yeah, I remember having a thorough review done by a couple of outside third parties, including the founder of CPS, security engineer from ?filenet? can't remember, they did all the authentication for POS for visa?

Anyway, if I recall there was essentially a small DMZ on the card. the biometric would authenticate with the server and allow access for the LOCAL MACHINE to access the information from the CARD. The local MACHINE would validate the authentication and pass access as "open" to the direct client with a simple user name, which would call up the network share for that user. Then, the user would have to re-authenticate with a password sign on which was simply network based as usual. At first there was a second step to authenticate back to the DMZ of the card but it wasn't really necessary.

or something like that. Losing the CARD was a pain to deal with as everything would have to be rebuilt.