How to increase security in personal identification and access control systems

We have already written about how to control the perimeter and the situation inside the warehouse, store, parking lot and other objects using a video surveillance system. But any security system gives the maximum effect only when it uses several technologies at the same time. And it is this synergy that we consider next.

At once, we say that we did not set as our goal to cover all the technologies of video surveillance and access control systems in a short article. Our goal is to show how you can, by combining various technologies, increase the level of security of the protected object.

Sees an eye ...

')
No modern store can do without cameras. They help the director not only to prevent various illegal actions, but also to resolve conflict situations promptly.

We have already told how using our system it is possible to control the cashier zone and deal with queues. And now we’ll dwell more on the issues of combating theft in the sales area and controlling access to service premises.

The head of security service (SB) of a large store opened up professional secrets to us.

The sales area of ​​the store occupies two floors, plus there are warehouses in the basement and a parking lot on the street. The company also has several remote warehouses. Naturally, when developing a security system, the task appeared to get complete control over all protected objects. According to our interlocutor, it is not difficult to block the entire territory of the trading hall with cameras, which was done.

In the halls and at the box office now there are about 30 cameras installed that carry a constant "duty" and help the security staff to monitor emergency situations. Cameras are also installed to monitor the parking lot, and in places with zero lighting at night, infrared floodlights are used.

Three female operators work on monitoring the video coming from the sales area. According to the head of the Security Council, women better cope with the routine work of monitoring the monitors.

But that is not all. It is obvious that no camera provides one hundred percent protection against theft. Video surveillance is great, but after all, intruders often come into the store, who, before committing theft, carefully study the installation sites of the cameras. And to combat such offenders, the face recognition technology is ideal, because once in the camera's field of vision, the offender is blacklisted. When it appears, the camera operator immediately receives a signal that an unwanted guest is present in the hall.

In addition to the technical means of control, there are full-time operational staff in the trading premises. Operatives observe the order and receive information from the operators.

Sim-Sim, open up

When installing the security system, the store management immediately raised the issue of controlling personnel access to the store's warehouse and remote storage facilities. After analyzing the various solutions that are on the market, the management focused on a combination of two technologies for protecting doors and turnstiles, namely Smart-cards and face recognition.

The first method has long been used as part of access control systems. Ivideon is integrated into Access Control and Management Systems (ACS) GuardSaas and RusGuard , which allows you to customize the reactions in the system (video recording of any ACS events) with the possibility of their associated viewing directly from the logs.

The choice of a combination of smart access cards and face recognition for access control is explained very simply.

Smart card readers and the cards themselves are highly reliable, relatively inexpensive, easy to set up, and resistant to mechanical stress.

We were told that one employee wore a card on a cord and, bending down, accidentally dropped it into an office shredder. Apparently, his cutters did not damage the antenna, and the card did not fail. Well, from the stories about trampled in the mud, sunk in the water and continuing to work cards, you can collect a whole collection.



When trying to establish control over the working time of employees, especially in remote warehouses, with the help of the Smart-card system, the management rather quickly found out that the system is easy to fool. After all, this is a regular store, and if an employee sends his card to a colleague and asks him to fix the care on time, and he leaves earlier, then according to the electronic timesheet, he will be registered full time at work, and in fact - less.

And that is why it was decided to combine the technology of smart-cards and face recognition. The combination of these two methods gave an excellent result: even if a dishonest employee tries to leave work earlier and does not fix it with a card, the camera will automatically track his departure.

Biometric control

©

The real example of a store shows very well how important it is for businesses not only to obtain visual information about the operation of an object, but also to distinguish between levels of access for various employees to business premises.

The use of smart-card technology today is the simplest way to control access to service premises. Instead of cards, various key rings, both contact and non-contact, can be used.

these devices have one major drawback: they have nothing to do with the specific employee to whom they were issued. Consequently, in order to gain access to a protected room, it is enough just to take possession of a card or a key fob.

