Under Homeland Security Presidential Directive 12 (HSPD 12), by this fall most federal employees and contractors will be using federally approved PIV cards to “authenticate” their identity when seeking entrance to federal facilities. In 2006 NIST published a standard* for the new credentials that specifies that the cards store a digital representation of key features or “minutiae” of the bearer’s fingerprints for biometric identification.
Under the current standard, a user seeking to enter a biometrically controlled access point would insert his or her PIV smart card into a slot—just like using an ATM card—and place their fingers on a fingerprint scanner. Authentication proceeds in two steps: the cardholder enters a personal identification number to allow the fingerprint minutiae to be read from the card, and the card reader matches the stored minutiae against the newly scanned image of the cardholder’s fingerprints.
In recent tests,** NIST researchers assessed the accuracy and security of two variations on this model that, if accepted for government use, would offered improved features. The first allows the biometric data on the card to travel across a secure wireless interface to eliminate the need to insert the card into a reader. The second uses an alternative authentication technique called “match-on-card” in which biometric data from the fingerprint scanner is sent to the PIV smart card for matching by a processor chip embedded in the card. The stored minutiae data never leave the card. The advantage of this, as computer scientist Patrick Grother explains, is that “if your card is lost and then found in the street, your fingerprint template cannot be copied.”
The NIST tests addressed two outstanding questions associated with match-on-cards. The first was whether the smart cards’ electronic “keys” can keep the wireless data transmissions between the fingerprint reader and the cards secure and execute the match operation all within a time budget of 2.5 seconds. The second question was whether the “match-on-card” operation will produce as few false acceptance and false rejection decisions as traditional match-off-card schemes where more computational power is available.
The researchers found that 10 cards with a standard 128-byte-long key and seven cards that use a more secure 256-byte key passed the security and timing test using wireless. On the accuracy side, one team met the criteria set by NIST and two others missed narrowly. The computer scientists plan a new round of tests soon to allow wider participation. For copies of the test report and details of the next test round, see the MINEX (Minutiae Interoperability Exchange Test) Phase II Web pages.
Notes:
*Federal Information Processing Standard (FIPS) 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors. March, 2006.
** P. Grother, W. Salamon, C. Watson, M. Indovina and P. Flanagan. MINEX II–Performance of Fingerprint Match-on-Card Algorithms, Phase II Report. NIST Interagency Report 7477, Feb. 29, 2008.
Source: National Institute of Standards and Technology
Related stories:
Software Helps Developers Get Started with PIV Cards
The National Institute of Standards and Technology has developed two demonstration software packages that show how Personal Identity Verification (PIV) cards can be used with Windows and Linux systems to perform logon, digital signing and verification, and other services. The demonstration software, written in C++, will assist software developers, system integrators and computer security professionals as they develop products and solutions in response to Homeland Security Presidential Directive 12 and the FIPS 201-1 standard.
Lexmark Color Laser Printers To Support Mentalix's Fingerprint Platform
Lexmark's C524 and C534 printing platforms will support Mentalix's CardPrint Application Program Interface, which will allow law enforcement agencies to print color imaging and fingerprint images onto blank card stocks.
Sandia fingerprinting technique demonstrates wireless device driver vulnerabilities
The next time you’re sipping a latte and surfing the Net at your favorite neighborhood wireless cafe, someone just a few seats away could be breaking into your laptop and causing irreparable damage to your computer’s operating system by secretly tapping into your network card’s unique device driver, researchers at Sandia National Laboratories in have concluded.
Probing Question: Is it safe to pay my bills over the Internet?
Managing your money is no easy task. While television commercials make it look easy to do all your banking online in just five minutes, on the next channel, insurance companies warn of crooks that will steal your identity and your money. What’s the deal? Is it safe to pay your bills online?
Review: Biometrics Technologies Measure Up (Part 1/3)
(Part 1/3) Biometrics technologies have come a long way from a slow start in the early 80s. Now they can be found almost anywhere and soon, almost everywhere.
Lenovo Unveils Industry's Thinnest and Lightest 14-inch Widescreen Notebook
Lenovo today announced the ThinkPad Z-Series, the first widescreen multimedia ThinkPad notebooks with integrated Verizon Wireless Broadband Access (WWAN). ThinkPad Z Series is designed for mobile and small business users who rely on one notebook computer for both work and life demands.
First 3G Smart-Card Handset
NTT DoCoMo, Inc. and its eight regional subsidiaries announced that they will market the FOMA® "F900iC", which is the first 3G smart-card handset that is compatible with i-mode FeliCa Service for
mobile wallet applications. Sales began on August 7, 2004.
TI Extends Fingerprint-based Security Products to Make Assessing Multiple Sensors and Evaluation Algorithms a Snap
To enhance the range of easy-to-use, affordable development tools for fingerprint-based security products, Texas Instruments Incorporated (TI) announced the availability of three new, smaller sensors from Atmel, AuthenTec and Fingerprint Cards. With the digital signal processor (DSP)-based Fingerprint Authentication Development Tool (FADT) platform, developers can choose from a range of TI's DSP Starter Kits to create a complete development environment in order to quickly and easily evaluate different fingerprint sensors and verification algorithms on the same platform.
