You are on page 1of 18

Smart Cards and Biometrics in Physical Access Control Systems

Robert J. Merkert, Sr. Vice President of Sales – Americas Biometric Consortium 2005 Conference September 21, 2005

All Company and/or product names are trademarks and/or registered trademarks of their respective owners.

and terrorist exploitation • Can be rapidly authenticated electronically. issued on August 27.HSPD-12/FIPS 201/SP 800-73/SP 800-76 -1- • Homeland Security Presidential Directive 12 (HSPD-12). 2 . 2004. tampering. requires that the Federal credential the Personal Identity Verification (PIV) card be secure and reliable. This is defined as a credential that • Is issued based on sound criteria for verifying an individual’s identity • Is strongly resistant to identity fraud. and • Is issued only by providers whose reliability has been established by an official accreditation process 9/28/2005 © Copyright SCM Microsystems Inc. counterfeiting.

• In response. Personal Identity Verification (PIV) of Federal Employees and Contractors (February 25.PIV. • The FIPS 201 PIV Card is to be used for both Physical and • FIPS 201 . NIST published Federal Information Processing Standard Publication 201 (FIPS 201). 9/28/2005 3 . as well as agency specific applications. © Copyright SCM Microsystems Inc.HSPD-12/FIPS 201/SP 800-73/SP 800-76 -2- • The Department of Commerce and the National Institute of Standards and Technology (NIST) were tasked with producing a standard for secure and reliable forms of identification. Logical access. part II specifies standards for implementing identity credentials on integrated circuit cards (smart cards) for use in a Federal PIV system. 2005).

• The card body is similar to a bank credit card and conforms to the ISO 7810 specification. 9/28/2005 © Copyright SCM Microsystems Inc. • The contactless interface must conform to the ISO 14443 specification. • The card must contain both contact and contactless interfaces. which may be provided by two separate integrated circuit chips or by one dual-interface ICC.HSPD-12/FIPS 201/SP 800-73/SP 800-76 -3- • FIPS 201 requires that the PIV be a smart card. • The contact interface must conform to the ISO 7816 specification. 4 .

is referenced in FIPS 201 and currently states that. NIST expects test results in February. Biometric Specification for Personal Identity Verification.HSPD-12/FIPS 201/SP 800-73/SP 800-76 -4- • Draft NIST Special Publication 880-76 (SP 800-76). 5 . 2006. two compressed fingerprint images must be stored on the PIV smart card contact chip. • NIST SP 800-76 currently specifies the use of fingerprint images • This brings up three very important issues in the physical access control area • Time to read and process the image with the resultant wait time for access • The size of the integrated circuit chip being used – 64K or 128K • Reader type required at access points 9/28/2005 © Copyright SCM Microsystems Inc. at a minimum. rather than templates because there is no current test data that proves the interoperability of standards-based fingerprint templates.

However. • This would be an agency specific implementation that is permitted within the FIPS 201 guidelines.HSPD-12/FIPS 201/SP 800-73/SP 800-76 -5- • Another issue that arises is the use by a specific agency to place biometric templates on the contactless portion of the smart card. this could result in the implementation a system that is not interoperable with another agency. 6 . The system would be agency specific. • And yet another issue to be considered is how the biometric matching is to be done – • Match on Card (MOC) • Match on Reader • Match on Server 9/28/2005 © Copyright SCM Microsystems Inc.

2 guidance specifies that on a Federal Agency Smart Credential (FASC) that a standardized numbering scheme. at the same time.3) Guidance The Government Smart Card Interagency Advisory Board (GSC-IAB) and the Physical Access Interagency Interoperability Working Group (PAIIWG) saw that the procurement of Physical Access Control Systems (PACS) and components required a standardized approach to ensure that government agencies deploy equipment that meet both their specific needs and. The FASC-N is part of the Cardholder Unique Identification file (CHUID) The FASC-N is the primary identification string to be used on all government issued credentials. Reference: Technical Implementation Guidance: Smart Card Enabled Physical Access Control Systems – Version 2. facilitate cross-agency interoperability. The PACS 2. 7 .2 July9/28/2005 30.2 (2. called the Federal Agency Smart Credential Number (FASC-N) be used as the individual identifier. 2004 © Copyright SCM Microsystems Inc.PACS 2.

