Positive identification of individuals is a very basic societal requirement. Reliable user authentication is becoming an increasingly important task in the web –enabled world. The consequences of an insecure authentication system in a corporate or enterprise environment can be catastrophic, and may include loss of confidential information, denial of service, and compromised data integrity. The value of reliable user authentication is not limited to just computer or network access. Many other applications in every day life also require user authentication, such as banking, e-commerce, and could benefit from enhanced security.
In fact, as more interactions take electronically, it becomes even more important to have an electronic verification of a person’s identity. Until recently, electronic verification took one of two forms. It was based on something the person had in their possession, like a magnetic swipe card, or something they knew, like a password. The problem is, these forms of electronic identification are not very secure, because they can be given away, taken away, or lost and motivated people have found ways to forge or circumvent these credentials.
The ultimate form of electronic verification of a person’s is biometrics. Biometrics refers to the automatic identification of a person based on his/her physiological or behavioral characteristics such as finger scan, retina, iris, voice scan, signature scan etc. By using this technique physiological characteristics of a person can be changed into electronic processes that are inexpensive and easy to use. People have always used the brain’s innate ability to recognize a familiar face and it has long been known that a person’s fingerprints can be used for identification.
2. IDENTIFICATION AND VERIFICATION SYSTEMS
A person’s identity can be resolved in two ways: identification and verification. The former involves identifying a person from all biometric measurements collected in a database and this involves a one-to-many match also referred to as ‘cold search’. “Do I know who you are”? is the inherent question this process seeks to answer. Verification involves authenticating a person’s claimed identity from his or her previously enrolled pattern and this involves a one to one match. The question it seeks to answer is, “Are you claim to be?”
2.1 VERIFICATION
Verification involves comparing a person’s fingerprint to one that pass previously recorded in the system database. The person claiming an identity provided a fingerprint, typically by placing on a capacitance scanner or an optical scanner. The computer locates the previous fingerprint by looking at the person’s identity. This process is relatively easy because the computer needs to compare two fingerprint records. The verification process is referred as a ‘closed search’ because the search field is limited. The second question is “who is this person?” This is the identification function, which is used to prevent duplicate application or enrollment. In this case a newly supplied fingerprint is supplied to all others in the database. A match indicates that the person has already enrolled/applied.
2.2 IDENTIFICATION
The identification process, also known as an ‘open search’, is much more technically demanding. It involves many more comparisons and may require differentiating among several database fingerprints that are similar to the objects.
3. BIOMETRIC SYSTEMS AND DEVICES
A biometric system is a combined hardware/software system for biometric identification or verification. Main functions of a biometric system are as follows:
· Receive biometric samples from an enroller or candidate.
· Extract biometric feature from the sample.
· Compare the sample of the candidate with stored templates from individuals.
· Indicate identification or verification upon the result of the previous comparison.
Biometric devices have three primary components:
· One is an automated mechanism that scans and captures a digital or analog image of a living characteristic.
· The second handles comparison of the image with the stored data.
· The third interfaces with application systems.
These pieces may be configured to suit different situations. A common issue is where the stored images reside; on a card presented by the person being verified or at host computer. Recognition occurs when an individual’s is matched with one of a group of stored images.
4. BIOMETRIC ACCURACY
Biometric accuracy is the system’s ability of separating legitimate matches from imposters. There are two important performance characteristics for biometric systems.
· False rejection is the situation when a biometric system is not able to verify the legitimate claimed identity of an enrolled person.
· False acceptance is a situation when a biometric system wrongly verified the identity by comparing biometric features from not identical individuals.
· False Rejection Rate (FRR) refers to the statistical probability that the biometric system is not able to verify the legitimate claimed identity of an enrolled person, or fails to identify an enrolled person.
· False Acceptance Rate (FAR) refers to the statistical probability of false Acceptance or incorrect verification. In the most common context, both False Rejection and False Acceptance represent a security hazard.
