D3.2: A study on PKI and biometrics

Title: CASE STUDY: SECURE STORAGE BIOMETRIC SMART CARDS

Biometrics is a key technology capable of providing non-repudiable authentication by positively linking a biometrics template collected at the enrolment time with live biometrics collected from the user. Two-form factor identification is more secure than a single biometrics-based access control (see section ). The possession of a certified card such as a smart card, a form of reliable and secure storage, is the obvious choice. The form factor is not only very convenient for carrying around, but the on-card generation and storage of cryptographic keys enhance both security and privacy capabilities. The most common form of synergy between smart card and biometrics exists in the form of the biometrics templates stored securely in the smart card at the time of enrolment where, during the process of authentication, the template is read back securely into the application. Even though this method is more secure than template storage on a secondary medium and does not involve any communication between the client and a server avoiding network traffic, the biometrics matcher can be still a security risk (see section and [KOC99]). Recently, a different kind of problem has also emerged.

Smart card systems to date have largely not been interoperable because applications have been built into a proprietary card and terminal operating systems. A series of open industry standards have been developed to address this problem, e.g., Java Card and Global Platform. The introduction of open standard smart card technology has allowed users to gain independence in choosing both smart card and terminal vendors thus allowing them to move away from inflexible and closed proprietary systems. This standardisation has already translated into significantly increased innovation and lower smart card system costs.

There has recently been considerable interest in providing a synthesis of current smart card open standard development with respect to biometric applications. A fingerprint-based application for access control utilising a match-on-card implementation using the recent JavaCard-BioAPI standard is briefly described below.

Java card and the JC-BioAPI

A general purpose smart card, including the Java Card, can be used as a secure storage subsystem for the biometric template. Typically, the biometric templates are generated on a secure client and stored on the card at the time of enrolment. During the process of authentication, the smart card needs to be presented and the application process first ensures that the card can be opened by the process of providing the verification code. Traditionally, the two main constraints impacting this type of application have been the amount of storage available [CAP01] for biometric templates and the speed at which these templates may be read from the card. However, technological developments now mean that these constraints are increasingly becoming less of an issue. However, this type of conventional, storage only option of the smart card has a security deficit in that the personal biometric templates leave the card and are outside of the secure environment of the smart card for the template matching operation. In order to improve the overall security and privacy of the system, the biometric matching should occur on the smart card and the final result cryptographically signed before being passed up to the higher level application. The on-card match function is thus particularly useful in terms of its addition to the overall security of the system. However, any such biometric matching algorithm will face significant constraints in the restricted resource environment that smart cards generally have. The matcher subsystem must use only limited amounts of dynamic memory and use as few computational cycles as possible. Typically the biometric feature extraction is never a candidate for implementation on a smart card because it involves complex signal processing operations that need to be performed in a relatively short amount of time.  

In response to the above requirements and recognising the need for application level biometric interoperability on the smart card platform, the Java Card Forum has proposed a Java Card Biometric API. This API addresses the requirement for the secure enrolment of a reference biometric on the java card with the ability to later perform a candidate biometric validation in such a way that the reference data is never exposed outside of the card. The standard has recognised the variety of biometric enrolment and matching algorithms that are both currently in use and being developed by industry. The result is a simple and compact API that supports multiple biometrics on a single card in such a way that application clients and biometric technology may be independently developed.  

Figure 4‑: Match-on-card architecture

The JC BioAPI is modelled on the Java Card PIN API and has a separate interface for matching and for enrolling. The architecture uses IBM’s Java Card Open Platform (JCOP) card with an ISO-14443 interface for non-contact readout of the templates.

shows the architecture of a typical Java Card BioAPI compliant application, which is divided into a server applet and a client applet. The server applet has management functionality which includes biometric enrolment, retry configuration and the provision of shareable interfaces through which one or more client applications can access biometric functionality such as query and match.

When the server applet is instantiated, it creates an instance of a BioTemplate for fingerprints and an instance of a BioTemplate for passwords. The password BioTemplate was included by the Java Card Forum in order to provide a common interface for using passwords either in a complementary fashion or as an alternative.