What is a Fingerprint Card

A Fingerprint Card is a smart card that embeds a fingerprint sensor and the most common
implementation are standardized according the ISO/IEC 17839-1:2014 and the ISO/IEC
17839-2:2015 specifications defines two main types of cards:

Type S1 fully ISO/IEC 7810 compliant

Type S2 card 2.5mm thick, no need to conform the ISO/IEC 7816-1 flexibility
requirements, supports only ISO/IEC 14443 contactless interface.

In this article the key focus will be on the Type S1, although all the concepts can be applied to
both types.

Fingerprint Cards are a relatively new concepts in the smart card industry and few
commercial trials have been done till today.

The main objective of integrating a fingerprint sensor into a smart card is to verify cardholder
identity.
The Morix-IC Fingerprint Card.

To better understand the advantages of a Fingerprint Card, lets consider few real life
scenarios:

STANDARD CREDIT CARD

A thief steal Mr. Brown wallet and it uses its credit card to pay for goods at a luxury
store. Mr. Brown card is without Pin code so the thief need only to reproduce the card
owner signature on the transaction slip.

DEBIT CARD WITH PIN CODE

Mr. Brown is returning home at the end of a busy working day. Its night and he did
not realize that a criminal is following him. The criminal stop Mr. Brown and ask him
to hand over his wallet and tell him the PIN code of its debit card. The criminal is then
using Mr. Brown debit card to pay for goods at a luxury store. The criminal knows the
debit card pin so the transaction is performed positively.

ACCESS CONTROL CARD

Mr. Brown works in a company that hold several industrial patents and he got a
personal contactless ID Card to open the main door of the office building and many
doors of the offices. The main entry is unattended so anyone with a company ID Card
can access the building. While Mr. Brown is on vacation with his family a criminal
break into his home and steal his company ID Card that is afterwords used to
access Mr. Brown office and steal sensitive documents.

GOVERNMENT ID CARD
John and his twin brother Mark have a legal litigation over the family heritage left by
the late grandmother. John believe that Mark already got some lots of land but he
wont admit that. So John steal Marks Government ID Card and shows himself up to
government office impersonating his brother asking for a full report of Mark
properties. The clerk at the office taps the card on the contactless reader and Marks
photo is displayed on his computer display. Since John and Mark are twins they looks
like almost identical so when the clerk at the government office check Mark photos
against John he believe the person in front of him is Mark and then he process the
request.
All the above stories lacks of identification and/or authentication of card bearer and the
Fingerprint Cards have been invented to solve those problems. In fact to use a fingerprint-
enabled smart card the rightful owner of the card must place one of his finger (normally the
thumb) over the fingerprint sensor and at the same time or immediately after the positive
authentication use the card. A secure cpu (embedded into the smart card body) then match
the readout from the fingerprint reader against the pre-recorded fingerprint and if they
match signal the go ahead to the smart card microcontroller. Upon receiving the go
ahead signal from the secure cpu, the smart card chip is then enabled and perform the
transaction with the reader terminal.

When a criminal or a person that is not the rightful card owner tries to scan his finger on the
sensor, the match between the scanned finger and the stored fingerprint fails and the secure
cpu signal fraud detected to the smart microcontroller that immediately stop any
communication with the contact or contactless reader.

So the four fraudulent scenarios werent going to happen if they were performed using a
Fingerprint Cards. The method of verification of a fingerprint on a card is often referred as
Match On Card (MOC).

The enrollment process can be done:

On Card. When the user receive its new Fingerprint Card he needs to acquire its
fingerprint that is directly digitized and stored into the secure cpu chip of the card.
 Off Card. The the user enroll for the card he record his fingerprint on a desktop
fingerprint reader. The digitized fingerprint is then processed and sent to the secure
cpu chip trough the smart card contact / contactless interface.

A Fingerprint Card developed by Kona embedding a fingerprint sensor by CrucialTec.

The basic scheme of a contact Fingerprint Card includes a non-replaceable and non-
rechargeable battery that can give between 3-5 years of operating life under normal usage
conditions. First generation fingerprint card used a physical button to switch on the fingerprint
sensor while latest generation cards uses fingerprint sensors that sense when a finger is put
in contact with them enabling the reading.
Diagram of a contact Fingerprint Card.

