CardLab and Quardlock have come together to create an exciting biometric card which has a full backend authentication system for the protection of critical infrastructures.
Times have changed dramatically with the outbreak of COVID-19 putting a stop to big parts of the world and society. People have been forced away from their normal working positions and are now working at odd times or from unexpected positions. As a result, this has shown how we as people, companies and as a society face new challenges, and how we deal with issues surrounding both data security and health at the same time.
There is no way that CardLab could foresee the current situation in order for us to know we would already have the solution that solves the security and many hygiene challenges created by COVID-19, whilst at the same time providing an efficient tool that makes an unbreakable link between your biometric and digital ID. Simultaneously, it is also a very efficient tool against fraud and identity theft and also provides strong protection against cyber-criminal activities.
Together with our partner ‘QuardLock’, at CardLab we are about to complete a biometric card project with full backend authentication system for the protection of critical infrastructure. The project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 757096. The project has created four different standard card types that are fitted to various kind of uses in all business verticals:
- An OTP card for e-banking, e-commerce, e-government and e-health
- Energy harvesting low cost card for payment
- and access
- Hybrid multi-purpose card (for applications such as payment, access, and authentication)
- Rechargeable battery card for frequent use, blockchain authentication, and message encryption (amongst others)
The backend system solution, together with the biometric card, provides a unique tool to fight cyber-criminal activities. The COVID-19 pandemic and the need to work from home has shown a new threat to central systems with work-stations now being placed outside company firewalls. Outside the firewall, hackers have easier access to computers and online devices, and it has shown to be one of the main major security risks present when working from home. Companies need to protect their systems more efficiently by having stricter rules on who can make changes, updates, and program instalments on company computers and systems.
Eliminating the risk of stolen passwords with biometric cards
Computer operating system changes, updates, and program instalments must be designed so that only administrators with true biometric credentials and correct access rights are granted access in order to make these system updates/changes. Ransomware can be blocked if software (SW) and hardware (HW) changes are blocked if they are not originally done by an administrator with assigned rights and is successfully identified by his biometric card identification. This in combination with the staff in general being well trained in detecting phishing mails, not bringing in infected HW (such as a USB or CD’s) can make working from home as secure as sitting inside the company firewall observing the same rules.
The old password challenge where you need to remember an impossible number of passwords is also solved as the card can also provide you with a password by using your fingerprint. This eliminates the risk of stolen or lured passwords and can reduce your support department efforts significantly by eliminating the process of resetting passwords. This is a true win-win situation as not only a method that is more user friendly, it is also more secure for both the organisation and user (whilst also saving the organisation huge amounts in support cost). In short, the following can be achieved:
- Unique biometric user identification
- Full privacy protection (it is a tokenised identity)
- No need to remember passwords – just remember your finger
- A scalable solution that gradually can contain further functions
- Close to 0 support for lost passwords
Getting to the market with new innovations is not easy as most experts are somewhat sceptic towards new innovative solutions, and this has also been our challenge. However, the fact that it is an EU Horizon 2020 backed project, qualified through a very strict screening process, has proven the innovative level of the companies and shows that this is in fact more than just a smart idea. The first pilot tests made during the project period also confirms the fact that the system is fully functional, and the next round of test user trials will surely confirm that this will also be correct over a wide scale of different user cases.
The system is built to be scalable from single user level over small enterprises, to national systems with millions of users as this is merely a matter of expanding either the server park or cloud solution to cater for more users and still keep the validation time down to only a couple of seconds.
Digital solutions and analogue elements
Under the Horizon 2020 programme, we have a close relation with the European Innovation Council (EIC), and through this collaboration, we have been a part of the networking events where innovative companies and potential users of the technology meet at events arranged by EIC and companies throughout Europe. It has been a great opportunity for us to participate in some of these days where a screening has happened and as result, relevant companies are given the opportunity to meet with our innovative world.
This is a great way to expand the knowledge of our solutions to a relevant audience including the investor community where we from time to time participate in pitching towards targeted investors on relevant subjects such as cybersecurity. We have in this respect been able to meet relevant parties both for our products, but we have also been at investor events with relevant investor interests into our area of business and technology. We are now expanding the company and entering the commercial phase where raising funds for the expansion is an important task.
The Corona pandemic has exposed various types of digital vulnerabilities and made it clear that digital solutions need to have an analogue element (like our card which solves problems seen with hackers). The analogue element adds the unknown source to the network that a hacker cannot tap into and therefore presents an unpredictable element which is impossible for the hacker to overcome. Especially biometric data should always be offline and controlled by the owner of the data and never be exposed on a central database no matter how well encrypted it is. History has shown beyond doubt that anything of interest can be hacked if you can get access to it. The QuardCard solution eliminates the access of hackers to the most critical data (your data), and is a solution enhancing GDPR and PSD2 compliance and can stop the rapidly increasing losses that are a result of cyber-crime.
Thinking differently – alternatives to traditional methods
The QuardCard system can create great value to enterprises and national systems as it works as a biometric authentication gateway to any system connected to the authentication system via an API or installed directly with the client (such as an ‘National Trusted Authentication Partner’). This means that all your critical systems can be protected by one single system.
The global pandemic has also taught us to think alternatively in order to protect people’s health and to stop the spread of COVID-19. For example, who wants to put hands on a fingerprint reader that has been touched by thousands without being sanitised between each individual use? Central readers are not only a hacking risk, but are also a health risk. A more secure solution would be a reader on a card that only you touch.
From a sustainability perspective, it makes sense to introduce the advanced cards as they provide the following benefits:
- Protects against infectious diseases spread via central fingerprint and hand readers
- Lower environmental footprint as it replaces
- many cards
- Reduced cyber-crime cost due to the unique combination between user identification and
- user rights
- Reduced costs on protecting biometric data that is now only stored in the card
- Instant issuance of cards through an app solution that is verified by biometric authentication
- A strong protection against fraudulent activities and money laundering without detection
The future needs to bring the use of a distributed security technology like the QuardCard system by using offline biometric verification, in order to stop the rising trend of cyber-criminal activities and provide citizens with a more secure physical and digital life. Today, this is possible with the end-to-end solution provided by CardLab Innovation and its partners, where extensive tests have shown that users find the new innovative technology efficient, safe and the secure way to protect your data.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 757096.
Please note, this article will also appear in the second edition of our new quarterly publication.