Smart Cards and Biometrics: Use Cases
Smart cards are widely acknowledged as one of the most secure and reliable forms of electronic identification. To provide the highest degree of confidence in identity verification, biometric technology is considered to be essential in a secure identification system design. Combining smart card technology with biometrics provides the means to create a positive binding of the smart card (a difficult-to-clone token) to the cardholder thereby enabling strong verification and authentication of the cardholder’s identity.
Using smart cards with biometrics results in a trusted credential for authenticating an individual’s identity using one-to-one biometric verification. With the biometric template stored on the smart card, comparison can be made locally, without the need for connection to a database of biometric identifiers. Since all biometric matching takes place using templates, it is unnecessary to store complete biometric image data on the smart card. With the latest secure smart card microcontrollers, sufficient on-card processing power and memory exist to perform the biometric match directly within the logic of the smart card instead of within the reader device. This biometric match-on-card approach can provide an even more private and secure identity verification system.
Identity credentialing programs worldwide are implementing a combination of biometrics and smart cards. The following are case studies of programs using smart cards and variety of biometric technologies for identity verification.
Singapore Immigration Automated Clearance System
The Government of Singapore has implemented a smart card-based immigration self-clearance system using fingerprint biometric technology at 25 entry checkpoint locations around the island country. The system is called the Immigration Automated Clearance System (IACS) and is administered by the Singapore Immigration and Checkpoints Authority (ICA). The ICA is responsible for the security of Singapore’s borders against the entry of undesirable persons and cargo through land, air and sea checkpoints. ICA also performs immigration and registration functions, such as issuing travel documents and identity cards to Singapore citizens, and issues immigration documents to foreign permanent residents.
The objective of the system is to provide an efficient and secure immigration clearance process at various entry points thereby allowing citizens to have “express” immigration clearance. Frequent travelers who wish to use IACS can apply for a personalized smart card which stores the cardholder’s fingerprint data. When a citizen or foreign permanent resident cardholder enters Singapore, the card is inserted into a reader at a kiosk and the presented fingerprint is matched against the fingerprint data stored on the card. If the match fails, the traveler is directed to secondary screening. IACS has also been expanded to allow the use of machine-readable passports at the kiosks as long as the passport holder’s fingerprints have been registered in the ICA database. This implementation is known as the Enhanced Immigration Automated Clearance System (eIACS).
IACS has been implemented at two major land entry points that connect to Singapore via causeway from Malaysia. These entry points handle large volumes of bus, car and motorcycle travelers. In addition, IACS checkpoints are placed at airport terminals, cruise terminals, ferry terminals, and other port facilities. In 2009, the ICA processed 74 million arriving passengers. The ICA issues about 100,000 ID smart cards and 500,000 passports each year. More information on the system is available on the ICA web site at http://www.ica.gov.sg/page.aspx?pageid=196.
Canadian Airport Restricted Area Identification Card
In 2004, the Canadian Air Transport Security Authority (CATSA) was assigned responsibility to develop a Restricted Area Identification Card (RAIC) program for airport employees at the 29 major Canadian airports. RAIC is designed to allow individual airports to control where users may access restricted areas and to enhance security during heightened threat levels. The RAIC is a biometrically-enabled HID iClass® smart card that is designed for use by airport workers seeking entry to restricted areas through automated or guarded access portals and vehicle gates. The RAIC is also read using portable readers at pre-board screening areas to validate employee identity and credentials prior to screening.
Applicants must first complete a security clearance screening process conducted by Transport Canada, including submitting biographical data and fingerprinting for a criminal record check and national security check. Once an applicant has successfully completed the background screening process, Transport Canada will issue a Document Control Number and CATSA will approve the issuance of the RAIC. The airport conducts the enrollment process and generates the RAIC with embedded biometrics and a unique identification number. Fingerprint and iris biometric data are collected from the applicant along with biographical data and the applicant’s facial photo. CATSA chose to store the biometric data on the smart card as opposed to a database option. The smart card has an embedded chip with a contactless interface, a variable data strip, a magnetic strip and physical security features. As a result, many existing airport functions can be combined on a single card.
