MobileKnowledge has defined the system architecture, developed the required software components and tested the complete setup to enable secure element-based biometric fingerprint authentication on a wearable device
To use biometric fingerprint authentication as a Card Holder Verification Method to activate a payment card available inside the Secure Element of a wearable device.
MobileKnowledge has developed a proof of concept for biometric fingerprint authentication on wearable technology based on NFC secure element technology. The fingerprint authentication is used to activate contactless payment cards through the NFC interface.
Thanks to this new approach, the payment application will only be available on the contactless interface after a successful fingerprint authentication of the owner. After a few seconds, or right after a valid transaction has been completed, the payment application will be de-activated again to avoid undesired payments.
The solution developed by MobileKnowledge covers the following steps related to the management of the fingerprint feature:
- Finger enrollment: the user is requested to place his finger on top of the sensor a set number of times to capture the biometric characteristics of the fingerprint. As the user places the finger on the sensor, the software generates a template that contains the most significant patterns extracted– called ‘minutiae’ – that can be used to authenticate the user. When the process is completed, this template is securely stored in the device’s Secure Element for later authentication of the user.
- Finger matching: whenever a user wants to make a payment, she is required to authenticate herself to make the payment application available over the NFC interface. She must place her finger on the sensor one time to capture the image, the software extracts the pattern and a comparison is produced inside the secure element against the previously stored enrolled template. A successful matching will activate the payment application and allow the user to proceed with the payment.
- Finger deletion: the user is able to delete a previously enrolled finger from the Secure Element.
The authentication of the user, which covers the capture of the fingerprint on the sensor, the extraction of the biometric characteristics of the fingerprint and the matching on the secure element is completed in less than 1 second (aprox. 700msecs). This ensures a great user experience. The system is optimized to reduce power-consumption to its minimum and guarantee a long battery life of the device before the user needs to charge it.
A Java Card applet installed on the secure element validates the matching on the NFC chip. To manage the activation of the payment applications in the secure element, we use standardized mechanism since it is the CRS applet defined by GlobalPlatform specification.
Technology & tools used
- Android application programming
- C code programming for the Wearable FW
- Biometric fingerprint processing software library
- Fingerprint sensor
- Java Card and GlobalPlatform scripts for the personalization of the cards
- Secure Element Management Service scripts generation
The Mobile World Congress took place in Barcelona, Spain from February 24th to 27th. In the course of this important event, Pedro Martinez, CEO of MobileKnowledge, was interviewed by TV3, the Catalan national television station.