Fingerprint readers have been removed by few companies to be replaced by simple badge readers. This decision made by many security managers is actually enhancing risk level instead of protecting employees.
How to keep security and employee’s health protection during the crisis?
We explain here what measures and considerations should be taken to NOT deactivate fingerprint readers during the crisis.
You have a fingerprint reader to increase security, right? The existing systems based on fingerprint technology are a more trustful system than ID badge or RFID system, because fingerprint assures authorized people to be identity’s holders and not someone holding a badge and trying to break into secured area with others’ credential.
Badges can be stolen and even cloned, but not your fingerprint features.
The General Data Protection Regulations – GDPR and Data Protection Impact Assessment – DPIA are a major issue for many countries, overall in the European Continent.
These countries need to respect the regulated framework for user’s privacy. The legal environment for biometric projects using fingerprint capture are strong well-though and planned by governments and actors in the market. This implies that today, in the current stage, fingerprint and biometric systems are stronger than other systems.
Concerning this structured offer and protection of data, why would a company remove these layers of security in a fingerprint based system ?
Many will think and see the contact biometric technology as a vector to certain diseases or virus. But, the removal of these protection represent a bigger risk than the others.
Indeed, by deactivating biometric systems with already structured framework to low level security appears a bad choice and risk taken.
The deactivation of the system already in function give a breach and higher exposure to attacks in terms of personal data and physical access control amidst others. The risk here is augmented if systems are not active.
Can you as a security manager let this risk happen?
You are not going to remove all contact objects, are you ?
In our daily life and relations, contact is key. Now, if we speak about companies, will you remove door handles or common objects as coffee machine, tables, desks to avoid contact? Probably not, the same is applied to biometrics with fingerprint technology.
“Back to badge” : clearly not the best idea !
The replacement of fingerprint contact readers to badges is far from being ideal in both security and health aspects. It’s to be emphasized that cards can be easily cloned, and have a low security option for protection.
A false sense of security is common in cards or RFID technologies, because it’s difficult to identify an illegitimate entry into the secured area.
Health issues: Badges aren’t hygienic as you think, just because they work through a contactless technology, it does not mean it can reduce virus transmissions. The card in contact with other objects can be turned into a vector. The avoidance of virus transmissions is more about how often do you wash or sanitize your hands than grab contact-objects.
In addition, badges are bigger than fingerprint sensor, this means that there are more contact surface to contain viruses. A sensor measures only 15×20 mm / 0.6×0.8 inches VS a classic card 54x86mm / 2.12 / 3.38 inches).
So what are the recommendations?
Put or leave your fingerprint terminals active, for matters of security. You will maintain a high level of protection.
IDEMIA made several recommendations to clean and sanitize the sensors on its terminals. But we could also recommend that you treat such readers as you treat other objects already mentioned here above, and provide (touchless) hydro-alcoholic gel or wipes dispensers next to them. This way, your employees can clean their hands right after using the fingerprint sensor and the door/handle.
This is maybe an inspiring example: pedal-activated gel dispenser next to the reader and door handle.
Source: Document from Nicolas Raffin – VP of Marketing at IDEMIA
+1 (430) 999-3121 
+33 (0)4 82 82 97 97 
EU is going to centralize in one database 400 million national and non-nationals’ biometric data
BiometricsThe database should be constituted by 2022.
This European Union project is designed based on a <massive database> of biometric data, voted and approved in 2019, the project implementation speeds up. Two French companies, IDEMIA and Sopra Steria, were chosen to constitute this shared database between the union’s countries. A complex task to be executed, since the gathering of biometric data – fingerprints and photos – of more than 400 million people who cross European borders in the Schengen zone. An amount of 302 Million Euros were allocated by the EU for the project.
The main objective of the massive database is to improve <data exchange between information systems in EU to control and secure borders and migrations>. By centralizing the information, it will not be necessary anymore to verify in different databases as Eurodac (European fingerprint register for asylum seekers) or the VIS (Information system for visas) the identity of a person. one centralized database will be more complete and efficient.
Customs, legal authorities and police will have access to this new system to search information about people through their names, fingerprint or photos. The biometric database has a key function in the new European system of borders entries and exits. The system is here to replace the stamp on passports and to register the date and place of entry and exit of people – with a temporary stay visa up to 90 days-, also to register their identity documents.
The biometric system to be share will be one of the most important in the world, because of its integration with different database already existing and with upcoming databases, says the EU in a press release.
