biometric based secured authentication in mobile web services

International Journal of Emerging Technology and Advanced Engineering

Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 3, March 2013)

695

Biometric Based Secured Authentication in Mobile Web

Services Ms. K. M. Brindha Shree

1, Mrs. M. Rajalakshmi

2

1Lecturer, Department of CSE, P. A. College of Engineering and Technology, Pollachi, Tamil Nadu 2Assistant Professor, Department of CSE, P. A. College of Engineering and Technology, Pollachi, Tamil Nadu

Abstract— Web service is a responsible for the

machines to communicate with each other in World Wide

Web. Most of the Web services in real world application

developed were to work on PC Platforms, not in mobile. Web

services developed on Mobile platforms have to overcome the

challenges in this platform. Mobile based web services provide

interoperability. In today’s development of technology, Hand

held devices are ruling the world, so there is a need of

mobile based services. The security in terms of mobile

phones is the issue due to misplacement of the device or in

terms of theft. Web services used in the mobile devices should

be more secured to avoid the loss of data and unauthorized

access of the web services. In the mobile devices accessing

web services using a username and password combination

leads to unauthorized access. To avoid this issue, Instead

of this traditional combination, username along with one

of the Biometric is used. In the Proposed system,

fingerprint is used as a Biometric. Fingerprint

authentication system provides more secured Web Service

Application as fingerprint implies users own identity.

Keywords— Biometric, Finger Print,

Interoperability, Mobile, Web services, World Wide Web.

I. INTRODUCTION

Biometric based secured authentication in mobile web

services is proposed. Biometrics is one of the

authentication techniques that rely on measurable

physiological and unique characteristics that can be

automatically verified. A biometric system may operate

either in verification mode or identification mode

depending upon the application context. The need for

highly secure identification and personal verification

technologies is becoming apparent due to the level of

security breaks and transaction fraud increases.

Biometric-based solutions are providing the

confidential transactions and personal data privacy. Based

on the characteristics, biometrics can be divided into two

categories. First one physiological, it depends on the direct

measurements of a part of the human body.

The second one is behavioural, it depends on the

measurements and data derived from an action

performed by the user and measuring some

characteristics of the human body indirectly. Two groups

of biometric-recognition tasks are: identification and

verification or authentication. If the database is very large

then identification requires a large amount of processing,

and is time consuming. It is mainly used to determine the

identity of a suspect from crime- scene information. If the

user sample is only matched with a claimed identity-stored

template and is often used to access places or information

when the verification requires less computer load.

A web service is defined as a software system designed

to support interoperability which means machine-to-

machine interaction over a network. It interfaces

between an application programming. Across the internet it

can be published, located and invoked. It is subjected to

unauthorized intrusion when the web service is

connected to the internet. Security is needed in order to

ensure the availability, confidentiality and integrity of

the web services. For the strong authentication access

controls such as biometrics should be employed. It is the

most robust method to verify and identify an

individual, when the person is enrolled. Finger print

recognition system is a best method that has always

gives the promise of highly accurate identity

verification. Proposal describes how finger print

biometric authentication helps to access web services.

II. EXISTING SYSTEM

The existing system focuses on the use of biometric

person recognition for secure access to restricted data or

services using a mobile phone with internet connection. In

the existing system, mobile phone is used as a biometric

capture device. The main objective of the system is that it

captures, and recognizes later, can be performed at the time

of standard web session, thus allowing a multiplatform

biometric web access.



696

Novel mobile-phone application architecture is

proposed. The use of an embedded web browser, biometric

is captured and sends to the web server. By the use of a

mobile phone the biometric is captured during web session.

The captured biometric can be stored in the server or used

with local or remote.

Whenever a mobile phone is used, it is used to perform

a biometric recognition during a web session. Instead of

password the biometric-user authentication can be used.

Applet Java, JavaScript, Microsoft Silver light and

ActiveX control has been found to analyse the technologies

used for embedded programs in a web page in order to

capture and send the biometrics.

