Biometric technologies of the emv standard

Biometric technologies are characterized by ease of use and accuracy of results. At the same time, they all use a common approach, according to which biometric identification/authentication of an object is performed in several stages:
scanning an object in accordance with the biometric technology used and obtaining its image;
retrieves the characteristic features of an object image that form the current object template;
comparison of the current template with the verification template — a reference image of an object stored in the biometric system authentication center. The authentication center can be a microprocessor card;
making a decision about the result of object identification/authentication.
The verification template is obtained at the stage of object registration in the system. Only cases where the verification template is stored on the IPC will be considered below.
The key point of the procedure for creating the current template is that the scanned object image cannot be restored using the current template. The algorithm for creating the current template extracts the characteristic features of the object from the scanned image, which, however, are not sufficient to restore the scanned image. The one-way function property of the current template creation algorithm allows you to protect the object from various attacks and reduce the requirements for scanning devices.
In terms of implementing the identification/authentication process, there are three types of microprocessor cards that store the verification template:
Template-on-Card (TOC);
Match-on-Card (MOC);
System-on-Card (SOC).

In the case of a TOC card, only the object’s verification template is stored on the card. The main procedures for biometric identification/ authentication — scanning the object, building the current template, comparing the current template with the template, and making a decision based on the comparison results — are performed by an external system. Thus, in the case of a TOC card, the object’s verification template is passed by the card to the external system.
When using a MOC card, the card not only stores the object’s template, but also compares the current template with the template and decides on the result of object identification/authentication. In this case, only the object scanning and creation of the current template are performed by the external system. The card receives the current object template from the external system.
Finally, in the case of a SOC card, all biometric identification/authentication procedures are performed by the card chip. Obviously, the SOC card must have a sensor that scans the object.
TOC cards provide the lowest level of security for the identification/authentication procedure. When using them, an attack is possible in which an attacker replaces the card template with their own template during the transfer of the verification template to an external system, thereby achieving a positive result of the identification/authentication procedure. Therefore, the dialog between the card and the external system must be securely protected by cryptographic means that ensure the confidentiality and integrity of the dialog data, as well as mutual authentication of the card and the external system.
When using MOC cards, the attack described above becomes meaningless. MOC Cards become the most frequently used cards in biometric identification / authentication systems. They provide a relatively high level of security. MOC cards primarily implement authentication technology based on fingerprint recognition. According to the International Biometric Group, in 2006, in terms of revenue, fingerprint recognition technology accounted for about 43.6% of all revenue from biometric identification/authentication. At the beginning of 2009 approximately 20% of all laptops released were able to recognize their owner by fingerprint. The international civil Aviation Organization (ICAO) has chosen this technology to authenticate citizens in electronic passport projects. Fingerprint authentication is widely used for a variety of banking applications in India.
Obviously, SOC cards provide the highest level of security for the object identification/authentication procedure. In this case, the image of the object, the current template and a verification template does not go beyond chip cards. However, such cards due to their high cost (the presence of a sensor and a microprocessor on the card) are not yet widely distributed in the world.
An interesting example of a MOC card with a built-in sensor that operates using a separate microprocessor is the BAI Authenticator Smart Card. A high-confidence card allows you to authenticate an object in 800 MS.
A number of international standards are dedicated to biometric identification/authentication.
The BioAPI version 2.0 standard, also known as ISO / IEC 19794-1, defines the following steps in the biometric identification/authentication process as described above:
control of sensors — physical devices that take biometric data from an object;
algorithms for processing object images to create the current template and template;
algorithms for matching the current template with the template;
managing access to the template database.
Information about this standard can be found on the Internet at: www.bioapi.org.

The NIST Institute has also developed the MINEX2 scheme, in which the matching between the current template and the object’s verification template is performed on a card (MOC card). In this case, the ISO/IEC 19794-2 standard is used to represent the current template data.

