Information on this web site is preserved for legacy purposes only. The OASIS PKI Member Section transitioned to the OASIS IDtrust Member Section in 2007. OASIS Technical Committees affiliated with the Member Section remain active.
  About PKI Forum PKI Members Join PKI Forum PKI News PKI Events OASIS Members Only  


PKI Resources
 White Papers

Technical Process
 IPR Policy
 TC Process

Technical Committees
 Current TC List

OASIS Network
 CGM Open

OASIS Info Channels
 Cover Pages

PKI Forum News


For further information:
Judith Vanderkay

Visit the PKI Forum in Booth 3053 at Cardtech/Securtech 2001


PKI Forum Publishes New Paper Exploring Biometrics As Complementary Technology

Combination of Biometrics and PKI Enhances
Security Options for Businesses

WAKEFIELD, Mass., May 15, 2001 - The PKI Forum, Inc., a multi-vendor and end-user industry consortium created to accelerate the adoption of public-key infrastructure (PKI) technologies, (, today announced the public release of a new paper entitled Biometrics at Cardtech/Securtech 2001 in Las Vegas.

The Biometrics paper, the latest in a series of PKI Notes published by the PKI Forum, was created by the Business Working Group and is intended to describe how two diverse technologies, PKI and biometrics, combine to produce a stronger security alternative for e-business applications. The PKI Note is available to the public on the PKI Forum Web site at

"The information security industry is making great strides toward merging different technologies and creating stronger hybrid products," said Jeff Stapleton, Manager with KPMG LLP-s Information Risk Management practice, member of the PKI Forum-s Business Work Group and author of the paper. "As biometric technologies are further refined and PKI becomes more prevalent as the way to secure biometric information, market adoption will begin to widen and we will begin seeing more widespread deployment in a number of industries."

Biometric technology uses a measurable biological or behavioral characteristic to reliably distinguish one person from another. These user characteristics are derived from an individual-s fingerprint, voice, iris, face or handwriting and comprise a biometric sample. Once the sample is obtained, it is used alone or in tandem with another sample to make a biometric template. An individual is authenticated when a current sample is found equivalent to, or "matches," the template. When combined with PKI technologies such as encryption and digital signatures, biometrics adds an extra level of authentication for access-restricted areas.

Due to the expansion of e-commerce, corporate networks are being deluged with requests for access. However, as traffic increases, so does vulnerability. The combination of biometrics and PKI can dramatically increase the security of sensitive information. Since biometric information distinguishes one person from the next, hacker-prone data once guarded with only a password becomes virtually impenetrable by adding an iris scan, fingerprint or voiceprint into the security mix.

For example, the integrity and authenticity of a financial transaction can be preserved if the end-user digitally signs the message with a private key. The financial institution then validates the digital signature using the end-user-s public key. The integrity and authenticity of the end-user-s public key is preserved in a digital certificate that is issued by a trustworthy Certification Authority (CA). In addition, the financial institution can increase the degree of assurance that the end-user really did sign the message if access to the private key is protected using a biometric.

About Public-Key Infrastructure
A Public-Key Infrastructure (PKI) is a combination of hardware, software, policies and procedures. It provides the basic security required to carry out electronic business so that users who do not know each other, or are widely distributed, can communicate securely using a chain of trust. End-users of PKI cross industry lines and range from complex enterprises to specific verticals.

About the PKI Forum, Inc.
The PKI Forum is an international, not-for-profit alliance comprised of technology and service providers, integrators and end-users whose purpose is to accelerate the adoption and use of PKI and facilitate interoperability through multi-vendor testing of industry standards and educational outreach. The PKI Forum advocates industry cooperation and market awareness to enable organizations to understand and exploit the value of PKI in their e-business applications. Although PKI Forum meetings are intended for members only, organizations interested in becoming members may attend one meeting for a nominal meeting fee. The next members- meeting will be held in Munich, June 19-22. For more information about the PKI Forum, see the PKI Forum Web site at

# # #



Copyright © OASIS Open 2006. All rights reserved.