RAIC allows users working at multiple airports and aircrew personnel to use a common biometric identity system to enhance national security. Transport Canada and CATSA manage a centralized database allowing real-time management and revocation of RAICs. Airports receive real-time notification from CATSA if an RAIC is cancelled or revoked and can remove the user from their local physical access control system (PACS) to deny access. It should be noted that the airport authority controls user access to restricted areas. More than 100,000 Canadian airport employees are enrolled in the RAIC program and RAIC is implemented across 29 Canadian airports. Because this is a “closed” system, the biometric template data stored on the RAIC can be in the proprietary template form. While this supports a level of interoperability among locations, it is not the same as “open” interoperability achieved when using interoperable standard templates.
It should be noted that a number of U.S. airports have also implemented biometrics and smart card technology for physical access to restricted areas. Examples include San Francisco International Airport, Chicago O’Hare Airport, and Seattle-Tacoma International Airport.
Amsterdam Schiphol Airport
Schiphol Airport in Amsterdam, Netherlands, pioneered the use of iris recognition in the airport environment. Long before the post 9/11-security frenzy, Schiphol planned for biometric-based access control to secure restricted areas within the airport environment, ensure efficient airport operations, and comply with all appropriate regulations by the most cost-effective means possible. Not only did Schiphol’s operators want to improve security, they wanted to improve the user security experience as well. Accurate, reliable, and quick-and-easy identification and authentication were considered critical to meeting these objectives. Iris recognition was selected as the access control biometric modality of choice in the process re-engineering employed to streamline, automate, and optimize staff badging and credentialing at Schiphol Airport.
Schiphol’s workforce includes 60,000 airport workers employed by more than 500 companies. The goals of the iris-based biometric access control system were to: 1) prevent transferability of access cards and PINs; 2) reduce errors associated with the “human” identification processes; 3) automate security functions to the greatest extent possible; and 4) increase user convenience. In addition, stringent privacy policies were applied. These policies included matching of the biometric on a smart card with no centralized template storage, overt user participation (e.g., no distance or surveillance iris capture), built-in identity theft protection, encrypted data storage on the smart card and in the communication between the card and readers to prevent skimming, and use of private, highly secure keys.
The access control solution at Schiphol relies on a unique combination of iris recognition and weight measurement to access and pass through a “mantrap” portal. The authorization to open the first door is based on validation of the smart card and verification of the iris pattern on the card with the cardholder. A second iris verification along with weight measurement (obtained via a scale embedded in the portal) opens the second door.
The access control system at Schiphol went live in 2004 and became fully operational in 2006. Today, Schiphol processes 60,000 accesses per day across 110 access control points with an average throughput of eight seconds and a rejection rate of less than one percent. As a result, Schiphol has experienced improved accuracy of verification over the previous system and extremely high user acceptance of this contactless, hygienic, and rapid access control solution.
University of Arizona Keyless Access Security System
The University of Arizona (U of A) located in Tucson, Arizona, USA, is a public research university serving the citizens of Arizona and beyond. The mission of U of A is to provide a comprehensive, high-quality education that engages its students in discovery through research and broad-based scholarship. Founded in 1885, U of A has 37,000 undergraduate, graduate, professional and medical students and 12,000 employees.
The U of A has established a campus-wide unified Keyless Access and Security System Program to better manage its resources and facilities. This system allows the use of a biometric contactless smart card called the “CatCard” for access to university facilities by students, faculty, staff, and affiliates. The focus of the system is to address the issues of loss prevention and personal safety and to provide convenience through the use of standardized technology. The system was launched in 2006 as an optimized one-card concept to replace several independent access control systems installed on the U of A campus. The system is supported by comprehensive policy and standards so that it is uniformly integrated with all new construction, remodeling or other building programs. The system includes a computerized control center to manage, process, record, and notify appropriate response agencies as needed. The CatCard is the official University of Arizona identification card.
