Smart card manufacturers are looking at ways to enhance security in certain
applications, and have found they can add an extra level of assurance when
they augment the authentication process with biometrics, which are physical or
behavioral characteristics unique to a person.
The figure shows a biometric smart card developed by NXP. It uses the
cardholder’s handwriting as a biometric feature. The individual numbers
of the PIN code are captured in the writer’s unique way of writing
through the use of an integrated capacitive touchpad.
From the standpoint of consumers and end users, adding biometric
authentication requires a bit more work upfront, because the person’s
biometric has to be registered before the card can be put to use. But once the
upfront work is done, the authentication process can be quick and easy. The
process involves three steps: enrollment, live sample and comparison.
Here’s a quick overview of each.
Step 1: Enrollment
This step prepares the smart card for use and
pairs the person with the card. A reference sample, such as a fingerprint or a
sample of writing, is taken. The reference sample, called a template, is
stored either in a database, managed by the authenticating authority or on
the card itself.
Step 2: Live sample
With the template in place, the smart card
is now ready to use. Each time the card is put to work, the user provides a
live version of the reference sample (a fingerprint or a handwritten PIN code)
as part of the authentication process. The sample can be taken by the card
itself, or by a machine that interacts with the card. Either way, the next
step, comparison, is usually performed on the card.
Step 3: Comparison
To complete authentication, the live sample
from step 2 is compared to the reference sample in the template. If the live
sample is verified to be a match with the template, then the smart card is
authenticated and the transaction can proceed.
Three-factor authentication
Biometrics are typically used in what’s called three-factor
authentication. This approach uses three things for verification: something
you know (a PIN code), something you have (a smart card), and something you are
(an individual biometric property).
In some cases, two of these factors can be combined. For example, with a
handwriting biometric, you might be asked to use your finger to write the
numbers of your PIN code. The handwriting is the “something you
are,” and the PIN code is the “something you know.”
Get the details
Our white paper, titled “Smartcards, security and biometrics,”
is a detailed look at the biometric techniques best suited for use with
smartcards. It presents the options for implementing biometrics in a smart card
system and provides examples of real-world biometric smartcards, including the
NXP implementation.
Download your copy today.
