Presentation is loading. Please wait.

Presentation is loading. Please wait.

Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection.

Published byLexus Derry Modified over 10 years ago

Similar presentations

Presentation on theme: "Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection."— Presentation transcript:

1 Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe mvales@veridicom.cz May 9, 2001 CATE 2001 Security and Protection of Information

2 Slide 2 CATE 2001 - Security and Protection of Information Presentation Outline The problem of adding biometrics to smartcards How Match On Card (MOC) solves it The Potential Impact of MOC MOC specifications MOC in PKI applications Alternatives to MOC Summary and Conclusions

3 Slide 3 CATE 2001 - Security and Protection of Information Biometric data cannot be kept private PC is not secure PIN still necessary to unlock card No way to add stronger security than PIN Enrolled Biometric Data Operating System Private ROM Data Readable Public Data Smart Card Host PC SC Reader FP Processing SW FP template Match Y/N The Problem of Adding Biometrics to Smartcards

4 Slide 4 CATE 2001 - Security and Protection of Information Fingerprint Background Scan raw imageLocate minutiaeTemplate showing geometric relationship between minutia points is stored Minutiae data are unique and are the fingerprint processing standard

5 Slide 5 CATE 2001 - Security and Protection of Information Recognition Technology Minutiae detection Bifurcation Ridge Ending 2 fingers not more than 7 matching min. Usual fingerprint has around 30-40 min. Comparison - relative position of minutiae Allows rotation and translation 2,5 Kb template created (50 bytes per minutiae)

6 Slide 6 CATE 2001 - Security and Protection of Information Template generated on PC is matched on card Fingerprint template never leaves the smart card Card not unlocked unless finger matches Can be PIN supplement or replacement Still need to trust the reader or PC MOC Operating System Private ROM Data Private FLASH Data Smart Card Host PC SC Reader FP Processing SW FP template Enrolled Biometric Data MOC System using PC

7 Slide 7 CATE 2001 - Security and Protection of Information The Potential Impact of MOC Smart cards become easier to use (PIN replacement) Finally have a way to securely tie the card to its owner The user privacy is secured (users biometric data will never leave the card)

8 Slide 8 CATE 2001 - Security and Protection of Information Software program running on smartcard Designed for 8-bit low-cost smart cards 120 lines of C-code Object code < 2Kbytes RAM < 64 bytes Verification time 0.5 sec / successful match 2 sec / unsuccessful match Templates use about 2.5Kbytes / finger Uses non-proprietary input features (minutiae) MOC Specifications

9 Slide 9 CATE 2001 - Security and Protection of Information Standalone MOC System All fingerprint processing on card with FP sensor on reader MOC Operating System Private ROM Data Private FLASH Data Smart Card Host PC FP Processing Firmware Signed FP template Enrolled Biometric Data Smart SC & FP Reader Challenge/Response

10 Slide 10 CATE 2001 - Security and Protection of Information Fingerprint used to authorize operations with the users private key Smartcard securely stores: Users digital certificates Associated private keys The biometry guarantees who is using the smartcard MOC in PKI Applications: PKI + Smartcards + Biometry

11 Slide 11 CATE 2001 - Security and Protection of Information Alternatives to MOC: PIN only (current systems) Benefit: status quo costs nothing to implement Drawbacks: Cant tie user to card. Does not provide strong security. Process-On-Card Everything-On-Card

12 Slide 12 CATE 2001 - Security and Protection of Information Alternative to MOC: PROC Process-On-Card: all fingerprint software, including image processing, runs on card Signed FP images are sent into card from the reader Higher cost (likely needs 16 or 32 bit card to work reliably) Not much more secure than MOC (still have to send in signed biodata)

13 Slide 13 CATE 2001 - Security and Protection of Information Alternative to MOC: EVOC Everything-On-Card: sensor and all FP software runs on card Very secure but very expensive All sorts of production issues Smartcard durability, flexibility, etc.

14 Slide 14 CATE 2001 - Security and Protection of Information Summary and Conclusions MOC is the first secure way of adding fingerprint security to smart cards MOC can replace or supplement the PIN MOC adds encryption capabilities and PKI to the biometrics Thanks to the encryption support biometry can now be integrated into complex security applications: File encryption, digital signatures, remote authentication, VPNs, …

Download ppt "Match On Card Technology and its use for PKI Mgr. Miroslav Valeš Sales Manager Eastern Europe May 9, 2001 CATE 2001 Security and Protection."

Similar presentations

Copyright © 2003 Pearson Education, Inc. Slide 11-1.

Copyright © 2003 Pearson Education, Inc. Slide 11-1.
Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.

Confidential 1 Phoenix Security Architecture and DevID July 2005 Karen Zelenko Phoenix Technologies.
Cerner Presentation to S&I esMD Workgroup – Industry Scan

Cerner Presentation to S&I esMD Workgroup – Industry Scan
SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.

SeND Hash Threat Analysis CSI WG Ana Kukec, Suresh Krishnan, Sheng Jiang.
1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.

1 ABCs of PKI TAG Presentation 18 th May 2004 Paul Butler.
Security of JavaCard smart card applets Erik Poll University of Nijmegen

Security of JavaCard smart card applets Erik Poll University of Nijmegen
Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.

Trusted Symbol of the Digital Economy 1 Bill Holmes – VP Marketing ID Platform - Smart Cards.
2014/6/2 Giga-Tms 1 The latest Biometric Technology.

2014/6/2 Giga-Tms 1 The latest Biometric Technology.
Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.

Gareth Ellis Senior Solutions Consultant Session 5a Key and PIN Management.
12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone: 077 8683 6764.

12 November 2002Digital Identity Forum – London Biometrics and ID Bill Perry Independent Consultant Phone:
Securing e Government Public Key Infrastructure

Securing e Government Public Key Infrastructure
MONEY PAD THE FUTURE WALLET

MONEY PAD THE FUTURE WALLET
Biometrics: Fingerprint Technology Calvin Shueh Professor Stamp CS265.

Biometrics: Fingerprint Technology Calvin Shueh Professor Stamp CS265.
Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.

Avoid data leakage, espionage, sabotage and other reputation and business risks without losing employee performance and mobility.
Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.

Securing Critical Unattended Systems with Identity Based Cryptography A Case Study Johannes Blömer, Peter Günther University of Paderborn Volker Krummel.
Lecture 6 User Authentication (cont)

Lecture 6 User Authentication (cont)
 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.

 Physical Logical Access  Physical and Logical Access  Total SSO and Password Automation  Disk/Data Encryption  Centralized management system  Biometric.
1 GP Confidential ©2013 1 GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)

1 GP Confidential © GlobalPlatform’s Value Proposition for Mobile Point of Sale (mPOS)
Automatic Fingerprint Acquisition System An example employing Hardware-Software Co- Design - Komal kasat Nalini Kumar Gaurav Chitroda.

Automatic Fingerprint Acquisition System An example employing Hardware-Software Co- Design - Komal kasat Nalini Kumar Gaurav Chitroda.
Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.

Fuzzy Vaults: Toward Secure Client-Side Matching Ari Juels RSA Laboratories 10th CACR Information Security Workshop 8 May 2002 LABORATORIES.

Similar presentations

Ads by Google