 For
many e-commerce applications, the identity of the transaction partners
must to ensured. Since passwords may be passed on to others, they unfortunately
offer no help in determining who actually provided a (digital) signature.
The Fingerprint ID Card which has been shown at CeBIT 99 is a future-oriented
solution that combines the biometric process of fingerprint verification
with established encryption procedures. The result is a universal card
which simplifies all business transactions requiring personal identification.
Moreover, the Fingerprint ID card will reduce the number of items users
need to carry with them every day; it can replace nearly everything from
smartcards, driver's license, ID cards, and keys. |
|
| The
Fingerprint ID card, a closed system, contains an integrated fingerprint
sensor, a processing unit and a non-volatile memory for the fingerprint
characteristics and data to be released on fingertip. Fingerprint characteristics
can be stored exclusively via the sensor interface and can by no means
be read out. In other words, the users' unique and inalterable biometric
data cannot be copied; nor can copied data be used. A challenge-and-response
procedure which runs on an encryption processor on the card is used to
inform the service provider that the card owner has been successfully recognized.
Because both the biometric fingerprint characteristics and the recognition
algorithms are completely hidden in the card, any hackers are doomed to
failure. |
|
|
|
| Another
important feature of the fingerprint ID card is the option of having the
card deactivated by a trust center, thereby increasing security in the
event that the card is lost. On the other hand, a user may possess an unlimited
number of cards. Cards can be deactivated thanks to the inseparable combination
of a unique key pair for asymmetric encryption and the unique biometric
characteristics of the card owner. While the biometric characteristics
are inalterable, the key pair, and hence the combination, can be changed.
The only condition is that a valid key pair be used (obtainable from the
trust center). Otherwise, even the card owner cannot use the card. |
|
| • |
No
compromising of fingerprint characteristics possible |
| • |
No
problem with vandalism, because the entire biometric unit is the property
of the card owner |
| • |
Extremely
high protection against manipulation |
| • |
Universal
applicability |
| • |
Two-pronged
approach to protection against card loss |
|
| • |
card
does not function without the correct fingerprint |
| • |
personal/public
key pair can be centrally deactivated |
|
| • |
No
data security problems as with central storage of fingerprint characteristics |
| • |
Inexpensive
card readers without special security requirements |
| • |
Card
dimensions: 85.6 mm x 54.0 mm x 3.3 mm |
| • |
Significantly
more robust and durable than normal smartcards |
|
A
cellphone clearly illustrates the improved security and convenience that
can be achieved using fingerprints. For cellphones, PINs (personal identification
numbers) are used to prevent unauthorized persons from accessing the wireless
network and incurring costs for the authorized user. Typically, a cellphone
user must enter the PIN as soon as the device is switched on. For security
reasons, only three attempts can be made to enter a PIN; if three incorrect
PINs are entered, the SIM card is disabled. Should a cellphone be misplaced
(a particularly critical situation if the cellphone is switched on), the
service provider can disable the SIM card at the user's request.
