Merkert Smart Cards and Bio Metrics
Transcript of Merkert Smart Cards and Bio Metrics
-
7/31/2019 Merkert Smart Cards and Bio Metrics
1/18
All Company and/or product names are trademarks and/or registered trademarks of their respective owners.
Smart Cards and Biometricsin Physical Access Control Systems
Robert J. Merkert, Sr.Vice President of Sales Americas
Biometric Consortium 2005 ConferenceSeptember 21, 2005
-
7/31/2019 Merkert Smart Cards and Bio Metrics
2/18
9/28/2005 Copyright SCM Microsystems Inc. 2
HSPD-12/FIPS 201/SP 800-73/SP 800-76 -1-
Homeland Security Presidential Directive 12(HSPD-12), issued on August 27, 2004, requiresthat the Federal credential the Personal IdentityVerification (PIV) card be secure and reliable. Thisis defined as a credential that Is issued based on sound criteria for verifying an
individuals identity
Is strongly resistant to identity fraud, tampering,
counterfeiting, and terrorist exploitation Can be rapidly authenticated electronically, and
Is issued only by providers whose reliability has been
established by an official accreditation process
-
7/31/2019 Merkert Smart Cards and Bio Metrics
3/18
9/28/2005 Copyright SCM Microsystems Inc. 3
HSPD-12/FIPS 201/SP 800-73/SP 800-76 -2- The Department of Commerce and the National Institute of
Standards and Technology (NIST) were tasked with
producing a standard for secure and reliable forms ofidentification.
In response, NIST published Federal InformationProcessing Standard Publication 201 (FIPS 201), PersonalIdentity Verification (PIV) of Federal Employees andContractors (February 25, 2005).
The FIPS 201 PIV Card is to be used for both Physical and
Logical access, as well as agency specific applications. FIPS 201 - PIV, part II specifies standards for implementing
identity credentials on integrated circuit cards (smart cards)for use in a Federal PIV system.
-
7/31/2019 Merkert Smart Cards and Bio Metrics
4/189/28/2005 Copyright SCM Microsystems Inc. 4
HSPD-12/FIPS 201/SP 800-73/SP 800-76 -3-
FIPS 201 requires that the PIV be a smart card.
The card must contain both contact and contactlessinterfaces, which may be provided by two separateintegrated circuit chips or by one dual-interface ICC.
The contact interface must conform to the ISO 7816specification.
The contactless interface must conform to the ISO 14443specification.
The card body is similar to a bank credit card and conformsto the ISO 7810 specification.
-
7/31/2019 Merkert Smart Cards and Bio Metrics
5/189/28/2005 Copyright SCM Microsystems Inc. 5
HSPD-12/FIPS 201/SP 800-73/SP 800-76 - 4 - Draft NIST Special Publication 880-76 (SP 800-76), Biometric
Specification for Personal Identity Verification, is referenced inFIPS 201 and currently states that, at a minimum, two
compressed fingerprint images must be stored on the PIV smartcard contact chip.
NIST SP 800-76 currently specifies the use of fingerprint imagesrather than templates because there is no current test data thatproves the interoperability of standards-based fingerprinttemplates. NIST expects test results in February, 2006.
This brings up three very important issues in the physical access
control area Time to read and process the image with the resultant wait time foraccess
The size of the integrated circuit chip being used 64K or 128K
Reader type required at access points
-
7/31/2019 Merkert Smart Cards and Bio Metrics
6/189/28/2005 Copyright SCM Microsystems Inc. 6
HSPD-12/FIPS 201/SP 800-73/SP 800-76 - 5 - Another issue that arises is the use by a specific agency to
place biometric templates on the contactless portion of the
smart card. This would be an agency specific implementation that is
permitted within the FIPS 201 guidelines. However, this
could result in the implementation a system that is notinteroperable with another agency. The system would beagency specific.
And yet another issue to be considered is how thebiometric matching is to be done Match on Card (MOC) Match on Reader
Match on Server
-
7/31/2019 Merkert Smart Cards and Bio Metrics
7/18
9/28/2005 Copyright SCM Microsystems Inc. 7
The Government Smart Card Int eragency Advisory Board (GSC-IAB)and the Physical Access Interagency Interoperability Working Group (PAIIWG)saw that the procurement of Physical Access Cont rol Systems (PACS)
and components required a standardized approach to ensure that governmentagencies deploy equipment that meet both their specific needs and, at thesame t ime, facilitate cross-agency interoperability.
The PACS 2.2 guidance specif ies that on a Federal Agency Smart Credent ial(FASC) that a standardized numbering scheme, called the Federal AgencySmart Credential Number (FASC-N) be used as the individual identifier.
The FASC-N is part of the Cardholder Unique Identification file (CHUID)
The FASC-N is t he pr imary i dent i f icat ion st r ing t o be used on al lgovernment issued credent ials.