Three Biometric features are developed, namely online

signature, speech and face

A. Online Signature system

For accessing to a remote site the online-signature

system is designed to replace the password by the user’s

signature.

i). Client side: To enable multi device authentication

from both PC-like and Mobile-like web browsers. System

has been developed. For that a touch screen in the mobile is

required. By this signature is captured. The signature

data is captured from the PC-like browser, a Java Applet.

Signature data is first captured locally, and then it sends the

captured data to the server, that has been developed. The

Java applet allows the use of a graphic tablet, to provide

greater versatility. In the mobile device, a mobile

application with .NET programming environment has been

developed for signature acquisition.

ii). Server side: An Apache server and Tomcat

application server is used in the server side. The server

modules are used to capture and pre-processing has been

developed in the hypertext-processor (PHP) programming

language. By using Java the verification engine

was developed.

B. Voice-Based System

After authentication by speech, this application allows

services/local data of the mobile device to be accessed,

although the biometric recognition is performed remotely.

i). Client side: A system has been developed that

provides multiservice authentication from both a PC

and mobile device. In a PC browser, a Java Applet is

used to capture/recognize the voice and sends voice to the

server.

For speech attainment in the mobile device, an

application in the .NET framework which operates almost

the same as the signature system has been developed, but

it has three dissimilarity as follows

1) The URLs required to manage the application from

the remote-resource access are within the application code,

which means it provides highest security but less

versatility.

2) POST method is used to send the signature.

3) In order to manage the local access the up loader-

component functionalities have been modified. The remote

result of verification is accessed through messages

introduced in the PHP page code responsible for the

verification of the voice. While processing and testing the

speech sample the up loader components also manages an

errors.

ii). Server side: An Apache web server has been used.

By using PHP programming language other server

modules have been developed, for the capture engine. The

pre- processing and verification engine uses C and UNIX

Shell.

C. Face-Based System

After authentication by Face, this application allows

services/local data of the mobile device to be

accessed, although the biometric recognition is performed

remotely. The characteristics are same to those shown in

the speech based system, but an only difference is

capturing the face image instead of speech to perform the

authentication. Face based application was developed and

has been performed, especially for Windows Mobile and

Android devices. No one has approached the biometric

recognition in a mobile Environment through the web.

It has been proved that the standard solutions to

approach the problem in PC platforms, using Applets Java

and ActiveX controls do not work under mobile platforms.

Hence a new alternative is needed. To develop a biometric

web application, embedding a web browser in a mobile-

phone application, using a modular architecture Instead of

embedding an application in the mobile phone.

III. PROPOSED SYSTEM

The proposed system focuses on the Biometric Based

Secured Authentication in Mobile Web Services. The main

objective is, a biometric authentication in mobile web

services is proposed. The user fingerprint is used as an

authentication. Biometric is stronger than passwords and

balances between security and performance.



697

To enhance mobile identification and remote

authentication and to enable multi model biometric

interoperability by Combining biometrics and web

services. The capabilities and reach of biometrics is

improved by using Web services as a means for

interoperability.

A. Web Services for Biometric Devices

WS-Biometric Devices, or WS-BD, is a control

protocol for biometric devices. It is a new command for

biometric devices. It uses the XML language for the web; it

does not require proprietary knowledge of sensor.

i). Fingerprint: Fingerprint- based identification is the

oldest method among all the biometric techniques, which

has been successfully used in many applications. Thus

everyone is known to have unique, invariable

fingerprints. A Large volume of fingerprints are collected

and stored everyday in a wide range of applications

including access control, forensics and driver license

registration. Hence an automatic recognition of people

based on fingerprints requires that the input fingerprint be

matched with a large number of fingerprints in a database.

ii). Fingerprint Based Devices: The fingerprint reader

or scanner is certainly the most appreciable achievement of

biometrics technology, which is growing as a breakthrough

in security victuals. This device is based upon storing and

comparing the key.

iii). Fingerprint Classification: It is desirable to classify

these fingerprints in an accurate and consistent manner

to reduce the search time and time complexity, so that

the input fingerprint is required to be matched only with

the subset of the fingerprints in the database. Hence it

leads to the need of fingerprint classification. The

Fingerprint classification technique is used to assign a

fingerprint into one of the several pre-specified types

such as arch loop whorl. First the given input finger print

is matched at an indecent level to one of the pre-specified

types and then, it is compared to the subset of the database

containing that type of fingerprints at finer level.

iv). Fingerprint Matching: A fingerprint is made of

series of crests and grooves on the surface of the finger. By

the pattern of crests and grooves as well as the minutiae

points, the uniqueness of a fingerprint can be determined.

