Documentation

The QuardLock API enables a fully digital solution via the QuardLockAuthentication App. Users verify their identity using a fingerprint or facescan on their smartphone to access selected applications or browsers. However,this solution is recommended only for non-critical data access due to potentialvulnerabilities in online systems.

‍

The system integrates with existing login solutions via API. Thelogin token is communicated through NFC, BLE, contact chip, or by typing it onthe login screen. The backend system verifies the token and grants access basedon the user’s assigned rights, supporting everything from PC login to singlesign-on solutions.

‍

‍All CardLab cards with tokenization capabilities are registered inthe QuardLock system with unique keys properties. This enables the backend toverify tokens and authenticate users securely.

‍

The QuardLock platform provides tools for managing logical andphysical access control solutions, including provisioning, personalization, anduser rights management. It is available as a hosted or on-site solution.

‍

QuardLock, a CardLab subsidiary, delivering state-of-the-art backendsolutions for token verification and Identity Management systems.

‍

Yes, CardLab collaborates with leading material suppliers in the cardindustry to qualify materials and components and can provide quotes tailored toyour needs.

‍

There is no minimum order for prototypes, but one-time costs fortooling, preparation, qualification, and testing may apply and will be quotedin each specific case.

‍

CardLab offers:

·        Hot lamination (>135°C) for standard non-electroniccards.

·        Cold lamination (as low as 45°C) for cards withsensitive electronics, such as displays, batteries, or special sensors, basedon component limitations.

‍

Yes, CardLab’s factory can handle a range of production types, fromsimple to highly complex designs. Contact us for a quote.

‍

CardLab biometric cards are produced at CardLab’s own factory inThailand using assembled electronic circuits outsourced to approved andqualified assembly houses in Asia (outside China).

‍

CardLab Access solution is FIDO2 certified and all solution are compliantwith:

-         ISO 7810, 7816

-         ISO 14443 a, b and c

-         eIDAS standards

-         PSD3

-         NIS2

CardLab is also preparingcertifications for:

-         ISO 9001

-         CE, FCC and UL

‍

CardLab has been part of developing the electronic card industry,components, processes, and manufacturing standards. It is one of the fewcompanies with in-house capabilities to support customers from ideation to massproduction.

‍

CardLabmaintains rigorous supplier qualification processes and enforces strict qualitycontrol throughout the production cycle. This is complemented by extensiveinternal quality checks at various stages of production.

: CardLab only uses chips andactive integrated circuits (IC’s) from approved vendor and never utilizes clonedchips. All active ICs must meet a minimum-security certification of EAL 5+,with most currently certified at EAL 6+

‍

CardLab holds over 100 active patents covering biometric card technologies,tokenization capabilities, and production methods. CardLab also employs aproprietary manufacturing cycle to prevent product copying and ensures compliancewith industry security standards.

‍

‍CardLab provides peace of mind with solutions designed to mitigaterisks from AI-generated deepfakes, as well as threats posed by supercomputersand quantum computing.

‍

CardLab is a "one-stop shop," offering:

·        Off the shelf standard biometric card solutions

·        Cutting-edge biometric technology.

·        Seamless user experience.

·        Development and customization services.

·        Compatibility with existing infrastructure.

·        Continuous innovation, from ideation to massproduction.

‍

CardLab’s biometric access solution is:

·        Built on accurate and reliable fingerprint scanning.

·        Designed for secure, on-device biometric data storage.

·        Easy to use and portable.

·        Fully compatible with existing infrastructure,ensuring cost-effective implementation.

·        Proven to reduce access maintenance and IT managementcosts and ensure only authorized users gain access.

‍

CardLab biometric access solution eliminates the need for PIN codes andhard to remember passwords by integrating multi-factorauthentication into a single, user-friendly process. This reduces the risk ofhacking and lowers enterprise IT costs associated with physical access andpassword management.

‍

Key features of the CardLab solution include: …

-         Credentials stored on an electronic smart card only

-         Offline ID verification for enhanced security

-         Token based identity generated by biometricverification

-         Backend token verification for additional assurance

-         Password free logins for a streamlined user experience

-         Compatible with existing IT infrastructure

-         Multi-service functionality on a single card

‍

After verifying the user, the device generates a token representing theuser’s identity. This token, that is verified by our QuardLock backend, is eventand time-sensitive and secure, meaning it can only be used for a single session

‍

Tokenization enhances security by replacing sensitive data with uniquetokens, reducing the risk of data breaches, ensuring compliance, andsafeguarding user privacy. Tokens are event- and time-sensitive, rendering themuseless if intercepted during a “man-in-the-middle” attack. This approachimproves trust while maintaining system functionality.

