Use of biometrics to un-lock smart card

[RufusJWB]

Problem Description

From our user base we get more and more often the feedback, that it feels outdated to type in a PIN to use the smart card for email decryption or signature but that they would prefer to use biometrics like face recognition or fingerprint.

Proposed Resolution

I'd like to use this issue to start an open discussion / brainstorming how this demand could be fulfilled.

After some first conversations with our cyber security team, we could (potentially, details to be clarified), from a risk based perspective, accept the idea that the PIN of a smart card get's stored inside of a secure hardware module of the end users computer (e.g. TPM on Windows / Linux or T2 on Mac) if we can ensure that the end users computer fulfills certain device trust requirements. In our organization we are using Microsoft Intune to enforce device trust.

My first idea would be to add a server side component that authenticates the user with biometrics (e.g. Windows Hello for Business) and ensures the device trust. This could lead to something like this:

Initial PIN storing

sequenceDiagram
    autonumber

    actor u as User
    participant p as Open SC Minidriver
    participant s as Server side component
    participant o as OAuth2 enable IDP (e.g. EntraID)
    participant t as TPM chip

    u-->>p: initiate smart card operation
    p-->>u: Show "Enter PIN" dialog
    u-->>p: PIN
    p-->>s: request symmetric secret
    s-->>o: request user authentication
    Note over o,u: Potentially use Single Sign On
    o-->>u: request biometrics and device trust information
    u-->>o: send device trust and biometrics
    o-->>o: check device trust and biometric
    o-->>s: authentication successful
    s-->>s: generate and store symmetric secret
    s-->>p: return symmetric secret
    p-->>p: encrypt PIN with symmetric secret
    p-->>t: store encrypted PIN
    p-->>u: unlock smart card with PIN and perform card operation

Recurring PIN usage

sequenceDiagram
    autonumber

    actor u as User
    participant p as Open SC Minidriver
    participant s as Server side component
    participant o as OAuth2 enable IDP (e.g. EntraID)
    participant t as TPM chip

    u-->>p: initiate smart card operation
    p-->>s: request symmetric secret
    s-->>o: request user authentication
    Note over o,u: Potentially use Single Sign On
    o-->>u: request biometrics and device trust information
    u-->>o: send device trust and biometrics
    o-->>o: check device trust and biometric
    o-->>s: authentication successful
    s-->>s: load symmetric secret
    s-->>p: return symmetric secret
    p-->>t: request encrypted PIN
    t-->>p: encrypted PIN
    p-->>p: decrypt PIN with symmetric secret
    p-->>u: unlock smart card with PIN and perform card operation

Steps to reproduce

n/a

Logs

n/a

[CardContact]

That is already available with Match-On-Card support in the SmartCard-HSM. See the KeyXentic KX 906 token that has an embedded secure element with the SmartCard-HSM applet and 1-to-1 fingerprint matching.

@frankmorgner can probably also talk about the GoID card, that has an embedded fingerprint sensor.

Technology is available, but market demand is low.

[RufusJWB]

That is already available with Match-On-Card support in the SmartCard-HSM. See the KeyXentic KX 906 token that has an embedded secure element with the SmartCard-HSM applet and 1-to-1 fingerprint matching.

@frankmorgner can probably also talk about the GoID card, that has an embedded fingerprint sensor.

Technology is available, but market demand is low.

I'm aware that there are card specific technologies available. But I'm more thinking about a vendor agnostic approach that utilizes things like Windows Hello for Business and Conditional Based Access to un-lock the smart card with biometrics.

[CardContact]

So you want the user to authenticate towards a trusted server, that in turn authenticates against the card ?

Then you need some challenge response protocol between the card and the server, so that no sensitive information gets lost while the server authenticates against the card.

We use TA from BSI TR-03110 for that, which has an EC key on the server that signs a challenge generated by the card. In a large application we use that in addition to the user PIN to ensure, that the card is only used in the designated security environment. But server authentication could also be the sole or alternate authentication method.

[RufusJWB]

So you want the user to authenticate towards a trusted server, that in turn authenticates against the card ?

Correct. The server needs to support OAuth2 because I want to utilize Entra ID Conditional Based Access.

Then you need some challenge response protocol between the card and the server, so that no sensitive information gets lost while the server authenticates against the card.

That would indeed the best approach, but as stated above, I could live with saving the PIN in a TPM chip, if the chip is inside a trusted computer.

We use TA from BSI TR-03110 for that, which has an EC key on the server that signs a challenge generated by the card. In a large application we use that in addition to the user PIN to ensure, that the card is only used in the designated security environment. But server authentication could also be the sole or alternate authentication method.

This is probably not card agnostic, is it? I would need a solution working with CardOS cards but which ideally would work with any card.

[frankmorgner]

If you don't want to use some integrated solution (e.g. GoID card as described above), you are left with stacking and combining different technologies.

What is wrong with the process you have depicted (other than you should do it all-local rather than involving some shady web component)? The same process is used locally for some demo Windows Credential Providers, which are storing and recovering the user's (encrypted) password for login instead of a smart card PIN.