The minutiae points are local ridge characteristics such

as delta, crossover, island, ridges bifurcation or a ridge

ending.

B. Architecture

According to proposal, the modules are as follows

i). Data Capturing and Pre-processing: The fingerprint

is captured from the fingerprint reader. The non-

overlapping and unwanted regions are removed by

pre- processing.

ii). Feature Extraction Pattern: The algorithm used in

Feature Extraction Pattern is Filter Bank Based

Fingerprint Matching.

iii). Decision Making: The template stored in the

database is compared with the extracted features.

iv). Accessing Web Services: If the pattern is matched,

then the user access to the web services is allowed.

FIGURE 1 FLOW DIAGRAM OF THE SYSTEM

IV. IMPLEMENTATION

A. Data Capturing and Pre-processing

In practice, the placement of finger on the scanner for

authentication is not done with the extreme care as when

placed during the enrolment and this result in rejections of

real users. The genuine acceptance rate (GAR) for

authentication of fingerprints is decreased due to the user’s

behaviour and environmental conditions. The pre-

processing algorithm is proposed to achieve good

vertical orientation and high ridge curvature area around

the core point for fingerprint authentication and

analysis to overcome this limitation.



698

In two stages, the algorithm is implemented. In the first

step, the process of obtaining the vertical oriented

fingerprint image is carried out. The core point detection of

a fingerprint is followed. For any type of fingerprints, the

core point detection is efficiently identified. The

developed algorithm is tested using a line based feature

extraction algorithm with a large internal database and

samples of fingerprint verification competition

(FVC). Only for the poor quality images, broken ridges are

identified which results in a difference in minutiae points.

With the proposed algorithm, the tested images were

oriented vertically and its genuine is verified by comparing

the sundries details of the oriented and un- oriented image

of the same subject.

Thus the fingerprint is captured from the fingerprint

reader. The non-overlapping and unwanted regions are

removed by pre-processing as shown in the following fig 2.

FIGURE 2 7SAMPLE INPUTS

B. Feature Extraction Pattern

The algorithm used in Feature Extraction Pattern is

Filter Bank Based Fingerprint Matching. The steps

involved in Feature Extraction is as follows

1. Have to determine a reference point and region of

interest for the fingerprint image.

a. Manually choose the reference point.

b. The appropriate orientation field is computed

and identification masks are used.

c. Poincare Index method.

2. The region of interest around the reference point is

tessellated.

a. The region of eight different directions using a

bank of Gabor filters is filtered.

3. The average absolute deviation from the mean

(AAD) of gray values in individual sectors is computed in

filtered images to define the feature vector or the finger

code.

4. Try to find directional field

i+w/2 j+w/2

Oy(i,j)= ∑ ∑ (Gx(u,v)-Gy(u,v))

u=i-w/2 v=j-w/2

θ(i,j)=1/2tan- 1

(Ox(i,j)/Oy(i,j))

Where Gx(u,v) Gy(u,v) are the gradients at each

pixel.θ(i,j) is the direction of the block (i,j).

5. Detect the singular point

a. Smooth the directional field of input

fingerprint image and estimate it.

b. To compute the Poincare index in each block

(8*8). The Poincare index is computed as follows:

Poincare(i,j)= 1/2Π∑

(k)= {

δ(k)=θ(X(k’),Y(k’))-θ(X(k),Y(k)),k’=(k+1) mod

N

Where θ(i,j) is the directional field of fingerprint.

X(k),Y(k) are the coordinates of the blocks which are in

the closed curve with N blocks. The Poincare Index is

said to be core block if it results in ½. The core point is the

centre of this block. If more than two core points are

detected, go to step 1.

