Mission Data Systems: Using an NDS "Smart Door" for Physical Security
Articles and Tips: article
01 May 1998
Novell is pleased to announce that Mission Data Systems, with their product, SentriNETTM, won first place in the "Get Off Your Apps" contest that ended 27 March 1998.
Bringing Fiction to Reality
Remember all those science fiction movies: the computers that use retina scans and thumb prints for access control, the doors that open when you press your thumb on a scan pad? The industry is moving closer and closer to making this part of our every-day technology.
Mission Data Systems is the leader in developing and integrating software applications for government, commercial and corporate computer networks, and access control systems. SentriNET, a Door Access Integrated Access Control software, uses card and fingerprint readers to regulate physical access.
But, storing the digitized data created by physical scans can be an unwieldy problem. Mission Data Systems has now used Novell Directory Services (NDS) to enroll, authenticate and configure a user's biometrics, bringing that high technology closer to an everyday reality.
The Smart Door
Remember the capabilities of NDS and the smart card? Mission Data Systems has used NDS to create a smart door.
SentriNET interfaces with any biometric hardware, allowing security to be based on physical scans. In other words, you can place your finger on the scan pad, and open any door your NDS user object has rights to. The door is an NDS object with its own network connection and list of users.
User objects' store the biometric information. SentriNET identifies the user from the information stored in the user's NDS object, then checks the door's NDS object's user list and decides whether the door can let the user in or not.
The door object's user list is independent of its NDS context. This means that you can give any user access to the door, regardless of the user's NDS context.
Network-wide Physical Security
NDS makes the user's biometric information available network wide, across multiple sites and countries. So, your biometric information and your access rights are immediately available anywhere you go. No more signing in at the front desk. NDS also stores the information about the device doing the scanning.
SentriNET extends the user's NDS object to hold up to 5 biometric keys, allowing for damage to the scanned part. In other words, if your finger is bandaged, NDS can accept another of your fingerprints. Or, security can be based on a mix of biometric recording devices, perhaps 3 fingerprints and two facial keys.
The SentriNET Access Control System Security Manager can monitor multiple door objects in real time, view the current location of users by zones and perform Network wide checks of failed biometric keys.
The search time to scan and verify the user's identity is less than 10 seconds. However, if the user list size becomes excessive, the search time may increase.
Because SentriNET uses NDS, it has no limit to the extent of its system. Because each physical door is an NDS object, you can expand the system simply by adding and configuring more door objects. These objects do not use network resource and do not require additional user licenses.
Simplified Administration with NWAdmin
Simple-to-use dialogs allow administrators to record and store users' biometric data.
Administrators govern the acceptance and rejection thresholds of each biometric key. It also allows security to be based on a rolling average of the quality of both verified and rejected readings for each biometric key used.
This means that administrators can pre-empt any difficulties that may occur. The average also means that the more often users are scanned, the more familiar they become to the security system. The familiarity reduces the risk of unauthorized access.
If an entry attempt fails, SentriNET can compare the user's biometrics against all authorized users. This means that you can identify unauthorized users who have attempted to gain access, but failed more than once.
The SentriNET Door Access Controller (DAC) uses a snap-in DLL that lets you use NWAdmin to configure and control the biometric device, authorized user, verification methods, and the door's NDS object.
DAC client software runs locally on a Windows 95-based PC in the vicinity of the door. This client is responsible for verifying the user. The DAC client automatically checks the user list every 60 seconds for additions and does not need to reboot.
The client software also keeps a record of all entry and exit events in the Door Object Log Database, a Microsoft Access database stored on the computer acting as the door controller. Because the database connection is through ODBC drivers, you can also store the database on a network file server.
SentriNET also has a network login for Microsoft Windows 95 (and future versions). This enhances network security at login by requiring users to enter name, password, and present one of their biometric keys. The network provider can then compare the biometric key presented to one of the five bio-metric keys stored. If the key verifies, the user is logged in. If the key fails, the user is logged out and must try again.
NDS allows this security information to be centrally managed and maintained, and immediately available across multiple hardware platforms. NDS's database is also highly secure and safe from unauthorized hackers. This makes physical access highly secure and safe from unauthorized hackers. NDS provides a cost-effective solution to storing, maintaining, distributing, and accessing the digitized thumb print.
So, SentriNET allows an already existing network to control not only information security, but physical security as well, reducing the cost of implementing a physical security system.
Congratulations, Mission Data, on your innovative use of NDS's technology and on your first place win! Oh, and, Mission Data, do you think we can use NDS's replication as the basis for the first Transporter?
For additional technical information and white papers, visit their Web site at www.missiondata.co.uk
* Originally published in Novell AppNotes
The origin of this information may be internal or external to Novell. While Novell makes all reasonable efforts to verify this information, Novell does not make explicit or implied claims to its validity.