Directorio de información

ShowRoom

Biometric Security Solutions
Physical security — controlling personnel access to facilities — is critical to achieving data center availability goals. As new technologies such as biometric identification and remote management of security data become more widely available, traditional card-and guard security is being supplanted by security systems that can provide positive identification and tracking of human activity in and around the data center. Before investing in equipment, IT managers must carefully evaluate their specific security needs and determine the most appropriate and cost-effective security measures for their facility.

Room Elements:

10-01-2012 9:50
Smart+, our SmartCity Model, becomes a model supported by a Technology Platform in the Cloud Computing philosophy, multi-channel multi-device Services for Integrated Smart Entities (Buildings, Communities, Cities, States, …) enabling new models of Management, aligning technological strategies and sensing infrastructure for the provision of Common Services. ennCloud goal is to achieve a more efficient and effective 21st century public infrastructure system, creating new ecosystem for the different actors involved.
09-01-2012 10:14
SIGTB is based on open architecture and new generation designed to accelerate business processes and cycles of any financial institution, to align technology and business. It becomes a Technology Platform for the Development Bank Cores philosophy based on configurable and modular, enabling high efficiency in its evolution derived from the functional, technological and policy of any entity.
08-01-2012 17:52
maat International has developed GLIMP Infrastructure, a Cloud enable Technological Infrastructure that supports all the intermodal requirements of the distribute trading partners –operators, users,...–, which enables the achievement of significant improvements in productivity, competitiveness, cost reduction, optimization of time and eliminating inefficiencies in the new emerging Logistics Networked Supply Chain Sector of Conteneraized Traffic.
07-01-2012 9:30
Virtual Livestock Unit (eGanadero) is the tool that granted to producers interact with management in an agile and efficient, able to initiate and access their conventional procedures in a telematics, from internet-connected device (PC, laptop, smartphone , ...) It is currently integrated with existing systems of Castilla La Mancha and the Ministry of Agriculture of Spain. The platform enables rapid development, taking as a starting point to clear advantages over systems administration management sector.
06-01-2012 18:34
maat International has developed the maat eGovernment Platform to propel the modernization of the Public Administration. It also encourages the interactive use of information and communication technologies on the part of the citizens and presents itself as an efficient, open and multi-channel alternative for information and management systems pertaining to Public Administration.
  • 1
  • 2
  • Siguiente

Introduction

When Mission Critical Facilities security is mentioned, the first thing likely to come to mind is protection from sabotage, espionage, or data theft. While the need is obvious for protection against intruders and the intentional harm they could cause, the hazards from ordinary activity of personnel working in the Facilities present a greater day-to-day risk in most facilities.

People are essential to the operation of a Mission Critical Facility, yet studies consistently show that people are directly responsible for 60% of Facilities downtime through accidents and mistakes. With human error an unavoidable consequence of human presence, minimizing and controlling personnel access to facilities is a critical element of risk management even when concern about malicious activity is slight.

Identification technology is changing as fast as the facilities, information, and communication it protects. With the constant appearance of new equipment and techniques, it's easy to forget that the age-old problem this technology is trying to solve is neither technical nor complicated: keeping unauthorized or ill-intentioned people out of places where they don't belong. And while the first step, mapping out the secure areas of the facility and defining access rules, may produce a layered and complex blueprint, it isn’t intuitively difficult — IT managers generally know who should be allowed where. The challenge lies in the second step: deciding how best to apply less-than-perfect technologies to implement the plan.

  1. Who are you, and why are you here?.
  2. Methods of identification. Reliability vs. Cost.

While emerging security technologies may appear exotic and inscrutable — fingerprint and hand scans, eye scans, smart cards, facial geometry — the underlying security objective, unchanged since people first started having things to protect, is uncomplicated and familiar to all of us: getting a reliable answer to the question "Who are you, and why are you here?"

The first question — "Who are you?" — causes most of the trouble in designing automated security systems. Current technologies all attempt to assess identity one way or another, with varying levels of certainty — at correspondingly varying cost. For example, a swipe card is inexpensive and provides uncertain identity (you can't be sure who's using the card); an iris scanner is very expensive and provides very certain identity. Finding an acceptable compromise between certainty and expense lies at the heart of security system design.

The answer to the second question, "Why are you here?" — in other words, what is your business at this access point — might be implicit once identity has been established (“It’s Alice Wilson, our cabling specialist, she works on the cables — let her in”), or it can be implemented in a variety of ways: A person's "who" and "why" can be combined — in the information on a swipe-card’s magnetic strip, for example; a person's identity could call up information in a computer file listing allowable access; or there could be different access methods for various parts of the facility, designed to allow access for different purposes. Sometimes "Why are you here?" is the only question, and "Who are you?" doesn't really matter — as for repair or cleaning personnel.

