Better Biometrics

New personal identification verification (PIV) cards that offer improved protection from identity theft meet the standard accuracy criteria for federal identification cards according to researchers at the National Institute of Standards and Technology (NIST). By fall, most federal employees and contractors will be using these newly approved PIV cards to “authenticate” their identity when seeking entrance to federal facilities.

PIV System notional model (Credit: NIST)
PIV System notional model (Credit: NIST)

Under the current standard, a PIV smart card is inserted into a slot similar to an ATM machine, and places their fingers on a scanner. The cardholder enters a personal identification number to allow the fingerprint to be read from the card and the card reader matches the stored fingerprint against the newly scanned image of the cardholder’s fingerprints.

In recent tests, NIST researchers assessed the accuracy and security of this model that, if accepted for government use, would offer improved features. The first of which would allow the biometric data on the card to travel across a secure wireless network to eliminate insertion of the card into a reader; the second use is an alternative authentication technique called “match-on-card” in which the biometric data from the fingerprint scanner is sent to the PIV smart card for matching against the data on the processor chip embedded in the card. The advantage is that the stored data never leaves the card, meaning that if a card should get lost or stolen, the fingerprint template could not be copied.

PIV Identity Verification and Issuance (Credit: NIST)
PIV Identity Verification
and Issuance (Credit: NIST)

Cards with standard 128-byte-long key as well as more secure cards with a 256-byte key passed security and timing tests using the wireless system. On the accuracy side, one team met the criteria whilst the two others missed narrowly.

TFOT recently covered a new type of technology that can identify distorted fingerprints, as well as the car fingerprint immobilizer which can recognize up to 10 users and an unlimited number of IDs for fleet management. In 2006 TFOT covered Fujitsu’s Palm Vein Technology which protects against bank card thefts and is already used in Japan.

More on the new biometric scanners can be found on this NIST paper (PDF).