STPayBio, the proof of concept at the heart of STPay-Topaz-Bio biometric system-on-card platform, has just won a CES 2022 innovation award. The award celebrates technology as the foundation of fingerprint bank cards, opening up consumers and financial institutions to a new form of payment. However, the mechanisms go far beyond payment solutions. Indeed, teams are already studying the use of this technology in healthcare and access control. Authenticating users with a fingerprint can provide a more reliable and secure path to privacy. For example, a server could require a user’s fingerprint before decrypting information and only use biometric data stored on the card. In addition, healthcare professionals could fight fraud by ensuring the identity of their patients.
What is STPay-Topaz-Bio?
A platform with hardware and software components
STPay-Topaz-Bio facilitates the creation of biometric systems on cards. It manages fingerprint registration, data model, power management and card authentication process. Users simply place a finger on the card’s scanner instead of entering a PIN code before the transaction takes place. The experience is efficient and more secure. This is because hackers cannot use an image to unlock the mechanism, and banks can offer a more modern authentication system.STPay-Topaz-Bio uses the ST31N600 Secure Element, a 40nm Arm SecurCore SC000 core, which handles most operations at checkout, while the STM32L443 processes the image of the fingerprint reader. The platform also includes an operating system compatible with Java Card 3.0.5 and GlobalPlatform 2.3.1 to speed up development operations.
A solution that removes the PIN code
ST developed STPay-Topaz-Bio in partnership with Fingerprint cards and Linxens. According to a study by ReportLinker, the global contactless biometric technology market is expected to reach $ 18.6 billion by 2026. The study also cites the pandemic as a driver of adoption. Consumers are looking for ways to pay while staying physically away. They also want to reduce interactions with potentially contaminated hard surfaces. Secure payments by contactless cards with biometric authentication meet these new requirements by eliminating the need to enter a PIN code.
Another reason why the industry famous STPay-Topaz-Bio is that there are inherent problems with chip and PIN authentication. The technology dates back to the early 2000s, and although massive hacking frauds are rare, they do exist. For example, in 20111, fraudsters used a man-in-the-middle attack to compromise chip and PIN cards and steal a total of 600,000 euros. The hack, although complex, clearly demonstrated significant limitations. Likewise, researchers from the University of Cambridge2 published details of two critical security vulnerabilities. STPay-Topaz-Bio offers a newer platform with stronger guarantees and removes code that criminals could try to spy over a shoulder or a social engineer.
A simple way to approach the biometric system on cards
By making biometric card systems more secure and convenient, STPay-Topaz-Bio solutions will help increase or even eliminate the contactless limit limits currently on most bank cards. It will also facilitate the adoption of the new technology by businesses and medical institutions. Unfortunately, managers can have difficulty finding precise information. So we thought it was essential to contextualize STPay-Topaz-Bio. Indeed, opinion leaders and decision-makers must understand the technical challenges inherent in these emerging technologies..
STPay-Topaz-Bio: the challenge of efficiency
A card-based biometric system in action
Adding biometric data to a card is a challenge as manufacturers still need to adhere to existing thickness requirements to ensure compatibility when swiping or inserting the card into existing readers. ISO / IEC 7810 requires all bank and ID cards to be 0.76mm thick. Other standards also define a board’s ability to bend without connectors or components breaking. Meeting these stringent requirements means that companies mastering biometric bank cards can easily port their solutions.. Biometric identification badges, employee identification with fingerprint recognition, etc. become easier to achieve.
Engineers also need to solve the technical challenge behind power consumption and energy recovery from the board. Therefore, ST has implemented a secure element that can collect the energy from the contactless reader and distribute it over the entire card. Such a system is possible because the general purpose MCU (STM32L443) and the secure element ST31N600 have low power consumption that they can operate with the energy recovered during the magnetic coupling. STPay-Topaz-Bio is thus innovative because it uses the same NFC technology as the previous generation of contactless bank cards while powering more components, such as a fingerprint sensor and a versatile MCU..
Storage and compute requirements
Capturing the user’s fingerprint and storing the associated template after enrollment requires more memory. As a result, engineers working on card-based biometric systems face greater hardware requirements.. The secure element runs the application, secures the information, including the biometric template, and executes the algorithm that matches the fingerprint to the template to authenticate the user. There is therefore a need for more storage for the model and the matching algorithm. Likewise, the General Purpose MCU extracts the fingerprint from the sensor and sends it to the secure element, demanding high compute performance while keeping power consumption as low as possible.
Decision-makers thus understand the importance of hardware optimizations.. The STM32 microcontroller has low power modes to dramatically improve power efficiency. Likewise, we make sure that the ST31 performs the fingerprint matching algorithm as quickly as possible. This is because the total transaction time, including fingerprint matching, should take less than a second. The platform must therefore present the most striking optimizations and guarantee a flawless user experience.
STPay-Topaz-Bio: The challenge of security and user experience
Users may have difficulty with the lack of standardization during registration, which must offer a good compromise between overall security, performance and user convenience. Implementers are investigating different enrollment mechanisms that would use a wallet, mobile device, or reader with optional LEDs on the card. Capture must also be fast enough and meet biometric standards such as FAR (False Acceptance Rate) and FRR (False Recognition Rate) requirements that regulate biometric interactions.. False positives are serious security breaches and make the whole system unreliable. On the other hand, a false negative creates friction that end users barely tolerate. Therefore, teams working on their system must find the right balance between precision and performance.
STPay-Topaz-Bio differs from current solutions by offering better biometric processing and more secure protection of assets, such as sensor images and templates. Biometric cards, in general, represent a much more secure system than PIN code authentication or basic contactless solutions by offering more robust security and privacy protections. However, STPay-Topaz-Bio goes further by solving multiple design challenges Adopting it means teams can bypass significant complexities, ensuring their end users trust their on-card biometric system.. The STPay-Topaz-Bio platform also guarantees fast processing times, crucial for a successful experience.
Ferradi, H., Géraud, R., Naccache, D. et al. When Organized Crime Applies Academic Results: A Forensic Analysis of an Integrated Listening System. J Cryptogr Eng 6, 49-59 (2016). doi: 10.1007 / s13389-015-0112-3??
M. Bond, O. Choudary, SJ Murdoch, S. Skorobogatov and R. Anderson, “Chip and Skim: Cloning EMV Cards with the Pre-play Attack,” 2014 IEEE Symposium on Security and Privacy, 2014, pp. 49-64, doi: 10.1109 / SP.2014.11. ??