Biometric System: How To Use Smart Cards In Ensuring Privacy

In our connected world, businesses and governments handle enormous amount of sensitive information about individuals.  This huge data gathering may be associated with instances of identity theft and fraud, along with privacy rights abuse. Thus, there is a need to protect individuals’ sensitive information all the time. Smartcards can help protect sensitive information and ensure privacy.

What is Smartcard?

Smartcard is a credit-sized plastic card with an embedded chip that can be a microprocessor with internal memory or a memory chip with non-programmable logic. They can be programmed to accept, store, and process data. They can also perform on-card functions (such as encryption, digital signing, data management etc.). They have proven to be secure as mediums of authorization, identification and transactions. The biometric features of smart cards ensures privacy protection.

Usage of Smartcard

When handling confidential information, organizations have to take measures to ensure that sensitive information is restricted to authorized users only. In such cases, smart cards guarantee that only authorized individuals can access task-related sensitive information. This limited access to information will preserve privacy by keeping other sensitive information confidential.

In Identity Management systems, users are authenticated using smart cards and biometrics. Biometrics are used to accurately identify and verify individuals. The biometric information can be securely stored on the smart card.

In one of its articles, the editorial board at the washing post suggested that the US government issues tamper-proof biometric ID cards to all legal nationals in an attempt to identify legal residents from illegal ones. [1]

When combined with a smart-card application, biometric information is captured by a reader and securely transmitted to the smart card for biometric matching.

The biometric match can be then securely verified inside the card. This biometric verification process is considered to be a secure one because the biometric information does not leave the card. This makes it difficult for a malicious actor to attack, or alter the information. Thus, the security and privacy of the biometric authentication process is preserved and system performance is improved. James Lewis, who is a former US government official said that biometrics can provide a secure and convenient authentication. [2]

A PIN-based second factor authentication can be added on top of biometric-verification process to further ensure privacy and confidentiality.

Data can be transmitted to and from the smart card using secure protocols (such as L2TP over IPSEC).  They will ensure data is not intercepted and modified during transmission which will ensure privacy and confidentiality of sensitive information.

Being a secure portable device, smart cards can be used for storing securely biometric references (e.g. templates) of the cardholder, perform biometric operations such as the comparison of an external biometric sample with the on-card stored biometric reference, or even relate operations within the card to the correct execution and result of those biometric operations. (Sanchez-Reillo, 2013)[3]

Also Read: Technologies to Improve Your Health & Fitness

Smart cards are known for storing information. Sensitive information such as biometric templates can be stored in an encrypted format on the smart card. Encryption features of smartcards include the generation, storage and retrieval of keys, signing of digital certificates, hashing of sensitive information, and integrity checks. Encryption will ensure privacy when authorized users with a legitimate ownership of the private key can have access to the encrypted biometric templates. Furthermore, hashing of sensitive information will ensure privacy by allowing integrity checks to detect whether the sensitive information has been altered or not.

Moreover, smart cards (and their readers) that handle sensitive information have to comply with government and industry standards such as ISO standards. The main standards for Smart Cards are those that are defined by the ISO (International standards Organization), but there are other organizations that are developing standards to for specific areas of the Smart Card Technology. (Buglass, 2002). [4]

These certifications are only obtained after intensive auditing and testing of smart cards and their readers have taken place by independent certification bodies. The smart cards and their readers have to pass the intensive audit and evaluation to obtain the certificates. These certificates ensure that smartcards and their readers contain the necessary features to ensure system’s privacy and security.

Business and organization are rapidly adopting smart cards and biometric technologies for identification, authorization and payment applications. The biometric- smart card combination provides accurate identification and authentication, secure communications, and tamper-proof data storage which will enhance privacy and improve system performance.

Next Read: Business VPN by KeepSolid