Over 4,000 workers at the Port of Halifax in Nova Scotia are lending a hand to significantly improve security at the Canadian port.
Beginning as early as the end of November, port workers will be authenticated for entry and exit at some 2,200 access points around the port, using biometric-based hand vascular pattern recognition technology from security access provider Identica Canada Corp.
The technology rollout is part of a $20-million technology infrastructure upgrade that the Port of Halifax is currently undergoing to modernize and enhance security at the terminals, according to Gord Helm, manager of marine security and cruise operations at the Halifax Port Authority.
The type of biometric that will be used for the project was an important factor from the very beginning, Helm says.
“For our purposes, the environment that we’re working in, the temperature and the weather parameters that we are dealing with, plus the stakeholders that we’re dealing with, iris scanning and fingerprint (biometric) weren’t really an option,” he says.
One of the main concerns about iris scanning and fingerprinting raised by port workers was the intrusiveness and perceived privacy implications of the technology, says Helm.
“We have challenged industry back a year ago to come up with a comparison study on vascular scan versus hand geometry because through consultation with labour, it was determined that those were the least intrusive and least problematic forms and also provided a high degree of efficiency and effectiveness,” Helm says.
The port eventually decided to go with vascular scanning technology, which not only satisfied labour and stakeholder concerns, but also required less network accommodation than the other biometric solutions. “Our (hand vascular) template is 280 bytes fully encrypted. It’s a very, very small template so it really doesn’t have an issue with congestion on the network,” Helm says.
All in the hands Identica’s hand vascular pattern recognition technology involves a person presenting the back of his hand to a biometric reader, which in turn identifies the person by matching the vascular patterns to a pre-created template. The template is generated upon enrolment of an employee to the security access control system.
In the case of the Port of Halifax, the template is stored in a smartcard issued to the employee who owns that biometric template. When the employee presents himself to an access point, he would present both his smartcard and the back of his hand to the biometric reader for authentication. The reader then matches the actual hand to the template stored on the card.
The Port of Halifax covers over 240 acres of land that serves as a docking point for many international seafaring cargo vessels and a gateway to Atlantic Canada and the U.S. northeast.
As one of the largest sea ports in North America, the Halifax port has a mandate to move into “creating a very believable security envelope” around its vast property, says Bob Binns, president of Unisys Canada.
Unisys provides the database creation and technology integration for the Port of Halifax’s upgrade project.
Binns claims the Nova Scotia sea port is the first port in the world to ever deploy the hand vascular pattern recognition technology.
Smartcards played a significant role in keeping the biometric implementation seamless and simple for both the users and the IT staff. “You have got to have 100 per cent compliance here across 4,000 people,” Binns says, explaining that keeping the vascular templates on the smartcard, not in a backend database, alleviated some of the privacy concerns among stakeholders.
The dual authentication system using the smartcard and the user’s actual hand imprint also reduces the risk of unauthorized access. “If a stranger finds your card, he can’t hack the algorithm unless he has the hand,” Binns says.
In many biometric-based security implementations, smartcards typically serve as complementary technology, according to Terry Wheeler, president and chief operating officer of Identica Holdings Corp.
“Smartcard is probably the number one selling solution for (biometric applications),” Wheeler says. “It simplifies the implementation as well; if you’re storing the (biometric) template on the network, then you need network infrastructure in the backend and servers.”
At the port of Halifax, with over 29 kilometres of coastline to cover, having to put up network infrastructure to store templates and rely on that to verify users would have entailed a significant investment and been difficult to deploy, Wheeler adds.
Prior to the hand vascular biometric deployment, the Port of Halifax already had an existing smartcard-based security access technology from Lenel Systems. Integration with Lenel proved seamless, says Wheeler.
“The enrolment process takes about ten seconds,” he says.
The Port of Halifax isn’t the only port in Canada using the biometric-smartcard duo for access control.
The Canadian Air Transportation Security Authority has also embarked on a massive security upgrade across 29 Canadian airports through a program called the Restricted Area Identification Card (RAIC).
