CardLabs, in collaboration with QuardLock, have put together an extremely effective and user-friendly way of controlling your own data.
Have you ever checked how many passwords you need to remember? Often the same password is used in 10 or more different applications, thereby putting your company and potentially yourselves at risk for cyber-criminal activities. We see all kind of two factor authentications popping up and they typically do not make life easier. Don’t you think it is about time for a change?
At CardLab, we think it is time for change. Over the last couple of years, we have worked hard to make it happen with good support from the European Commission’s Horizon 2020 program that has provided grants for our project 757096 QuardCard that is about protecting all kind of critical infrastructures – from payment, physical and digital access control, to protection of databases, server parks, power grids, and airports.
In a world with growing frustrations over an increasing number of privacy and security breaches, there is a need to create digital identities that are controlled only by those whose information they contain. In particular, the biometric data should always be controlled by the owner of the data and should never be exposed on a central database, no matter how well encrypted it is. History has shown beyond doubt that anything of interest can be hacked.
Using fingerprint sensors
The scene was set: a project with security and convenience of use at the forefront was needed, whilst also following national regulations and GDPR. However, it later turned out that we also could make the solution compliant with PSD 2. This led to the creation of a ‘self-sovereign identity’ that we believe will be the digital ID that will be used by individuals, businesses, organisations, and governments in order to reverse the rapidly increasing losses that are a result of cyber-crime.
By using CardLabs long time experience in electronic card design and manufacturing in collaboration with our partner company QuardLock, we have put together an extremely effective and user-friendly way of controlling your own data. Providing access to any kind of critical infrastructure, identity proof, payments and also providing a tool to support blockchain and Cryptocurrency exchange platform compliance requirements which is achieved with the tip of your finger, a biometric card and an authentication system.
The user only needs to concentrate on using their biometric card with a fingerprint sensor on board to verify their fingerprint, meaning that for the user it is more or less like using a normal credit card like on an everyday basis. As a result, the user of the card does not experience any big change but system wise, we see huge changes in the form of significant efficiency and security gains. One key area is the quality of the fingerprint sensor and the created hashed value of your fingerprint. Therefore, CardLab Innovation has decided to use the most secure Swedish fingerprint sensors, forming a hashed value as a combination of fingerprint picture, fingerprint 3D scan and the capacitive value of the finger. Statistically the False Acceptance Rate, FAR is better than 1:100,000 but based on our experience with test users it looks to be far better. The False Rejection Rate, FRR of the fingerprint has in our project been measured to approximately 1:75, meaning we have a false rejection in one of 75 attempts which by users is seen as fully acceptable. So far, we have not experienced just one single FAR event in the live tests.
Eliminating the middleman
When a user identifies themselves on the card and a fingerprint matches, the card creates a token that can be shown in the onboard display and used in a web interface or transmitted via NFC or BLE to a host device. From there, it is sent directly for verification with the backend consisting of an authentication server and an HSM, allowing the use of assymetric key exchange. This is to eliminate the value of a ‘man in the middle’ attack as all communication is tokenised and impossible to reuse. As the biometric match takes place on the card, the risk of someone hacking a central database and picking up the matching template is also eliminated, and a high level of user identity protection is obtained.
The system works as a biometric authentication gateway to any system connected to the authentication system via an API or installed directly with the client. This means all your critical systems can be protected by a single system that provides:
- Full privacy protection as it is a tokenised identity,
- Unique biometric user identification,
- No need to remember passwords – just remember your finger,
- A scalable solution that gradually can contain further functions,
- Close to zero support for lost passwords.
The backend solution of the system is the second part that together with the biometric card, provides a unique tool to fight cybercriminal activities. Computer system changes can be designed so only true biometric individuals with the right access rights can be granted access to system updates or changes. This could effectively perform for Ransomware if such rights are kept up to date and full user authentication is used and staff in general are trained to be aware of phishing mails, do not bring in infected HW etc.
The system is scalable from small enterprises to national systems with millions of users as this is merely a matter of expanding either the server park or cloud solution to cater for more users and still keep validation time down to a couple of seconds. The card itself is delivered as one out of four options serving different purposes such as:
- An OTP card to produce OTP, Dynamic CVV or dynamic PIN,
- Energy harvesting low cost card for payment and access,
- Hybrid multi-purpose card for payment, access, authentication etc.,
- Rechargeable card for frequent use, blockchain authentication and message encryption.
As it can be seen, most of the cards are much more sophisticated than what is otherwise being tested in the market. However, to obtain maximum security, user convenience and flexibility in use, more applications need to be possible in the same card to compensate for the price difference between today’s plastic cards and these fully computerised cards. From a sustainability perspective, it makes sense to introduce the advanced cards because they provide the following:
- Lower environmental footprint as it replaces many cards,
- Reduced Cyber-crime cost due to unique user identification and user rights combination,
- Reduced cost on protecting biometric data now stored in the card only,
- Instant issuance of cards via app solution verified by biometric authentication,
- A strong protection against fraudulent activities and money laundering without detection.
There is no doubt that the future will bring the need to use a distributed security technology such as this, using offline biometric verification to stop the rising trend of cybercriminal activities and provide citizens with a more secure physical and digital life. This is all possible today with the end-to-end solution provided by CardLab Innovation and its partners where we can implement the system with the existing infrastructure giving an easy and cost-effective implementation.
The technology of the future is here today, and extensive tests have shown that users find it efficient and safe to be identified by the tip of their finger.
This project has received funding from the European Union’s Horizon 2020 research and innovation programme under grant agreement No 757096.
Please note, this article will also appear in the first edition of our new quarterly publication. Subscribe to our updates for free here.