1 / 28

Biometrics go hand in hand with Smart Cards

Biometrics go hand in hand with Smart Cards. Neville Pattinson Director of Business Development & Technology Smart Cards neville.pattinson@slb.com. Content. What is a Smart Card? Factors of Authentication Biometrics for Identity Authentication/Verification

kaseem-salas
Télécharger la présentation

Biometrics go hand in hand with Smart Cards

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Biometrics go hand in hand with Smart Cards Neville Pattinson Director of Business Development & Technology Smart Cards neville.pattinson@slb.com

  2. Content • What is a Smart Card? • Factors of Authentication • Biometrics for Identity Authentication/Verification • Convergence of Smart Cards with Biometrics • Smart ID Cards • Biometric adoption • Summary

  3. What is a smart card? • One or more Electronic chips embedded into a plastic card • Contact or contactless • Memory • Protected Memory • Micro-controller based

  4. Exploded view of a smart card SGS Thomson, Infineon, Philips, Atmel, Hitachi, OKI, Samsung, NEC PVC Overlay (thermal printable) Polycarbonate (PC) Filling layer Inlet(etched antenna) DIE PROBING SAWING AND CUTTING Polycarbonate (PC) Chip with antenna PVC Overlay (thermal printable) CARD BODY LAMINATION Micro Module 8 or 6 Contacts DIE BONDING Schlumberger Gemplus Oberthur G&D Orga Motorola Hologram Brand Stamp Magnetic Stripe CAVITY MILLING MODULE INSERTION

  5. Card/Micro-Module Assembly(Cross section) Smart Card Body Surface Connections PCB Smart Card Chip Epoxy pot Gold wire Interconnections

  6. ROM : Operating System EEPROM : Application Memory ROM, Operating system EEPROM, Application Memory CPU RAM : Scratch Pad Smart Card Chip Reset Input / Output Clock the smart card is the ultimate secure portable computer !!

  7. ROM, Operating system EEPROM, Application Memory Smart Card Chip Components • CPU : 6805/8051/H8/RISC • 8 bits/16 bits/32 bits - up to 3 / 5 MIPS • Clock Frequency: 3.57 / 5Mhz • Supply voltage: 5 / 3 / 1.8 Volts • Specialized circuitry (e.g. Cryptography) • RAM = Random Access Memory • Up to 4k bytes • Scratch pad • Checked and blanked out after reset • ROM (Read Only Memory) • Card Operating System • Up to 128k • EEPROM (Electrically Erasable and Programmable Read Only Memory • Applications and data • Up to 64k (512k soon)

  8. Smart Card Security • Don’t trust anything until proven... • Physical security (at silicon design) • Hardware security mechanisms (tamper detectors, bus scrambling, ) • Card packaging security mechanisms • Operating System security mechanisms (software hardness & tamper detection) • Logical Security mechanisms (encryption etc) • Application Security integration • >20 years of innovation and knowledge

  9. Factors of Authentication • Something you have • Something you know • Something you are • Somewhere you are

  10. Enhanced Security in Identification Something You Have + Something You Know + Something You Are Relative Security Level • Graph + + Something You Have + Something You Are + Biometric Something You Have + Something You Know + ID Card Something You Have Something You Know Key or Card PIN, Password Solutions

  11. Smart Cards Smart Cards PKI PKI Biometry Biometry Two Technologies Are not Enough • Requires Central Data base • Requires Trusted Terminals • Weak User-to-Card Authentication • Password & multi-Password issues • Lacks of Key Management • Weak User-To-Remote Site Authentication

  12. Three Technologies Working Together • Personal : you • Present • Difficult to forge • Convenience • Solves multi-pinsproblem • Hard to steal Smart Cards Biometry • Secure Storage • Portable • Personalized • Privacy • Processing • - Crypto • -Matching • Low-costinfrastructure • Transactionsworld PKI • Public Notary • Digital information • Usable on networks

