Finally, what are your data storage requirements? Does the owner of the biometric maintain ownership of his or her template? Or is it held in a central database elsewhere? For some systems, a central database may be considered sufficient. However, this raises questions about privacy – who has access to the database? – as well as security – how do they gain access to the database? In addition, is it sufficient for a person to present him/herself to a system to be authenticated purely by their biometric? Here, smart card technology really comes into play. With falling costs and increasing memory sizes, smart cards have a lot to offer the biometrics industry. They can be used in conjunction with the biometric and a PIN to provide three-factor authentication: something you have – the card; something you know – the PIN and something you are – the biometric, thus guaranteeing the highest level of security.

Storage requirements

By storing a template directly on a smart card, organisations can also overcome the potential privacy and portability problems of a centrally stored database of templates. Although memory requirements vary between biometric technology vendors, typical template rates are currently 4-20Kb for face recognition, 2-4 Kb for fingerprint, 9 bytes for hand and 512 bytes for iris; all sizes that are easily managed on a smart card.

Furthermore, storing the template in the smart card allows strong authentication in off-line mode. This reduces the needs of a permanent connection to a centralised repository of templates.


Taking the privacy discussion a step further, matching algorithms can be implemented on the smart card. This means that instead of reading the template off the card, the biometric is read and given to the card to do the matching in a process known as on-card matching. This technique ensures there has been no tampering with the matching process and also means that the enrolled biometric data never leaves the card. The portability of the biometric enables the card owner to have control of his or her template, while also supporting offline processing.

National ID – a big market

With many governments now considering – or upgrading – their identity cards, biometrics and smart cards are coming of age in a variety of countries. Malaysia, Brunei, Oman and the United Arab Emirates are just a selection of countries that have recently adopted national ID smart cards using fingerprint technology.

In the Sultanate of Oman, a smart card-based citizen ID programme has been deployed using the “ResIDent” smart ID card system from Gemplus, and fingerprint technology by biometrics vendor Sagem. The new system provides advantages to government and citizens alike. The government is able to enhance its identification processes, improve its infrastructure, modernise its national registry system, increase homeland security and provide better quality services to citizens. Cardholders, meanwhile, can identify themselves electronically. And, as time progresses, these cards will be used for a host of government applications, including driving licences, passports, work permits, PKI authentication and digital signatures, domestic e-purse, healthcare cards and electronic voting. Approximately 1.5 million smart cards will be issued to Oman’s citizens and expatriates above the age of 15 between 2004 and 2007.