Of course, protection of the card with a PIN-code improves the situation a little, but it works only with self-discipline, because most people like to write down the PIN on the card itself, “so that it is always at hand”.

Therefore, in cases where you need to provide increased protection of the premises from unauthorized entry, biometric access control systems come to the rescue.

Just want to say that there is no system that will provide you with complete protection against penetration into the security zone. But if an intruder attempts to penetrate, he will lose valuable time and will inevitably make mistakes, and this will give a good chance to the security service to quickly respond to the incident.

Attach a finger

©

Everyone is well aware that the imprint of papillary lines on the fingers is unique for each person and provides almost error-free identification. And most importantly, the drawing almost does not depend on the state of human health, in contrast, say, to the voice. Therefore, fingerprint scanners were the first to enter the access control market.

In the scanner sensor matrix of LEDs illuminates the finger, and the digital camera at this moment makes a photo of the print. Next, the snapshot is processed by mathematical algorithms, evaluating its quality and forming information about the owner, which will be entered into the database.

As in forensic science, all basic patterns of papillary lines are divided into three types of programs: arc, loop and curl. The task of the algorithm is to first determine the type of pattern, and then search for the minute, as the professionals call the place where the pattern ends. It is the minutes and their locations determine the uniqueness of prints. The scanner recognizes their relative position and the pattern they form, which is divided by the program into small zones, including a fixed number of minutes.

Note that not one, even the most complex, scanner compares all lines of patterns. It searches for only certain patterns in the blocks and compares them with the values ​​in the database. If they match, then the print belongs to one person.

Now a variety of models of fingerprint readers on the market, in the hundreds. You can use various types of scanners, ranging from the simplest of the “put your finger and enter” series to complex composite devices that may, for example, require you to enter a special code, say a key phrase or confirm credentials using a Smart Card.

Any modern scanner is capable of storing in its memory information about hundreds of thousands of employee fingerprints, and can be easily integrated into the access control system as well as into the staff time tracking program.

For fans of detectives and spy movies, we say that it is quite difficult to deceive modern devices. Forget about your favorite trick with transferring a print using a laser printer toner to an adhesive tape! You just get dirty, and the scanners have ceased to respond to this "durilku" already 15 years ago. So leave this trick to action movie writers and actors.

Do not deceive a serious scanner and also favorite filmmakers scheme with the attachment of an amputated finger. Powerful expensive scanners are able to distinguish a living tissue from a dead one. And what can go with an inexpensive scanner built into a smartphone, a serious device will ignore or raise an alarm.

Of course, on the Internet you can still find quite a few ways to “cheat” a fingerprint scanner, besides those described by us, but you should not think that the developers of these devices are idle. If the hacking technology is published, then it can be argued that with high probability the creators of these devices have already found a way to deal with it. Or is about to find.

By the way, fingerprint scanners are used not only in special services or banks. We quite often came across these devices in ordinary offices. So, this technology has long been transferred from the category of exotic to the ordinary for business.

Show your hand

©

The next most popular authentication method is scanning a pattern of veins in the palm of your hand. There are quite a few devices of this type on the market.

As in the case of using a fingerprint scanner, the control “impressions” of all persons allowed into the room are recorded in the device’s memory or on the server. And if you need to increase protection, you can purchase a combined reader, which requires, for example, additional confirmation of the credentials of an incoming person using a personal code or Smart card.

At the time of this writing, we were able to find only one way of cheating this system.

Engineers Jan Krissler and Julian Albrecht from the Technical University of Berlin have proposed a very simple and effective way to “inflate” the scanner. They transferred the pattern of the veins of the palm to paper and covered it with a layer of red wax; the scanner could not recognize the fake print. More details in the video:


This method is suitable for the laboratory, but not too useful in real life, because it requires serious preparation.

Your eye is your pass.

