Combination of Biometrics and Smartcards Offers Optimum Protection against Current Attack Scenarios
During the last few days, media interest has arisen with the fact that biometric login systems can partly be outwitted by means of “illegal” fingerprints. With these attacks an attempt is made to gain unauthorised access to a computer system by means of an imitation fingerprint.
Essentially there are two possibilities for achieving this:
1. The authorised user provides their fingerprint for making a copy
2. Using forensic procedures a fingerprint is taken without the authorised user's consent, for example from a used glass. In several steps, a duplicate of the fingerprint is created
Both procedures have been proven successful only in cases where the access to the computer system is protected by the biometric procedure alone.
For this reason Utimaco Safeware only uses biometric login procedures in combination with forgery-proof smartcards in its products. Thus, the scenarios described above are ineffective because only a combination of authorised fingerprint and smartcard enables the user to access the computer system. If the person wishing to access the system is not in possession of the smartcard, they are unable to progress solely with a forged fingerprint, as its only purpose is to unlock the smartcard. At each login the smartcard compares the user’s fingerprint with the reference fingerprint stored on the actual card itself.
In this situation, Utimaco Safeware recommends that its customers stipulate in their security policy that the user should always take their smartcard with them when leaving the workstation. Moreover, the workstation is automatically locked when the smartcard is removed, rendering an attack with a forged fingerprint impossible.
The use of biometric procedures in combination with a biometric-enabled smartcard has further advantages: As the reference fingerprint is stored on the card, central and vulnerable reference databases are not required.
In addition, further sensitive information such as passwords for single sign on, cryptographic keys and signature keys can be stored securely on the card. Another advantage of biometrics lies in the reduction of helpdesk costs, as forgotten passwords do not have to be reset. Thus, the combination of biometrics and smartcards represents a simple, user-friendly and secure solution for a wide field of applications in IT security.
- ends -
About Utimaco Safeware
Utimaco Safeware AG is one of the leading European technology manufacturers of professional IT security solutions. The security technology and solutions developed by Utimaco Safeware protect the electronic data of companies and government bodies against unauthorized access and guarantee that business processes and administrative procedures in the electronic world are binding and confidential.
Sian Ford/Beky Hughes
Tel: 01494 434 434
This press release was distributed by ResponseSource Press Release Wire on behalf of Strategic Public Relations Ltd in the following categories: Consumer Technology, Personal Finance, Business & Finance, Computing & Telecoms, for more information visit https://pressreleasewire.responsesource.com/about.