5. FINGERPRINT VERIFICATION
Fingerprinting is probably the best-known biometric- method of identification used for 100 years. Advances in computer technology and communication networks have made even huge fingerprint databases available for instant searches.
Among all the biometric techniques, fingerprint-based Identification is the oldest method that has been successfully used in numerous applications. Everyone is known to have unique, immutable fingerprints. A fingerprint is made of a series of ridges and furrows on the surface of the finger. The uniqueness of a fingerprint can be determined by the pattern of ridges and furrows as well as minutiae points. Minutiae points are local ridge characteristics that occur at either a ridge bifurcation or a ridge ending.
There are a variety of approaches to fingerprint verification. Some try to emulate the traditional police method of matching minutiae, others are straight pattern matching devices, and some adopt a unique approach all of their own, including thermal properties and ultrasonic. Finger-scan technology is the leading biometric authentication technology in use today with the greatest variety of fingerprint devices presently available. This is partially due to the historical use of the fingerprint in law enforcement as well as the fact that the technology lends itself to a more affordable solution.
6. FINGERSCAN
Fingerscan is an authentication terminal which verifies a persons identity from their finger image. When a user places their finger on the terminals scanner the image is electronically read, analysed, and compared with a previously recorded image of the same finger which has been stored in the fingerscan database. Users call up their finger image by keying in an identification number. This ID number does not need to be classified as it is not part of the security system it simply retrieves the image that will be compared to the users finger scan.
Fingerscan contains its own database of finger images (called templates), user privileges and authorities, and maintains a log of every transaction and message which it records. The system can be accessed through a laptop, networked to a PC, or connected via a modem to a remote host computer.
6.1 THE TECHNOLOGY BEHIND FINGERSCAN
Fingerscan is a biometrics product which involves using some unique biological characteristic or physical property of an individual to verify that persons claimed identity. Biometrics-based identification replaces systems which rely on something a person has in their possession, such as a key or ID card, or something a person knows, such as a password or privileged information. The imaging process is based on digital holography, using an electro-optical scanner about the size of a thumbprint. The scanner reads three-dimensional data from the finger such as skin undulations, and ridges and valleys, to create a unique pattern that is composed into a template file and recorded in the fingerscan database.
The pattern is not a fingerprint and a fingerprint cannot in any way be created from the template. A template can only be compared with a newly presented live finger image and not with other templates. One reason for this is that the data capture process used to create a template is random. If two templates were created one after another for the same finger, each template would be different. This eliminates the possibility of database matching and enhances users privacy.
6.2 THE ALGORITHMS
Fingerprint classification can be viewed as a coarse level matching of the fingerprints. As input fingerprint is matched at a coarse level to one of the prespecified types and then, at a finer level, it is compared to the subset of the database containing that type of fingerprints only.
An algorithm is developed to classify fingerprints into five classes, namely, whorl, right loop, arch and tented arch. The algorithm separates the number of ridges present in four directions (o degree, 45 degree, 90 degree and 135 degree) by filtering the central part of a fingerprint with a bank of Gabor filters. This information is quantized to generate a finger code which is used for classification. More recently, it has become possible to scan a person’s fingerprint into virtual storage in a computer with the aid of laser technology. In order to prove identification, a person’s fingerprint will be scanned again in the future by a similar device, and a match of print to name is verified through information system.
6.3 SYSTEM FUNCTIONS
The major FINGERSCAN functions are:
v Enrolment
v Verification
v Time Zones
v Door access
v Template management
· Enrolment
Enrolment is the process of scanning a finger to create an image which is stored as a template. Each time the user places his or her finger on the scanner the image is compared to the one represented by the template to verify their identity.
A user with enrolment authority carries out enrolment at designated fingerscan units. The process takes approximately 25 seconds and the resultant template may be stored in various places: in the unit itself, on a personal computer, in a mainframe computer, on a smart card, and so on.
Each user enrolled is allocated a unique ID number, which they use to call up their template before scanning their finger. No ID number is required where the template is stored on a smart card. Up to three fingers can be enrolled against the same ID number to provide users with more than one verification option. Ideally, one finger on each hand should be enrolled so that if the user injures the finger they usually use for verification an alternate image is available.
