Merkert Smart Cards and Bio Metrics

7/31/2019 Merkert Smart Cards and Bio Metrics

1/18

All Company and/or product names are trademarks and/or registered trademarks of their respective owners.

Smart Cards and Biometricsin Physical Access Control Systems

Robert J. Merkert, Sr.Vice President of Sales Americas

Biometric Consortium 2005 ConferenceSeptember 21, 2005


2/18

9/28/2005 Copyright SCM Microsystems Inc. 2

HSPD-12/FIPS 201/SP 800-73/SP 800-76 -1-

Homeland Security Presidential Directive 12(HSPD-12), issued on August 27, 2004, requiresthat the Federal credential the Personal IdentityVerification (PIV) card be secure and reliable. Thisis defined as a credential that Is issued based on sound criteria for verifying an

individuals identity

Is strongly resistant to identity fraud, tampering,

counterfeiting, and terrorist exploitation Can be rapidly authenticated electronically, and

Is issued only by providers whose reliability has been

established by an official accreditation process


3/18


HSPD-12/FIPS 201/SP 800-73/SP 800-76 -2- The Department of Commerce and the National Institute of

Standards and Technology (NIST) were tasked with

producing a standard for secure and reliable forms ofidentification.

In response, NIST published Federal InformationProcessing Standard Publication 201 (FIPS 201), PersonalIdentity Verification (PIV) of Federal Employees andContractors (February 25, 2005).

The FIPS 201 PIV Card is to be used for both Physical and

Logical access, as well as agency specific applications. FIPS 201 - PIV, part II specifies standards for implementing

identity credentials on integrated circuit cards (smart cards)for use in a Federal PIV system.


4/189/28/2005 Copyright SCM Microsystems Inc. 4

HSPD-12/FIPS 201/SP 800-73/SP 800-76 -3-

FIPS 201 requires that the PIV be a smart card.

The card must contain both contact and contactlessinterfaces, which may be provided by two separateintegrated circuit chips or by one dual-interface ICC.

The contact interface must conform to the ISO 7816specification.

The contactless interface must conform to the ISO 14443specification.

The card body is similar to a bank credit card and conformsto the ISO 7810 specification.



HSPD-12/FIPS 201/SP 800-73/SP 800-76 - 4 - Draft NIST Special Publication 880-76 (SP 800-76), Biometric

Specification for Personal Identity Verification, is referenced inFIPS 201 and currently states that, at a minimum, two

compressed fingerprint images must be stored on the PIV smartcard contact chip.

NIST SP 800-76 currently specifies the use of fingerprint imagesrather than templates because there is no current test data thatproves the interoperability of standards-based fingerprinttemplates. NIST expects test results in February, 2006.

This brings up three very important issues in the physical access

control area Time to read and process the image with the resultant wait time foraccess

The size of the integrated circuit chip being used 64K or 128K

Reader type required at access points



HSPD-12/FIPS 201/SP 800-73/SP 800-76 - 5 - Another issue that arises is the use by a specific agency to

place biometric templates on the contactless portion of the

smart card. This would be an agency specific implementation that is

permitted within the FIPS 201 guidelines. However, this

could result in the implementation a system that is notinteroperable with another agency. The system would beagency specific.

And yet another issue to be considered is how thebiometric matching is to be done Match on Card (MOC) Match on Reader

Match on Server


7/18


The Government Smart Card Int eragency Advisory Board (GSC-IAB)and the Physical Access Interagency Interoperability Working Group (PAIIWG)saw that the procurement of Physical Access Cont rol Systems (PACS)

and components required a standardized approach to ensure that governmentagencies deploy equipment that meet both their specific needs and, at thesame t ime, facilitate cross-agency interoperability.

The PACS 2.2 guidance specif ies that on a Federal Agency Smart Credent ial(FASC) that a standardized numbering scheme, called the Federal AgencySmart Credential Number (FASC-N) be used as the individual identifier.

