When evaluating all the available access control options to protect server cabinets in the data center, remember that a main goal is compliance with all government and industry regulations.
Any compliance bid must demonstrate the ability to produce an “indisputable audit trail” showing who accessed a server cabinet, what day and time they entered, and how long they stayed. Many access control solutions claim to produce such reports that act as audit trails, but their products are flawed and can be easily manipulated.
The flaw in these systems stems from their reliance on card authentication to gain access to a cabinet. Clearly, an access card in the wrong hands is an enabling device, not a security device. Any card, regardless of the format, is easily stolen or copied, and it can then be used to carry out malicious physical attacks on data centers and the cabinets within. After such an attack, the report generated by these systems shows only that an authorized person entered.
The only way to produce an indisputable audit trail is with biometric authentication, such as the fingerprint biometrics used in the Digitus access control platform. The Digitus platform has a proven track record: no security breaches involving our technology and no “false positive” identification of any fingerprint since our systems first went online in 2005.
That success can be traced to the Digitus fingerprint scanning technology, which uses a capacitive sensor with 4MB of flash memory and has the ability to identify a given fingerprint in less than 800 msec. The Digitus scanner reads fingerprints during the enrollment process and converts the data, using the No.1-ranked authentication algorithm, into a template. More importantly, the format used to store that template cannot be converted back into a fingerprint. Plus, all communications between devices in the Digitus system are encrypted and scrambled, providing total privacy for the end user.
Digitus scanner technology further enhances the security of the data center using Live Finger Detection Technology (LFD), a method that compares the dynamic and static image characteristics of real and fake fingers. This LFD technology protects the Digitus system from an attack like the recent break-in of an Apple iPhone using a replica of a fingerprint. By employing an advanced analysis algorithm, the Digitus scanner examines abnormalities in the dynamic pattern of fingerprint images and static features demonstrating liveness or unnaturalness to clearly distinguish live fingers from fake.
DYNAMIC CHANGING PATTERN ANALYSIS
Live fingers make natural changing patterns of area, intensity, and movement when placed in contact with the sensor surface, while fake fingers make unnatural changing patterns of separated areas, partially dark areas, distorted boundary shapes and large movements of core part. By catching these abnormalities in dynamic changing patterns from continuous fingerprint images, the Digitus system can identify live versus fake fingers. Specifically, this method is highly effective against fake fingers made by hard materials, e.g. paper, film, clay, and hard rubber.
LIVENESS FEATURE ANALYSIS
Fingerprint images also contain several localized features that demonstrate the liveness of fingers: pore distribution, ridge sharpness, and regularity of ridge-valley boundary. These localized liveness features are normally too minute and elaborate to be copied by simple and soft faking materials, e.g., silicon, rubber, and gelatin. The high-performing imaging sensor used by Digitus has the ability to capture high-quality fingerprint images, allowing the advanced analysis algorithm to precisely describe various local liveness features.
UNNATURALNESS FEATURE ANALYSIS
Making a perfect fake finger is extremely difficult, since every fake finger cannot mask its unnaturalness: unnaturally sharp boundaries, too many white blobs or too large black blobs within the fingerprint area, abnormal peaks in histogram distribution, etc. The Digitus technology accurately observes the mixture of unnaturalness features and perfectly rejects naïve, elementary fake fingers.
This combination of unparalleled technology makes it difficult, if not impossible, to spoof or fool the Digitus access control platform. The scanner technology, along with features like “dual custody” and three-factor authentication, demonstrates why RSA considers the Digitus technology …. “the most secure access control platform on the planet”.
The integrity of the Digitus technology, in particular the fingerprint authentication process, allows customers to be secure in the fact that only authorized users will gain access to their server cabinets. The Digitus technology is the only access control solution for server cabinets capable of producing an indisputable audit trail. With this information, compliance auditors may accurately gauge the level of physical security at the cabinet level and certify compliance with virtually all government and industry regulations.
THE DIGITUS TECHNOLOGY PLATFORM
We designed the technology platform underlying the Digitus system with a pointed focus on four tenets:
- Ease of use
- Administrator/monitoring functionality and adaptability
- Facilitative enterprise-wide implementation
The Digitus software, hardware, and protocols strictly adhere to these points. For example, almost all customers choose to self-install our products in the data center, and most find that subsequent installations take just a matter of minutes. But that ease of installation is coupled with an intensely secure biometric platform and proprietary operating system managing all functionality and access.
