Authentication solutions

Public key cryptography has long served as a core technology for many computer security systems. Using public and private key pairs, one can perform cryptographic operation encryption with one key from the pair, while the reverse operation decryption requires the other key. The private key remains concealed by the key owner, whereas the public key is freely disseminated. Internet PKI provides additional safeguards by ensuring that a public key for an end-user can be certified without requiring the corresponding private key to be transmitted online to the certification authority. In most cases, the key pair is generated at the end-user's side of the infrastructure, and the private key remains securely stored in the local environment such as in a smart card token. For many years, our team has been developing the core cryptographic software used in many IBM products, such as Websphere or Host-on-demand.

Biometric technologies provide an automated means of identifying or authenticating the identity of a living person based on unique physiological or behavioral characteristics. Digitized representations of fingerprints, facial scans, hand geometry, as well as voice, iris or retina patterns can be captured via sensors, scanners, microphones or cameras. The unique characteristics are then extracted from the biometric image and used to create the user's biometric template, which is stored in a database or on a machine-readable ID card. Alternatively, the complete biometric image can be stored, but — understandably — this option requires substantially more memory and also can present greater privacy issues than a system that stores only biometric templates.

IBM's Infoprint Workflow (IPW) product is a distributed client–server solution that can be used to automate the smart card print manufacturing process. The highly customizable system is divided into two major components: the backend server, which implements the processes that make up a workflow, and the Windows-based GUI, which enables the client to configure and manage the workflow. The IPW solution offers an array of security management options to ensure the integrity of the smart card production process, and provides tracking and reconciliation facilities throughout each process stage.

Chips such as those used in smart cards are capable of storing large amounts of biometric and other data and of interacting intelligently with external devices. The use of chips makes these devices more fraud-resistant than relying on the conventional magnetic strip data storage system still used in many identification applications such as company badges or credit cards. When employed as part of a secure ID solution, sensitive data is typically encrypted, both on the ID card and during communications with the reader system. In some cases, digital signatures may be added to help ensure data integrity.