  13. Biometrics for Identity Authentication and Verification

  14. Biometric Identification • Used to establish the claimed identity of an individual • Identity is used for background checks • Identity is compared to known identities (1 to many) • Ensures not previously enrolled under different Identity

  15. Biometric Identity Verification • Used to establish card holder is same person who initially enrolled • Can be • On line to central Database for match • Card as ID number • Off line – match locally • Card serves biometric or template • Off line – match-on-card • Card compares received biometric or template

  16. Umbrella Biometric Verification • Issuer enrolls everybody into system wide implementation specification • Selects Biometric Identification technology • Selects Biometric Identity verification technology • Issuer establishes Reference Biometric scheme • Match-on-card

  17. Delegated Biometric Verification • Initially card holder verifies using system wide Umbrella biometric verification credential • Once verified card holder is optionally allowed to enroll into local biometric system which is added to the card (e.g. template for off-card local match)

  18. Smart Card’s Biometric role • Using on board computer allows the card to • Authenticate external equipment • Serve raw biometric • Serve template biometric • Compute on-card-template-match

  19. The case against raw biometrics • Smart Cards can support Reference Template Biometrics as server or matching device. • Issuer does not need to maintain accessibility to Reference Biometrics other than for enrollment • Privacy, Security, System/User efficiencies • Template cannot be reverse engineered • Card does not carry raw reference Biometrics • Uses live biometrics for on card match or off card template Verification • Privacy, Security, convenience • Reduces Identity Theft

  20. Convergence of Smart Cards and Biometrics + Smart card capabilities have evolved Efficient Biometric algorithms have arrived

  21. Biometric Smart Card image Match on card Biometric Verification X.509 BIO certificate Storage X.509 Parsing & Verification “Stored” Biometric Template Processing Parameters Matching Parameters Biometric Terminal Biometric Capture “Livescan” Biometric Template Matching Score Biometric Processing Biometric Matching

  22. Smart ID Card markets • Corporate Badges • Schlumberger, Shell, Sun, Nissan, Merck… • Government employee • DoD CAC (>2M of 4.3M) • TSA TWIC • Treasury, GSA, DoI, NASA, GSA… • Government Issued to citizen • Passport • Drivers License • Permanent Resident / Boarder Crossing • Healthcare Entitlements

  23. Smart ID Card Usage Main components Contactless chip: used for Unified physical access for buildings and facilities, Local cafetaria payment e-purse Time attendance Sub-surface hidden RF chip with hidden antenna in body of card for Physical (building) Access Austin Contact chip: used for Digital Credentials processing, On-card-match verification of Biometric information, Computer logon, multiple password server e-purse secure email Secure web access Photo (Visual Biometric) Neville Pattinson Smart Cards Business Development Plastic Body Smart Card Secure Micro computer: User Authentication and Logical Access Security device & Security printing Security features: Holograms; Optical device; Security Printing used for Card Authenticity

  24. Smart Card Benefits • A Smart Card is a secure portable computer. • The “stored” biometric template is protected. • Smart Cards can verify biometric identities. • The biometric matching can be done in the smart card • Biometric Templates can be served off-card once external device is authenticated • Smart Cards can update the biometric reference. • The program inside the card can track “trends”.

  25. Smart ID Card Benefits • Smart Cards are excellent support for privacy. • No need for a central on-line data base of templates • On card Firewall for data protection • Only authenticated subjects obtain access to allowed objects • External trust must be proven • A Smart Card is a faithful digital signing companion. • After the card has authenticated its owner, applications in the card act on behalf of the cardholder (e.g. digital signatures)

  26. Biometric interoperability • Proprietary implementations • Inhibiting adoption • Need for multiple sources • Need for interoperability • How to solve? • Standards • Specifications • … • Consider what effect the Java Card introduction did to the smart card market

  27. Summary • Smart ID Cards can improve Privacy • Smart ID Cards incorporating match-on-card biometric card holder verification are the most cost effective, secure identity verification technology • Biometrics go hand in hand with Smart Cards.

  28. Thank You

More Related