Smart Card and Biometrics
Publication Date: March 2011
Biometric technologies are defined as automated methods of identifying or verifying the identity of a living person based on unique biological (anatomical or physiological) or behavioral characteristics. Biometrics can provide very secure and convenient verification or identification of an individual since they cannot be stolen or forgotten and are very difficult to forge.
Smart cards are widely acknowledged as one of the most secure and reliable forms of electronic identification. To provide the highest degree of confidence in identity verification, biometric technology is considered to be essential in a secure identification system design. Combining smart card technology with biometrics provides the means to create a positive binding of the smart card (a difficult-to-clone token) to the cardholder thereby enabling strong verification and authentication of the cardholder’s identity.
Using smart cards with biometrics results in a trusted credential for authenticating an individual’s identity using one-to-one biometric verification. With the biometric template stored on the smart card, comparison can be made locally, without the need for connection to a database of biometric identifiers. Since all biometric matching takes place using templates, it is unnecessary to store complete biometric image data on the smart card. With the latest secure smart card microcontrollers, sufficient on-card processing power and memory exist to perform the biometric match directly within the logic of the smart card instead of within the reader device. This biometric match-on-card approach can provide an even more private and secure identity verification system.
This white paper is an update to the report, “Smart Cards and Biometrics in Privacy-Sensitive Secure Personal Identification Systems,” first published by the Smart Card Alliance in 2002. The updated white paper was developed to:
- Provide an updated overview of biometrics technology and usage.
- Describe the benefits of combining smart cards with biometrics for identity verification.
- Describe the key considerations for implementing biometrics and smart cards in an identity verification system.
- Showcase current case study examples of programs that combine biometrics and smart card technology.
The white paper includes eight case study examples of identity verification systems that combine smart cards and biometrics, including the Singapore Immigration Automated Clearance System, the Canadian Airport Restricted Area Identification Card, Amsterdam Schiphol Airport workforce ID card, the University of Arizona Keyless Access Security System, the FIPS 201 Personal Identity Verification (PIV) card, the U.S. Department of Defense Common Access Card (CAC), the U.S. Transportation Worker Identification Credential (TWIC), and the electronic passport.
About the Physical Access Council
The Smart Card Alliance Physical Access Council is focused on accelerating widespread acceptance, use, and application of smart card technology for physical access control. The Council brings together leading users and technologists from both the public and private sectors in an open forum and works on activities that are important to the physical access industry and address key issues that end user organizations have in deploying new physical access system technology. The Physical Access Council includes participants from across the smart card and physical access control system industry, including end users; smart card chip, card, software, and reader vendors; physical access control system vendors; and integration service providers.
Physical Access Council members involved in the development of this white paper included: AMAG Technology; Bioscrypt/L-1 Identity Solutions; Booz Allen Hamilton; CSC; Datacard Group; Datawatch; Diebold Security; General Services Administration (GSA); HID Global; Hirsch Electronics; HP; IDenticard; Identification Technology Partners; IDmachines; Intellisoft, Inc.; NagraID Security; NASA; Probaris, Inc.; Roehr Consulting; SCM Microsystems; Software House/Tyco; U.S. Department of Defense/Defense Manpower Data Center (DMDC); U.S. Department of State; XTec, Inc..