A novel protocol is proposed to address the problem of user authentication to smartcards using biometric authentication instead of the usual PIN. The protocol emulates expensive Match On Card (MOC) smartcards, which can compute a biometric match onboard, by using cheap Template on Card (TOC) smartcards, which only store a biometric template. The biometric match is performed by a module running on the user’s workstation, authenticated by a mobile agent coming from a reliable server. The protocol uses today’s cryptographic tokens without requiring any HW/SW modifications.