CardLab releases its biometric FIDO authentication resolution, whereas getting ready launch of a biometrically secured platform for the EU Digital pockets, utilizing offline biometric id verification.
For a very long time, digitalisation has been all about driving effectivity and productiveness, however with all types of Cyberattacks and ransomware exhibiting no indicators of slowing down, ignoring the cybersecurity facet is just not an choice. Irrespective of the size of the operation, whether or not a worldwide participant or a begin‑up, the dangers and penalties are the identical. Digital safety is central to safeguarding the economic/infrastructure operations of the long run, guaranteeing the advantages of digitalisation could be harvested, and identities and information could be stored safe.
Cybersecurity is not separate from efficiency; it’s what makes excessive efficiency attainable and sustainable. With out sturdy safety, each productiveness achieve rests on shaky floor.
Biometric FIDO for safe id verification
After FIDO (Quick Id On-line) certification and in depth discipline testing, this resolution is now being launched by CardLab as a mixed bodily and logical entry card making use of ordinary NFC entry management techniques and FIDO logon utilizing Bluetooth, BLE. On the similar time, CardLab releases the QuardLock FIDO-certified authentication server resolution, and it does so with the biometric fingerprint card from a consolidated cybersecurity platform that may hold information safety and productiveness on stable floor.
The biometric SmartCard with fingerprint sensor is at all times offline, and the fingerprint templates are encrypted within the card and by no means go away it. Personal keys used for authentication and transaction signing are additionally encrypted within the card and by no means go away it. By definition, nothing within the card is accessible from exterior, offering a brand new stage of hacker-proof id verification and cybersecurity resolution.
That is the answer that strikes id verification from being a device-based authentication to being a person-centric verification. With the algorithms that the fingerprint sensor runs on, it’s nearly unimaginable to repeat a fingerprint and activate the cardboard as an authentication instrument. That is additionally a really handy resolution as you solely want to recollect bringing your finger for verification and thereby remove the chance of getting your machine stolen, hacked, or your passwords compromised.
Why biometric FIDO authentication issues
Historical past has proven that passwords are the weakest hyperlink in cybersecurity and the most typical cause for information breaches. The answer till now has been longer and extra difficult passwords that customers can not bear in mind or load right into a password supervisor that may be hacked, like what occurred final yr when 16 billion passwords have been intercepted in a single hack. That’s why it’s time to go passwordless with biometric verification of the person. Cardlab’s resolution eliminates the necessity for passwords, offering a seamless and safe option to shield your information and your staff’ digital id.
The brand new and safer strategies used at the moment for authentication (FIDO2/passkey) change static passwords and time-based codes with extraordinarily sturdy public key cryptography, making it extremely proof against phishing, man-in-the-middle, session hijacking, and different sorts of assaults.
FIDO2/passkey requires bodily entry to the smartphone or machine/card that holds the personal key. Which means even when a hacker intercepts the communication remotely, he can not use it to authenticate with out having the bodily machine in his palms. Biometric verification (FaceID, fingerprint, and so on.) on the machine provides an additional layer of safety. The very best stage of person safety and safety is achieved by offline id verification, like on a biometric card, the place there is no such thing as a exterior hacker entry to the machine and the underlying SW, like on Smartphones.
These options make FIDO2/passkey a extremely safe authentication technique, considerably decreasing the chance of distant assaults, which is the principle technique utilized by hackers. Utilizing a CardLab biometric SmartCard with a built-in FIDO2/passkey function will present the best stage of authentication safety since transaction signing occurs offline, utterly out of hacker attain.
By no means belief, at all times confirm
To determine and confirm identities is a vital step in assembly the zero-trust precept, together with the necessity for an organisational coverage for ‘who ought to have entry to what, when, and why. This can be a key factor in controlling entry and an environment friendly option to block intruders from getting access to the authentication machine as they don’t have any fingerprint to activate the passkey function.
With our risk-based adaptive authentication course of, each entry request is validated earlier than extending extra privileges or entry.
That is an additional step to forestall phishing, as cybercriminals with phished credentials are prone to attempt to register a brand new machine, work from a brand new location, or try entry exterior of the true person’s typical working hours.
The system can detect these indicators and problem entry makes an attempt accordingly to forestall dangerous actors from getting access to vital info or having the ability to place malware or ransomware, offered the proper IT system setup. The FIDO2 protocols have been truly given the best stage of authentication assurance from NIST and are thought-about stronger than what the U.S. Division of Protection at the moment makes use of.