The card features a digitized photo, digitized signature, contactless smart chip, and magnetic stripe. Today there are approximately 800 door access readers, of which 215 utilize contactless smart chip technology. 75,000 active cardholders use their CatCards at 182 facilities to gain access to a variety of buildings, labs and general use areas that would have required the issuance of keys in the past. Along with reducing the number of keys issued, a comprehensive audit trail is available to review access transaction history by authorized management personnel. The U of A has established standardized incident response protocols to allow the University of Arizona Police Department (UAPD) to respond to a specific location rather than a general building location. The system is also integrated with digital video security cameras throughout the campus to allow UAPD to observe various locations in real-time directly from the UAPD dispatch center. This also provides an easy audit trail of historical information for later use.
According to the U of A, one of the benefits of using a contactless smart card is that it reduces wear and tear on the card and minimizes the cost of replacing worn or damaged cards. To protect cardholder privacy, the student or employee ID number is not printed on the surface of the CatCard. Instead, a randomly assigned 16-digit unique identifier (called the ISO number) is used to identify all cardholders. This unique identifier facilitates services associated with the CatCard.
A contactless smart chip is embedded into the CatCard. It is a multi-application chip that has the capability to store a prepaid value directly on the card as well as biometric data. Photos and signatures are stored in the card management system, and fingerprint template data is obtained during enrollment and stored digitally on the card. The photo and signature are also printed on the face of the CatCard for identification purposes. Digital storage of this information in the card management system allows efficient and quick card replacement in case a card is ever lost, damaged or stolen, and provides an additional means to identify persons requesting replacement cards.
In addition to physical access to facilities, the CatCard has the following uses:
- Bursar (financial) account authorization
- Prepaid purchase of printing and copying
- Library privileges
- Campus recreation center access
- Prepaid parking and transportation services
- Identification and status verification
- U of A athletics pass verification
- Meal plans
- Automated teller machine (ATM) access and PIN-based debit purchase (when the Cat Card is linked to a bank account)
Fingerprint biometric data stored on the card is verified against the presented biometric of the cardholder for access to high security/high risk facilities.
U.S. FIPS 201 Personal Identity Verification (PIV) Card
In August 2004, President George W. Bush issued the Homeland Security Presidential Directive 12 (HSPD-12), “Policy for a Common Identification Standard for Federal Employees and Contractors,” which directed the promulgation of a Federal standard for secure and reliable forms of identification for Federal employees and contractors. This standard applies to identification issued by Federal departments and agencies to Federal employees and contractors for gaining physical access to Federally controlled facilities and logical access to Federally controlled information systems (except for national security systems). HSPD-12 further specifies secure and reliable identification that:
- Is issued based on sound criteria for verifying an individual employee’s identity
- Is strongly resistant to identity fraud, tampering, counterfeiting, and terrorist exploitation
- Can be rapidly authenticated electronically
- Is issued only by providers whose reliability has been established by an official accreditation process.
Information for both Federal employees and contractors is held on a Personal Identity Verification (PIV) card. The PIV card is personalized with identity information for the individual to whom the card is issued. It allows identity verification to be performed by both humans and automated systems. Humans can use the physical card for visual comparison, whereas automated systems can use the electronically stored data on the card to conduct automated identity verification. The PIV card’s smart card chip stores personal information, including biometric data. (It is best practice to digitally sign biometric data to prevent fraudulent tampering with or replacement of the biometric identifier.) When the smart card is inserted into a contact reader and a PIN is entered, the cardholder’s fingerprint will be matched with the fingerprint template stored on the PIV card. If the match is verified, the system gives the cardholder access to Federal buildings or networks (if logging on to a computer), depending on the access privileges that have been assigned to that person.
As of September 1, 2010, the White House reported that 3,536,315 PIV cards have been provided for Federal employees and 1,062,201 PIV cards have been issued to contractors and others requiring access.
