Eliminating Traditional Card-Only Authentication With a Biometric Card

zwipe logo

[ Contributed by Kim Humborstad, CEO of Zwipe ] Yet, the biometric card works seamlessly with the ISO 14443 reader infrastructure – All of the recent news reports about the mishandling and hacking of card information has made both consumers and institutions more leery of using a card only to verify the card holder, especially at openings that need a higher level of security.

There is an increasing demand for an affordable way to use biometrics to authenticate the card holder without having to replace already-installed readers and equipment.

This is especially important for those concerns that have only a few such high security openings and need to authenticate only the employees authorized to enter those entrances. What’s being done today is unacceptable.

In today’s world, it has become very important that organizations start changing the password from something you know or something you carry to something you are.  

The foundation of a password or PIN only security system is fraught with potential failings, from the aggravation of needing to continually change your password to someone outright hacking it.

If your password becomes your fingerprint, it is not only more convenient, but also more secure.

There is a similar problems with cards. All that a card —barcode, magnetic stripe, proximity or smart— verifies is that, yes, this is the right card.

It has no idea if it is being presented by the right person.

Yes, a biometric template carried within the card could help solve that problem but at what expense?

To do so, it needs a biometric reader, an additional piece of hardware, raising the infrastructure cost to do what the card should be doing in the first place, verifying who is trying to enter.

Why not put biometrics directly on the smart card? There would be no additional hardware to buy and the smart card wouldn’t work unless verified by the authorized person’s thumbprint on the card.

With a biometric card, the organization would reap all of the security and access control advantages of the smart card plus biometrics.

That’s what differentiates a biometric card’s two-factor authentication technology.

It is implemented entirely on a card platform. The fingerprint scanner is visible on the card surface and when you touch the scanner you activate an algorithm in the card, which will perform a match query with a template also stored on the card.

Not only is the biometric verification process executed on the card, but the users biometric information is stored only on the card.

This eliminates the need to maintain an external database, which itself can be costly and vulnerable to hackers.

Once a positive match is completed, the card releases a contactless communication string to a standard 14443 card reader for access control.

This card communication is directly compatible with most contactless terminals in the industry, making the process of upgrading to biometrics both economically and operationally accessible.   

The Biometric Card
A contactless smart or proximity card credential with on-card fingerprint reading provides all the assets of the card and eliminates its most glaring deficiency, knowing who is holding it.

The biometric card quickly reads the user’s fingerprint in less than a second.

Eliminating the problems of solely deploying PINs and standard cards, the wirelessly powered biometric card lets users authenticate themselves directly on the card through something they are, a fingerprint or thumbprint.

Only then will the card system activate the lock.

This is much more secure than simply using a standard card, which verifies only something the user carries.

An on-card fingerprint scanner with 3D capacitive technology resides on the contactless card which has universal compatibility with all ISO 14443 readers from the leading brands.

The biometric card is DESFIRE EV1 and MIFARE Classic compatible.

Without having to change out an organization’s existing card readers, the biometric card provides an easy, low cost way for organizations to provide a biometric upgrade to access control systems using smart card readers or multi-technology readers that also read smart cards.

Thus, the biometric card is more secure to use than other available ID and authentication solutions on the market today.

The fingerprint data is captured by the on-card fingerprint scanner and is thereafter encrypted and stored only inside the card.

No exchange of data is conducted with external systems. This provides secure template management since the fingerprint never leaves the card.

It also eliminates user concerns with privacy issues. The card is unique to the user and only the authorized card holder can activate card communication with the reader.

When a positive match occurs, the biometric card activates encrypted communication with the lock or reader in the same way as other ISO 14443 contactless smart cards.

Problem Solved

Only biometrics authenticates “who” is at the door. In a perfect world, facilities would feature biometrics readers at every door that could use higher security, even though only a few people need access.

Of course, that would mean ripping out the present card readers, budgeting additional money for new biometric readers, and ensuring that the biometric integrates into their present access control system.

A fingerprint scanner on a contactless proximity or smart card lets these users authenticate themselves directly on the card. There is no additional hardware to buy.

Since the integration of a fingerprint scanner on the iPhone 5s, the market has been buzzing about other applications, such as mobile banking, mobile payments, and government identification.

Mobile payments, in particular, are under increased scrutiny as a result of recent retail data breaches.

Will passwords be gone in five years? Unlikely, but biometric card technology is not simply about eliminating passwords, but about creating more secure transactions.

Over time, consumers will begin to be more comfortable with the technology and realize it is both more secure and easier to use.

For today, though, no longer will organizations need to worry if someone not authorized to enter is using another person’s ID card.

With the biometric directly on the card, they can be assured that the only people getting in are those authorized to do so.