Ulrich Waldmann
ABSTRACT
Since fingerprint data are no secrets but of public nature, the verification data transmitted to a smartcard for oncard-matching need protection by appropriate means in order to assure data origin in the biometric sensor and to prevent bypassing the sensor. For this purpose, the verification data to be transferred to the user smartcard is protected with a cryptographic checksum that is calculated within a separate security module controlled by a tamper resistant card terminal with integrated biometric sensor.
- R. Aufreiter. Match-On-Card the missing link between Biometrics and Cryptography? Proceedings of ISSE, 2001.Google Scholar
- ISO/IEC FCD 19784, BioAPI Specification, 2003.Google Scholar
- ISO/IEC CD3 19785, Common Biometric Exchange Formats Framework (CBEFF), 2003.Google Scholar
- Common Criteria for Information Technology Security Evaluation (CC) V2.0, 1998.Google Scholar
- DIN V66400, Finger Minutiae Encoding Format and Parameters for OnCard Matching V1.0, 2003.Google Scholar
- Application Interface for smart cards used as Secure Signature Creation Devices - Part 1: Basic requirements, V1.6 (E-Sign-K Specification). CEN/ISSS WS/E-Sign Deaft CWA Group K, 2003.Google Scholar
- Directive 1999/93/EC of the European Parliament and of the Council of Dec. 13th 1999 on a Community Framework for Electronic Signatures, 2000.Google Scholar
- German Health Professional Card and Security Module Card Specification - Pharmacist & Physician, V2.0 (HPC Specification), 2003.Google Scholar
- ISO/IEC 19794, Biometrics - Biometric Data Formats for Interchange (standard under development), 2003.Google Scholar
- ISO/IEC FDIS 7816-11, Identification Cards - Integrated Circuit Cards - Part 11: Personal verification through biometric methods, 2003.Google Scholar
- ISO/IEC FDIS 7816-4, Identification Cards-Integrated Circuit Cards - Part 4: Organization, security and commands for interchange, 2003.Google Scholar
- ISO/IEC FDIS 7816-8, Identification Cards - Integrated Circuit Cards - Part 8: Security related interindustry commands, 2003.Google Scholar
- Information Technology Security Evaluation Criteria (ITSEC) V1.2, 1991.Google Scholar
- T. Matsumoto, H. Matsumoto, K. Yamada, and S. Hoshino. Impact of artificial gummy fingers on fingerprint systems. Proceedings of SPIE, 4677, 2002.Google Scholar
- R. Müller. Fingerprint Verification with Microprocessor Security Tokens. Herbert Utz Verlag, München, 2001.Google Scholar
- German Signature Act - SigG, Fed. Law Gaz. 2001, Part I Nr. 22, pp 876--884, 2001.Google Scholar
- German Signature Ordinance - SigV, Fed. Law Gaz. 2001, Part I Nr. 59, 2001.Google Scholar
- ZAVIR, Ascribability of actions in virtual worlds. http://zavir.sit.fraunhofer.de, 2003.Google Scholar
- Protected transmission of biometric user authentication data for oncard-matching
Recommendations
Analysis and Improvement on a Biometric-Based Remote User Authentication Scheme Using Smart Cards
In a recent paper (BioMed Research International, 2013/491289), Khan et al. proposed an improved biometrics-based remote user authentication scheme with user anonymity. The scheme is believed to be secure against password guessing attack, user ...
An enhanced lightweight anonymous biometric based authentication scheme for TMIS
In recent past, Mir and Nikooghadam presented an enhanced biometrics based authentication scheme using lightweight symmetric key primitives for telemedicine networks. This scheme was introduced in an anticipation to the former biometrics based ...
A New Biometric-based User Authentication Scheme without Using Password for Wireless Sensor Networks
WETICE '11: Proceedings of the 2011 IEEE 20th International Workshops on Enabling Technologies: Infrastructure for Collaborative EnterprisesIn 2010, Yuan et al. proposed a biometric-based user authentication scheme for wireless sensor networks (WSN). However, this paper demonstrates that Yuan et al.'s scheme has some drawbacks: insider attack, impersonation attack by a malicious registered ...
Comments