Startup Raises Millions For A Fingerprint CardBy: Brian Rhodes, Published on Feb 12, 2014
Access control does not get a lot of love or money but one company is trying to buck this trend.
Zwipe has grabbed attention and investment dollars of VCs, recently raising $3.5 million to increase sales and marketing efforts to Access Control OEMs, sidestepping direct competition from existing credential manufacturers. The company is bolstered by more than cash. Indeed, Zwipe's Board Chairman [link no longer available] is an access control veteran, with positions as both North America President and Executive VP of ASSA ABLOY and more recently with physical security/door and hardware companies.
We examine the company in this note and see if it is poised to change the access market.
Usually adding biometrics to an access control system means outfitting special readers at every door. Not only can this best costly, it can be difficult maintaining large volumes of fingerprints so that systems are still quick and accurate.
Zwipe takes a different approach. Rather than adding a standalone reader to the door, they are producing a credential that only works after a valid fingerprint unlocks it.
The short video below gives a overview of how the card is programmed and used:
Following the process of turning on the reader, an enrolled fingerprint is scanned which then allows the data on the card to be exchanged by the reader. The card is built to work with existing readers and requires no modification to the underlying Access Control system. Other key features include:
- Capacitive Sensor: The fingerprint reader is a low-current touch type, similar to the readers found on Apple's iPhone 5S Touch ID.
- No HID Support: Currently Zwipe is limited to 'open' Mifare/Desfire formats. When asked about expanding to 'licensed' HID formats, the company replied '(adding) HID formats are an interesting opportunity that we are pursuing."
- Inductive or Battery Powered: The card has two power source options. It is available with an on-board battery or can be resonantly powered by existing readers in the same way 'contactless' credentials are energized.
- On-Card Enrollment: Adding valid fingerprints to the card happens on the card by following a sequence of LED prompts. Up to three fingers can be enrolled, and each scan is collected six times during enrollment to ensure a good template is used.
- Cost: Zwipe currently sells a kit of four cards for $250, at a cost of ~$65 per card. This is a sharp contrast from standard contactless cards that range from $15 to just a few pennies each.
The physical shape of the card is similar to a standard CR80 size, but is thicker and more rigid. The Zwipe cannot be stored in standard lanyards or wallets, but rather take room comparable to smartphones in pockets.
Users must be trained to use their credentials different when employing Zwipe. Instead of just waving a card close to a reader, the user must present the card, push a button, and then scan a finger before the card is read. In most cases, this does no add significant type to the process of entering, and with practice can be done in less than five seconds.
Zwipe is similar to HID's Gesture Patent idea in that the credential is unlocked for reading only after the user validates their identity. While the Gesture Idea uses 'something you know' (a series of movements) to unlock the card, Zwipe uses 'something you are' (a fingerprint scan). Until a successful scan opens the card, it cannot be read by a reader.
The fingerprint card has several good attributes, including:
- No Changes Needed: Using Zwipe with existing systems requires no modification or reconfiguration.
- Adds Multifactor, without Overhead: Enterprises looking to add another layer of indentity security to access control can do so immediately with Zwipe. Instead of installing central readers and organizing an enrollment program that may take days, cardholders can enroll fingerprints and begin using Zwipe in five minutes or less.
- No Credential Misuse: The security of the credential is improved, since cards cannot be stolen or lost and potentially misused. Indeed, even classic operational problems like Passback are thwarted by the requirement of a specific person to use a card and no one else.
However, Zwipe faces some big obstacles before it becomes a common solution:
- No HID support: A showstopper for many is the lack of Zwipe's support of HID credential formats. Especially in North America, Mifare and Desfire formats are not common and changing systems over to recognize those formats are costly. This essentially limits the appeal of Zwipe to EMEA.
- Contactless Only: Not all credentials are contactless. Indeed, many 'smartcards' also include a contact-chip credential used to verify the authenticity of the card. Zwipe offers no 'contact' option, and the physical size of the card excludes it from being used for many 'high security' implementations that require it.
- Expensive: The bottom line for credential selection is just that: how much they cost. Usually credentials are designed to be inexpensive and semi-disposable and still deliver security, primarily via "Security through Obscurity". Adding biometrics is simply too costly, as it usually comes in the form of adding specialized readers costing $500 or more per device.
Compared to most contactless credentials, Zwipe is 5 or 6 times the cost. Especially for systems with a pool of cardholders numbering more than fifteen or twenty, issuing Zwipe card to each will cost more than $1000. This is contrasted against outfitting fingerprint readers at controlled doors at a cost of $500 or less per door using budget readers.
Zwipe will make the most economic sense for those with a relative small number of cardholders (<20) and multiple controlled doors (>4).