This feature also provides for multi-person control, for example, if verification from two users is required to open a safe. In this situation fingerscan can be programmed to require up to four fingers with different ID numbers to be verified before access is granted.
· Verification
Verification is carried out when a user either enters their ID number, or inserts their smart card in a smart card reader, and then immediately places their finger on the reader platen. Verification takes about .5 of a second.
Verification for individual users can be set at various threshold levels to account for users who may have very fine, worn, or damaged fingers. In this event reducing their verification threshold can enhance the ease of use.
The overall system verification threshold can be lowered in situations where little or no security is required, for example, time and attendance applications. In this situation it may be more acceptable to give a false acceptance than a false rejection.
· Time zones
Up to thirty global or individual time zones can be defined in fingerscan. Each user can have up to two active time zones at any time. Users are allocated a default time zone at enrolment, which can be changed by the system supervisor or from the host computer.
· Door Access
A door access list defines which users have access to the facilities controlled by the fingerscan unit. The list can be used in conjunction with time zones to restrict access at certain times. The host computer system can control and manage the door access list and the distribution of templates to each fingerscan unit.
· Template Management
Templates can be stored in the fingerscan unit, and/or a host computer, and/or a smart card. Each fingerscan unit has 512Kbytes of non-volatile memory which stores up to 300 templates. The memory can be expanded to 1.5Mbytes which will store more than 1100 templates. Templates are stored with a last used date status. If the memory becomes full, the last used templates will be held locally in the fingerscan unit and the main template database will be held in the host computer. The host will transmit templates to individual units if the requested template is not found locally.
Templates can be deleted by user with Manager or Supervisor status either from the host computer or locally at each fingerscan unit. Templates can be exchanged between a fingerscan unit and the host computer over fixed communications or modem links, or locally to and from a laptop. A template created by the fingerscan unit can be used on any other unit when loaded.
6.4 MANAGEMENT CONTROL
Fingerscan has four levels of management control:
v User
A user submits a finger for verification after entering an ID number
v Enroller
An enroller has user status and can also enrol users onto the system.
v Supervisor
A supervisor has enroller status and can also perform initial system set up procedures, set time zones, set alarm codes, and add and delete templates.
v Manager
A manager has supervisor status and can also perform a total system reset, and disable the supervisors ability to change the setup.
v Transaction Log
A transaction log records every use of a fingerscan unit, the time it was used, and the result. The log will hold at least the last 1000 transactions and will wrap around when it becomes full. The transaction log cannot be erased except on a total system reset by a user with Manager authority. Each transaction is allocated a consecutive audit number that does not wrap around. The number will only be reset to 1 on a total system reset.
6.5 SECURITY
Fingerscan provides an audit trail of the date and time a user accessed the unit, the reason for access, and the result. With a 0.0001% probability of a false acceptance fingerscan provides a level of security which cannot be achieved by any knowledge or token based system.
v Template security
Before a user can do any action on a template such as enrol, delete, or transfer, they must first have their identity verified by FINGERSCAN in the usual way. In doing this, a record is added to the transaction log. Only users with Supervisor or Manager authority levels can access the template database.
v Software Security Control
A password option in the communications setup secures the data flow to a host computer. When each fingerscan unit is initialised by the remote host, the host will generate and download to the unit a unique Computer Generated Access Code (CGAC) of at least six digits. For all subsequent communications the host will check the CGAC before starting the session and then change the CGAC immediately prior to logging off.
The CGAC can always be overridden by a Manager or Supervisor finger verification. This is only likely to be required if the fingerscan unit is being accessed via a laptop PC.
v Hardware security control
The processor board in the processor unit is located inside a metal box which can be fitted with a tamper alarm if required. The processor unit should always be located inside the secure area in locations where fingerscan is providing access or other security control. Fingerscan controls the activation of electric locks or strikes from the processor board so the unit cannot be hot-wired from outside.
v Alarms Control
· Send an alarm directly to a monitoring company, dialer, modem, siren, and so on, and allow authenticated users to cancel and reset zone alarms and activate and deactivate building services such as air conditioning and lighting.
