1. Introduction
2. APPSCARD Approach
3. Sensor
4. MCU
5. Secure Element
6. Card Energy Management
7. Housing
8. Summary
9. Frequently asked questions

Designed from the ground up for uncompromised security across all card functions and usage contexts.

Introduction

Biometric System-on-Card (BSoC) is a card architecture which, when implemented right will fundamentally improve the security, privacy and safety of our digital and physical assets.

Cardholders carry their personal device with them and can securely authenticate against a host system. The personal data never has to leave the personal device, and users never have to place their fingers onto a sensor that has been touched by other people before them.

Most biometric cards commercially available today target payment as the primary application with the largest card volume. These cards offer biometric cardholder verification as a convenience feature rather than for improved security. They focus on cost and fast response time rather than biometric performance and reliable operation under all conditions. Enrollment is usually done at home and PIN always available as fallback cardholder verification.

APPSCARD Approach

At APPSCARD, we decided to take a different route and build a “Government Grade Biometric Computer in a Card” — a powerful multifunctional device with standards compliant portable card form factor than can reliably authenticate the user, perform a wide range of security operations and store significantly more data than a typical smart card.

The following requirements are fundamental and effectively mandatory for security centric governmental and corporate applications:

• Serving close to 100% of the entire user population.
• Supervised enrolment by trained officers only.
• Superior biometric performance with very few false rejects.
• No insecure fallback that may easily be exploited by malicious actors.
• Standardized data formats, biometric capture device and certified algorithm.

Sensor

The system core component is a market unique government grade fingerprint sensor system, that fulfills the ISO/IEC 17839-2 Class D requirements. The standards minimum specifications (210mm² active area and 500ppi resolution) have been derived from NIST and FBI specifications for sensors that can be used in government applications. In combination with a certified fingerprint algorithm, this grants superior biometric performance. The system has very low error rates. These not only measured in a lab, it delivers the required tolerance to deal with real life scenarios such as variations in finger placement, finger size, finger quality, and changing environmental conditions. This is achieved thanks to a unique feature embedded in the sensor structure, and corresponding dedicated firmware algorithms.

MCU

Processing a high-resolution image from a large sensor 3-6 times the size of pc, phone and other smartcard sensors, requires a powerful MCU. Based on a scanning of 92,160 sensor pixels, the MCU performs image processing and feature extraction generating standardized minutiae data. Storage of biometric reference data and comparison with biometric probe takes place in a secure element which communicates with the MCU over a cryptographically secured channel.

Secure Element

The security chip in the APPSCARD BSoC is the flagship product from a world leading semiconductor corporation for secure elements. It is Common Criteria certified at EAL 6+. Running a custom built JavaCard operating system enables multi-functionality and allows customers to develop their own applets. Management and installation of applets is done compliant with the Global Platform specification.

An optional large storage component can be installed and managed by the secure element, for carrying large amounts of data protected by the biometric core. This additional storage and the interface to the SE is encrypted.

Card Energy Management

A BSoC is typically operated contactless from the field of a card reader or terminal. Running a high-end sensor and powerful MCU does have an impact on the power budget in a card-sized device. APPSCARD team of engineers have successfully developed dedicated energy management solutions dealing with the power requirements of our card and its context. As a result, our product platform operates also with readers that do not provide field strength according to ISO 14443-2. This enables APPSCARD to deliver on its strategic promise of serving “ALL doors” — meaning in legacy digital and physical world infrastructures context.

Housing

To protect our unique sensor well and provide a convenient touching area that intuitively guides the finger, we decided to build our product on the ID-T form factor as specified in ISO/IEC 18328-2. This standard is defined for advanced contactless smartcards. Its width and length are in line with the ID-1 smartcard format. At 2.25 mm thickness, the AppsCard product is at the lower end of the allowed ISO ID-T thickness (2.25-3.25 mm) and will hence fit in legacy wallets and lanyards. A customized ruggedized housing made from a highly reinforced material will protect the card for its lifetime.

In addition to the integrity of the SE and MCU and the external housing all internal security relevant components carry a robust protective conformal coating. Any tamper attempt to open and manipulate the device will lead to destruction before disclosing any sensitive data.

Summary

There are different applications for BSoC and different product categories as defined by ISO. Convenience products with small sensors can serve payment and other convenience focused applications that do not require mandatory biometric cardholder verification.

The APPSCARD platform and implementation regimes delivers the opposite: government grade reliability, multi-functionality, real life robustness and compliance with open standards.