The use of biometric fingerprint templates rather than images was designed for security and 4th Amendment privacy protection. The system does not store fingerprints images. It instead creates a 384-byte biometric template, or line of code, that represents the biometric profile. That template, however, cannot be manipulated to recreate an image of the original fingerprint. The mapping protocol creates a multi-point schematic of specific points in a user’s biometric fingerprint profile. The possibility of generating two identical mapping profiles is nearly impossible, since each individual’s fingerprint is unique. Plus, the number of mapping points and their placement varies for each user. If a user enrolled multiple times with the same finger, the biometric profile would be different each time.
In the example below, the identical images taken from the same finger were enrolled and mapped consecutively. Since the user may place their finger in a different position, at a different angle, or with different pressure during enrollment, each mapping is different. The template that is then generated is a series of numbers than cannot be used to re-create an image of a fingerprint.
Digitus uses a highly complex, code-hopping protocol as the communications link between the reader unit and the control unit. Commands are encrypted differently each time the reader unit communicates with the control unit. Even if the same “plain text” commands are issued, the encrypted version is always different. If someone tried to connect to the wire running between the reader unit and the control unit and simulate the encrypted communication, the Digitus system prevents this unauthorized access by encrypting commands in a pseudo-random way. The firmware, or embedded software, security provides further protection, because the firmware is set on the chips with a series of code protect bits. Once these code protect bits have been set, it is impossible to retrieve or alter the software in the system.
READER UNIT TAMPER PROTECTION
If the head unit detects any tampering, an alarm will sound. The system also provides a way to integrate with a third-party monitoring system and includes alert notification to the system administrator.
LOCK TAMPER PROTECTION
Any tampering with the lock, prolonged period in which the door remains open after entry or instance involving the door being forced open will trigger a direct notification to an administrator. The system can also automatically notify, lockdown, or open for pre-determined events, such as a time constraint.
All communication between the network and the control unit(s) is encrypted. As users are enrolled, data according to the appropriate authorities is “pushed” to the specific control units. Each control unit maintains its own protected and encrypted database, and the units are polled periodically via the network.
The system is uniquely secure from malicious efforts to override, disrupt, or cheat the platform to gain entry. The primary security functions are:
- Biometric template generated from a fingerprint impression eliminates the need to store fingerprint images
- Coding of the biometric template makes it impossible to reverse-engineer or manipulate it to create an image of the original fingerprint
- Encrypted, code-hopping communication between head unit and control unit (Chip to Chip)
- Encrypted network communication between control units and the network (Network to Chip)
- Encrypted biometric templates
- Encrypted biometric access to administrator functions
- No direct connection from the outside head unit to the secure area access door, making it impossible to “hot wire” connections to break into the building
- All units operate independently and have 8-hour battery back-up protection, so access and related data will be maintained in the event of a power failure
- Dual units, head unit and control unit, are provided for each access point, with the control unit located inside the secure area
- Tamper notification on the head/reader unit and lock
- Time-based notification for open door, door open too long or faulty lock connection
- Propped door notification
- Forced door notification
- Tamper notification of door sensor and exit switch
- Robust reporting capabilities provide an indisputable audit trail of access events
SECURITY THREAT RESPONSE
The system performs certain protective actions when various threat attempts are detected:
- Fabricating a fingerprint biometric- access is denied without matching the enrolled template.
- Lifeless finger attempt- the current product version contains biometric sensors that determine if the finger placed on the scanner is alive.
- Tampering with the communication wires between the head unit and the control unit- any tampering triggers administrator notification. Any signal must be sent using the correct pseudo-random encryption codes and encrypted according to the chip-to-chip protocol or the system will lock down and the chips rendered inoperable.
- Shutting down the network- when offline, the units continue to operate and provide the same measure of protection as when online.
- Tampering with the head unit electronics- anti-tamper alarms will be activated.
- Tampering with the lock or forced entry- the system will notify administrators and/or shutdown, open, or perform other functions as defined in the protocol.
- Single click lockdown capability of all registered units