Card, mobile credential, payment and security
Use grows rapidly for this privacy-protecting technology
Match-on-card technology marries biometrics with smart cards, enabling users to not only carry their biometric with them but also match it on the card. This means greater privacy for the cardholder and the ability to authenticate without connection to a backend database.
In a traditional fingerprint biometric implementation, a user first establishes an identity in order to be added to the system. To do so, personal information is provided and fingerprints are scanned to create a template or vectorized representation of the image. The template captures the core aspects of the image and turns them into a representation that is much smaller and can be matched quicker, says Shahram Orandi, supervisory computer scientist at the National Institute for Standards and Technology (NIST).
In traditional biometric systems, templates are then stored in a central system along with the identifying information, says Shahram Orandi, supervisory computer scientist at the National Institute for Standards and Technology.
When a person is challenged to prove his identity, a finger has to be scanned and sent to the server. A template is then created and checked against the previously enrolled template.
The fundamental difference between this traditional biometric process and a match-on-card process is all about location. With match on card, the template is locked on the smart card and never leaves, explains Orandi.
To conduct the verification process, a user presents the card to either a contact or contactless card reader.
On the other end of that communications channel is a biometric sensor. Typically this is an integrated fingerprint reader or peripherally attached fingerprint sensor, says Patrick Grother, computer scientist at NIST's Information Technology Laboratory.
When a user places his finger on the sensor, it produces an image of the finger. The reader then extracts information from that fingerprint image in the form of minutiae points, and those points are bundled up into data packet and sent to the card for matching, says Grother.
The card executes a fingerprint comparison algorithm and produces a score revealing how similar the fingerprint sent to the card is with the one stored on the card. The card then renders a decision as to whether or not it's the same person, explains Grother.
A difference between match-on-card architecture and traditional match-on-server architecture comes in the type of algorithm you can run. "Sometimes with a remote server you've got more computational power, so you can run a different class of algorithms. Richer algorithms can run on computers than on cards," says Grother.
This is due to the fact that smart cards have limited computational capability. Grother explains that over time cards have gotten faster and more capable, but so to have desktop computers. "A card has a limited amount of working memory, and that turns out to be important for certain algorithms," says Grother.
Two standards oversee the majority of match-on-card functionality, ISO/IEC 19794-2 and ISO-7816, Grother says. ISO/IEC 19794-2 defines the bits and bytes for fingerprints in both match on card and match off card, says Grother.
Commands must be used to send and receive data from cards. The ISO 7816-11 and 7816-4 standards regulate this transmission, Grother says.
Although standards exist for biometrics and match on card, organizations can utilize proprietary closed systems that do not abide by standards at all, says Grother.
An integrator can help an organization implement the match-on-card process. To do this, an integrator needs to be aware of and perform smart card personalization for biometric data. The fingerprint live capture devices for both enrollment and verification need template conversion tools in order to convert the live template into a viable match-on-card template.
Integrators also need to be aware that fingerprint templates still need to be captured in standard RAW formats for safekeeping. Also, depending on the application, an integrator may need to develop or procure an AFIS or ABIS to perform de-duplication at enrollment, says Jonah Adams, strategy and group coordination at Nigerian-based Interswitch.
A challenge with traditional match on server, says Orandi, is what happens if the biometric image is stolen or intercepted along the communication channel. Because biometric identifiers are permanently attached to a person, the credential can't be cancelled once it's compromised. "It's the biggest risk of a biometric system," says Orandi.
Because match on card locks the data in the chip, lost or stolen cards pose minimal risks. Additionally, the biometric is never stored on a backend database so compromise at this level is also a non-issue.
With match on card the likelihood of data being intercepted is virtually eliminated. Because there is still communication between the card and the reader, Orandi says it is still possible but greatly diminished.
Still, match on card does presents some challenges.Once the card architecture and algorithm have been designed and manufactured, there’s no easy way to change or upgrade that architecture, says Orandi.
The computer on the card is also not as powerful as a full blown computer so the speed to establish the identity is reduced. Servers operate much more quickly, 10-to-100 times faster than a smart card, says Orandi. "Smart cards lose the speed race," he says. "But to counter that, you are able to make a match even if you can't reach the server."
A potential problem with this method, however, is that in the case of offline matching, there is no central authority to dictate permissions. Orandi gives the example of 9/11 and different people trying to gain access to the site, from legitimate first responders to unscrupulous individuals. Match on card would verify the person is who they say they are, but without tapping into a central authority, it would not be able to say whether the person was allowed to be there. A card would be able to hold permissions, says Orandi, but it can't revoke the information. "The server has the revocation list or hotlist," says Orandi.
NIST has determined that algorithms are not quite as good for match on card as they are for match on server. NIST's MINEX, or Minutiae Exchange, program looked at the commercial viability, accuracy and speed associated with off-card and on-card matching.
"The answer is 'not quite, but almost,'" says Grother. "There are algorithms, fewer of them, commercially available that run with accuracy approaching that of off-card matching."
In places where lack of infrastructure poses a problem, match on card can be an ideal solution. "In markets where infrastructure challenges impact a customer's ability to fully explore a server-side implementation, the preference is for the match-on-card options," says Interswitch's Adams. "Especially where flexibility of use and mobility in deployment is a critical factor."
