NIST shows on-card fingerprint match is secure, speedy
10 April, 2008
category:
Wireless match-on-card fingerprint trials have passed security and speed tests and barely missed, in two out of three instances, the accuracy tests, according to results released by the National Institute of Standards and Technology. Still, this match-on-card ID technology, designed for use in personal identification verification cards that many federal agencies must adopt this fall, does meet the agency’s standardized accuracy criteria, NIST reports.
NIST tested smart cards–10 with a 128-byte-long key and seven using the more secure 256-byte key–passed the security and timing test using wireless data transmissions. On the accuracy side, one batch of cards met the criteria set by NIST and two others narrowly missed. More tests with additional cards are planned soon.
According to HSPD-12, most federal employees and contractors will be using federally approved PIV cards to authenticate their identity when seeking entrance to federal facilities. In 2006 NIST published a standard for the credentials that specifies that the cards store a digital representation of key features of the bearer’s fingerprints for biometric identification.
Currently, anyone entering a biometrically-controlled access point would insert his or her PIV smart card into a slot and place their fingers on scanner. The cardholder then enters a PIN that enables his fingerprint information to be read from the card and the card reader matches the stored data against the scanned image of the cardholder’s fingerprints.
In the recent tests, NIST evaluated the match-on-card process in which biometric data from the fingerprint scanner is sent to the PIV smart card for matching by a processor chip embedded in the card. The stored data never leave the card. The advantage of this type of validation is that, if the card is lost or stolen, the fingerprint template on the card cannot be copied.
NIST sought answers to two questions: whether the smart cards’ electronic keys can keep the wireless data transmissions between the fingerprint reader and the cards secure and execute the match operation all within 2.5 seconds; and second, whether the match-on-card operation will produce as few false acceptance and false rejection decisions as traditional match-off-card schemes that require more computer power.