Digital id wallets
A number of digital id schemes appear to be underneath growth, aiming each at making individuals’s digital life simpler and to have higher id management in society. On this course of, now we have seen totally different initiatives to set a regulatory framework, but additionally main considerations round privateness and concern of a ‘Large Brother society’ evolving with fixed monitoring of all residents. A priority that could be very actual, and if the digital id wallets aren’t applied with the wanted safety and anonymisation options, it may simply grow to be the fact of tomorrow.
The large menace with all digital options is that they are often hacked, stolen or PIN codes could be lured whether it is purely a device-based resolution. To realize a excessive stage of probability that it’s the right proprietor of the identification machine, some type of biometric verification is required. If not completed proper, this could compromise the validity of the answer, whether or not it’s the EU Digital Id Pockets (EUDIW), the BritCard, or different related options.
Offline Belief and eIDAS 2.0: The function of biometric SmartCards within the EU Digital Id Pockets
The EUDIW underneath eIDAS 2.0 is meant to offer all EU residents and companies with a safe, interoperable, and privacy-preserving digital id. A central unresolved problem is learn how to reconcile offline usability with on-line compliance necessities, significantly in relation to assurance ranges, revocation, authorized accountability, and privateness.
Most present pockets designs rely closely on on-line, cloud-based belief fashions, which simplify compliance however introduce systemic safety dangers, connectivity dependencies, and privateness considerations. An internet cloud-based resolution carries all of the dangers of being hacked, being a ‘Large Brother’ instrument, and the copying of biometric information. On the similar time, absolutely offline options face difficulties assembly eIDAS necessities for revocation, freshness, and auditability.
A useful structure
In CardLab, we offer another method through which an offline biometric SmartCard acts because the grasp cryptographic authority for the Digital Id Pockets.
On this mannequin:
• All personal keys are saved inside an authorized Safe Ingredient on the SmartCard
• Biometric verification and all cryptographic operations happen inside the cardboard
• Smartphones and PCs act solely as interfaces and transport layers, related through NFC
• Personal keys and biometric information by no means go away protected {hardware} (the biometric card)
• The cardboard helps FIDO2, OTP/TOTP, X.509 certificates, PIV, and digital signatures
Key implications for eIDAS compliance
The biometric SmartCard mannequin:
• Strongly helps eIDAS necessities for sole management of the signatory and non-repudiation
• Allows high-assurance authentication and transaction signing, together with offline use
• Reduces publicity to malware, cloud compromise, and platform-specific belief fashions
• Strengthens authorized defensibility of digital signatures
• Improves privateness by way of information minimisation and decentralised belief
This structure aligns intently with QSCD ideas and gives a reputable path to Excessive Assurance Degree (LoA Excessive) use instances.
Key suggestions
1. Recognise hardware-backed offline credentials as a sound eIDAS 2.0 compliance sample
2. Set up EU-wide certification profiles for biometric SmartCards
3. Standardise hybrid revocation and freshness mechanisms
4. Promote interoperability throughout PKI, FIDO, and pockets ecosystems
5. Pilot offline-first pockets deployments in cross-border public-sector use instances
Conclusion
A biometric SmartCard performing because the grasp key for the Digital Id Pockets, BritCard, or different id pockets options represents a strong, privacy-preserving, and legally sturdy basis for digital id in Europe or different nations or areas. Whereas hybrid on-line mechanisms stay essential for lifecycle administration, this method decisively strengthens offline belief and deserves severe consideration throughout the eIDAS 2.0 framework. Lastly, it could remove the choice to make use of the digital pockets as a ‘Large Brother’ monitoring instrument, as the private id shall be tokenised within the on-line area.
Because the biometric SmartCard has an embedded tamper-proof Safe Ingredient the place totally different applets could be loaded into and make the cardboard a multipurpose card, it allows the cardboard to be something from driver’s license, passport, social safety resolution, and different vital private information placeholders underneath the person’s full management. No information shall be launched with out the authorized fingerprint of the true proprietor of the cardboard – a real GDPR compliance instrument bringing again the management of information to the person.
Tokenisation of confidential person information utilizing an EU Biometric SmartCard. Alignment with eIDAS 2.0, EU digital sovereignty, and offline belief framing the idea
We aren’t hiding id, however:
Changing direct publicity of private identifiers with cryptographically managed surrogate values, the place:
• Solely law-regulated entities can subject, resolve, or revoke id bindings
• Id is disclosed solely when legally and contextually required
• Management stays with the person citizen and the authorized framework
This framing is important for alignment with eIDAS, GDPR, and EU or different nations’ constitutional legislation.