CUID – Card Unique Identifier • • • • 9/28/2005 8 .CHUID EF and FASC-N .CUID • CHUID (EF 0x3000) BCD digits 4 4 6 1 1 10 1 4 1 • FASC-N (Tag 0x30) • Agency Code • System Code • Credential Number • Credential Series • Individual Credential Issue • Person Identifier • Organization Category • Organizational Identifier • Person/Organization Association GUID (Tag 0x34) Expiration Date (Tag 0x35) Authentication Key Map (Tag 0x3D) Issuer Asymmetric Signature © Copyright SCM Microsystems Inc.

secure identification and other applications Images courtesy of Gemplus 9/28/2005 © Copyright SCM Microsystems Inc. transit.Smart Cards Embedded computer chip that is either a microprocessor with internal memory or memory chip alone – Contact or contactless designs – Highly secure • On-card security functions • Intelligent interactions with reader – Used worldwide in financial. telecommunications. healthcare. 9 .

Available Combined Technologies • Different technologies can be combined: • 125 kHz Proximity • 14443A & 14443B. 7811. 10 . 15693 • • • • • • • 13. … Diagram courtesy Of HID Corporation HSPD-12/FIPS201/SP 800-73 specifies ISO 14443 for the contactless interface 9/28/2005 © Copyright SCM Microsystems Inc. 7816.56MHz Smart cards Contact smart cards Magnetic stripe Bar Code Photo Printing Holograms Special inks ISO/IEC 7810.

11 .Biometrics: Added Value • Individual-unique biometric information • • • • • Fingerprints Hand geometry Retinal or iris patterns Facial patterns Voice prints • Biometrics used with card Image courtesy of Gemplus technologies • Biometric information stored on the ID card and verified with actual biometric at point of interaction Currently FIPS 201/SP 800-76 specifies full image fingerprints for the card biometric 9/28/2005 © Copyright SCM Microsystems Inc.

Typical Three-Factor Card Reader LCD display Contact Smart Card Reader Fingerprint sensor Pinpad Status LEDs indicating Security Level Acoustic alarm Contactless reader 9/28/2005 © Copyright SCM Microsystems Inc. 12 .

Solutions 13 .Security Levels Security levels High + Something you have + Something you know + Something you are + Something you have + Something you know + PIN. Password Something you know Low 9/28/2005 PIN. Password © Copyright SCM Microsystems Inc.

Access Control System Overview • • • • • Card Reader Control Panel Door/Gate Lock Access Control Server • Software • Database 9/28/2005 © Copyright SCM Microsystems Inc. 14 .

15 .Simplified Physical Access System Simplified Physical Access System Access Control Badging Guard Workstation TCP/IP LAN/WAN LAN/WAN MODEM MODEM Servers LAN/IF RS-485 RS-485 Control Panels 1 to 32 Wiegand Readers Access Control Readers and Controlled Doors 9/28/2005 © Copyright SCM Microsystems Inc.

2 (2.3) Card to Reader Specification Controlled Door 9/28/2005 Secure Channel Path © Copyright SCM Microsystems Inc. 16 .Simplified Access Control Path Simplified Access Control Path Access Control Server Control Panel Card Reader Smart Card Secure Area Unsecured Area No Security Interface Specification PACS 2.

• Biometric implementations will not be limited to physical access. • Biometrics and Smart cards will be a strong partnership for years to come. 9/28/2005 © Copyright SCM Microsystems Inc.Concluding remarks • Smart Cards and Biometrics will play a significant role in the Personal Identity Verification systems of the future • There are issues to be resolved in the definition of these systems but they are vigorously being worked on. there will be applications of biometrics in logical access systems. 17 .

. Americas rmerkert@scmmicro.Bob Merkert Vice President 856-784-7177 All Company and/or product names are trademarks and/or registered trademarks of their respective owners.