U.S. Department of Defense Common Access Card
The Common Access Card (CAC) is a United States Department of Defense (DoD) smart card issued as standard identification for active duty military personnel, selected reserve personnel, DoD civilian employees, eligible contractor personnel, eligible Federal personnel, and other DoD-sponsored eligible populations. The CAC is used in several ways, including as a general identification card, for authentication to access DoD computers, networks, and certain DoD facilities, as well as serving as an identification card under the Geneva Conventions. The CAC enables encrypting and cryptographically signing email, facilitates the use of public key infrastructure (PKI) authentication tools, and establishes an authoritative process for the use of identity credentials.
As of 2008, approximately 3.5 million active CACs were in circulation. DoD has deployed an issuance infrastructure at over 1,000 sites in more than 25 countries around the world and is rolling out more than 1 million card readers and associated middleware. In compliance with HSPD-12, the DoD began issuing its next-generation CAC in October, 2006. Pursuant to the President’s mandate, the new HSPD-12 compliant card contains advanced technology (including biometrics), which enhances the security of Federally controlled facilities and computer systems.
To receive a next-generation CAC, all eligible personnel must be entered into the Defense Enrollment Eligibility Reporting System (DEERS). To establish a DEERS record, all personnel must undergo proper identity vetting. Once vetted the applicant makes an appointment with a Real-Time Automated Personnel Identification System (RAPIDS) operator and provides two forms of identification to authenticate identity. Both IDs must be among those listed on the I-9 Form; one must bear a photo (e.g., passport, driver’s license). A current/unexpired CAC is considered a valid form of ID. During enrollment, the RAPIDS operator confirms the applicant’s identity and the applicant provides fingerprints and facial photograph, and creates a PIN to use with the card.
U.S. Transportation Worker Identification Credential (TWIC)
The Transportation Worker Identification Credential (TWIC) is a tamper-resistant biometrically-enabled smart card that is issued to all transportation workers that require unescorted access to secure areas of U.S. regulated maritime facilities and vessels. These populations include but are not limited to:
- Non-credentialed mariners in vessel crew
- Facility employees who work in a secure area
- Drayage truckers
- Truckers bringing/picking up cargo at a facility
- Port chaplains
- Other maritime professionals
TWIC was established by the U.S. Congress through the Maritime Transportation Security Act (MTSA) and is jointly administered by the Transportation Security Administration (TSA) and U.S. Coast Guard. The TWIC program began enrollment and issuance at the Port of Delaware in October, 2007. The TWIC program was established in response to identity management threats and vulnerabilities identified in the U.S. transportation system. Threat examples include the following:
- Inability to positively identify individuals who seek to gain unescorted access to secure areas of the transportation system.
- Inability to assess the threat posed to the transportation system by those who seek or have unescorted access to secure areas of the transportation system due to a lack of background information, or the lack of uniformly determined background information.
- Inability to protect current worker credentials against fraud.
The TWIC process requires that the identity of each TWIC applicant has been verified, that a security threat assessment has been completed on that identity, and that each credential issued is linked to the rightful holder through the use of biometric technology. Local maritime facility and vessel operators may then choose to grant access to those persons who have been issued a valid TWIC.
Each applicant for a TWIC must provide biographic information, identity documents, and biometric information (i.e., fingerprints), sit for a digital photograph, and pay the established TWIC fee. TSA sends pertinent parts of the enrollment record to the FBI, as well as within DHS, so that appropriate terrorist threat, criminal history, and immigration checks can be performed. TSA reviews the results of the checks to determine if the person poses a security threat and notifies the applicant of the results. When TSA determines that an applicant qualifies to receive a TWIC, a credential is produced and sent to the enrollment center at which the applicant applied. The applicant must return to the enrollment center for issuance and activation of the TWIC. Possession of a TWIC does not guarantee access to secure areas because the owner/operator controls which individuals are granted unescorted access to the facility or vessel. Rather, the TWIC is a secure, verified credential that can be used in conjunction with the owner/operator’s risk-based security program that is required in security regulations issued by the Coast Guard.
