• Home
• About Gemalto
  • Our Company
  • Corporate Governance
  • Sustainability
  • Investors
  • Partners
  • Office Locations
• Products & Solutions
  • Telecommunications
  • Financial Services & Retail
  • Enterprise
  • Government
  • Transport
  • Training
  • Buy On-Line
• Contact Us
  • Office Locations
  • Jobs/Careers
  • Tech Support
  • Sales/Other
• Media Center
  • Media Contacts
  • Feature articles

.NET Bio

Protiva™ .NET Bio Solution - Frequently Asked Questions

About Protiva .NET Bio Solution

1. What is Protiva .NET Bio Solution?

Protiva .NET Bio is Gemalto’s strong authentication solution that provides fingerprint biometric support for .NET smart cards used in Microsoft Windows operating systems. It enables fingerprint Match-on-Card user authentication as an alternative or complement to smart card PIN verification.
 

2. Why is it a strong authentication solution?  

The .NET Bio solution uses two or three-factor authentication system to authenticate and verify user identity. Using two or three factors as opposed to one factor ensures a higher level of authentication assurance. A user proves an identity with at least two of the three methods: "something he knows" (PIN or password), "something he has" (smart card or a token), or "something he is" (fingerprint).
 

3. What are the advantages of biometrics authentication?  

Biometrics authentication provides a higher level of security, unparalleled user convenience and lower total cost of ownership. Users that tend to forget or to write down PINs can benefit from the unrivaled convenience afforded by authenticating with using the biometrics factor. Users and enterprises are assured a high level of security because of the non-repudiation factor -- the fingerprint biometric provides proof of the integrity and ownership of data or transaction. The cost of managing lost or blocked PINs is also reduced.
 

4. On which operating systems does the .NET Bio solution work?

The Protiva .NET Bio solution works on Windows 7, Vista, XP and Server 2008 R2 operating systems.
 

5. What are the elements that comprise the .NET Bio solution?

The solution is composed of Protiva .NET Bio smart card to perform PKI or OTP operations, secure certificates storage and Match-on-Card, the .NET Bio libraries for credentials provision or GINA, fingerprint enrollment wizard and PIN or fingerprint verification user interface, and lastly the .NET Bio smart card readers that are either embedded in laptops or PCs or are among the USB connected compatible biometric readers from the market. The biometric readers and the smart card readers can also be separate devices.

6. How does the Protiva .NET Bio solution work?

Enrollment and configuration: The cardholder enrolls one or more fingerprints (up to 10 if desired) using a fingerprint scanner. The fingerprint information is then stored in a tamper-proof zone of the .NET smart card and will serve as a template. Personal or confidential data, such as certificates, are also stored on the smart card upon enrollment, using a smart card reader. The choice of user verification modes (PIN only, fingerprint only, PIN or fingerprint, PIN and fingerprint) are also set at this point.
Authentication: The previously configured .NET smart card with the enrolled fingerprints and desired verification modes will prompt the user to authenticate when performing actions such as logging onto a secure network or PC. At this point, the system may also show previously enrolled information about the user. The cardholder places one of his/her enrolled fingers on the fingerprint scanner and the live print is read and analyzed in seconds.


Matching live fingerprint with template: If the live fingerprint from the user matches the fingerprint template on the card, the identity of the cardholder is verified. The system can then perform the requested actions such as logging onto a network, uploading sensitive data or signing an email using a certificate. If the fingerprint information does not match, the requested action is rejected, and the true cardholder’s credentials are protected from fraud or misuse.

7. What are the PKI and non-PKI versions of .NET Bio solution for Windows 7?

For the Windows 7 and Server 2008 R2 operating systems, the .NET Bio solution for Windows 7 is delivered with two options: PKI and NonPKI .

The PKI version is similar to the standard .NET PKI technology. It is based on X509 certificates loaded into the card and used to perform cryptography functions such as digital signature or file encryption. In the case of the .NET Bio solution, the biometric Match-On-Card is added to the .NET PKI technology as an additional authentication factor. The non-PKI version does not need any certificate loaded into the card, and therefore can only perform the authentication function, such as logon. It is easier to implement because it only provides the biometric Match-On-Card authentication.
 

8. What is Match-On-Card technology?

The term Match-On-Card is used by Gemalto’s partner, Precise Biometrics. This term means that the fingerprints of the user are stored securely in the smart card and are verified, at each biometric authentication, by the smart card itself. Therefore the fingerprints never leave the smart card secure zone and cannot be read from the card in any way. Match-On-Card is the only technology ensuring privacy of the biometrics characteristics of the user. Other technologies such as Match-on-PC or Match-on-Reader or Match-on-Server are much more vulnerable to security attacks.

About Protiva .NET technology and devices

1. What is Protiva .NET technology?

Protiva .NET technology from Gemalto provides cryptographic capabilities for PC and network logon, digital signature, file and email encryption as well as access to Virtual Private Network (VPN). Two cryptographic technologies are offered: PKI (Public Key Infrastructure) and OTP (One Time Password).

2. What Gemalto devices use .NET technology?

Typical Gemalto devices from the Protiva brand include the .NET smart cards, secure tokens and personal security devices such as the Smart Enterprise Guardian (SEG), Smart Guardian and Smart Guardian FIPS (SG FIPS).

3. Does Gemalto offer biometric smart card readers?

Gemalto develops and offers a wide range of contact, contactless or dual smart card readers, but no biometric readers. The .NET Bio solution is compliant with more than 90% of the biometric sensors of the market, including those from UPEK and Authentec. If needed, Gemalto may make additional compliance and interoperability tests on a particular biometrics reader available on the market. On a per project basis, Gemalto can also integrate and deliver biometrics readers belonging to third parties.

More info and samples order

1. Where can I find detailed information on the .NET Bio solution?

Check Gemalto’s web site, www.gemalto.com/enterprise. You will find not only specific pages on the .NET Bio solution but also the range of Protiva security solutions for enterprises.

2. How do I order a sample?

Contact the local Gemalto office nearest you by checking out our Gemalto local sites page.