Districts turn to biometrics for protection.
These days, locks and keys aren't enough to keep schools and their networks secure from unwanted visitors. The need for greater security has led many districts to employ biometrics, a technology that grants or denies access to individual users based on their biological characteristics. Biometrics has been used by the U.S. government for years, and is now ready for primetime in schools.
Fingerprint scanners such as DigitalPersona's U.are U retail in most big-box stores for about $50.
1- First things first: What is biometrics?
As the name implies, biometrics is all about biology. The technology focuses on the unique biological properties of a user to distinguish that user as a member of a "safe" group. Since no two humans have the same fingerprints, handprints, faces, or retinal or iris impressions, these are the characteristics that best lend themselves to being used as identifiers. Some devices identify users by their voices, but because voices vary widely and are not necessarily unique, voice-recognition systems do not typically work as well.
2- How does the technology work?
Most biometric solutions are made up of two major parts: hardware readers on the front end, and back-end software that captures, encrypts, and stores digital templates of biometric images to create a database of accepted users. When a user interacts with the device, the device captures an image of the biometric in question, converts that image into as many as 100 points of data, and stores the resulting bits and bytes on a file that ranges in size from 9 to 300 KB. Every time a user interacts with the scanner, the scanner reads and compares the data to data already stored on file. If this comparison yields a match, the device authenticates the user and instructs the reader to grant access. If the comparison fails to yield a match, the device rejects the user and access is denied.
Most biometric scanners store data locally, performing the comparison on site and instantaneously. Some scanners, however, can be integrated with access controls on a district network, capturing user data from an initial interaction, then sending that data to a central database that runs the comparison, grants or denies access, and returns a red- or green-light message back to the scanner itself. This latter approach is used by districts that wish to monitor users accessing a certain scanner and is particularly popular among schools that employ biometrics to keep tabs on which students are using a particular computer lab.
3- What are the pros and cons of biometrics?
Because biometric systems grant access on a match of unique biological characteristics, the technology is superior to other means of confirming identity such as badges, tokens, Smartcards, or run-of-the-mill passwords, which can be lost, forgotten, or stolen. Because users can't lose or forget their biological characteristics, these solutions minimize the likelihood of a security breach.
Perhaps the biggest downside to biometric technology is the possibility of a false reject. No matter how accurate a handprint, fingerprint, or face scanning device purports to be, most vendors have not figured out how to account for temporary changes in physical data, such as cuts or scabs. Among those biometric systems that use voice recognition, few vendors have been able to program their software to account for laryngitis or a hoarse voice.
Another big downside to certain systems is cost. Retinal and iris scanning systems are among the most successful biometric systems on the market today, but the technology behind these strategies is outrageously expensive — upward of $1 million per system in some cases.
4- Which types of biometrics work best for the K-12 environment?
According to the most recent annual World Biometric Report from market research firm Frost & Sullivan, hand scanning (also known as hand geometry) continues to be the dominant biometric used in the U.S. However, fingerprint scanning is the most cost-effective form of authentication and has a track record of success in K-12 environments. Face recognition, eye scanning, and voice-based authentication all require careful positioning in front of a camera or microphone and are thus not as appropriate for younger users. Furthermore, while hand, eye, and voice identifiers all change radically as a user ages, fingerprints do not change.
5- Which are the most practical applications for my school?
Whatever biometric technology a district embraces, the most practical applications in the K-12 environment are access control and time-and-attendance applications. Across the country, school districts have turned to biometrics to prevent unauthorized access to buses, computer labs, and other school facilities. Some districts incorporate biometrics to authenticate kids before they enter academically oriented chat rooms. Others use the technology to verify eligibility for subsidized school lunch programs.
A growing number of high schools, including those in Chittenden County, Vermont, have turned to touch-and-pay systems on lunch lines to enable students to pay from debit accounts by swiping their thumbs.
Trailblazing districts have also employed biometrics at printers to ensure that sensitive school records don't fall into the wrong hands.
