With the increase of online communication and transactions, the demand for security and privacy increases. There are several solutions already in use to protect confidential information and to authenticate people electronically. When biometrics is used, it often triggers a discussion concerning privacy and integrity.
One major reason for this is that fingerprints from criminals are stored in police registers. The scope of this document is to explain how fingerprint verification, personal tokens and Match-On-Card technology can help ensure integrity.
When a fingerprint image is enrolled, only parts of the information is stored. This information extract is called a template. It is not possible to reconstruct a fingerprint image from a template; the transformation process is non-reversible.
There are two ways to store fingerprint templates; database storage or storage in a personal token. The two ways are very different and do not work with each other. A database with fingerprint templates of criminals cannot be searched with a fingerprint template from a personal token, as the template is never allowed to leave the storage in the security context, such as a Smart Card.
This white paper explains the usage of fingerprints from an integrity point of view, and how the Match-On-Card technology prevents templates stored in personal tokens to be verified towards a database of templates from criminals.
Author: Magnus Pettersson | Marten Obrink