Tokenisation as a belief service
CardLabs system successfully proposes an id abstraction layer:
- Private identifiers (SSN equivalents, card numbers, account IDs,
emails) - Are changed by surrogate id tokens
- Tokens are meaningless exterior EU or different nationwide belief infrastructure
- Decision (de-tokenisation) requires authorized authorisation like a court docket order
Position of the biometric SmartCard
In your structure, the biometric SmartCard:
• Holds root personal keys
• Enforces person presence (biometrics)
• Indicators:
o Authentication
o Attribute disclosure
o De-tokenisation requests
• Works offline and on-line through NFC or Bluetooth
Critically:
The cardboard doesn’t retailer uncooked identifiers for routine use — it shops:
• Cryptographic bindings
• Token references
• Attribute launch insurance policies
This makes the cardboard a private belief anchor, not a knowledge container.
Alignment with eIDAS 2.0 — The place this suits cleanly
Our tokenisation mannequin suits this precisely:
No battle with eIDAS ideas
Tokenisation vs id — Essential authorized distinction
Underneath eIDAS:
• An individual stays legally identifiable
• Even when identifiers are abstracted
Tokenisation is due to this fact:
• Pseudonymisation, not anonymisation
• Explicitly allowed underneath GDPR
• Suitable with eIDAS authorized accountability
That is essential:
Courts and authorities should nonetheless be capable of resolve id underneath due course of.
Our mannequin permits this.
- GDPR and Information Safety Alignment (Robust)
- GDPR actively encourages tokenisation
GDPR Article 25 and Recital 78:
• Encourage information minimisation
• Encourage pseudonymisation
• Encourage privateness by design
Our structure:
• Minimises publicity of uncooked identifiers
• Prevents pointless information replication
• Reduces breach influence
Robust GDPR alignment
The answer protects towards extraterritorial entry. From a authorized standpoint (vital nuance):
• The EU can not block lawful EU-based entry
• However it could cut back dependency on non-EU infrastructure
• And make sure that:
o Id decision happens solely underneath EU jurisdiction
o Keys and determination logic are EU-controlled
This helps:
• EU digital sovereignty
• Schrems II threat mitigation
• Strategic autonomy targets
That is defensible EU coverage language.
The Microsoft/US jurisdiction instance — learn how to body it safely
This isn’t blocking governments, however:
Decreasing systemic dependency on non-EU id and communication suppliers for core civil features by:
• Stopping automated id linkage by overseas platforms
• Requiring EU-law-governed decision
• Preserving lawful cooperation through treaties and courts
This avoids political and authorized crimson flags.
De-tokenisation guidelines (Important)
De-tokenisation should require:
1. Consumer authentication (SmartCard)
2. Express consent or authorized mandate
3. Robust audit path
4. Jurisdictional readability
That is obligatory for eIDAS compatibility and the muse for the CardLab resolution.
The Biometric SmartCard because the ‘Official EU Id Card’
The cardboard needs to be:
• The first private cryptographic anchor
• Paired with:
o Nationwide issuance
o EU interoperability profiles
Politically:
• The EU units the framework, not the plastic, and member States carry out issuance management
This matches:
• ePassport mannequin
• Nationwide eID playing cards at the moment
Offline vs on-line — Tokenisation influence
Offline:
• Token presentation
• Attribute proofs
• Transaction signing
• Id assertions
On-line:
• Token decision
• Revocation checks
• Lifecycle updates
Our biometric SmartCard mannequin considerably strengthens offline belief, and enforces compliance.
Dangers and open points (Essential for credibility)
These have to be acknowledged:
• Governance complexity
• Value of SmartCard issuance
• Revocation on the EU scale
• Member State sovereignty considerations
• Worldwide interoperability
None are blockers — however all are coverage challenges the place the biometric SmartCard resolution gives the answer and adaptability.
Strategic evaluation
What this idea is:
• Privateness-preserving
• eIDAS-aligned
• Technically mature
• Sovereignty-supporting
• Offline-capable
What it’s not:
• Id evasion
• Regulation-avoidance
• Anti-government
• Anonymity system
Backside line
A tokenisation-based id mannequin anchored in a biometric SmartCard suits inside eIDAS 2.0, strengthens offline belief, enhances privateness, and helps EU digital sovereignty — offered it’s framed as regulated pseudonymisation with lawful de-tokenisation.
Dealt with accurately, that is not radical, it’s a logical subsequent step in European digital id.
CardLab, with our QuardLock backend authentication server, will broaden our Id Pockets platform resolution to incorporate a token service supplier module in addition to a de-tokenisation module, the place the biometric SmartCard would be the axis of rotation, absolutely aligned with all of our backend providers. The important thing factor is that the cardboard is issued by a trusted organisation.
The CardLab biometric SmartCard resolution and backend authentication guarantee belief, however extra importantly:
Protects the world’s most vital information – YOUR DATA.
Please Be aware: This can be a Business Profile
Please observe, this text will even seem within the twenty fifth version of our quarterly publication.
