All it seems to be saying is that you dont have to layer the factors: having a powerful factor [using a 32bit arm, probably) reduce to a 5 decimal number! Rather, administration of the bio profiles and login conditions are managed locally - like at any wiegand bio device in any data center, airport, etc.
It does imply, as you may be asserting, that the TCB has _delegated_ the subject verification to the bio token, which must then cite a magic crypto number that.....any one else with the magic formula could also cite, or introduce via an active wiretap.
Under the evaluation rules, this architecture would count as a partitioned TCB, and requires additional functions and assurance to show the designers are controlling the risk of partitioning.
I remember reading the activecard FIPS 140-1 certificate, about a year ago. Its on the NIST website. It disclosed a fair amount of their proprietary methods of handling applet loading, and applet distribution. It was unusual to see this stuff in a 140-1 security policy; may be just marketing, to give the appearance that the 140-1 certfication addresses these common criteria issues. Or, perhaps they were going to give 140-2 a try, at some point.
Bio-arming of crypto boundaries is hardly new.
From: "Scott Guthery" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED] To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> CC: "David Everett" <[EMAIL PROTECTED]> Subject: [Muscle] Cardholder Must Trust All Applets and Middleware Date: Sun, 14 Mar 2004 18:41:50 -0500
I've questioned the wisdom of letting on-card applets slide by the access control rules, particularly PIN protections, on data files in integrated circuit cards. Now comes a patent application that says that middleware gets to slide by too. That will teach me to think that things can't get worse!
Notice that middleware convenience trumps cardholder privacy.
Cheers, Scott
EP1396779A2: System and method to facilitate separate cardholder and system access to resources controlled by a smart card
ACTIVCARD IRELAND LIMITED
This invention provides a mechanism, which allows a user's personal identification number (PIN) to operate independently from a biometric authentication system. This improvement reduces the administrative burden of having to keep a user's PIN synchronized with the PIN used to access the user's smart card (15) following successful biometric authentication. The first embodiment of the invention incorporates a cryptographic interface, which bypasses the PIN entry and allows the biometric authentication system to directly access card resources. The second embodiment of the invention provides a second system PIN having greater bit strength than the cardholder PIN. Both embodiments of the invention retrieve secrets (either a cryptographic key or system PIN) from a biometric database (60) by comparing a processed biometric sample with known biometric templates. The biometric authentication system incorporates a client-server architecture, which facilitates multiple biometric authen!
tications.
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
_________________________________________________________________
Fast. Reliable. Get MSN 9 Dial-up - 3 months for the price of 1! (Limited-time Offer) http://click.atdmt.com/AVE/go/onm00200361ave/direct/01/
_______________________________________________ Muscle mailing list [EMAIL PROTECTED] http://lists.musclecard.com/mailman/listinfo/muscle