©

So, we got to the "main character" of most spy and adventure films: the iris scanner. Like fingerprints, the iris pattern of each person’s eyes is unique. That is why it is also an important factor in biometric identification. Unlike fingerprints, it is almost impossible to forge an iris pattern, plus, according to research, it is not subject to age-related changes.

When scanning the iris, irradiation of the eye with infrared radiation of the near spectrum is used, and the built-in digital camera captures the iris pattern. Then the mathematical algorithms that analyze and process the photo come into play.

Note that the use of infrared rays during scanning allows devices to operate in complete darkness. Do not become an obstacle for the scanner ordinary glasses and contact lenses.

From the description of the principle of operation of the device, we can make the erroneous conclusion that we face an absolutely resistant to hacking system. If we leave fingerprints or palms almost everywhere, and they can be easily obtained and tried to use for hacking the biometric authentication system, then we definitely don’t light up the iris pattern. As experts say, you can hack any security system, the only question is the time and resources that are needed for this.

And since the iris scanners began to be embedded in ordinary smartphones, the number of people willing to try out such protection for strength has greatly increased.

In particular, we managed to find a description of the way that the Chaos Computer Club experts managed to fool the iris scanner installed in the Samsung Galaxy S8 smartphone. Using a conventional camera, printer and contact lens, they broke into biometric protection and got access to the data in the smartphone. See the link for more details.

Say "aaaaa"

©

Now let's talk about voice recognition systems. Attempts to recognize a person by voice were made a long time ago. No matter how paradoxical it sounds, the more serious the technical and software methods of sound processing became, the less reliable this identification method became. However, judge for yourself.

Any voice recognition system is a combination of a sensitive microphone with an amplifier and a digital signal processor ( DSP ), “sharpened” for processing and analyzing information received from a microphone. And it is the built-in DSP algorithms that ensure user identification and protect the system from hacking.

Yes, the timbre of the voice, its spectral composition, manner of speech, ways of pronunciation of phrases are different for each of us. But if fingerprints remain on any object we touch, then the situation is even worse with voice. His sample can be obtained without straining.

Even if a certain phrase needs to be said for access to a room, then no one prevents an attacker from composing it from individual words in any audio editor, and then playing it into the reader’s microphone, using, for example, your smartphone.

Another drawback of voice recognition systems is the susceptibility of the voice to age-related changes, various injuries to the face and larynx, and its distortion during illness. Given all the above, a person’s voice authentication systems are used very rarely separately. They are most effective when working in dual identification systems, where they can complement, for example, a fingerprint scanner or a palm.

Hardware face control

© Vasya Lozhkin

Due to the massive use of smartphones, user authentication technology for three-dimensional photographs of the face has become very popular.

Already, in some retail chains, the possibilities of organizing completely autonomous stores, in which there are no usual sellers and cashiers, are being tested. Agree that this structure of outlets requires a different approach to work and security services.

It is not difficult to imagine a shop selling luxury watches or jewelry on the club system. Before visiting such a salon, you will be asked to provide your biometric data in advance, and only after scanning them at the entrance will the doors open in front of you. Then, taking into account your interests, the holographic guide will show you the most suitable range of products, and you can choose and try on the model you are interested in.

Payment of purchase, of course, will be made also with the help of biometric authentication.

If this approach seems fantastic to you, remember that quite recently the head of Sberbank G. Gref announced the imminent transition of the company to biometric identification of customers. Other banks do not stand aside from this initiative.

Already, in many of them, you can voluntarily surrender your biometric data and then use them instead of a passport. So the times when we submitted our passports to bank employees will soon become history!

Instead of conclusion

The maximum protection of the object is ensured by the combined use of several technologies - for example, the Ivideon ACS . While the developers have not created a single ideal system that guarantees one hundred percent protection against hacking or deception. But the use of several systems together can significantly complicate the life of an attacker and give the security service a temporary odds to identify and prevent attempts to penetrate the object.