Source: STMicroelectronics Blog
The STPayBio proof-of-concept prototype is the core component of the STPay-Topaz-Bio on-card biometric system platform, which recently won the CES 2022 Innovation Award and is hailed as the cornerstone of the fingerprint bank card, opening a new payment avenue for consumers and financial institutions. However, the application scenarios go far beyond payment, and indeed there are already teams working on using this technology to develop medical equipment and access control systems. User fingerprint authentication provides the industry with a more reliable and secure way to protect privacy. For example, the server requires the user to provide a fingerprint to decrypt biometric information, and uses biometric information stored only on the card to verify the user’s identity. In addition, medical professionals can also use fingerprints to verify patient identities to combat health insurance fraud.
What is STPay-Topaz-Bio?
a hardware and software platform
STPay-Topaz-Bio helps ease the development of on-card biometric systems that can handle fingerprint registration, data templates, power management and card verification processes. Before the transaction takes place, the user only needs to put his finger on the fingerprint reader of the card, no need to enter the PIN password, the use experience is efficient and more secure. It is true that hackers cannot unlock fingerprint mechanisms with pictures, while banks can provide more modern authentication systems. The STPay-Topaz-Bio fingerprint recognition platform uses two microcontrollers. The ST31N600 security unit is based on the 40nm Arm SecurCore SC000 core and handles most of the payment operations; the STM32L443 general-purpose microcontroller processes the images captured by the fingerprint reader. The platform also includes an operating system compatible with Java Card 3.0.5 and GlobalPlatform 2.3.1 to speed up the system development process.
A solution to get rid of PIN passwords
STMicroelectronics has partnered with Fingerprint Cards and Linxens to develop the STPay-Topaz-Bio fingerprint recognition platform. According to a report by ReportLinker, the global contactless biometrics market will reach $18.6 billion by 2026. The study also cited the epidemic as the reason for promoting the popularization of biometric technology applications. Consumers are looking for ways to pay while maintaining a safe social distance, fearing that devices could be contaminated with viruses, and wanting to reduce the use of human-computer interaction devices. Using biometrics to verify identity without entering a PIN, secure payment solutions for contactless biometric cards can meet these new demands.
Another reason why the industry celebrates STPay-Topaz-Bio is that the chip PIN verification itself has problems. The technology emerged in the early 2000s, and large-scale hacking scams on chip-PIN cards are rare, but they do exist. For example, in 2011, fraudsters used a man-in-the-middle attack chip-PIN card to steal a total of €600,000. The hacking method, while sophisticated, clearly shows that the technique has significant limitations. Likewise, two researchers from the University of Cambridge released details of two major security breaches. STPay-Topaz-Bio provides a newer platform and more important protections, and deprecates passwords, so criminals can no longer peek behind passwords or use social engineering attacks to steal passwords.
A simple on-card biometric system development entry method
By making on-card biometric systems more secure and practical, the STPay-Topaz-Bio solution helps to increase or even remove contactless payment limits on most cards today. The solution will also facilitate the adoption of this new technology by businesses and healthcare organizations. Unfortunately, it is difficult for managers to find accurate relevant information. Therefore, we think it is necessary to discuss the STPay-Topaz-Bio technology in a specific situation. Opinion leaders and policymakers must understand the technical challenges inherent in these emerging technologies.
STPay-Topaz-Bio: Energy Efficiency Challenge
Card size requirements
How the biometric system on the card works
Adding biometrics to a card is a challenging endeavor, and card manufacturers must comply with existing card thickness requirements in order to swipe or insert a card into an existing card reader. The ISO/IEC 7810 standard specifies that all bank cards and ID cards must be 0.76mm thick. Other standards also specify how much the card can bend without breaking the connector or component. Meeting these stringent requirements means companies that master biometric bank card technology can easily port their solutions. It would be easier to manufacture products like biometric ID badges, fingerprint identification work permits, etc.
Engineers must also address the technical challenges behind card power consumption and energy harvesting. Therefore, STMicroelectronics has developed a security unit that takes electrical energy from a contactless reader and distributes it to the entire card. Such a system is possible because the general purpose MCU (STM32L443) and ST31N600 security unit have low power consumption and can run on the power harvested during magnetic field coupling. The innovation of STPay-Topaz-Bio is to use the same NFC technology as the previous generation of contactless bank cards, while powering more components such as fingerprint sensor and general MCU.
storage and computing requirements
User fingerprint collection and registration, and then save the fingerprint template, this process requires a larger capacity memory. Therefore, on-card biometric system development engineers face higher hardware requirements. The security unit is responsible for running applications, protecting the security of biometric templates and other information, running fingerprint and template matching algorithms, and verifying user identity. Therefore, more storage space is required for reference templates and matching algorithms. Likewise, general-purpose MCUs extract fingerprints from sensors and hand them over to the security unit, requiring high computational performance and the lowest possible power consumption.
Therefore, decision makers must understand the importance of hardware optimization. STM32 microcontrollers feature low-power modes that significantly improve energy efficiency. Likewise, we ensure that the ST31 runs the fingerprint matching algorithm at a faster speed. Total transaction time, including fingerprint matching, must be less than one second. Therefore, the platform must do a very good job of hardware optimization and guarantee a flawless user experience.
STPay-Topaz-Bio: Security and User Experience Challenge Reliability
Due to the lack of standards, the fingerprint registration process for users may not be very smooth, and the fingerprint registration method must comprehensively balance overall security, performance and user convenience. Developers are investigating different fingerprint enrollment methods, including using self-enrollment card sleeves, mobile devices, or on-card fingerprint readers with optional LED indicators. Fingerprint collection must also be fast enough and meet biometric standards such as FAR (False Acceptance Rate) and FRR (False Recognition Rate) biometric interaction requirements. False positives in test results are serious violations of security regulations that undermine the overall reliability of the system, while false negatives create obstacles to the registration process, making registration more difficult and unbearable for end users. Therefore, the system development team must find a reasonable balance between accuracy and performance.
STPay-Topaz-Bio differs from existing solutions by providing better biometric processing performance and more secure asset protection, for example, providing more comprehensive security protection for fingerprint images and reference templates captured by sensors. In general, the security and privacy protection of on-card biometric systems are stronger and more secure than PIN verification methods or basic contactless solutions. However, STPay-Topaz-Bio goes one step further in terms of security, overcoming multiple design challenges. Adopting this approach means development teams can bypass complex design issues and ensure end users trust their on-card biometric system. The STPay-Topaz-Bio platform also guarantees short processing times, which are essential for a successful user experience.