Methods of identifying people fall into three general categories of increasing reliability — and increasing equipment cost:

What you have - Least reliable (can be shared or stolen)

What you have is something you wear or carry — a key, a card, or a small object (a token) that can be worn or attached to a key ring. It can be as “dumb” as an old fashioned metal key or as “smart” as a card having an onboard processor that exchanges information with a reader (a smart card). It can be a card with a magnetic strip of information about you (such as the familiar ATM card); it can be a card or token having a transmitter and/or receiver that communicates with the reader from a short distance (a proximity card or proximity token). What you have is the least reliable form of identification, since there is no guarantee it is being used by the correct person — it can be shared, stolen, or lost and found.

What you know - More reliable (can’t be stolen, but can be shared or written down).

What you know is a password, code, or procedure for something such as opening a coded lock, verification at a card reader, or keyboard access to a computer. A password/code presents a security dilemma: if it’s easy to remember, it will likely be easy to guess; if it’s hard to remember, it will likely be hard to guess — but it will also likely be written down, reducing its security. What you know is more reliable than What you have, but passwords and codes can still be shared, and if written down they carry the risk of discovery.

Who you are - Most reliable (based on something physically unique to you)

Who you are refers to identification by recognition of unique physical characteristics — this is the natural way people identify one another with nearly total certainty. When accomplished (or attempted) by technological means, it’s called biometrics. Biometric scanning techniques have been developed for a number of human features that lend themselves to quantitative scrutiny and analysis:

  • Fingerprint
  • Iris (pattern of colors)
  • Retina (pattern of blood vessels)
  • Hand (shape of fingers and thickness of hand)
  • Voice
  • Face (relative position of eyes, nose, and mouth)
  • Handwriting (dynamics of the pen as it moves)


Our Access Control Devices

Cards and tokens: “what you have”

  • Magnetic stripe card.
  • Barium ferrite card (also called a “magnetic spot card”).
  • Weigand card, a variation of the magnetic stripe card.
  • Bar-code card carries a bar code.
  • Infrared shadow card
  • Proximity cards (sometimes called a “prox cards”)
  • Smart card

Keypads and coded locks: “what you know”

Keypads and coded locks are in wide use as a method of access control. They are reliable and very user-friendly, but their security is limited by the sharable and guessable nature of passwords. They have familiar phone-like buttons where users punch in a code — if the code is unique to each user it’s called a personal access code (PAC) or personal identification number (PIN). Keypad generally implies the ability to accept multiple codes, one for each user; coded lock usually refers to a device having only one code that everyone uses.

The security level of keypads and coded locks can be increased by periodically changing codes, which requires a system for informing users and disseminating new codes. Coded locks that don’t have their code changed will need to have their keypad changed periodically if a detectable pattern of wear develops on the keys. As with access cards, keypad security can be increased by adding a biometric to confirm user identity.

Biometrics: “who you are”

Biometric technology is developing fast, getting better and cheaper. High confidence affordable biometric verification — especially fingerprint recognition — is entering the mainstream of security solutions. Many vendors now supply a wide range of biometric devices, and when combined with traditional “what you have” and “what you know” methods, biometrics can complement existing security measures to become best practice for access control.

Biometric identification is typically used not to recognize identity by searching a database of users for a match, but rather to verify identity that is first established by a “what you have” or “what you know” method — for example, a card/PIN is first used, then a fingerprint scan verifies the result. As performance and confidence in biometric technology increase, it may eventually become a stand-alone method of recognizing identity, eliminating the need to carry a card or remember a password.

There are two types of failures in biometric identification:

  • False rejection — Failure to recognize a legitimate user. While it could be argued that this has the effect of keeping the protected area extra secure, it is an intolerable frustration to legitimate users who are refused access because the scanner doesn’t recognize them.
  • False acceptance — Erroneous recognition, either by confusing one user with another, or by accepting an imposter as a legitimate user.

Failure rates can be adjusted by changing the threshold (“how close is close enough”) for declaring a match, but decreasing one failure rate will increase the other.

Considerations in choosing a biometric capability are equipment cost, failure rates (both false rejection and false acceptance), and user acceptance, which means how intrusive, inconvenient, or even dangerous the procedure is perceived to be. For example, retinal scanners are generally considered to have low user acceptance because the eye has to be 1-2 inches from the scanner with an LED directed into the eye.