University of Southampton Institute of Transducer Technology

With the ever-increasing range of smartcard uses and upon the dawn of high power, multi-application smartcards, comes a need for improved protection of the smartcard’s contents. Traditional methods of protecting a smartcard’s data typically rely upon passwords and PINs. There are weaknesses in this scheme. Passwords can be inconvenient, forgotten or be discovered by malevolent third parties.

A solution to this problem is to employ a biometric protection scheme. Biometrics is the use of a unique physiological or behavioral characteristic to identify or verify an individual. Theoretically, any human characteristic can be used to identify an individual, provided that the following requirements are met; universality, uniqueness, persistence and collectability. Universality requires that every person should have the characteristic. Uniqueness implies that there must be sufficient variability within a group of people, such that no two people are exactly the same in terms of the characteristic. Persistence requires that the characteristic is time invariant. Collectability means that the characteristic must be accessible to quantitative measurement.

For example hand geometry, iris pattern, retinal pattern, wrist vein pattern, facial features and fingerprints are all physiological traits used to identify individuals. Behavioral traits used in biometric systems include voice pattern recognition, dynamic signature analysis, key-stroke pattern recognition

One way in which smartcards and biometrics have fused recently, is in the storage of a biometric template on card. When the card is used the template is passed to an external system and compared with a live biometric sample, captured using an external sensor. One problem with this scheme is that the ‘closeness of match’ is determined by the external device, in effect exposing the user’s data to someone else’s idea of security.

To circumvent this problem it has been proposed to incorporate both a biometric sensor and authentication algorithm onto a smartcard. In this way the user may select the tightness of security with a level appropriate to the value of the smartcard’s contents and to his paranoia.

This project will deal with the selection of viable biometrics and the development of both sensor and authentication algorithms, suitable for entire incorporation onto a smartcard.

The application of an authentication system on a smartcard leads to some rather demanding constraints. Firstly, the size of a smartcard, and the way in which cards are used, imposes practical limits to the type of biometric employed. Once a practical biometric method has been selected, some means of capturing the live biometric sample must be sought. To be incorporated onto a smartcard, the sensor required to do this, must be of low cost, consume little power, and be both robust and reliable. Finally, complexity of the authentication algorithm must be considered. Whilst the latest generation of smartcards will employ 32-bit java processors, the authentication algorithm must be as small and efficient as possible.

During this project, it is my intention to evaluate a number of plausible biometric methods, and for each biometric, develop practical sensors and authentication algorithms with the eventual aim of incorporating all components onto a smartcard.

Contact: usitt@soton.ac.uk © 2002 USITT & Department of Electronics and Computer Science