· Record alarms in the fingerscan transaction log.
· Support a request to exit (REX) verification which allows users to open a door from the inside. This can be used to monitor door forced alarms.
v Door Lock Control
Fingerscan can directly control a door lock strike after verification of a user.
v Real Time Clock
Fingerscans real time clock is protected by a lithium battery, and features a day-of-week register and leap year correction.
6.6 AN OVERVIEW OF FINGERSCAN TECHNOLOGIES
The fundamental limiting factor for Finger-scan technology has been the process by which the devices capture an image of the finger. The most common technologies are: Optical, Silicon, Ultrasound and Touchless. Optical Scanner relies on an image of ridges and valleys of the print. The process, referred to as Frustrated Total Internal Reflection, a form of spectroscopy, essentially takes a picture of finger. Silicon or Capacitance Fingerprint scanners often great potential because if utilizes higher image quality than optical surface contamination found on the finger. Thermal Fingerprint scanners uses infrared to sense the temperature differences between the ridges and valleys of the finger to create a fingerprint image. Ultrasonic Fingerprint scanner scans the finger ultrasonically, using high frequency sound waves, to capture an image of the finger.
6.7 CAPACITANCE SCANNER
Capacitive fingerprint scanners generate an image of the ridges and furrows that make up a fingerprint. This type of scanner senses the print using electric current.
The diagram shown a simple capacitive sensor, The sensor is made up of one or more semiconductor chips containing an array of tiny cells. Each cell includes two conductor plates, covered with an insulating layer. The cells are tiny – smaller than the width of one ridge on a finger.
The sensor is connected to an integrator, an electric circuit built around an inverting operation amplifier. The inverting amplifier is a complex semiconductor device, made of a number of transistors, resistors and capacitors.
Like any amplifier – an inverting amplifier alters one current based on flucturations in another current. Specifically, the inverting amplifier has the inverting terminal and the non/inverting terminal. In this case the non-inverting terminal is connected to ground, and the inverting terminal is connected to a reference voltage supply and a feed back loop. The feed back loop, which is also connected to the amplifier output, includes the two conductor plates.
The two conductor plates form a basic capacitor, an electric component that can store up charge. The surface of the finger acts as a third capacitor plate, separated by the insulating layers in the cell structure and, in the case of the fingerprint valleys, a pocket of air. Varying the distance between the capacitor plates (by mainly the finger closer or farther away from the conducting plates) changes the total capacitance (ability to store charge) of the capacitor. Because of this quality, the capacitor in a cell under a ridge will have a greater capacitance than the capacitor in a cell under a valley.
To scan the finger, the processor first closes the reset switch for each cell, which shorts each amplifier input and output to balance the integrator circuit. When the switch is opened again, and the processor applies a fixed charge to the integrator circuit, the capacitors charge up. The capacitance of the feedback loop’s capacitor affects the voltage at the amplifier’s input, which affects the amplifier’s output. Since the distance to the finger alters capacitance, a finger ridge will result in a different voltage output than a finger valley.
The scanner processor reads this voltage output and determines whether it is characteristic of a ridge or an valley. By reading very cell in the sensor array, the processor can put together an overall picture of the fingerprint, similar to the image captured by an optical scanner.
The main advantage of a capacitive scanner is that it requires a real fingerprint – type shape rather than the pattern of light and dark that make up the visual impression of a fingerprint. This makes the system harder to trick. Additionally since they use a semiconductor chip rather than a CCD (charge coupled device) unit as in case of Optical scanner, capacitive scanners tend to be more compact than Optical devices.
6.8 ADVANTAGES OF FINGERPRINT SCANNERS
Compared to the other biometric authentication technologies, fingerprint scanners are:
v The most widely available device.
v Relatively low cost
v Small size (easily integrated into keyboards) and
v Easy to integrate
Fingerprint verification may be a good choice for in-house systems where adequate explanation and training can be provided to users and where the system is operated within a controlled environment.