At this writing, TSA was in the process of completing a series of field pilot tests of TWIC biometric and card reader devices (both fixed and handheld) at several major port facilities across the U.S. This pilot test will measure the impact on commercial maritime operations when using the TWIC card for automated access control as well as test the performance of the technology in the challenging maritime environment. It is expected that the U.S. Coast Guard will issue regulations requiring use of TWIC readers by the end of 2012. As of January 1, 2011, over 1.7 million TWIC cards have been activated and issued.
The electronic passport, or ePassport, is the same as a traditional passport book with the addition of a small, embedded integrated circuit (i.e., smart card chip). In the United States and many other countries, the chip is embedded in the back cover. The chip stores:
- The same data visually displayed on the data page of the passport
- The passport holder facial image photo stored in digital form
- The unique chip identification number
- A digital signature to detect data alteration and verify signing authority
- Additional data, as defined by specific issuing governments
- Standards for the ePassport have been established by the International Civil Aviation Organization (ICAO) and are followed by all countries implementing ePassports. All ePassports can be recognized by an internationally recognized symbol that is printed on the front cover. This electronic passport symbol identifies the passport as an ePassport. The symbol is also displayed at border crossing stations that have the capability to process ePassports.
All ePassports follow the common ICAO standard. However, countries implement ePassport programs according to their specific policies and may implement different options specified in the standard including the addition of fingerprint and iris biometric identifiers. This results in differences among country implementations of ePassports even though they all conform to the ICAO specification.
Extended Access Control (EAC) is the additional security access mechanism defined in the ICAO ePassport specification to meet data protection requirements and to help protect the privacy of additional biometric data (for example, fingerprints and iris identifiers). Implementation is planned in future generations of ePassports and will be country-specific. EAC also ensures that access to biometric data is only possible if allowed by the issuing country. EAC uses additional cryptographic mechanisms to protect biometric data from being retrieved without proper authorization. An ePassport equipped with EAC protects the additional biometric data using encryption. Each ePassport will have unique keys to protect access to the sensitive information. With the help of EAC, ePassport readers at ports of entry can be authorized to read data, and selective access rights can be defined. The retrieval of fingerprints requires sovereign powers (e.g., the permission of the country which issued the ePassport). EAC makes it possible to define whether an authorized entity is able to access the additional information.
The following is a list of countries who currently issue or have plans to issue EAC ePassports: Albania, Armenia, Australia, Bosnia and Herzegovina, Brunei, Canada, Croatia, Dominican Republic, Iran, Iraq, Malaysia, Sovereign Military Order of Malta, Moldova, Montenegro, Morocco, New Zealand, Nigeria, Singapore, Switzerland, Tajikistan, Thailand, Turkey, Turkmenistan, and Venezuela.
About this Article
This article is an extract from the new Physical Access Council and white paper, Smart Cards and Biometrics. The white paper provides an overview of biometrics technology, discusses how it’s used for identification and verification, and describes the benefits of using smart cards and biometrics to enable strong verification and authentication of the cardholder’s identity. The white paper includes eight case study examples of identity verification systems that combine smart cards and biometrics.
Council members involved in the development of this white paper included: AMAG Technology; Booz Allen Hamilton; CSC; Datacard Group; Datawatch; Diebold Security; General Services Administration (GSA); Hewlett-Packard; HID Global; Hirsch Electronics; IDenticard; Identification Technology Partners: IDmachines; Intellisoft, Inc.; IrisID; L-1 Identity Solutions; NagraID Security; NASA; Probaris, Inc.; Roehr Consulting; SCM Microsystems; Software House / Tyco; U.S. Dept. of Defense/Defense Manpower Data Center (DMDC); U.S. Dept. of State; XTec, Inc..
About the Physical Access Council
The Smart Card Alliance Physical Access Council is focused on accelerating widespread acceptance, use, and application of smart card technology for physical access control. The Council brings together leading users and technologists from both the public and private sectors in an open forum and works on activities that are important to the physical access industry and address key issues that end user organizations have in deploying new physical access system technology. The Physical Access Council includes participants from across the smart card and physical access control system industry, including end users; smart card chip, card, software, and reader vendors; physical access control system vendors; and integration service providers.