Outstanding security with a smartcard and biometrics

Smartcard und Biometrie

Talking to Jörg Neubert, we hear about how the card is used, the benefits it offers and about the data protection and security level that can be achieved.

Who uses which IT system and when? Who needs to be granted access to which areas and when? These questions are essential for high-level security. With a state-of-the-art smartcard, like the GoID Card from Bundesdruckerei, users can log onto computers and access systems and prove that they have access authorisation. The GoID Card offers two-factor authentication using biometric data and hence meets very high requirements in terms of data protection and security. Talking to Jörg Neubert, we hear about how the card is used, the benefits it offers and about the data protection and security level that can be achieved.

We regularly hear reports on data losses caused by cyberattacks. How can that happen? After all, IT systems are protected by passwords.

In practical application, conventional methods with usernames and passwords were often found to be lacking when it comes to security. This is also because staff are convenient, after all, secure passwords are long and complicated. They are hard to remember. So, they are written down and can be easily stolen. Or the passwords chosen are simple ones, such as 'strictlyconfidential", which are also easy to guess.

Which methods are more secure than passwords?

One solution that is just as secure and convenient for companies is based on smartcards. These cards contain a digital certificate which holders use to identify themselves. The identity of the card user is additionally verified on the basis of a second biometric feature. Fingerprint or facial image data can be compared via the chip. A card protected in this way is of no use to anyone but the holder. Bundesdruckerei's GoID Card is one example of this kind of smartcard, which we use as an office ID card.

How is it ensured that the biometric data does not fall into the wrong hands?

The sensitive biometric data is perfectly safe on the card. No biometric data leaves the card. The data is stored and verified on the card and only on the card. The GoID Card is the first card of its kind to offer companies and public authorities a secure solution that also complies with data protection requirements.

What can the GoID Card do?

The new ID card combines many applications in a single card. Employees can use it to open doors, log onto a PC, sign e-mails and PDF files, to pay in the canteen and to use printers. The card is also used for processes where authentication is required, for instance, approving travel accounts or performing maintenance on machines.

What does that mean in practical terms? How does an employee have to use the new card?

That is very easy. When the user logs onto a computer, the card communicates visually via red and green light signals. All the employee does is hold their card up to the contactless card reader. The user also places their finger on the card fingerprint sensor. If the integrated LEDs turn green and flash slowly, this means 'Place finger on card'. A steadily lit green signal means that the fingerprint on the card matches the fingerprint just captured. If the light turns red, this means that the fingerprints do not match. We refer to this procedure as 'verification on document'. Biometric facial recognition is used for access to the company's premises. This also takes just a few seconds. Employees are not permitted to enter the premises until the facial image that was taken by a camera at the entrance gate matches the data stored on the chip.

What about auditability? Does biometric authentication also offer more security for this?

Without doubt. Passwords and PINs can be disclosed to others or even stolen. This can be almost completely ruled out in the case of authentication with the GoID Card and fingerprint. This means that it is always clear who worked on a computer or who operated the machine.

Is it necessary at all to enter passwords or PINs?

You can, but you don't have to. Logging onto a computer with a password or PIN is still optional, even with the card. That's because some companies cannot or do not want to change their entire system straight away. Besides, PIN entry can also be used if the employee has injured their fingers or hands.

Digital work

How to replace your handwritten signature in just four steps

Digital work

Expert tip: Digital signatures for eContracting

Bundesdruckerei's expert Detlef Fischer puts matters straight when it comes to the most common misconceptions, naming five reasons to replace handwritten signatures on paper with electronic signatures.


Closing the e-mail security loophole

Find out how you can create a sound basis for secure and trusted e-mail communications in just five steps.