In a press release, MasterCard announced yesterday an EMV payment card that features a fingerprint reader. The release said that two trials have been recently concluded in South Africa and, after additional trials, a full roll out is expected this year.
In the United States, EMV chip cards are used without a PIN. The fingerprint reader is no doubt intended to fill that security gap. But any use of biometrics raises privacy concerns. Perhaps to address such concerns, the press release stated that a fingerprint template stored in the card is “encrypted”.
That’s puzzling. If the template is encrypted, what key is used to decrypt it before use?
The key could be kept by the issuing bank and retrieved by the card at transaction time. But the press release says that “the card works with existing EMV card terminal infrastructure and does not require any new hardware or software upgrades”. So no key is retrieved. The key could be derived from a PIN, but that would provide little security due to the low entropy of the PIN, and in the US there is no PIN anyway.
That leaves one intriguing possibility. There are technologies that use “helper data” instead of a biometric template. A biometric sample is combined with the helper data to produce a “biometric key”. Error correction techniques are used to consistently generate the same biometric key from varying but genuine samples, making it possible to verify the sample by comparing a cryptographic hash of the generated biometric key against a reference hash computed at enrollment time and stored in the card. The helper data is derived from an enrollment sample, but it is randomized in a way that makes it computationally unfeasible to derive from it any useful biometric information.
Such techniques are known by different names. I’ve referred to them as “revocable biometrics” in earlier posts. They may also be called biometric helper data techniques, biometric key generation techniques, or biometric cryptosystems. Is the term “encrypted template” in the press release a loose reference to the combination of helper data and a reference hash? It would be nice to know.