What is Zwipe Access?
Zwipe Access is a card-based fingerprint access control solution. Fingerprint capture, extraction, and comparison are performed completely within the Zwipe Access card. This means that the cardholder’s biometric data never leaves the card, providing increased data privacy to the cardholder.
Zwipe Access enables two-factor authentication using biometrics without the need of an additional fingerprint reader. The card verifies the enrolled cardholder‘s identity and the access control system then verifies the card’s authenticity and integrity.
Zwipe Access uses a Java Card infrastructure that allows Java Card-based applications (applets) to be run securely within the platform. With Zwipe Access, HID® Seos® and LEGIC advant applications such as access control, time and attendance, network login and secure printing can be virtualized and combined with strong fingerprint authentication. Customers may also run their own Java Card applications, such as FIDO, PKI, Crypto wallets, secure storage, or any other custom applications on the Zwipe Access platform.
Zwipe Access shares its platform with our payment product, called Zwipe Pay, which has undergone the security and durability testing mandated by payment schemes (like Visa & Mastercard) for the daily usage of payment cards. Zwipe Access has also undergone testing performed by both HID® and LEGIC following their standard procedures.
Zwipe Access is designed as a “Biometric System-on-Card” for organizations of any type or size to quickly and securely add instant authentication to their existing access control system, without the need to upgrade to expensive software or install biometric readers throughout their facility.
In review, Zwipe Access:
- Is card-based fingerprint access control
- Enables two-factor authentication
- Uses Java Card infrastructure
- Works with HID® Seos® and LEGIC advant
- Has undergone strict durability testing
- Is a “Biometric System-on-Card”
How Zwipe Access Works
Zwipe Access uses a batteryless, passive inlay to capture and securely transfer the cardholder’s fingerprint data to the Idemia Secure Element on the card. The secure storage of that fingerprint data, which the enrollment process converts into a biometric template, means that there is no external storage of the cardholder’s biometric data and therefore a much-reduced risk of identity theft or infringement of government privacy laws.
The Secure Element’s hardware and software tamper-proof mechanisms make it virtually impossible for an attacker to access the smart card’s memory. Moreover, it is not possible to convert a biometric template back into the fingerprint from which it was computed. Simply put, a live scan of the cardholder’s finger is matched against the stored biometric template to accurately verify that the one presenting the card to a reader is indeed the enrolled user of that card. When the card is presented, the RF field of the reader empowers the card and only the access control data is gleaned to verify the user’s access rights.
Once enrolled there is only one user of the card, as anyone else will not get a biometric match when placing a finger over the sensor. The card will also not work for the enrolled cardholder unless they correctly place an enrolled finger over the sensor when presenting it to a reader. If there is no match, the card will not release the access control information. Zwipe Access is true multifactor authentication in a secure, handheld biometric system.
Before enrollment, Zwipe Access cards can be personalized on any thermal dye sublimation, retransfer or inkjet (drop-on-demand) ID card printer, as long as there is no printing directly over the smart chip or fingerprint sensor. You can personalize them just as you would any other ID or access card.
Zwipe Access biometric enrollment is also fast and easy, and can be done with an approved card reader in less than 30 seconds.
