Security's in the eye of the beholder at Affinity Internet
Dec 1, 2000 12:00 PM
It makes sense that a hip new-economy startup company would use high-tech biometric devices to control access.
Affinity Internet is a Web hosting and applications service provider headquartered in El Segundo, Calif. Founded in 1999, it provides Web-hosting and management services to small and mid-sized companies. Affinity Internet also makes e-commerce software, namely the Mercantec shopping cart feature. Clients include Baskin Robbins and Broad Slate, a DSL company that bundles Affinity's Web-hosting services with the lines it sells.
Affinity employs 130 people. The El Segundo office houses a call center, which is manned 24 hours a day, seven days a week. The headquarters is also home to the systems development team, and the engineering and marketing departments. An east coast facility in Baltimore houses an operations and data center and sales staff.
Affinity Internet decided to install an iris-recognition identification system after investigating other biometric solutions. It originally sought an IriScan system as a presentation layer for its server room as well as for physical security. Affinity perceived advantages in the lack of cards or PINs. "You cannot forget your eye at home," says Jeremy Ganse, product manager at Affinity Internet and a member of the implementation team. "We decided to choose a biometric system, and we found the IriScan technology gave high reliability at a low cost. We wanted to avoid the replacement and maintenance costs of traditional card-based access control systems."
"It is a highly secure and easy-to-administer method for securing our offices and our data centers," says John Zdanowski, chief operating officer at Affinity Internet.
The patented iris-identification technology is produced by Iridian Technologies, Marlton, N.J. Formerly known as IriScan, the company recently merged with its chief licensee, Sensar, and renamed itself Iridian. The company hopes the name change will dispel misconceptions about how the iris recognition system works.
Affinity Internet has five IriScan stations that control access to the front entrances of the building, the data center, the network operations center, and a storage room.
An enrollment station is located in one of the labs. It is similar to the door stations, but is connected to a PC running the IriScan Windows-NT software. Slightly taller than the door stations, it is set up like a driver's license photo station. The software contains a database of encrypted records.
Iris identification is based on measurements of the unique characteristics of the human iris. There are an average of 240 points of measurement in each iris and each point has multiple variables consisting of crypts and radial furrows of various textures and depths. The iris can be compared with the surface of the moon: rich in peaks and valleys. One of the most personally distinct features in the human body, the pattern of the iris stabilizes at the age of one and does not change thereafter.
Enrollment in the system takes fewer than 30 seconds. At Affinity, first the right eye is scanned, then the left eye. Affinity Internet decided to enroll employees by scanning both eyes so that employees would not have to remember which eye they had scanned at enrollment time.
The user stands six to 12 inches away from the unit. The system is interactive; the unit instructs participants to "move closer" or "move back" as necessary. It can also be programmed to broadcast messages in foreign languages.
IriScan takes a digital impression of the iris and stores it in a database. Using video, it captures an image and freezes one frame, which is then digitized. The high-resolution image is processed by a CPU at a different location, which sends an identification code to the access control software. The iris pattern is processed and encrypted into an IrisCode record. Each time a person approaches the unit, an image is taken of his iris and compared to the database record.
A sensor in the digital camera behind the reader triggers the camera when someone approaches the reader. As soon as someone is in position, the camera quickly takes multiple pictures. The reader - about the size of an American silver dollar - tilts to accommodate people of various heights. The digital cameras can work in complete darkness.
The IriScan system was installed in July 2000 by Rayco Security, Van Nuys, Calif., a biometrics integrator and the west coast dealer for Iridian. Rayco also installed an alarm with motion detectors in the data center. According to Raymond Jerozal, president of Rayco, "The alarm was installed to provide security while Affinity Internet moved offices. It now provides an essential double security layer for the data center." The data center is accessed first by the IriScan system and secondly by punching in an alarm code.
The IriScan system at Affinity interfaces with a Doors 32 access control system manufactured by Keri Systems, San Jose, Calif. The system, installed by Rayco, consists of door controllers and the Doors 32 software.
Employees at Affinity Internet have varying levels of access. Some employees do not have access to the network operations center or the data center. The company keeps track of who accesses which rooms with the audit trail function. Says Tom DeWinter, director of channel development at IriScan, "Affinity Internet is particularly concerned with securing its data center."
The IriScan system works on a distributed network. The central database can send the iris codes to the individual door stations in the event of a power failure or network crash.
Staff reaction has been overwhelmingly positive. There was some initial trepidation, however. Ganse recalls: "I was a little scared about it originally. I thought some of the employees might be nervous or uncertain about the technology. But by coaching them through the enrollment process and then the first few times using the door units, and getting the technique down, we have not had any problems."
Affinity Internet plans to beta-test Iridian's network access control desktop unit, launched at the Comdex show in Las Vegas. "The desktop cameras will be doing network authentication. We have cameras working at the desktop now using a combined teleconferencing camera and authentication camera," says DeWinter.
Affinity Internet is eager to test this new product. "If our system administrator leaves the company right now, we need to change all our passwords on all of our systems. With an IriScan network system, we would just need to disable that person's access at the source," says Zdanowski.
The company is also considering using IriScan for time-and-attendance. The IriScan unit has a 26-bit Wiegand output, compatible with most time-and-attendance software.
Affinity Internet plans to expand both its east coast and west coast offices. It also plans to install CCTV.