IDEX Biometrics – Let’s Talk Security Architecture
In our fourth Let’s Talk post on how IDEX Biometrics is more than just a component supplier, Peter Kollig, Senior Director of Engineering, Systems Architecture at IDEX Biometrics talks about the comprehensive security architecture built into their biometric platform.
The security architecture provided by IDEX secures the operation of the biometric system in line with the requirements of the various payment scheme providers. Such security requirements are standards-based and formalized in Common Criteria and Global Platform specifications. Originations, such as EMVCo and China Union Pay (CUP), define all functional and security aspects of their payment schemes, including certification of underlying Hardware, Software as well as biometric, functional and security certification requirements.
IDEX’s security architecture implements the security features required by the most widely known payment schemes. This includes the selection of Secure Elements (SE) that have achieved the required certifications and supports the integration of IDEX SE Software into SE Card Operating Systems (COS) and payment applications. The security architecture ensures that components without security certification such as the Biometric Micro-Controller Unit (B-MCU) and the fingerprint sensor are kept out of scope from a security perspective.
A fundamental requirement is that any biometric templates used for verification are only stored on the SE, where this data is protected against an attacker using numerous security features such as encryption of data and security sensors shutting down the SE if an intrusion is detected. Furthermore, the biometric matching algorithm is stored and executed on the SE only where, again, code storage and execution are protected by hardware security mechanisms to prevent, for example, side-channel attacks using power signature during execution.
The integrity of data exchanged between B-MCU and SE is protected by a secure channel. IDEX’s secure channel is based on the Global Platform (GP) Secure Channel Protocol (SCP) 03. GP SCP-03 describes 2-way authentication between SE and MCU, encryption of data using Advanced Encryption Standard (AES) and the signing of data using Message Authentication Codes (MAC). The secure channel mitigates replay attacks, where data is captured during execution and replayed at a later point in time, and ensures the integrity of data exchanged between the MCU and SE, which prevents simple replacement of the B-MCU component and it protects the privacy of the user’s biometric data.
IDEX provides secure matcher libraries for a number of SE devices. These libraries are evaluated and certified by authorized security labs to a high-security level, thus alleviating the SE COS integrator from this time-consuming task.
Besides the secure matcher library, IDEX provides source code supporting the full life cycle of a biometric smart card. This includes configuration, secure enrollment, secure matching, fingerprint sensor calibration and production test and full reset of the biometric system. IDEX’s SE libraries support common physical interfaces such as Serial Peripheral Interface (SPI).
The previous post in our series on more than a component supplier looked at the Software Components of the IDEX Biometrics Biometric Platform.