The program involved dual authentication using fingerprint biometrics from Markam, Ont.-based Bioscrypt Inc. and chip-based smartcards. Over 100,000 airport workers have been enrolled in the RAIC program to date.
And like the Port of Halifax, the templates are stored on the smartcards, instead of in a central database. According to Bioscrypt’s vice-president of marketing, Matthew Bogart, this was an ideal set up for a rollout as extensive as the RAIC program.
The transportation industry has been among the highest adopters of biometric solutions. According to Identica’s Wheeler this industry has been a “solid market” for his firm.
Biosrcypt, too, has been getting uptake from the transportation sector. In addition to Canadian airports, its biometrics technology is also being used south of the border.
Bioscrypt also offers 3D facial recognition techno-logy, called VisionAccess 3D, as an alternative to fingerprint-based access control system.
The Regional Transportation District (RTD) in Denver, Colorado has been using Bioscrypt’s VisionAccess 3D to secure its treasury department, says Donald Young, RTD’s treasury manager.
“We handle millions of dollars on an annual basis and we wanted to ensure that our money-handling environment is (only accessed by) authorized personnel,” says Young.
Prior to deployment of the facial readers, the treasury department already had an existing keycard entry system from Lenel that gave employees street-level access to the building. The biometric face reader was installed in the interior access points that leads to the money-counting environment, Young says.
The decision to choose the 3D facial reader over the fingerprint-based access system had to do with getting quicker access to the facility, he says.
“Some of the older (systems) — biometric fingerprint and such — slowed down the entry time,” Young says. “The biometrics face reader was very quick and accurate (that) within about a second of activation it recognized the individual and allowed the entry.”
Bioscrypt’s Bogart says the 3D technology makes the system more interactive and therefore easier to use than a two-dimensional or 2D-based face recognition technology.
A 2D system generates a flat file of the face which the system matches to a similar flat file on the database or smartcard for authentication, he explains. But because it’s a flat file, the person would have to be very square and basically have the same pose every time he or she is authenticated in the system.
The lighting environment also affects the image that the 2D system captures, which could result in difficulty in matching, Bogart adds.
The 3D facial recognition system, on the other hand, uses a near-infrared camera, which creates a grid on the 3D image of a person’s face and captures it. This technique has a better ability to counteract lighting challenges that 2D systems encounter, he explains.
“And because it’s a 3D system, it also means that your pose can change, so you don’t have to square necessarily to the camera the same way you would have to do in a 2D system,” Bogart says.
Despite the increasing uptake of biometric technology in the enterprise, most implementations are concentrated around physical access or securing physical locations. Very little is reported on how organizations are leveraging the technology for logical or information access.
“It seems at this point it’s a very physical-oriented decision support mechanism – just to get into a building or through a door somewhere,” says Bob Binns, president of Unisys Canada. He adds that even with fingerprint readers embedded on newer laptops, the usage of such feature is “really just about getting through to your sign-on screen and purely just a door to get started.”
The technology has so much to offer beyond the physical security arena, says Binns. Biometric scanning can prove valuable as an authentication mechanism for securing access to corporate data or highly sensitive applications within corporate systems.
“It’s curious that we just don’t continue that into the whole notion of single sign-on,” he says. “If there is a future in the solution to single sign-on, the biometrics could be that thing, because it is the one thing that proves you are you and in every case it would give assurance that the person requesting the application is the person who is requesting the application.”
The U.S. government may be on the right track in this regard, at least in so far as converging the physical and logical security regimes.
The Homeland Security Presidential Directive 12 (HSPD-12) provides a policy for a common identification standard for federal employees and contractors. This was followed by the issuance of the Federal Information Processing Standard Publication (FIPS) 201, which mandates the use of smart cards, biometrics and PKI under the HSPD 12.
“The decision to include PKI and fingerprint technologies improves the security profile of the smartcard for both physical and logical access,” says Forrester Research’s Geoffrey Turner, who recently wrote a paper on the convergence of physical and logical security.
“PKI provides a digital credential to verify the identity of the card owner; the fingerprint ensures that the cardholder is the individual to whom the card is issued,” Turner says.
He recommends organizations should start with having a single identity data for both physical and IT access control systems.