Smartcard manufacturers are looking at ways to enhance security in certain applications, and have found they can add an extra level of assurance when they augment the authentication process with biometrics, which are physical or behavioral characteristics unique to a person.
The figure shows a biometric smartcard developed by NXP. It uses the cardholder’s handwriting as a biometric feature. The individual numbers of the PIN code are captured in the writer’s unique way of writing through the use of an integrated capacitive touchpad.From the standpoint of consumers and end users, adding biometric authentication requires a bit more work upfront, because the person’s biometric has to be registered before the card can be put to use. But once the upfront work is done, the authentication process can be quick and easy. The process involves three steps: enrollment, live sample, and comparison. Here’s a quick overview of each.
Step 1: Enrollment
This step prepares the smartcard for use and pairs the person with the card. A reference sample, such as a fingerprint or a sample of writing, is taken. The reference sample, called a template, is stored either in a database, managed by the authenticating authority, or on the card itself.
Step 2: Live sample
With the template in place, the smartcard is now ready to use. Each time the card is put to work, the user provides a live version of the reference sample (a fingerprint or a handwritten PIN code) as part of the authentication process. The sample can be taken by the card itself, or by a machine that interacts with the card. Either way, the next step, comparison, is usually performed on the card.
Step 3: Comparison
To complete authentication, the live sample from step 2 is compared to the reference sample in the template. If the live sample is verified to be a match with the template, then the smartcard is authenticated and the transaction can proceed.
Biometrics are typically used in what’s called three-factor authentication. This approach uses three things for verification: something you know (a PIN code), something you have (a smartcard), and something you are (an individual biometric property).
In some cases, two of these factors can be combined. For example, with a handwriting biometric, you might be asked to use your finger to write the numbers of your PIN code. The handwriting is the “something you are,” and the PIN code is the “something you know.”
Our white paper, titled “Smartcards, security, and biometrics,” is a detailed look at the biometric techniques best suited for use with smartcards. It presents the options for implementing biometrics in a smartcard system and provides examples of real-world biometric smartcards, including the NXP implementation. Download your copy today.