Biometric Facial Recognition for Continuous Computer Access Control and Authentication

Posted on April 3, 2006 I Written By

John Lynn is the Founder of the blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of and John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I briefly mentioned Face Authentication in a previous post. As a result of that post the vendor from Sensible Vision contacted me and got me a demo model right away. I must admit that their service was impeccable. All the way up the scale I’ve been impressed with the company and all I did was a demo.

Today they issued pricing on their FastAccess product that is very reasonable compared to other biometric devices. I’ve attached the release below and here’s a short review of the product with certainly more details to come as I continue to use it.

Setting up the FastAccess was a piece of cake. I got the box with only 15 minutes before I had to be somewhere. I unboxed the product, read the instructions(yes I always feel I must read the instructions on new products) and installed it on my computer. In 15 minutes I had it recognize my face and automatically log me in. The other nice part is that the set was really nothing but plug the camera in and run the CD install file. On restart it starts learning who you are when you log in. Couldn’t have been simpler. I repeated this process on my laptop so I could show my wife and had it set up in 5 minutes(booting my computer took longer than setup).

Facial Recognition/Training
Training facial recognition is much different than other biometrics. Fingerprint biometrics requires you to “train” it to know your fingerprint. Facial recognition(at least with FastAccess) is continually updating every time you login. In fact, it stores 90-100 different biometric “faces” that identify you. The biggest fault with this model is that initially the recognition is poorer than fingerprint recognition. However, with time I’ve seen that it actually is more reliable and recognizes you quicker than fingerprint. Not to mention it recognizes you just coming into view. No need to reach and hold your finger or eye to something. The lazy part of me loves that.

Active Directory Integration
FastAccess has very nice integration with active directory. The best part is that they have two methods of implementing active directory integration. First, they can extend the active directory schema. While this is a common practice, it is difficult to convince my system administrator to do since it can’t be rolled back if we decide we don’t want to do it anymore. Second, FastAccess can be implemented using existing active directory fields. This means that you can test the active directory implementation without extending the schema. I plan on doing this in the near future and you can expect a review of it soon.

Strong Audit Controls
Looking over the audit logs they are pretty standard for what you would need to satisfy HIPAA. Having active directory manage this type of audit control would be key to me.

Continuous Security
The biggest advantage to facial recognition is that it is continuously verifying your access. My biggest problem with fingerprint biometrics had to do with not having a way to easily lock the workstation. Facial recognition biometrics is constantly monitoring to see you are the authorized person. If you leave then it locks the computer. This really changes the way you deal with authentication since it can create a true single sign on.

Security Screen Capture
This idea is inegnious. Since you have a camera you might as well capture a picture of the person that was signed on to a machine. Imagine them saying they didn’t log in and you can show them the picture taken when they did log in. Fantastic!! There is also talk of using this technology as a digital signature. I’d love that with my EMR.

Pictures and Twins
I tried to see what I could do to fool the camera and nothing really worked. I imagine this is theoretically possible, but it would have to be a picture in the exact same place as the biometric match. FastAccess tells me that they add in environmental variables(such as light) which makes it much more difficult to fool. So far so good. The idea of twins is addressed in the documentation. I’ll be testing it on my wife and her twin sister to see how that goes. Sometimes it freaks me out how much they look alike.

In an EMR or healthcare environment FastAccess has designed it properly. Sometimes it didn’t recognize me and so it required me to enter my password and then after logging in, it stores another biometric image. While this could be annoying to some doctors, I see this as an essential key to proper authentication.

Instant Desktop Switching
This seems like it is a somewhat new module being developed by Sensible Vision. The idea is that multiple people can log in to the same account and have a different desktop. This currently works espescially well with Internet Explorer and a few other selected applications. I imagine this list will grow over time. They offered to make it work for my favorite apps. One interesting note is that they have it working for Cerner’s EMR. I’ll be having them develop it for Medicat EMR(my EMR)

Random Points
Since FastAccess is constantly checking for facial recognition, when you answer the phone that changes what your face looks like. This isn’t really a problem since they store 90-100 different biometric “prints”. You just have to “train” it to know what you look like with a phone in hand.

One nice feature is that you can turn off continuous facial recognition when you have a presentation. It lets you disable the recognition for a specified period of time. It also recognizes any keyboard or mouse input and disables locking when it sees either.

