Biometric Smart Card Integration

A biometric smart card is easy-to-use and allows the owner full control of personal biometric data, identity, and access management.

Our engineers designed and deployed security systems for the legacy banking systems; NCR/AT&T (Bell Labs) and Citibank ATM OLTP system.

Problem

There is a disconnect between the physical and digital world. Mobile phone credentials are still weak in some areas and phones range in technical problems for the user. Some people may not have a reliable phone or internet connection. Atala PRISM needs a simple and easy-to-use solution to help authenticate digital identity (DID) and authorize payment on-and-offline.

Solution

Biometric smart cards are easy-to-use and easily distributed en masse. Mobile payments and digital IDs are currently operational with-or-without smartphones or connectivity. Card-to-card transactions and card-to-phone transaction can be made on our first generation wallet with minimal fees on the Cardano blockchain.  (See the ESC ATALA PRISM PITCH DECK attached below.) 

General

Most adults carry some form of ID, credit card, driver's license, insurance, or government-issued card. A biometric smart card is a tamper-resistant portable storage device that can only be unlocked by the owner's biometrics (fingerprint). This provides an end-to-end authentication to "guarantee the integrity of the platform."  The owner of the card retains full control of their personal biometric data, identity, and access management. It can store licenses, credentials, certificates, health records, prescriptions, contracts, titles, voting, and other human activities. This technology is being rolled-out this year by a few banks and processors to reduce identity theft and other fraudulent behavior. This is a 3FA (3 factor authorization) biometric smart card; something I have (the physical card), something I know (pin code), and something I am (my fingerprint).

Example

If a person (Alice) wanted to get a prescription from the pharmacy, the pharmacist (Bob) could scan her card (QR code or NFC) and then Atala PRISM could help retrieve Alice's medical records and prescriptions. This would help Bob verify the right person, right prescription, and the right dose. Likewise, Bob could use his DID to access the pharmacy's controlled-substances room, check her insurance coverage, verify her doctor's orders and credentials, and process the point of sale transaction with her smart card. She is the only person that the smart card recognizes and the only one that can authorize a payment. 

Plan (timeline estimates)

The engineers will need to test and reload (1-3 months) the existing product's system on chip (SoC), cryptographic key tools, crypto card-to-card, card-to-phone transactions, DID integration, and firmware optimization (3 months). The overall architecture of card-to-card transactions will need to be reviewed (1-3 months) for the Cardano infrastructure. If they pass the hardware and software integration, then we can quickly prototype (3 months) the larger touch screen, larger battery, and metal finish. The business development team will be engaged (3-9 months) in connecting high value partnerships to commit to our vision. We estimate all the hardware modifications, testing, and software application can be done within $1,000,000 USD. A full redesign would take about about 12 months to go to full production of next generation (2.0) cards. (See the ESC Lean Business Plan attached below.)

Budget

There are a few main categories for this startup listed below. We are requesting $100,000 to help test DID integration (3 months), examine feasibility, and send prototypes to our partners for further development. The funds will be spent on engineering and startup business operations. 

• R&D: (3-9 months) MVP, prototypes, firmware, middleware, embedded systems, wireless networking, encryption, back-end infrastructure, servers, services, Atala PRISM integration, mobile wallet application. 
• PR and Marketing: (3-12 months) Word-of-mouth, influencers, crowd-funding campaigns, press releases, blogs, article pitches for journalists, interviews and appearances for company executives, television programs, news, outreach events for media and the public, startup promotion via social media, market research, data aggregation. 
• Legal: (3-6 months) Mission, end-goal, investors, business structure, entity setup, token economics, crowd-sales, incentives, risk control, jurisdiction selection, registration, partners, employees, independent contractors, vendors, service providers, loans, lenders, co-working space, brand, IP, trademarks, copyright, patents, bank account, regulations, liabilities, insurance, accounting system, contracts (smart), advisors, exit strategy. 
• IT: (1 month) Servers, software licenses, domain names, security, IT management, product SEO, tokens. 
• Operational costs: (3, 6-9 months) Accounting, sales, finance, compliance, bill pay, issuing and collecting invoices, expense claims, refunds and credits, salaries, burn rate, incentives, rules and processes, fundraising, corporate development, business strategy, B2B, branding. 
• Salaries: Contract, shared incentive structure, vesting schedule, token distribution, rewards.

Background

A member of our meetup group showed me this smart card in 2017-18. I reviewed the card (Bitcoin / Ethereum wallet) and thought it was a good candidate for the Cardano ecosystem. I thought it had potential as an Atala DID and payment wallet after some technical revisions. I asked the engineering team (former AT&T/NCR and Citibank ATM engineers) if I could white label the product and change some specifications to meet my (tough gear) specifications. They agreed to help me revise and rollout the next generation of metal biometric crypto cards. They design and manufacture tamper-proof embedded hardware security chips for mission-critical IoT devices. They own the IP for the ARTIC 1.0 chip design that protects the card platform and firmware on a system-level. The system on chip (SoC) cannot be hacked by web-level software attacks.

The hardware team (Ethernom) is currently contracting with SEA governments on other IoT products related to anonymous R0 COVID case tracking and other medical supply chain products. Our mission is to integrate IoT products like their ID/wallet with healthcare apps and enterprise supply chains. 

News

ExtoLabs LLC (our software team in the Southern California) was one of the top 15 finalist for the Global CBDC Challenge sponsored by The Monetary Authority of Singapore (MAS). IOG was one of the finalist too. 

The Global CBDC Challenge was launched in partnership with the International Monetary Fund, World Bank, Asian Development Bank, United Nations Capital Development Fund, United Nations High Commission for Refugees, United Nations Development Programme, and the Organisation for Economic Co-operation and Development.

The list of finalists are ANZ Banking Group Ltd, Bitt, Citibank (Singapore), cLabs, Consensys (+Visa), Extolabs LLC (Ethernom), Giesecke+Devrient advance52 GmbH, HSBC Bank (Singapore), IBM, IDEMIA (+Consensys), Criteo, IOG Singapore Pte Ltd, Soramitsu, Standard Chartered Bank, and Xfers Pte. Ltd. 

https://www.mas.gov.sg/news/media-releases/2021/mas-announces-15-finalists-for-the-global-cbdc-challenge