Extending EMV Payment Smart Cards with Biometric On-Card Verification

  • Olaf Henniger
  • Dimitar Nikolov
Part of the IFIP Advances in Information and Communication Technology book series (IFIPAICT, volume 396)


Nowadays, many bank cards are smart cards (i.e. integrated-circuit cards) based on the EMV specifications for payment systems. This paper specifies how biometric on-card verification can be integrated into EMV debit and credit cards in a backwards-compatible way. The biometric verification does not change the EMV transaction flow outside the cardholder-verification step. The proposed payment system has been prototyped using Java cards and an applet for handwritten signature on-card verification.


Credit Card Smart Card Payment System Biometric Data Bank Card 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    Struif, B.: Use of Biometrics for User Verification in Electronic Signature Smartcards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 220–227. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  2. 2.
    EMV integrated circuit card specifications for payment systems, Version 4.2 (June 2008)Google Scholar
  3. 3.
    Identification cards – Integrated circuit cards, International Standard ISO/IEC 7816 Google Scholar
  4. 4.
    Identification cards – Integrated circuit cards – Part 11: Personal verification through biometric methods, International Standard ISO/IEC 7816-11, 1st edn. (2004) Google Scholar
  5. 5.
    Information technology – Identification cards – On-card biometric comparison, International Standard ISO/IEC 24787 (2010) Google Scholar
  6. 6.
    EMV integrated circuit card specifications for payment systems – Book 3: Application specification, Version 4.2 (June 2008)Google Scholar
  7. 7.
    Identification cards – Integrated circuit cards – Part 4: Organization, security and commands for interchange, International Standard ISO/IEC 7816-4, 2nd edn. (2005) Google Scholar
  8. 8.
    Information technology – Common biometric exchange formats framework – Part 3: Patron format specifications, International Standard ISO/IEC 19785-3 (2007)Google Scholar
  9. 9.
    Murdoch, S.J., Drimer, S., Anderson, R., Bond, M.: Chip and PIN is broken. In: 2010 IEEE Symposium on Security and Privacy (2010)Google Scholar
  10. 10.
    Henniger, O., Franke, K.: Biometric User Authentication on Smart Cards by Means of Handwritten Signatures. In: Zhang, D., Jain, A.K. (eds.) ICBA 2004. LNCS, vol. 3072, pp. 547–554. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  11. 11.
    Henniger, O., Müller, S.: Handwritten Signature On-Card Matching Performance Testing. In: Fierrez, J., Ortega-Garcia, J., Esposito, A., Drygajlo, A., Faundez-Zanuy, M. (eds.) BioID MultiComm2009. LNCS, vol. 5707, pp. 268–275. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  12. 12.
    Biometric Application Programming Interface (API) for Java Card, NIST/Biometric Consortium Biometric Interoperability, Assurance, and Performance Working Group, version 1.1 (August 2002)Google Scholar
  13. 13.
    Nikolov, D.: Debit and credit cards with handwritten signature on-card matching, Master’s thesis, Technische Universität Darmstadt (2012)Google Scholar
  14. 14.
    Information technology – Security techniques – Evaluation criteria for IT security, International Standard ISO/IEC 15408Google Scholar

Copyright information

© IFIP International Federation for Information Processing 2013

Authors and Affiliations

  • Olaf Henniger
    • 1
  • Dimitar Nikolov
    • 1
  1. 1.Fraunhofer Institute for Computer Graphics Research IGDDarmstadtGermany

Personalised recommendations