Here’s the Press Release:
Sensible Vision Innovates Biometric Facial Recognition for Continuous Computer Access Control and Authentication

FastAccess Virtually Eliminates Passwords, Makes Computer Easier to Use and Ensures Privacy Compliance and Identity Management

Introductory Pricing of $99 per Desktop License

Covert, Michigan, April 3, 2006 – Sensible Vision, an innovator of continuous authentication solutions, today revolutionized computer access control and authentication by replacing a user’s password with their face. Sensible Vision’s FastAccess™ is a powerful yet simple solution that uses patent-pending biometric facial recognition to automatically and continuously authenticate user log-in and instantly secure the computer when the user leaves. This virtually eliminates login passwords, makes the computer significantly more secure and easier to use, and strengthens access control auditing for privacy and identity management policies.

“Because a person’s face is unique and always with them, it is ultimately the ideal password and the best way of continuously ensuring who is accessing the computer,” said George Brostoff, CEO of Sensible Vision. “This is a new paradigm for secure and simplified computer access that goes well beyond initial log-in and inactivity timers. FastAccess identifies and authenticates users in less time than it takes to enter a password and knows the second they leave their computers. These breakthroughs make it a simple, secure and low-cost approach for securing the computer and network.”

Automatic Authentication and Continuous Access Control

Sensible Vision has innovated biometric facial recognition to provide a convenient and fast way to securely submit a user’s account credentials to Windows and applications. Users simply approach the computer equipped with a standard web camera, and FastAccess biometrically authenticates them and logs them on. Once they step away, the computer automatically secures. When they return, FastAccess automatically unlocks the computer and their desktop is returned as they left it. Advantages include:

* No More Passwords, Better User Productivity: Users focus on their jobs rather than time-consuming and frustrating processes of constantly entering passwords 20, 50 or 70 times a day.
* No More Unsecured, Unattended Computers: Computers instantly secure when users leave.
* Improved Access Control and Auditing: Provides an accurate audit of computer access for privacy and compliance – a true audit log of who’s been at the computer and when.
* Simple Setup and Administration: Unlike other security and biometric solutions, no special enrollment procedures or ad ministration is required to distribute and manage ongoing support for lost or damaged tokens. Administrators can configure FastAccess locally or remotely through Microsoft’s Active Directory or Novell eDirectory.
* Support for Shared Computers: FastAccess features Instant Desktop Switching for multiple users who need quick access to shared workstations, such as in healthcare and manufacturing environments. Access is granted to each user almost instantly, without the usual delay logging into the network account.

Optimizing Productivity and Security

“It’s imperative for security solutions to complement user workflows and mitigate interruptions while simultaneously meeting the most stringent tests for identity, privacy and regulatory compliance,” said Rob Alger, director of IT strategy at Kaiser Permanente and Sensible Vision Technical Advisory Board member. “By guarding computer access from log-in until users walk away , Sensible Vision is addressing a critical hurdle in persistent data protection and access control that optimizes user workflow and productivity.”

FastAccess has innovated facial recognition with its patent pending Continuous Adaptive Sensing™ (CAS) technology to provide fast and accurate recognition to a computer. CAS takes a dramatically different approach to facial recognition than traditional solutions targeted at homeland security. FastAccess sets a much higher standard for accuracy. While most existing facial recognition technologies have false acceptance rates of several in 100 matches, CAS typically achieves a false acceptance rate of several in 1,000,000 matches. FastAccess accuracy is superior to existing security solutions where passwords are written down, shared or easily guessed.

“Minimizing disruptive computer login procedures continues to be a pain point for organizations,” said Cyrus Azar, CTO of Sensible Vision. “Passwords are difficult to enforce and ineffective in practice. Tokens can be shared or lost while previous biometrics have proven expensive, inconvenient to use or unreliable. Most importantly, none of these approaches offers continuous security: they simply authenticate the user at initial login. Not only does FastAccess simplify user access, but, finally IT staff can spend less time on administering security processes and focus on other critical business tasks.”

Introductory Pricing & System Requirements

FastAccess is comprised of client software installed on the PC, a standard web camera, and a management application installed on a domain controller. The client software can be part of an organization’s standard image and can be automatically distributed to remote PCs via existing software management tools.

Sensible Vision announced today special introductory pricing for FastAccess of $99 per desktop license through June 30, 2006. FastAccess may also be purchased under a service-based model with a two-year subscription price of $49/year for each license. Web cameras are also available for $25.00.

About Sensible Vision

Headquartered in Covert, Michigan, Sensible Vision Inc. ( is an emerging provider of continuous access control solutions for securing computers using facial recognition. Sensible Vision’s flagship product, FastAccess™, is an insider firewall that provides quick and continuous authentication and access control for computers and workstations. Using patent-pending biometric facial recognition, it speeds and simplifies access to the computer in a way that is economical and easy to deploy.