As part of an upgrade to the University’s access control system (ACS), which uses a smart card, we have removed the need to use 4-digit Personal Identification Number (PIN). It was determined that in most cases PINs were unnecessary and in high-risk areas not very secure as a PIN can be passed to others – which has happened quite frequently – whereas a biometric control cannot be passed to a third party.
We have therefore replaced the PIN in high risk areas with a smart card plus biometric control. The biometric technology we have chosen is a fingerprint.
Fingerprints are virtually unique. While it’s not true to say that no two people could ever be found who had identical fingerprints, the chances of this happening are so small as to be virtually negligible and the likelihood of someone having the same fingerprint within the University to gain entry will be virtually non-existent.
For card users who need a biometric to enter high risk areas (i.e. server rooms and some labs) a fingerprint will need to be recorded on the new UCard chip to gain access.
In order to enrol (capture biometric data), users need to attend Royal Fort Lodge where a fingerprint will be taken, turned into a unique code and encrypted onto the card’s chip in a matter of seconds. No information is stored on the ACS database. It is important to stress that when the fingerprint scanner ‘reads’ the fingerprint’s pattern it creates a unique code rather like a PIN. The fingerprint image is not stored, only the unique code is encrypted onto the card’s chip, so there is no risk of this kind of personal data being recorded or read from the microchip. It is also impossible to ‘backward engineer’ the unique code to turn it back into a fingerprint.
When a user needs to access a secure area with a biometric reader, the cards chip is read by the reader first, it then knows it needs to verify the unique code presented with the one stored in the card’s memory. Once the user places their correct finger on the fingerprint reader it will ‘read’ their fingerprint pattern, create the code again, and then compare it with the data recorded on the card. If they match and the person has permission to enter that particular door, the ACS will open the door and permit entry. This whole process takes a few seconds.