A contactless Fingerprint Card normally does not embeds a battery and the power for the
fingerprint cpu is harvested from the card reader through the antenna. So when the card is
within range of the contactless reader the fingerprint sensor and the secure cpu are powered
on and the verification is performed as described for a contact fingerprint card. When the card
is removed from the contactless reader, the smart card chip, the secure cpu and the fingerprint
sensor are switched off.
Diagram of a contactless Fingerprint Card.

The technology of the fingerprint sensors utilized in Fingerprint Smart Card are primarily
Capacitive Sensing Technology or Active Thermal Technology.

Capacitive Sensing sensors use arrays of tiny capacitor circuits to collect data about a
fingerprint. As capacitors can store electrical charge, connecting them up to conductive plates
on the surface of the scanner allows them to be used to track the details of a fingerprint. The
charge stored in the capacitor will be changed slightly when a fingers ridge is placed over the
conductive plates, while an air gap will leave the charge at the capacitor relatively unchanged.
An op-amp integrator circuit is used to track these changes, which can then be recorded by an
analogue-to-digital converter.

Scheme of a Capacitive Sensing Fingerprint Sensor

The Active Thermal sensing principle has been developed by Next Biometrics and this kind
of sensor measures heat conductivity. A low power heat pulse is applied to each sensor pixel
over a short period of time and a response is measured. This response is different for pixels in
proximity to a fingers ridge or valley. A dedicated chip read and process the recorded signal.
All this is done in a short period of time and without the user feeling any heat.

Scheme of the Active Thermal fingerprint sensor from Next Biometrics.

In the following table the comparison between two fingerprint sensors for smart card
application:

Comparison of main features of two current Capacitive and Active Thermal fingerprint
sensors for smart cards.

Fingerprint sensors have been available in the market for many years but only recent
technological progress allowed companies to make very thin and flexible fingerprint sensors
flexible ad thin enough to be embedded into an ISO/IEC 7810 ID-1 and CR 80 compatible
card body.
A flexible smart card-enabled fingerprint sensor from the Norway-based company Next
Biometrics Group ASA.

All current flexible fingerprint sensors have similar

Because fingerprints are unique and difficult to forge, Fingerprint Cards unlock a new, higher
level of security while keeping relatively low implementation cost. In fact, apart from the high
price tag (we are still in the very early stage development of this market so components yield
is still low and market demand extremely small) of a fingerprint-enabled smart card, the huge
advantage is that there is no need to replace neither update existing readers (POS, Access
Control Readers, Desktop Readers) infrastructure simply because the whole
identification/authentication process is entirely performed in-card.

In contrast with the traditional fingerprint recognition systems, a Fingerprint Card makes the
need for biometric databases redundant, since the biometric data is securely stored on the card
itself for each individual user. Only the rightful owner of the card can use it, and the
fingerprint data cannot be extracted from the card.

As of time of writing, February 2017, among the very few commercial deployments of
fingerprint-enabled financial cards I think is worth to mention F.CODE, a solution made
possible by the following companies:

Fingerprint Cards AB Fingerprint sensor design

Shenzhen O-Film Tech Fingerprint sensor manufacturing

Zwipe Biometric authentication engine

Oberthur Technologies Smart card chip development, Smart card chip OS,
Integration and distribution of the complete card

The Oberthur Technologies F.Code Fingerprint Card.

From what I have seen from the few current Fingerprint Cards the personalization process
shall take into account the fact that the card body includes a lot more electronics than a
regular card. Therefore I believe this family of cards cannot be embossed, instead direct-to-
card printing, retransfer printing, inkjet or laser engraving thermal transfer should be used for
their personalization. For Financial Cards rear indent of CVV/CVC should be potentially
feasible, if no critical elements are present below the marking area.

One last thing whorth to mention is that a card in order to be compliant with the ISO/IEC
17839-1:2014 shall also have a feedback mechanism (man-machine interface) such as a
buzzer, a LED or a LCD, to inform the user when the fingerprint reading is ongoing or
performed.