biometrics go hand in hand with smart cards neville pattinson director of business development &...
TRANSCRIPT
Biometrics go hand in hand with Smart Cards
Neville Pattinson
Director of Business Development & Technology
Smart [email protected]
Content
• What is a Smart Card?• Factors of Authentication• Biometrics for Identity
Authentication/Verification• Convergence of Smart Cards with Biometrics• Smart ID Cards• Biometric adoption• Summary
What is a smart card?
• One or more Electronic chips embedded into a plastic card
• Contact or contactless
• Memory• Protected Memory• Micro-controller based
Exploded view of a smart card
PVC Overlay (thermal printable)
Polycarbonate (PC)
Filling layerInletInlet (etched antenna)
CARD BODY LAMINATION
CAVITY MILLING MODULE INSERTION
DIE PROBING SAWING AND CUTTING
PVC Overlay (thermal printable)Polycarbonate
(PC)
DIE BONDINGMicro Module8 or 6 Contacts
Chip with antenna
HologramBrand StampMagnetic Stripe
SGS Thomson, Infineon,
Philips, Atmel, Hitachi,
OKI, Samsung, NEC
SchlumbergerGemplusOberthurG&DOrgaMotorola
Card/Micro-Module Assembly(Cross section) Surface
Connections
PCB
Epoxy pot
Smart Card Chip
Gold wire Interconnections
Smart Card Body
Clock
Reset
Input / Outpu
t
CPU
RAM :Scratch
Pad
ROM,Operating
system
EEPROM,Application
Memory
EEPROM :Application
Memory
ROM :Operating
System
the smart card is the ultimate secure portable computer !!
Smart Card Chip
Smart Card Chip Components
• CPU : 6805/8051/H8/RISC• 8 bits/16 bits/32 bits - up to 3 / 5
MIPS• Clock Frequency: 3.57 / 5Mhz• Supply voltage: 5 / 3 / 1.8 Volts• Specialized circuitry (e.g.
Cryptography)
• CPU : 6805/8051/H8/RISC• 8 bits/16 bits/32 bits - up to 3 / 5
MIPS• Clock Frequency: 3.57 / 5Mhz• Supply voltage: 5 / 3 / 1.8 Volts• Specialized circuitry (e.g.
Cryptography)
• RAM = Random Access Memory• Up to 4k bytes• Scratch pad• Checked and blanked out after reset
• RAM = Random Access Memory• Up to 4k bytes• Scratch pad• Checked and blanked out after reset
ROM,Operating
system
EEPROM,Application Memory
• ROM (Read Only Memory)
• Card Operating System• Up to 128k
• ROM (Read Only Memory)
• Card Operating System• Up to 128k
• EEPROM (Electrically Erasable and Programmable Read Only Memory
• Applications and data• Up to 64k (512k soon)
• EEPROM (Electrically Erasable and Programmable Read Only Memory
• Applications and data• Up to 64k (512k soon)
Smart Card Security
• Don’t trust anything until proven...• Physical security (at silicon design)• Hardware security mechanisms (tamper detectors, bus
scrambling, )• Card packaging security mechanisms• Operating System security mechanisms (software
hardness & tamper detection)• Logical Security mechanisms (encryption etc)• Application Security integration• >20 years of innovation and knowledge
Factors of Authentication
• Something you have
• Something you know
• Something you are
• Somewhere you are
Enhanced Security in Identification
• Graph
PIN, PasswordSomething You Know
Solutions
RelativeSecurity
Level
Something You Have + Something You Know + Something You Are
++
Something You Have + Something You Know
++
Something You Have + Something You Are
++ Biometric
ID Card
++
Something You Have
Key or
Card
Two Technologies Are not Enough
• Requires Central Data base
• Requires Trusted Terminals
• Weak User-to-Card Authentication
• Password & multi-Password issues
• Lacks of Key Management
• Weak User-To-Remote Site Authentication
Three Technologies Working Together
• Secure Storage• Portable• Personalized• Privacy • Processing• - Crypto • -Matching• Low-cost
infrastructure• Transactions
world
• Personal : you• Present • Difficult to forge• Convenience• Solves multi-pins
problem• Hard to steal
• Public Notary• Digital information• Usable on networks
Biometric Identification
• Used to establish the claimed identity of an individual
• Identity is used for background checks• Identity is compared to known identities (1 to
many)• Ensures not previously enrolled under different
Identity
Biometric Identity Verification
• Used to establish card holder is same person who initially enrolled
• Can be – On line to central Database for match
• Card as ID number
– Off line – match locally• Card serves biometric or template
– Off line – match-on-card• Card compares received biometric or template
Umbrella Biometric Verification
• Issuer enrolls everybody into system wide implementation specification– Selects Biometric Identification
technology– Selects Biometric Identity verification
technology– Issuer establishes Reference Biometric
scheme– Match-on-card
Delegated Biometric Verification
• Initially card holder verifies using system wide Umbrella biometric verification credential
• Once verified card holder is optionally allowed to enroll into local biometric system which is added to the card (e.g. template for off-card local match)
Smart Card’s Biometric role
• Using on board computer allows the card to – Authenticate external equipment– Serve raw biometric– Serve template biometric– Compute on-card-template-match
The case against raw biometrics
• Smart Cards can support Reference Template Biometrics as server or matching device.
• Issuer does not need to maintain accessibility to Reference Biometrics other than for enrollment – Privacy, Security, System/User efficiencies– Template cannot be reverse engineered
• Card does not carry raw reference Biometrics– Uses live biometrics for on card match or off card
template Verification – Privacy, Security, convenience– Reduces Identity Theft
Convergence of Smart Cards and Biometrics
+
Smart card capabilities have evolved
Efficient Biometric algorithms have arrived
Biometric Terminal
BiometricSmart Card
Match on card Biometric Verification
X.509 Parsing& Verification
ProcessingParameters
MatchingParameters
BiometricProcessing
“Livescan”BiometricTemplate
BiometricMatching
“Stored”BiometricTemplate
BiometricCapture
imageMatching
Score
X.509 BIOcertificateStorage
Smart ID Card markets
• Corporate Badges– Schlumberger, Shell, Sun, Nissan, Merck…
• Government employee– DoD CAC (>2M of 4.3M)– TSA TWIC – Treasury, GSA, DoI, NASA, GSA…
• Government Issued to citizen– Passport– Drivers License– Permanent Resident / Boarder Crossing– Healthcare Entitlements
Smart ID Card
Austin
Neville PattinsonSmart CardsBusiness Development
Sub-surface hidden RF chip with hidden antennain body of card forPhysical (building) Access
Smart Card Secure Micro computer:User Authentication andLogical Access
Contactless chip: used forUnified physical access for
buildings and facilities,Local cafetaria payment
e-purseTime attendance
Contact chip: used forDigital Credentials
processing,On-card-match verification of Biometric information,
Computer logon,multiple password server
e-pursesecure email
Secure web access
Plastic Body
Photo (Visual Biometric)
Security device & Security printing Security features:
Holograms; Optical device;Security Printing
used forCard Authenticity
Main componentsUsage
• A Smart Card is a secure portable computer.–The “stored” biometric template is protected.
• Smart Cards can verify biometric identities.–The biometric matching can be done in the smart card–Biometric Templates can be served off-card once external device is authenticated
• Smart Cards can update the biometric reference.–The program inside the card can track “trends”.
Smart Card Benefits
Smart ID Card Benefits
• Smart Cards are excellent support for privacy.– No need for a central on-line data base of templates– On card Firewall for data protection– Only authenticated subjects obtain access to allowed
objects – External trust must be proven
• A Smart Card is a faithful digital signing companion. – After the card has authenticated its owner, applications in
the card act on behalf of the cardholder (e.g. digital signatures)
Biometric interoperability
• Proprietary implementations• Inhibiting adoption• Need for multiple sources• Need for interoperability• How to solve?
– Standards– Specifications– …
• Consider what effect the Java Card introduction did to the smart card market
Summary
• Smart ID Cards can improve Privacy
• Smart ID Cards incorporating match-on-card biometric card holder verification are the most cost effective, secure identity verification technology
• Biometrics go hand in hand with Smart Cards.