Reference:
Technical Implementation Guidance:
Smart Card Enabled Physical Access
Control Systems Version 2.2
July 30, 2004
PACS 2.2 (2.3) Guidance
-
7/31/2019 Merkert Smart Cards and Bio Metrics
8/18
9/28/2005 Copyright SCM Microsystems Inc. 8
CHUID EF and FASC-N - CUID CHUID (EF 0x3000)
FASC-N (Tag 0x30) BCD digits
Agency Code 4 System Code 4 Credential Number 6 Credential Series 1
Individual Credential Issue 1 Person Identifier 10 Organization Category 1 Organizational Identifier 4
Person/Organization Association 1 GUID (Tag 0x34) Expiration Date (Tag 0x35) Authentication Key Map (Tag 0x3D)
Issuer Asymmetric Signature
CUID Card UniqueIdentifier
-
7/31/2019 Merkert Smart Cards and Bio Metrics
9/18
9/28/2005 Copyright SCM Microsystems Inc. 9
Smart Cards
Embedded computer chip that is either amicroprocessor with internal memory ormemory chip alone
Contact or contactless designs
Highly secure
On-card security functions Intelligent interactions with reader
Used worldwide in financial,
telecommunications, transit,healthcare, secure identification andother applications
Images courtesy of Gemplus
-
7/31/2019 Merkert Smart Cards and Bio Metrics
10/18
9/28/2005 Copyright SCM Microsystems Inc. 10
Available Combined Technologies
Different technologies can be combined:
125 kHz Proximity 14443A & 14443B, 15693
13.56MHz Smart cards
Contact smart cards Magnetic stripe Bar Code Photo Printing
Holograms Special inks ISO/IEC 7810, 7811, 7816,
Diagram court esy
Of HID Corporat ion
HSPD-12/FIPS201/SP 800-73 specifies ISO 14443 for the contactless interface
-
7/31/2019 Merkert Smart Cards and Bio Metrics
11/18
9/28/2005 Copyright SCM Microsystems Inc. 11
Biometrics: Added Value
Individual-unique biometricinformation
Fingerprints Hand geometry Retinal or iris patterns Facial patterns Voice prints
Biometrics used with cardtechnologies
Biometric information stored on theID card and verified with actualbiometric at point of interaction
Image courtesy of Gemplus
Currently FIPS 201/SP 800-76 specifies full image fingerprints for the card biometric
-
7/31/2019 Merkert Smart Cards and Bio Metrics
12/18
9/28/2005 Copyright SCM Microsystems Inc. 12
Typical Three-Factor Card Reader
ContactSmart Card
Reader
Fingerprint
sensor
Status LEDsindicating
Security Level
LCD display
Pinpad
Contact less readerAcoust ic alarm
-
7/31/2019 Merkert Smart Cards and Bio Metrics
13/18
9/28/2005 Copyright SCM Microsystems Inc. 13
Security Levels
PIN, Password
Something you know
Solutions
Security levels
Low
High
Something you have + Something you
know + Something you are
++
PIN,
Password
Something you have + Something you know
++
+
-
7/31/2019 Merkert Smart Cards and Bio Metrics
14/18
9/28/2005 Copyright SCM Microsystems Inc. 14
Access Control System Overview
Card
Reader
Control Panel
Door/Gate Lock
Access Control
Server Software
Database
-
7/31/2019 Merkert Smart Cards and Bio Metrics
15/18
9/28/2005 Copyright SCM Microsystems Inc. 15
Simplified Physical Access System
Access Control
Access Cont rol Readers and Cont rolled Doors
Badging Guard Workstat ion
LAN/IF
TCP/IPLAN/WAN
MODEM
RS-485
LAN/WAN
MODEM
Control
Panels
Servers
1 to 32Readers
RS-485
Wiegand
Simplified Physical Access System
-
7/31/2019 Merkert Smart Cards and Bio Metrics
16/18
9/28/2005 Copyright SCM Microsystems Inc. 16
Simplified Access Control Path
Access Control
Server
Control
Panel
Card
Reader
Smart
Card
Controlled Door
PACS 2.2 (2.3)
Card to ReaderSpecification
No Security
InterfaceSpecification
Simplified Access Control Path
Secure Channel Path
Secure Area
Unsecured Area
-
7/31/2019 Merkert Smart Cards and Bio Metrics
17/18
9/28/2005 Copyright SCM Microsystems Inc. 17
Concluding remarks
Smart Cards and Biometrics will play a significant role inthe Personal Identity Verification systems of the future
There are issues to be resolved in the definition of thesesystems but they are vigorously being worked on.
Biometric implementations will not be limited to physicalaccess; there will be applications of biometrics in logicalaccess systems.
Biometrics and Smart cards will be a strong partnership foryears to come.
-
7/31/2019 Merkert Smart Cards and Bio Metrics
18/18
All Company and/or product names are trademarks and/or registered trademarks of their respective owners.
Bob MerkertVice President Sales, Americas
mailto:[email protected]:[email protected]