Project 1706 - INCITS 422, Information technology - Application Profile for Commercial Biometric Physical Access Control

This ANSI/INCITS Standard specifies the application profile to be used when incorporating biometrics-based identification and verification into commercial physical access control systems. A biometric access control system incorporates enrollment into the physical access control system and enrollment into the biometric system, biometric access challenge stations, an access decision infrastructure, and an access control management infrastructure. Access control credentials
are a significant portion of the access control system. They are either presented directly to the readers on readable media, or are received by the reader as a result of a database lookup, or as the result of an identification process.

This standard focuses on the reader and requires interoperability with respect to the inputs and outputs of the reader. A reader incorporates 2 significant inputs and 1 significant output. The inputs are the biometric sensor(s) and a credential input mechanism. The output is the access control system interface. The reader may also incorporate a biometric matching function. For some architectures a “reader” may in fact be a complete system that does not integrate all of these
capabilities in the same device. Enrollment is addressed only to the extent that the credentials presented to the reader shall be interoperable as specified in this standard.

Considerations such as the design of the reader, key management, camera position and lighting, sensor specifications, sensor location and orientation, etc., have major impact on the successful incorporation of biometric technology into an access control domain. Such considerations are outside the scope of this profile, but may be within the scope of one or more of the standards identified in clause 3.1.2.

The following issues are also outside the scope of this application profile.

1) Accuracy of the biometric matching functions of a system. Issuing organizations must establish their own criteria. The referenced standards do, however, provide mechanisms by which accuracy can be reported and adjusted.

2) Use of authentication mechanisms where the biometric matching occurs on the token rather that in the reader or on a server.

3) Throughput (e.g., claimants per minute) of either the biometric subsystem or the access control system as a whole.