An Unique Target
The gathering of biometric data of 400 million people in an unique database raises many problems, one of them is notably the respect to all data privacy terms, interoperability of databases and also aspects of security. Statewatch, an ONG that monitor the states, the justice and interior affairs, the security and civilian liberties in Europe, is against the project.
In parallel , the mega database could make the job easier for hackers and cyber attack that now have a single target, and not multiple sensible databases. The centralization of data can be an giant issues in case of data breach, flaws or security bug. 400 million people’s personal information could be exposed and robbed.
The system project is shared by biometric correspondences (sBMS) and will be done in 2022. This timeline gives time to EU and the two French firms to polish all the details. Two main issues appear as crucial until the deadline time, the respect of data privacy terms inside a shared database and the security of the database itself that protects the data.
Source: Inspired of Jennifer Mertens for 20 Minutes
What uses for biometrics in companies ?
BiometricsThis Saturday, June 13, 2020, Yves Portalier, executive vice-president of activities related to biometrics at IDEMIA explained the new requirements of biometrics for health in the program 01 Business presented by Frédéric Simottel.
During this interview, Yves Portalier clarified the current challenges of contactless biometrics (via facial recognition or fingerprints) in this context of emerging from the global pandemic.
He explains that “fluidity, security and hygiene” are the main advantages of contactless biometrics.
Finally, the exchange highlights the already widespread use in the world of the MorphoWave ™ Compact. This very popular biometric reader sees its popularity growing in the current health context.
You can watch the interview directly below:
Why keep your fingerprints readers ACTIVE in period of crisis is the right Decision
Biometrics, CompanyFingerprint readers have been removed by few companies to be replaced by simple badge readers. This decision made by many security managers is actually enhancing risk level instead of protecting employees.
How to keep security and employee’s health protection during the crisis?
We explain here what measures and considerations should be taken to NOT deactivate fingerprint readers during the crisis.
You have a fingerprint reader to increase security, right? The existing systems based on fingerprint technology are a more trustful system than ID badge or RFID system, because fingerprint assures authorized people to be identity’s holders and not someone holding a badge and trying to break into secured area with others’ credential.
Badges can be stolen and even cloned, but not your fingerprint features.
The General Data Protection Regulations – GDPR and Data Protection Impact Assessment – DPIA are a major issue for many countries, overall in the European Continent.
These countries need to respect the regulated framework for user’s privacy. The legal environment for biometric projects using fingerprint capture are strong well-though and planned by governments and actors in the market. This implies that today, in the current stage, fingerprint and biometric systems are stronger than other systems.
Concerning this structured offer and protection of data, why would a company remove these layers of security in a fingerprint based system ?
Many will think and see the contact biometric technology as a vector to certain diseases or virus. But, the removal of these protection represent a bigger risk than the others.
Indeed, by deactivating biometric systems with already structured framework to low level security appears a bad choice and risk taken.
The deactivation of the system already in function give a breach and higher exposure to attacks in terms of personal data and physical access control amidst others. The risk here is augmented if systems are not active.
Can you as a security manager let this risk happen?
You are not going to remove all contact objects, are you ?
In our daily life and relations, contact is key. Now, if we speak about companies, will you remove door handles or common objects as coffee machine, tables, desks to avoid contact? Probably not, the same is applied to biometrics with fingerprint technology.
“Back to badge” : clearly not the best idea !
The replacement of fingerprint contact readers to badges is far from being ideal in both security and health aspects. It’s to be emphasized that cards can be easily cloned, and have a low security option for protection.
A false sense of security is common in cards or RFID technologies, because it’s difficult to identify an illegitimate entry into the secured area.
Health issues: Badges aren’t hygienic as you think, just because they work through a contactless technology, it does not mean it can reduce virus transmissions. The card in contact with other objects can be turned into a vector. The avoidance of virus transmissions is more about how often do you wash or sanitize your hands than grab contact-objects.
In addition, badges are bigger than fingerprint sensor, this means that there are more contact surface to contain viruses. A sensor measures only 15×20 mm / 0.6×0.8 inches VS a classic card 54x86mm / 2.12 / 3.38 inches).
So what are the recommendations?
Put or leave your fingerprint terminals active, for matters of security. You will maintain a high level of protection.
IDEMIA made several recommendations to clean and sanitize the sensors on its terminals. But we could also recommend that you treat such readers as you treat other objects already mentioned here above, and provide (touchless) hydro-alcoholic gel or wipes dispensers next to them. This way, your employees can clean their hands right after using the fingerprint sensor and the door/handle.
