Core Security Patterns: Best Practices and Strategies for J2EE, Web Services, and Identity Management

Security experts often recommend a multi-factor authentication approach in which security requirements are intended for highly secure installation and mandate a robust solution. Multi-factor authentication ensures verification and validation of a user identity using multiple authentication mechanisms. It often combines two or more authentication methodsfor example, a three-factor authentication is based on password (what the user knows), smart card (what the user possesses), and fingerprints (who the user is).

Using smart cards delivers multi-factor authentication. For example, in addition to what the user knows (such as a PIN), the card can provide authentication using the card owner's digital certificate with the card owner's public key. The digital certificate associates the card owner's identity to the person's public key. The smart card also contains the card owner's private key, which can be used for digitally signing e-mail or documents, among other possible uses. With the support of biometric technologies, the smart card can also be used to store biometric templates of the card owner, which can be used to verify the card owner by acquiring a biometric sample (such as a fingerprint) and matching it to the reference template stored on the card or off the card using a biometric authentication server.

Combining smart card and biometrics technologies for multi-factor authentication helps verify an identity by authenticating for higher security requirements and in circumstances where physical verification is mandatory. Using biometric templates on a smart card eliminates the need for PIN verification in banking ATM machines, and it can also be considered for security-sensitive applications where PINs can be stolen.

Match-on-the-Card Biometrics Strategy

Match-on-the-card is a technique of verifying an identity by matching the live-scan biometric sample with the biometric reference template stored on the card. In this strategy, the biometric template is stored only on the card and the card owner's privacy is maintained by not storing the biometric sample externally. Because smart cards use cryptographic mechanisms, the biometric template can also be secured using the card owner's private key. This guarantees the card owner that the card cannot be used even if it is stolen or lost.

In this strategy, the reference template is stored directly into the smart card memory during the enrollment process. In the authentication process, the biometric scanner acquires the sample and submits it to the smart card. Using its processor, the smart card carries out the verification process by matching the newly acquired sample with the reference template stored in memory and finally delivers the authentication result. The stored template is not disclosed outside the card throughout the process.

Implementations of match-on-the-card that support fingerprint-based technologies are available from selected vendors. The Java Card Biometric API specification facilitates enrollment, verification, and termination functionalities that support match-on-the-card.

Match-off-the-Card Biometrics Strategy

Match-off-the-card is a technique of verifying an identity by matching the live-scan biometric sample with the biometric reference template stored on the card using an intermediary security infrastructure. Like the match-on-the-card strategy, the biometric template is stored only on the card and the card owner's privacy is maintained by not storing the biometric sample externally. The difference is that the authentication is performed by an intermediary system, which means that during the process, the reference template will be sent out for verification.

In this strategy, the reference template is directly stored into the smart card memory during the enrollment process. During authentication, the biometric scanner acquires the sample and submits it to an intermediary security infrastructure, which in turn requests the user's reference template from the smart card. Then the intermediary carries out the verification process by matching the newly acquired sample with the reference template obtained from the smart card and returns the authentication results. It is often noted that this implementation has security risks, because the reference template is verified off the card during authentication. Adopting encryption and digital signature mechanisms ensures the confidentiality and integrity of the reference template. This strategy usually helps overcome smart card limitations with regard to memory and performance.

Категории