6.9 DISADVANTAGES
Fingerprint verification can suffer under large-scale usage. In a large population, poorly trained users cause higher usage errors and hence higher instances of false rejection. Also, the user interface (scanning module) can become damaged or dirty by large-scale usage.
7. FUTURE APPLICATIONS
There are many concerning potential fingerprint applications, some popular examples being:
7.1 ATM MACHINE USE
Most of the leading banks have been experimenting with biometrics of ATM Machines use and as general means of combining card fraud. It is estimated that lesser due to identity fraud in welfare disbursements, credit card transactions, cellular telephone calls, and ATM withdrawals total over $ 6 billion every year. At present an ATM identifier a person as a client after the person inserts an ATM card into the machine and enters a personal identification number (PIN). This method of identification has its drawbacks. According to researchers, about one-fourth of bank customers apparently write their PIN on their ATM card, thus defeating the protection offered by a PIN when an ATM card is stolen.
7.2 INTERNET TRANSACTIONS
Security for information systems and computer networks is another important area for fingerprint applications. Access to databases by means of remote login is another application. Some experts anticipate that more and more information systems, computer networks, and world wide web sites will use fingerprint identification techniques to control access and for other security purposes.
7.3 PERSONAL TRANSPORTATION
Several leading automobile manufacturers are exploring the use for fingerprint identification to enable an authorized driver to enter and start a car without using a key.
7.4 USE IN PUBLIC SECTOR
Various government agencies have considered using biometric fingerprint identification. In benefits distribution programs such as welfare disbursement, fingerprint identification techniques could bring about substantial savings by deterring the same person from filing multiple claims. Fingerprint based voter registration can be used to verify identity at the polls to prevent fraudulent voting. In Academics/certifications it can be used to verify person’s identity prior to taking an exam.
8. CONCLUSION
Biometric fingerprint identification has many usability advantages over traditional systems such as passwords. Specifically, users can never lose their fingerprints, and the fingerprint is difficult to steal or forge. The intrinsic bit strength of a fingerprint is quite good when compared to conventional passwords. Finger scanners are getting smaller, cheaper, and more accurate, and can be used in mobile gadgets without sprucing up the size, cost, and power consumption. By using this technology theft can be prevented and can also eliminate fraudulent transactions. Mobile manufacturers and wireless operators are incorporating voice and fingerprint scanning techniques in their devices. Fingerprint is a very strong desktop solution, and it is anticipated that the desktop will become a device for biometric revenue derived from product sales and transactional authentication. Most middleware solutions leverage a variety of fingerprint solutions for desktop authentication.
Fingerprint is a proven technology capable of high levels of accuracy. Strong fingerprint solutions are capable of processing thousands of users without allowing a false match, and can verify nearly 100% of users with one or two placements of a finger. Because of this, many fingerprint technologies can be deployed in application where either security or convenience is the primary driver. Reduced size and power requirements, along with fingerprint’s resistance to environmental changes such as background light and temperature, allow the technology to be deployed in a range of logical and physical access environments. Fingerprint acquisition devices have grown quite small sensors slightly thicker than a coin, and smaller than 1.5 cm x 1.5 cm, are capable of acquiring and processing images. Thus fingerprint has emerged as a highly distinctive identifier, and classification, analysis and study of fingerprints has existed for decades.
9. REFERENCES
1. Electronics for you – June 2002
2. RSA Security’s official guide to CRYPTOGRAPHY BY Steve Burnett and Stephen Paine.
3. Infokairali – December 2001.
4. http://www. biometricgroup.com.
5. Encarta Encyclopedia 2002.
6. http://www. howstuffworks.com.
7. http: //www. BiometricID.org.
I definitely see a big use of biometrics in time clocks for businesses. They reduce buddy punching and can streamline payroll - a double bonus!
ReplyDelete