NIST shows on-card fingerprint match is secure, speedy

Apr 02, 2008
NIST shows on-card fingerprint match is secure, speedy
Tests show that wireless data transmission from a fingerprint reader to a match-on-card can be secure. Credit: Talbott/NIST

A fingerprint identification technology for use in Personal Identification Verification (PIV) cards that offers improved protection from identity theft meets the standardized accuracy criteria for federal identification cards according to researchers at the National Institute of Standards and Technology.

Under Homeland Security Presidential Directive 12 (HSPD 12), by this fall most federal employees and contractors will be using federally approved PIV cards to “authenticate” their identity when seeking entrance to federal facilities. In 2006 NIST published a standard* for the new credentials that specifies that the cards store a digital representation of key features or “minutiae” of the bearer’s fingerprints for biometric identification.

Under the current standard, a user seeking to enter a biometrically controlled access point would insert his or her PIV smart card into a slot—just like using an ATM card—and place their fingers on a fingerprint scanner. Authentication proceeds in two steps: the cardholder enters a personal identification number to allow the fingerprint minutiae to be read from the card, and the card reader matches the stored minutiae against the newly scanned image of the cardholder’s fingerprints.

In recent tests,** NIST researchers assessed the accuracy and security of two variations on this model that, if accepted for government use, would offered improved features. The first allows the biometric data on the card to travel across a secure wireless interface to eliminate the need to insert the card into a reader. The second uses an alternative authentication technique called “match-on-card” in which biometric data from the fingerprint scanner is sent to the PIV smart card for matching by a processor chip embedded in the card. The stored minutiae data never leave the card. The advantage of this, as computer scientist Patrick Grother explains, is that “if your card is lost and then found in the street, your fingerprint template cannot be copied.”

The NIST tests addressed two outstanding questions associated with match-on-cards. The first was whether the smart cards’ electronic “keys” can keep the wireless data transmissions between the fingerprint reader and the cards secure and execute the match operation all within a time budget of 2.5 seconds. The second question was whether the “match-on-card” operation will produce as few false acceptance and false rejection decisions as traditional match-off-card schemes where more computational power is available.

The researchers found that 10 cards with a standard 128-byte-long key and seven cards that use a more secure 256-byte key passed the security and timing test using wireless. On the accuracy side, one team met the criteria set by NIST and two others missed narrowly. The computer scientists plan a new round of tests soon to allow wider participation. For copies of the test report and details of the next test round, see the MINEX (Minutiae Interoperability Exchange Test) Phase II Web pages.

Notes:

*Federal Information Processing Standard (FIPS) 201-1, Personal Identity Verification (PIV) of Federal Employees and Contractors. March, 2006.

** P. Grother, W. Salamon, C. Watson, M. Indovina and P. Flanagan. MINEX II–Performance of Fingerprint Match-on-Card Algorithms, Phase II Report. NIST Interagency Report 7477, Feb. 29, 2008.

Source: National Institute of Standards and Technology

Explore further: Four questions about missing Malaysian plane answered

add to favorites email to friend print save as pdf

Related Stories

Incentives are coming for payments by phones

Feb 26, 2014

(AP)—Many people use their smartphones to watch video, play games and wake them up in the morning. Some even use them to generate digital boarding passes to fly. So why not use phones to buy stuff at retail ...

No quick solution to payment card hacking

Feb 21, 2014

Consumers shell-shocked by the escalating size and frequency of payment card hacks like the one that recently struck Target aren't likely to get much relief any time soon.

UAE developing drones for citizen services

Feb 12, 2014

The United Arab Emirates hopes to start using drones to fly government documents to citizens and is offering a $1 million international prize for unmanned aircraft that can improve the quality of life in ...

Apple mulling move into mobile payments

Jan 25, 2014

Apple is considering launching a mobile-payments service for its iPhone and iPad, which would compete with major players such as PayPal, The Wall Street Journal said Friday.

Recommended for you

Four questions about missing Malaysian plane answered

Apr 19, 2014

Travelers at Asian airports have asked questions about the March 8 disappearance of Malaysia Airlines Flight 370 while en route from Kuala Lumpur to Beijing. Here are some of them, followed by answers.

Under some LED bulbs whites aren't 'whiter than white'

Apr 18, 2014

For years, companies have been adding whiteners to laundry detergent, paints, plastics, paper and fabrics to make whites look "whiter than white," but now, with a switch away from incandescent and fluorescent lighting, different ...

Freight train industry to miss safety deadline

Apr 16, 2014

The U.S. freight railroad industry says only one-fifth of its track will be equipped with mandatory safety technology to prevent most collisions and derailments by the deadline set by Congress.

User comments : 0

More news stories

Ex-Apple chief plans mobile phone for India

Former Apple chief executive John Sculley, whose marketing skills helped bring the personal computer to desktops worldwide, says he plans to launch a mobile phone in India to exploit its still largely untapped ...

Health care site flagged in Heartbleed review

People with accounts on the enrollment website for President Barack Obama's signature health care law are being told to change their passwords following an administration-wide review of the government's vulnerability to the ...

A homemade solar lamp for developing countries

(Phys.org) —The solar lamp developed by the start-up LEDsafari is a more effective, safer, and less expensive form of illumination than the traditional oil lamp currently used by more than one billion people ...

Floating nuclear plants could ride out tsunamis

When an earthquake and tsunami struck the Fukushima Daiichi nuclear plant complex in 2011, neither the quake nor the inundation caused the ensuing contamination. Rather, it was the aftereffects—specifically, ...

NASA's space station Robonaut finally getting legs

Robonaut, the first out-of-this-world humanoid, is finally getting its space legs. For three years, Robonaut has had to manage from the waist up. This new pair of legs means the experimental robot—now stuck ...

Filipino tests negative for Middle East virus

A Filipino nurse who tested positive for the Middle East virus has been found free of infection in a subsequent examination after he returned home, Philippine health officials said Saturday.

Egypt archaeologists find ancient writer's tomb

Egypt's minister of antiquities says a team of Spanish archaeologists has discovered two tombs in the southern part of the country, one of them belonging to a writer and containing a trove of artifacts including reed pens ...