This is maybe an inspiring example: pedal-activated gel dispenser next to the reader and door handle.
Source: Document from Nicolas Raffin – VP of Marketing at IDEMIA
Development of a Regulatory and Ethical Framework on Facial Recognition Technology
BiometricsThis project is part of the World Economic Forum’s Shaping the Future of Technology Governance: Artificial Intelligence and Machine Learning
How can we preserve human rights concerns in the advent of facial recognition technology?
Facial recognition offers a seamless experience throughout identification processes, offering also a high-level of security.
This technology is considered to be a non-invasive method in which we do not get interrupted, stopped or in contact with any devices. Seamless and contactless experience are keywords.
Good or bad, the technology retains personal data of many citizens. And it’s a right to know by whom, to what purpose and for how long our personal data is used and kept.
While algorithms increase as fast pace the accuracy score and machines’ responsiveness, the policy and regulations still have a long way to go.
Thinking of this 2020 trend growth of facial recognition use, enhanced by sanitary crisis, world leaders in technology, digital identity and biometrics gathered with policy-makers, civil society representatives and academics to develop a governance framework, delimiting the use and safe conditions of the technology.
4 steps to build a framework that ensures trustworthy were made in a pilot phase by companies and IDEMIA, MICROSOFT, AFNOR, SNCF, AWS among others:
The framework takes into account different use-cases and applications across jurisdictions. For instance: Access control, safety in public spaces, marketing and KYC services, healthcare, etc.
Sources:
https://www.idemia.com/news
https://www.weforum.org/projects/responsible-limits-on-facial-recognition-technology
Interoperability standards for Biometrics
Biometrics, UncategorizedBiometric data interchange formats enables the interoperability of different biometric systems. Plenty of applications and hardware are intended for surveillance, border control, healthcare, boarding pass among others. Given this variety of biometric systems and the rapidly evolution in biometric technology, It exists many suppliers with dissimilar devices relying on minutiae-based, pattern-based or other algorithms.
In anticipation to avoid compliance and interoperability issues between different systems, the ISO experts’ committee alongside the International Electro-technical Committee (IEC) developed a third generation of data interchange format presented in a Common Biometric Format Framework (CCBEF).
With the wide-range of biometric products, the third and brand new framework is addressed to open systems, which requires the use of an interoperable, open standard allowing enrollment and recognition components to be supplied from different manufacturers. While closed system has specific applications, e.g. the physical access control to a datacenter, it can be designed and implemented under proprietary format standards.
Concretely, the establishment of an image-based representation of fingerprint information will not rely on pre-established definitions of minutiae, patterns or other types. It will provide implementers with the flexibility to accommodate images captured from dissimilar devices, varying image sizes, spatial sampling rates and different greyscale depths. Use of the finger image will allow each vendor to implement their own algorithms to determine whether two fingerprint records are from the same finger.
Said so, the open system allows the same biometric reference to be read by different applications. Applications that are different in nature will therefore require the biometric data to be encoded in one harmonized record format. For instance, the read of trusted travelers’ document by air companies or the use of eGovernment software demand an unique format to be exchanged in different biometric readers.
The international standards for biometric data have just been published and are composed by different parts, it can be seen here in the links:
The different parts above will cancel and replace the correspondent parts in the ISO/IEC 19794, that define the framework for interoperability biometric data, specially for fingerprint and face images.
The changing will be adopted by the International Civil Aviation Organization (ICAO) during this year. It has as a basis the 9303 regulation relative to readable travel documents by biometric machines. Other parts will be added up to the ISO/IEC 39794, notably to specific data as vascular images, iris and whole body capture.
Accordingly to Patrick Grother, President of ISO/IEC Technical Committee and in charge of ISO/IEC 39794, the released part form the last framework of international regulations, it takes a large horizon covering wide range of questions related to interoperability in the biometrics:
« We understand to elaborate agreed regulations concerning an international scope for different biometric modals, taking into account the range of applications, the nature which is often sensitive to data and the exigencies in regulation. », he explains.
The parts were developed by a mix committee ISO/IEC JTC 1, Information Technology sub-committee SC 37, Biometrics, which the secretariat is assure by ANSI, member of ISO in the United States of America. They are available directly from ISO members in your country or at ISO Store
Based on:
https://www.iso.org/obp/ui#iso:std:iso-iec:39794:-4:ed-1:v1:en
https://www.iso.org/fr/news/ref2478.html