This ensures the same reliability of fingerprint recognition as in the MINEX scheme.
Another approach to using the fingerprint recognition method is based on the use of ISO 7816-11 and ISO 19794-4 standards. The ISO 7816-11 standard formalizes the procedure for selecting the fingerprint recognition algorithm and the values of the algorithm parameters that determine the reliability of the biometric method (the depth of the matching search). The ISO 19794-4 standard defines the data format of the scanned object image. The essence of the approach is to provide the fingerprint recognition module with the maximum data set (rather than the current template) for the selected confidence level of the object identification/ authentication procedure.
Completing the review of the standards used for object identification/authentication, we should mention the role of the GlobalPlatform infrastructure, which will be described in more detail in paragraph 2.7.the GlobalPlatform Device Specification, GlobalPlatform Smart Card Management System and GlobalPlatform Card Specification V. 2.2 Standards allow you to create a reliable and secure biometric identification/authentication system based on MOC cards. This ensures that the biometric card applet (a program that compares the current template and template and decides on the result of object authentication) is managed throughout its lifecycle. This management includes secure loading, installation, personalization of the applet, changing its verification templates, and other parameters while using the card. In addition, the biometric applet can be placed in the global Services Application of the GlobalPlatform platform, which allows various authorized card applications to use the biometric authentication method of its holder.
Using biometric methods allows you to build a three-factor authentication model of the person performing the transaction, which increases the security of card transactions. This model is based on the following security elements:
a card confirming the presence of the person performing the operation,
a certain instrument issued by an authorized Bank, the authenticity of which is proved during the operation;
PIN – a secret shared by the cardholder and the Issuer (the Issuer may not know the secret, but must be able to verify its correctness), the knowledge of which the person performing the transaction verifies it as a cardholder;
biometric information received from the person performing the transaction, which must match the cardholder’s biometric data.

Instead of the described three-level model, a two-level model can be used, the components of which are a microprocessor card and biometric information. This approach can be applied if the card is used by illiterate and / or elderly people, for whom entering the PIN code value during the transaction is a problem.
Depending on the type of biometric data, the size of the current template can range from 10 KB (a single fingerprint), 15-20 KB (a face drawing) to 30 KB (an iris drawing). For visual verification of biometric data, the template size is 1-2 KB when using a face drawing and about 5 KB when using a fingerprint.
With these volumes of biometric information, the speed of data exchange between the card and the terminal becomes critical. This is due to the relatively large size of the current template. For example, it takes about 3 seconds to transfer the current iris pattern to a card that supports the ISO/IEC 7816-3 interface at the maximum possible data transfer rate (115.2 Kbit/s) over the t = 0 Protocol. Real cards can receive this template from the terminal for more than 30 seconds. Therefore, it is recommended to use cards with a radio and/or USB interface to implement applications that use biometric methods.
The accuracy of object identification/authentication using biometric methods is usually measured by the value TAR (True Accept Rate). It represents the probability that a match between the current template and the verification template will be established, provided that the current template is obtained from an object whose template is stored on the card. Note that this probability includes an event associated with getting a low-quality current template. Thus, the TAR value characterizes the reliability of the main processes of biometric identification: the process of obtaining the current template and the process of finding its compliance with the standard. The TAR value is measured as a percentage. In practice, the value False Rejection Rate (FRR) is often used, which is additional to TAR and equal to 100% — TAR.

Obviously, you can set the TAR value to 100% if you don’t limit the error probability when the matching algorithm works between the current template and the object’s verification template (i.e., the probability of an event that a match between the current template and the template is found, provided that the objects corresponding to the template and the template are different). Usually, the probability of recognizing an incorrect match is called FAR (False Accept Rate) and is limited to 0.01% from the top. Table 1.1 shows the TAR values provided that FAR<0.01%.

The TAR values shown in the second and third columns of table 1.1 differ. The second column corresponds to the case when a single image of the scanned object is “taken” to get the current template. The tar probability values for cases where multiple object images are used to get a template are shown in the third column of the table.
It should be noted that the values FRR and FAR in terms of mathematical statistics are characteristics of the hypothesis selection algorithm and are called respectively error probabilities of the first and second kind.
The above values of the size of verification templates and the reliability of identification/authentication procedures are typical for use in projects that require high reliability of customer authentication (for example, in the project of an electronic passport specified by the International Civil Aviation Organization (ICAO)).
In less “responsible” applications, methods that are less expensive in terms of the memory used by the microprocessor are used. In such methods, the verification template may take up 0.25-2 KB of memory, depending on the biometric method. At the same time, the reliability of biometric identification is, of course, “worse” than the values