‍

CardLab uniquely provides a comprehensive solution with the addedbenefit of tokenization, ensuring a secure and unbreakable link betweenphysical and digital identities.

‍

Common use cases include:

·        Secure physical and logical access control.

·        Employee identification.

·        Digital signatures.

·        Financial transactions.

·        Healthcare access.

·        E-government services.

·        High-security environments.

·        Travel and border control.

·        Remote work security.

·        Electronic voting

·        Document signing

‍

CardLab biometric Smart Cards are issued in the same way as regularidentity and access cards as they are designed to work with the existinginfrastructure. The only difference is a few restrictions on the printingoptions such as requiring a non-heat generating, drop on demand printer.CardLab can support with the printing of cards.

‍

CardLab biometric smart cards offer several advantages over traditionalhard tokens:

·        Compact form factor, easily fitting in a wallet orwith a smartphone.

·        Enhanced security and multi-application capabilities.

·        High user convenience and centralized management.

·        Durability and compliance with industry standards andregulations.

·        Personalization for combined use cases, including ID,access control, and financial services.

‍

CardLab biometric smartcards ensure only authorized users can verify their identity. They arecompatible with existing access control systems, making them an efficient andsecure solution for IAM needs.

‍

Unlike face, iris, orcentral fingerprint scanners, which rely on online templates for biometricverification, CardLab fingerprint cards verify users locally, avoiding the riskof biometric data theft, hacking, or security breaches. Additionally, they lowerIT costs through reduced system maintenance and password replacements.

‍

CardLab’s fingerprintrecognition algorithm used incorporates multiple factors to ensure exceptionalsecurity, with a False Acceptance Rate (FAR) of better than 1:100,000. Inreal-world applications, performance indicates an FAR of better than1:10,000,000, and no breaches have been reported to date.

‍

Offline biometricverification devices operate in a secure, isolated environment. This preventsexposure to network-based threats, including those posed by advancedtechnologies like quantum computers.

‍

Offline verification isessential for applications where secure and accurate user identification iscritical, such as physical or logical access control in healthcare, insurance,and other sensitive environments like critical infrastructure access.

‍

Offline user verification is the process of confirming a user's identitywithout requiring an internet connection. The fingerprint is verified locallyon the card or device, ensuring enhanced security by eliminatingvulnerabilities to network-based attacks.

‍

Biometric authentication isexperiencing rapid growth due to its effectiveness in combating increasingcybercrime, such as hacking, ransomware, and digital extortion.

‍

CardLabprovides a versatile range of solutions, including:

·        Biometric hardware tokensin the form of biometric smart cards, adaptable to existing infrastructure.

·        A dedicated authenticationapp and APIs for digital solutions.

·        Full biometricauthentication and access management systems with features like ActiveDirectory (AD) integration, identity federation, a configurator tool, andsecurity level-specific APIs for seamless system integration.

‍

FIDO2 login offerspasswordless authentication, addressing common vulnerabilities associated withtraditional password systems. CardLab enhances this standard with biometricuser verification and optional user tokenization, adding an extra layer ofsecurity without compromising convenience.

‍

Multidevice passkeys, suchas FIDO2 credentials synchronized across devices, are gaining significantattention. CardLab has integrated this capability with our own QuardLockbackend, Microsoft login and Azure and can customize it to meet otherstandards.

‍

FIDO2is emerging as the dominant standard for online logins. CardLab login solutionis FIDO certified and other solutions are compliant with multiple securitystandards, depending on the card solution, including :

-         OTP (time and event based)

-         eIDAS

-         PSD3

-         NIST

-         FIPS140

‍

By adopting human-centricsecurity design (HCSD) principles, CardLab’s identity-first security solutionseliminate vulnerabilities from stolen or hacked authentication devices,ensuring secure and user-friendly protection.

‍

CardLabAccess employs multi-factor authentication (MFA) based on two factors: something you have (the Access card)and something you are(your fingerprint). This combination significantly enhances the security of theauthentication process.

CardLabDefender offers advanced multi-factor authentication (MFA) using three factors:something you know(a token generated by the card after fingerprint approval), something you have (the Privilegecard), and something youare (your fingerprint). Coupled with backend token verification,this solution ensures the highest level of security, seamlessly linkingphysical and digital identities.

Accurateuser verification is the cornerstone of effective and protected Identity andAccess Management (IAM), ensuring that only authorized individuals can exercisetheir access rights.

IAMleaders are prioritizing passwordless authentication, protection againstcyberattacks and MFA hacking, federated identity solutions (such as SingleSign-On or SSO), and biometric technologies.

CardLab simplifiesauthentication by integrating the MFA process into a single card, reducingprocessing time and streamlining personalization and enrollment. The result isa faster, more intuitive and secure user experience.

‍