A JC-BioAPI compliant smart card with biometrics for secure access control

Smart cards play a very important and complimentary role in biometrics-based access control systems. While the most common application of the smart card in biometrics systems is as a platform for the secure storage of biometric data, matching on the smart card will enhance both the users privacy and the over all security of the system. However, the proprietary and non-standard smart card operating systems and development environments, make developing biometric matching on the card very difficult. Java Cards partially address this problem by ensuring inter-operability through the use of Java Virtual Machines (JVM). However, the use of an interpreted language like Java is not without a performance penalty and does not help biometric inter-operability at the application level. The objective of this paper is to provide a synthesis of current, smart card open standard development with respect to biometric applications. After introducing the current state of smart card open standards, we aim to highlight some of the more pertinent issues faced by biometric application developers. To aid this process we present two fingerprint-based applications for access control, both developed on an IBM JCOP31 smart card. The first example is our implementation of a storage-based fingerprint application using the contact-less interface available on the JCOP31. The second example is our implementation of a high performance, fingerprint-based match-on-card application using the new JC-BioAPI. We will conclude by presenting some performance figures that should help dispel the myth that Java Card biometric applications by nature have to be slow.