd wwiitthh aauuttoommaattiicc rreeaaddeerr No manpower Multiple entry** Card printer systemMature technology Cards can be lent or stolen US$6,000-8,000Cards mainly tamperproof Readers subject to vandalism US$1 per contact card***Validation switched on/off Maintenance overhead US$150-300 per readerDatabase updating required Computer US$2,000-3,000

PPIINN nnuummbbeerr oonn aa kkeeyyppaadd Stolen card no use Higher administrative effort Stand alone key pads US$200Mature technology Multiple entry** Network systemsValidation switched on/off Forgotten PIN US$ 1,200-2,000No manpower Cards/PINs can be lent or stolen Card costs if usedVandalism/malfunction

BBiioommeettrriicc ddeevviiccee Cannot be lent or stolen Not all user friendly Standalone unitNothing to forget Multiple entry** US$1,200-5,000No manpower Technology immature in some cases Network for several doorsValidation switched on/off Vandalism threat US$10,000-50,000Speed of use

*Hardware pricing is from second half of 1998. ** Unless used in conjunction with a floor-to-ceiling turnstile *** US$3-10 if contactless cards are desiredSource: Sandia National Laboratories

Table 1: School entry methods – the strengths, weaknesses and costs

Although the report states that ID cards read-able by an electronic device are probably the mostviable technology for schools to consider, it doeshighlight various cases where hand geometryreaders have been used to verify custodial parentsin New Mexico.

There have also been other publicised schoolinstallations, such as at the Harriet B Stowe pri-mary school in Chicago (Btt September ’99, p4),which integrated a fingerprint system fromIdentix at a total implementation cost ofUS$100,000. Nevertheless, it seems that biomet-rics could still be too much of an expensive optionfor most cash-strapped schools.

Biometric systems were also reported as beingmore difficult to use and as an immature tech-nology in some cases. The systems could also besubject to vandalism and an authorised personcould allow an unauthorised person entry, unlessfloor-to-ceiling turnstiles are used.

On the positive side the accuracy of biometricswas highlighted, as was the advantage of nothaving to remember anything, such as a PIN orcard.

The document is available on the website athttp://www.doe.gov/schoolsecurity/pdf.htm.Contact: Mary Green, at Sandia National Laboratories, Tel: +1 505 844 7746, email: mgreen@sandia.gov

E-commerce

Electronic signaturelegislation passed

The US House of Representatives has passedthe “Electronic Signatures in Global and NationalCommerce Act”, HR 1714 or E-SIGN. This legis-lation is designed to give electronic signaturesand records the same legal significance as a writ-ten contract.

The bill was passed by a resounding margin of365-66. Biometrics are specifically mentioned in thetext of the bill, following pressure by groups, suchas the International Biometric IndustryAssociation (Btt May ’99, p2).

The relevant section of the bill reads: “An elec-tronic signature is the digital equivalent of a hand-written signature. It is a generic term that describesa variety of methods by which an individual cansign an electronic record. Electronic signaturescan range from simply typing a name at the endof an e-mail message, to a digital signature, to a

unique biometric identifier such as a fingerprintor iris scan.”

The final form of the bill will most likely besigned in the New Year. A copy of the bill’s textcan be found via http://www.house.gov.

Physical Access control

Biometric watch arms itself for everyday use

Further details have emerged on a biometricwatch that could obtain a subcutaneous infraredabsorption profile of a wearer’s wrist for verifi-cation purposes.

The Biowatch, developed by inventor Joe Rice atVeincheck, would use an opto-electronic braceletto obtain the profile, which it would compare witha previously recorded template.

The biometric watch extends the idea of watch-embedded smart cards that are already in use inEurope and Australia. Although the Biowatch isstill at the concept stage, it would probably becombined with voice verification technology.

Rice told Btt that the Biowatch would combinebiometrics and smart cards to provide a wristworn biometric agent that would communicate toperipheral devices, such as cars and office doors,via standard IrDA or RF communications proto-cols (Btt July/August ’98, p12).

Biowatch would only need to go through a bio-metric verification procedure once a day, becausewhile the watch is strapped to the owner’s wristit would remain in a biometrically armed state.

The watch would take advantage of standardpublic key cryptography to ensure that the bio-metric template is kept secret and held within thewatch.

Only an authorisation code would be trans-mitted, encrypted by the user’s private key. Thisapproach would alleviate “big brother” issuesthat can arise when biometric information is storedin large databases.

Alost biowatch would not necessarily lock a userout of all its peripheral devices either. Your house,car or computer, for example, would recognisealternative private and public access keys gener-ated by a new biowatch, according to a crypto-graphic hierarchy. They would then void all publicaccess keys associated with the lost watch. Contact: Joe Rice at Veincheck,Tel: +44 115 914 0759 Fax: +44 1623 722093,email: joerice@innotts.co.uk

Btt December 1999/January 2000 •• 5

“The future does not lie in large scale quasi-totalitarian biometricsystems. Biometrics needto meet customer and userrequirements for security,privacy, convenience andacceptability. Personalbiometric systems that thepeople own and controlthemselves fit theserequirements.”

Joe Rice, Veincheck

News