Secure Multipurpose Architecture

|
  1. Biometric System-on-Card
  2. Security Sensitive Markets Requirements
  3. APPSCARD Approach
  4. Summary
  5. Frequently asked questions

Designed from the ground up for uncompromised security across all card functions and usage contexts.

Biometric System-on-Card

A Biometric System-on-Card (BSoC) integrates fingerprint sensing, processing, biometric comparison and secure data storage within a single smartcard. When properly implemented, it fundamentally enhances security, privacy, and usability by ensuring that personal data never leaves the card and the user interacts only with their own device.

Most biometric cards today are built for payments, prioritizing low cost and fast response over biometric reliability. Enrollment is often unsupervised, and a PIN is retained as fallback — unacceptable for governmental or high-security use.

Security Sensitive Market Requirements

For such environments, the following requirements are mandatory:

  • Coverage of nearly the entire user population
  • Supervised enrollment by trained officers
  • High biometric performance with minimal false rejects
  • No insecure fallback methods
  • Compliance with standardized data formats and certified algorithms

APPSCARD Approach

APPSCARD has developed a “Government-Grade Biometric Computer in a Card” — a multifunctional platform that authenticates users, performs cryptographic operations, and stores far more data than a standard smartcard.

Sensor

At its core lies a government-grade fingerprint sensor compliant with ISO/IEC 17389-2 Class D, featuring a 210 mm² active area at 500 ppi. Combined with a certified algorithm, it provides superior real-world performance and tolerance to finger placement, quality, and environmental variations.

MCU

Processing high-resolution images (> 90k pixels) demands a powerful microcontroller unit (MCU) that performs image processing and minutiae extraction. The biometric reference is sent via an encrypted channel to the secure element (SE) for storage and comparison.

Secure Element

The SE, certified at EAL 6+, runs a custom JavaCard OS supporting GlobalPlatform applet management and optionally controls encrypted mass storage. Customers can load applications for authentication, digital signature, or secure data transport.

Energy Management

The BSoC operates contactless using the terminal’s RF field. APPSCARD’s optimized energy management enables reliable operation even with sub-standard readers, fulfilling its goal to open “all doors” across legacy infrastructures.

Housing and Tamper Protection

Built in the ID-T form factor (ISO/IEC 18328-2), the 2.25 mm-thin card fits standard wallets yet houses reinforced materials and conformal coatings that destroy internal circuits upon tampering, ensuring lifetime integrity.

Summary

Unlike convenience-oriented payment cards, the APPSCARD BSoC delivers government-grade security, multifunctionality, and real-life robustness — fully compliant with international standards and ready for both digital and physical access ecosystems.

Frequently Asked Questions

Why do Apple, Samsung and others use small sensors?:
Logon to a smartphone or notebook is a convenience feature. At bootup, you must enter the password. Biometrics is only there to bypass this inconvenience. AppsCard targets security centric markets and they do require a large sensor as specified by government institutions and confirmed with scientific research.:
What does multipurpose mean for your product?:
The AppsCard BSoC is a platform running a JavaCard OS and is compliant with GlobalPlatform. This allows customers to develop their own applications exploiting the strong biometric user authentication. Multiple applications like e.g. physical access control and logical access control can reside in one card.: