Norwegian startup Zwipe is marketing a new passive Near Field Communication (NFC) RFID access-control card that incorporates a fingerprint scanner to authenticate an individual before the card responds to an RFID reader. Initially, the company has signed contracts with two access-control technology distributors—one in the United States and the other in Europe—both of which have asked to remain unnamed.

Commercial release of the card, known as Zwipe Access, follows two pilots in Oslo—one conducted at Telemark University College (TUC), and the other at law firm Simonsen Vogt Wiig—says Kim Kristian Humborstad, Zwipe's CEO and cofounder. The card is also being tested by several other small Norwegian companies, he says. At Simonsen Vogt Wiig, the Zwipe technology is being used by the law firm's Stanley Security Solutions NFC-based access-control system. At TUC, as well as for several other pilots, Zwipe is providing a Salto Systems X4 door controller with a built-inRFID reader that supports cards made with NXP Semiconductors' Mifare DESFire EV1 chip.

Zwipe's card includes a passive RFID inlay, LED indicator lights and a built-in scanner that can verify a fingerprint within 1 second, using encrypted fingerprint data stored on the card.

Zwipe Access was first conceived by Humborstad and a fellow student at TUC's school of innovation and entrepreneurship, Humborstad explains. Initially, he says, the team was focused on creating secure identification solutions that could authenticate an individual without intruding upon the user's privacy. They were interested in how technology could be employed at grocery or convenience stores, for example, to prove a customer buying liquor or other controlled products was who he said he was. Eventually, Humborstad reports, they found a market for improved authentication with access-control systems.

According to Humborstad, the majority of contactless access-control systems currently being sold in many countries, including those in Europe, use high-frequency (HF) 13.56 MHz NFC RFID technology compliant with the ISO 14443 standard, though in the United States, low-frequency (LF) contactless access-control systems are still more commonly installed than those utilizing NFC technology. Although many companies, schools and agencies use RFID cards to access secured areas, the technology deployed is generally ill-equipped to prove that a card is being used by its actual owner. Numerous facilities utilize fingerprint authentication to enable individuals to prove their identity prior to gaining access to a place or device, but this requires that they share a fingerprint or other personal information on a database—which, for some, raises a privacy concern.

The solution, according to Humborstad, is the combination of RFID and fingerprint identification, stored only on the card. Each Zwipe Access card contains an NXP Mifare Classic or Mifare DESFire EV1 passive RFID chip. The unique ID number encoded to the card's chip can be stored either on the reader, or on a server with a Wi-Fi connection to that device. The fingerprint scanner hardware, provided by a firm called Fingerprint Cards (FPC), is wired to the NFC tag, and both are built into the card. When a user places a thumb over the scanner, the card compares the fingerprint with the scanned version stored in its memory. If there is a match, the card transmits its tag ID in order to unlock the door

Because the individual's fingerprint is stored only in the card's own memory, Humborstad says, that fingerprint data is not accessible by anyone else.

When Humborstad and his colleague graduated in 2009, they launched the business and began developing the solution. The card was tested by TUC beginning one year ago, with about 10 readers and approximately 20 cards carried by personnel. The college has since purchased the technology, and plans to expand how it uses the solution for offices or for other purposes. The law firm began testing the system in spring 2012 with another 10 readers at offices, a main entrance, a vending machine and a printer, as well as about 20 cards, and presently continues piloting the technology. The initial card incorporated a battery to power the fingerprint scanner before the NFC tag responds to the reader's interrogation. However, Humborstad notes, future versions of the card, including those now being marketed, will be entirely passive—the fingerprint scanner will harvest energy from the NFC reader.

Zwipe's Kim Kristian Humborstad

With the early battery-powered version, a new user would receive the card, activate it via a power switch and then follow a series of prompts directing that person to input identification information, as well as present his or her thumb or other finger (Zwipe recommends using the thumb) to the scanner in order to store that print in the device. With the passive version, users would be able to do this by plugging the card into a computer with a USB connection.

"The big advantage for this card is privacy," Humborstad states. "There is no database somewhere with your information." The cards, which are manufactured for Zwipe by a third party, are more expensive than a non-fingerprint-scanning version, he says, but the company has striven to keep prices affordable. He adds that the NFC readers themselves need not be very expensive, and could operate either as a standalone system or with a Wi-Fi connection if access data was being stored on a server offsite. The Zwipe technology does not require special software, he explains, but simply operates with an access-control system's existing software.

The card, which Zwipe plans to offer through two distribution companies starting sometime in 2014, can be read by a user's existing NFC readers, Humborstad reports. In the future, he says, Zwipe intends to offer an LF version of its solution as well.

Earlier this month, Zwipe announced that it had raised an additional $3.5 million in Series A funding, with $2.5 million invested through a private placement, and the remaining $1 million in the form of a grant from the Norwegian government. This funding, the company explains, will be used to expand its sales organization, as well as increase its investment in technology development and application.

Article written by Claire Swedberg for rfidjournal.com (original article can be found here) on Dec 18. 2013