Why security for cyberspace needs match on card coupled with PKI
25 January, 2011
category: Biometrics, Corporate, Digital ID, Government
Public key infrastructure (PKI) authentication coupled with biometric match on card provides extremely attractive security benefits to those in the public and private sectors concerned about cyber attacks.
PKI is a means to verify the digital identity of both the sender and receiver of electronically sent information. The sender and recipient obtain a pair of cryptographic keys—a public key and a private key—from a trusted authority.
The sender uses the public key to encrypt a sent message, while the recipient uses the private key to decrypt the message received. This provides organizations and individuals with a means to confirm identity when conducting business electronically. Biometric match on card is technology using a biometric sensor, a smart card issued with the cardholder’s biometric encoded on the card, and an application on the card capable of matching the live biometric received from the sensor to the stored biometric on the card.
The PKI key exchange verifies the authenticity of the card and provides assurance that the PC and connected biometric sensor/smart card reader are mutually trusted entities. The match-on-card authentication provides assurance that the individual holding the card and operating the PC requesting access is a trusted entity.
Initiating this process before there is an outside connection to the PC places a barrier between hackers and the authentication tools—cryptographic keys and biometric—used to request access to systems and network information.
By using a combined device containing a processor, a PS/CS smart card reader, and biometric sensor tethered through a single cable to a PC, a cryptographic key exchange (PKI) is enabled between the processor, the PC, and the card inserted in the device.
Add a biometric transaction and you have accomplished mutual authentication and trust before the PC connects to a local area network or to a portal with access to the Web. The biometric transaction consists of sending a live capture biometric of the PC user directly to the card, where the PC user’s identity is validated through a match to the biometric stored on the card.
An important benefit inherent to this security workflow is that the entities used to create the circle of trust are never exposed to the network or beyond. This model works great for access to internal networks, inside the firewall. The real challenge is how to replicate this model for access from or to external networks without exposing the authentication and validation entities to hackers trolling cyber space.
From a security perspective biometric match on card technology is ideal for authentication because the biometric information is never revealed to the network, preventing exposure to cyberspace. Instead, a message is sent indicating that the authentication took place. This message would be sent as part of the PKI verification that takes place between the digital identities interacting in cyberspace. If the message is hijacked or intercepted the hacker receives nothing that can be used to assume a trusted identity.
About the AVISIAN Publishing Expert Panel
At the close of each year, AVISIAN Publishing’s editorial team selects a group of key leaders from various sectors of the ID technology market to serve as Expert Panelists. Each individual is asked to share their unique insight into what lies ahead. During the month of December, these panelist’s predictions are published daily at the appropriate title within the AVISIAN suite of ID technology publications: SecureIDNews, ContactlessNews, CR80News, NFCNews, DigitalIDNews, ThirdFactor, RFIDNews, EnterpriseIDNews, FinancialIDNews, GovernmentIDNews, HealthIDNews, FIPS201.com, IDNoticias es.