ABSTRACT
Biometrics is being more and more widely used in ID cards. One
of the most popularly used biometrics ID card is smart card. In
particular, research into fingerprint authentication using digitized
images has been on track for decades, but recent advances in
computer hardware, fingerprint sensor technology, smart card,
and computational power have finally enabled applications to be
affordably deployed on a large scale. Some computer notebooks
and personal digital assistances (PDAs) have built-in fingerprint
sensor for users to gain security access. Since the introduction
of e-passport by the International Civil Aviation Organization
(ICAO), enhanced authentication solution employing smart card
and biometrics aroused attention in many countries and the IT
industry more than ever before. Certain countries, especially in
Asia, use fingerprint authentication with e-passport or e-ID cards
at immigration checkpoints to accelerate identity verification time
for citizens to cross the border using an automatic gantry. However,
most of the existing solutions are using an authentication technique
called off-card biometric comparison, which is a biometric compar-
ison performed outside the smart card by biometric verification
system against the stored biometric reference data in the user’s
smart card. In other words, the smart card is used as a secured
storage device to retain the user’s information and biometric
data. The major advantages of such technique are (1) easy of
implementation and (2) low-cost smart card usage. However, the
major disadvantage is that the biometric reference data, which is the
user’s biometric data collected and encoded during the enrolment
process, is exposed from the smart card to the outside world during
verification as the biometric comparison is executed at the biometric
verification system, which unusually is a PC or an embedded device.
Such external communication poses security threats. Hence, to
protect biometric reference data, cryptographic protection using
secure messaging in smart card is required. If the keys of crypto-
operation are compromised or the cryptomechanism is hacked,
user’s information and biometric reference data will be lost and
revealed. To overcome the potential security loophole of off-card
biometric comparison, on-card biometric comparison can be used.
On-card biometric comparison is the process by which the smart
card performs biometric comparison and decision making on the
smart card, where the biometric reference data is retained inside
the card. Hence, on-card biometric comparison provides stronger
security protection for biometric authentication that attracts more
attention from the governments and the IT industry. In 2006, the
subcommittee 17 (SC17) under the Joint Technical Committee of In-
ternational Organization for Standardization (ISO) and International
Electrotechnical Commission (IEC) formed a new Work Group 11
(WG11) to define the functional blocks and components for the use
of smart cards in applications, where the comparison of biometric
identifiers is to be performed on-card. As of January 2010, WG11
has drafted a document “Information technology — Identification
cards-On-card biometric comparison,” [1] and this document is in
the Final Committee Draft stage (all technical contents are settled;
only editorial amendments are allowed until the publication of this
document as International Standards). In this paper, an introduction
on implementation of on-card fingerprint comparison using ISO/IEC
24787 will be presented. A simple local and global structure
(LGS) fingerprint matching technique will be introduced and the
methodology of using the work-sharing mechanism specified in
ISO/IEC 24787 will be mentioned. The data structures of smart card
and the security policies, which are application dependent, will not
be addressed in the paper