Palm Vein / Face Combo Reader

A new reader terminal [link no longer available] claims it is the "only true PACS terminal using Palm Vein Recognition" and accommodates up to four different credential types, more than the two or three credentials supported by typical multi-modal readers. Just how many credential types are needed in one reader? In this note, we examine IdentyTech's Sapphire reader, its ideal application, and compare it to similar products.

Sapphire Overview

IDT Sapphire [link no longer available] supports any combination of the following credential types:

• Face Recognition
• Palm Vein, both Left and Right hands
• PIN, or Key Combination
• Token or Card Credentials

The unit is available in two models: a single door/single terminal 'standalone' model, and a multidoor 'system' model. Cosmetically, both units are identical - the difference is only software and number of I/O ports. The cast aluminum, IP65 housing is equipped with a touchscreen display/keypad, an onboard camera, the primary palm reader, and a configurable card credential reader. The wallmount unit is rather large, measuring roughly 7"x9"x2", shown in the image below:

Other technical attributes include:

• Video Integration: The onboard 5MP is for Face Recognition, not surveillance support. However, Sapphire includes a BNC Input for a CCTV camera
• Intercom Function: Built-in Microphone and Speaker for video intercom functions
• Plentiful I/O: The 2 inputs / 4 output relays port allow for incorporation of locks, door position sensors, and other serial devices.
• Flexible Card Readers: Supported credential types for Sapphire include HID Prox, iClass, MiFare, and Legic formats.

Palm Reading

IDT's palm reading is different because the credential is based on 'palm vein' patterns, not contact 'palm prints'. The unit takes and compares subdermal images of a hand's veins, rather than scanning an image of the outside skin layer and comparing prints. Not only is 'vein reading' more secure because it is more difficult to 'spoof', it is less susceptible to errors caused by changes in skin condition (friction wear/aging) and cleanliness.

The contact-print credentialing found in other readers can also be a problem in some elements of the population, especially the elderly, whose subdermal collagen levels decrease over time and can 'fade' a print or cause it to be so faint that it cannot be scanned properly. Palm veins are not greatly susceptible to aging, and are consistently readable over a lifetime.

Reading palm prints also has advantages over facial recognition. While the IDT Sapphire also supports facial recognition, this is still subject to difficult lighting conditions, shifts in posture and detail-obscuring accessories like glasses, scarves, and hats. Palm vein reading can be accomplished quickly - in seconds - without the risk face recognition faces.

Pricing

Sapphire is available in two models: an $1900 MSRP "Standalone" option for single door operation, and a $2300 MSRP for the "Multidoor" model with additional I/Os for controlling more connected devices.

IDT's traditional market has been Europe and Israel, and distribution is not currently available in the USA. While pricing has been announced, the manufacturer states final prices are subject to change for the US market, after the company finalizes details on the distribution channel.

Integration with OnSSI Ocularis

Unlike other biometric readers, IDT's unit management platform writes VMS function into its software, not the other way around. IdentyTech has written Ocularis' Recorder/Live viewing interface into its management application for ease in cross referencing access control events with video surveillance network. The screenshot below shows how the integration appears within the software:

Four Factor Credentialing?

In most US Access Control applications, two factors (e.g. - PIN/Card, PIN/Biometric, or Card/Biometric) is sufficient. Furthermore, guidance standards like FIPS201 have just now begun addressing specifics of standard biometric credentials, so a hardware reader that has the potential to incorporate up to four different credentials has expansion potential.

While IDT acknowledges that using all four factors may be overkill for many, their product allows a choice of which ones to use, according to recommendations found in the OMB M-0404/NIST SP800-63 'E-Authentication Guidance' [link no longer available] document. According to that source, "High Security" classification incorporate at least three credentials: presenting “something you know” (e.g. - password / pin code) to “Something you are” (e.g. - biometrics) along with “something you have” (e.g. - a smart card or token). With Sapphire, users have flexibility in which three they are able to use.

High Security & Government Applications

Given the multiple factors Sapphire supports and its higher price, the market it appeals to most are institutional and high security installations. The single door unit reader costs as much as three or four 'traditional' panel based reader/controller combos. However, Sapphire accommodates more stringent credentialing than 'traditional' readers with cards or codes. Since these areas have higher risk, the extra expense of the unit may be justified.

Additionally, the 'all-in-one' design allows Sapphire to take on the roles of several different devices - even functioning as a stand-alone access controller if required. Consolidating multiple readers and controllers in a single unit can be thousands less than connecting a lone door with multiple separate credential readers to a distant central controller.

Because of the cost, Sapphire is not likely a mainstream choice for most doors, but stands to offer great value for far-flung, and high security and government applications.