With the help of solutions such as SecurePrint from Silex Technologies, teachers and other staff users send documents to the print queue, then run their fingers over a scanner at the printer itself. The queued document is released for printing only after the user has reauthenticated at the printer. The result: Only the person who sent the document in the first place is able to retrieve it.
6- Where do most districts stumble in implementing these kinds of solutions?
Ensuring compatibility is perhaps the most difficult part of any biometrics implementation. Because all biometric systems are different, a school district must be sure to purchase one that will work with its existing network. Most biometric systems integrate seamlessly with Microsoft Windows Active Directory, an access control measure built into the Microsoft operating system. If your district uses Linux or Macintosh, however, certain biometric systems may require additional purchases to work properly.
In addition, schools need to devise a plan for biometric registration of all users from the very beginning. For some schools, this might mean having a "fingerprint day" where all users are fingerprinted at once. For others, the registration may be rolled out gradually, first among staff members, then among students by grade.
7- How do I placate parents who are uncomfortable with the district having their children's biological identifiers on file?
Many parents are uncomfortable with a school district fingerprinting their children and storing their biological identifiers on some database in a darkened server room. These fears raise important questions. Ethically speaking, it is risky for schools to store sensitive personal information because if the data were compromised, the victimized school could be named defendant in negligence and identity theft cases.
But technically, schools that use biometrics don't store fingerprints at all. Biometric systems generally use complex and proprietary algorithms to create digital templates of features from a fingerprint. The systems capture, encrypt, and store these templates to protect each identifier from disclosure. The algorithms cannot be reverse-engineered to reveal a person's identity. Put differently, even if a database of biometric identifiers were stolen by an identity thief, the thief would have no way of matching the data points with their rightful owners.
Matt Villano is a California-based freelance writer who specializes in educational technology.
Not So Fast
If you think biometric technologies are a foolproof way to secure facil-ities and IT equipment, think again.
Researchers from Clarkson University in Potsdam, N.Y. recently fooled some of the leading biometric systems by making fingerprint copies using Play-Doh. Testing a range of biometric technologies, researchers created 60 fake fingers that were authenticated by the combination of the fingerprint readers and their accompanying software in nine out of every 10 attempts. The research also highlighted ways of mitigating such fraud, developing a technique for distinguishing live digits by detecting changing moisture patterns. This innovation reduced the false detection rate to less than 10 percent. Phew!
Pick His Brain
Biometrics eliminates password problems in Indiana.
If anybody on the district level knows about biometrics, it's Joe Huber, director of information systems for the Greenwood Community School Corp. in Greenwood, Indiana. Huber's district recently invested in fingerprint readers from Digital Persona. Here's what Huber had to say about how the technology has affected security at his schools:
"It was mandated by our auditor that we find a new way to handle secure access to certain programs and systems on our network. The auditor said that we needed to change passwords more frequently or come up with another method for authentication. Changing passwords at a school is like pulling teeth — it's impossible to get everyone to remember them without spending hours and days reminding them. Biometrics helped us solve the problem without making users deal with passwords of any kind. Sure, the passwords are still there. But with our biometric solution, they're behind the scenes, and they're linked to user fingerprints, so all our users have to do is swipe their fingers and they're done."
There are dozens of vendors who specialize in biometric technology. Here is a sampling of systems organized by biometric identifier.
Fingerprint scanning is the most widespread form of biometrics in K-12 education, and the most common in the world overall.
Food Service Solutions
Silex Technology America
Handprint scanners are another system common to K-12 environments. Handprint scanners are generally larger than fingerprint scanners and usually cost more.
Voice-based biometric systems aren't as reliable as those based on fingerprints or handprints, but in certain situations they work fine.
- Be sure the biometric system you purchase is compatible with the network you have and that you won't need to make additional purchases to make it work.
- Devise a plan to register your users to participate in the system.
- Prepare for skepticism and resistance among parents; privacy is a controversial issue and not everybody will embrace biometrics.