The FASC-N is part of the Cardholder Unique Identification file (CHUID)

The FASC-N is t he pr imary i dent i f icat ion st r ing t o be used on al lgovernment issued credent ials.

Reference:

Technical Implementation Guidance:

Smart Card Enabled Physical Access

Control Systems Version 2.2

July 30, 2004

PACS 2.2 (2.3) Guidance


8/18


CHUID EF and FASC-N - CUID CHUID (EF 0x3000)

FASC-N (Tag 0x30) BCD digits

Agency Code 4 System Code 4 Credential Number 6 Credential Series 1

Individual Credential Issue 1 Person Identifier 10 Organization Category 1 Organizational Identifier 4

Person/Organization Association 1 GUID (Tag 0x34) Expiration Date (Tag 0x35) Authentication Key Map (Tag 0x3D)

Issuer Asymmetric Signature

CUID Card UniqueIdentifier


9/18


Smart Cards

Embedded computer chip that is either amicroprocessor with internal memory ormemory chip alone

Contact or contactless designs

Highly secure

On-card security functions Intelligent interactions with reader

Used worldwide in financial,

telecommunications, transit,healthcare, secure identification andother applications

Images courtesy of Gemplus


10/18


Available Combined Technologies

Different technologies can be combined:

125 kHz Proximity 14443A & 14443B, 15693

13.56MHz Smart cards

Contact smart cards Magnetic stripe Bar Code Photo Printing

Holograms Special inks ISO/IEC 7810, 7811, 7816,

Diagram court esy

Of HID Corporat ion

HSPD-12/FIPS201/SP 800-73 specifies ISO 14443 for the contactless interface


11/18


Biometrics: Added Value

Individual-unique biometricinformation

Fingerprints Hand geometry Retinal or iris patterns Facial patterns Voice prints

Biometrics used with cardtechnologies

Biometric information stored on theID card and verified with actualbiometric at point of interaction

Image courtesy of Gemplus

Currently FIPS 201/SP 800-76 specifies full image fingerprints for the card biometric


12/18


Typical Three-Factor Card Reader

ContactSmart Card

Reader

Fingerprint

sensor

Status LEDsindicating

Security Level

LCD display

Pinpad

Contact less readerAcoust ic alarm


13/18


Security Levels

PIN, Password

Something you know

Solutions

Security levels

Low

High

Something you have + Something you

know + Something you are

++

PIN,

Password

Something you have + Something you know

++

+


14/18


Access Control System Overview

Card

Reader

Control Panel

Door/Gate Lock

Access Control

Server Software

Database


15/18


Simplified Physical Access System

Access Control

Access Cont rol Readers and Cont rolled Doors

Badging Guard Workstat ion

LAN/IF

TCP/IPLAN/WAN

MODEM

RS-485

LAN/WAN

MODEM

Control

Panels

Servers

1 to 32Readers

RS-485

Wiegand

Simplified Physical Access System


16/18


Simplified Access Control Path

Access Control

Server

Control

Panel

Card

Reader

Smart

Card

Controlled Door

PACS 2.2 (2.3)

Card to ReaderSpecification

No Security

InterfaceSpecification

Simplified Access Control Path

Secure Channel Path

Secure Area

Unsecured Area


17/18


Concluding remarks

Smart Cards and Biometrics will play a significant role inthe Personal Identity Verification systems of the future

There are issues to be resolved in the definition of thesesystems but they are vigorously being worked on.

Biometric implementations will not be limited to physicalaccess; there will be applications of biometrics in logicalaccess systems.

Biometrics and Smart cards will be a strong partnership foryears to come.


18/18

All Company and/or product names are trademarks and/or registered trademarks of their respective owners.

Bob MerkertVice President Sales, Americas

[email protected]
mailto:[email protected]:[email protected]

Merkert Smart Cards and Bio Metrics

Documents

Transcript of Merkert Smart Cards and Bio Metrics