C. Decision Making

The template stored in the database is compared with

the extracted features. If both the features (fingerprint) are

same then it will allow accessing the web services. If the

features are not same then it will not allow accessing the

web services.

D. Accessing Web Services

As stated in the abstract, username and one of the

biometrics of the user is used to login to the mobile web

service. Thus, some operations are performed and its

outputs are obtained from web services based on the inputs.

FIGURE 3 RESULT



699

V. ADVANTAGES

Fingerprint identification has many advantages by

means of identification in various fields. The identification

is accomplished by comparing the fingerprints of a new

user with the already stored template in the database. If

both the fingerprints are matched, then it is considered as a

positive match. Many identification systems which use

fingerprints go for a statistically notable match, rather than

matching the whole fingerprint, it look for key makers

which can be used for comparison.

The main advantage of fingerprint identification is that it

is very well accepted in the government and also in the

private sectors by giving better security. It has a long

history in judicial science, complete with many studies

which back up the use of fingerprints for identification.

This honourable history gives it weight and faith which are

not available to newer identification systems. Fingerprint

identification is widely understand as highly accurate and

very trustworthy, since the statistical chance of two people

on Earth having identical fingerprints is very low. It is very

easy to identify the mistaken fingerprints based on its

accuracy factor.

VI. PRACTICAL APPLICATION

The main application is to use biometric for accessing

web services. For example it is used in e-commerce or e-

banking etc.

It can also be used to access local data or applications in

the mobile phones, using remote biometric recognition.

Many types of biometric methods can be implemented on

mobile phones.

Thus it offers a wide range of possible applications

such as mobile bank transaction service security, personal

privacy protection and telemedicine examining. The sensor

data collected by mobile phones are used for biometric

identification and authentication is an emerging boundary

and has been increasingly explored in the recent decade.

VII. CONCLUSION

The problem of accessing web service by using

biometric authentication in mobile web services has been

successfully approached. It has been focused on the

problem of capturing the biometric with the biometric

reader; after the finger print matching process the

authentication gives the result as ―pass‖. Then the

permission to access the web service for a particular

application is provided.First it has been shown that there

are several related works, projects and commercial

applications about the biometric recognition.

In the proposed system the user finger print is used as

the authentication. Biometric is stronger than passwords

and balances between security and performance. Also

biometric is stable and distinctive. That means there is no

chance to forget the password because it can’t be lost or

forgotten and it is easy to remember. Biometrics are unique

in the sense, each user has a different or separate

fingerprint pattern.

Second it has been proved that the standard solutions

are used to authenticate the user’s finger print by a finger

print reader. Then it is easy to access the web service in

PC platforms. Whereas using the Applets Java, JavaScript,

ActiveX controls, do not work under mobile platforms.

Hence it needs a new alternative.

Thus the Modular architecture is needed to develop the

web application in the web page. So Android 2.2 is used to

develop a web service for the user. In this first the

collected pattern from the user which is stored on the

database. Finger print reader captures the user finger print

it is given to the finger pass plug –in. Then the current

template is matched with the already stored template if

both are matched, then it gives the result as authentication

―PASS‖ otherwise it gives the result as ―FAIL‖. If the

result is true then it is permitted to access the web service.

The main characteristics of the proposal system are:

1) It is free of charge to the user.

2) There is no difficult to access a web service, even it

is easier.

3) The server modification and mobiles multi platform

application development costs are very low.

REFERENCES

[1 ] CarlosVivaracho-Pascual and Juan Pascual-Gaspar, ―On the use

of mobile phones and Biometrics for accessing Restricted

Web Services‖ IEEE Transactions on Systems and cybernetics, Vol 42- No.2, Mar 2012.

[2 ] Abhishek Nagar , Karthik Nandakumar and Anil K.Jain

―Multibiometric Cryptosystems Based on Feature-Level Fusion‖ IEEE Transactions on Information forensics and Security,

Vol .7,No.1, Feb 2012.

[3 ] Bava Elizabeth Mathew ―Securing Web Services by Iris Recognition System‖, International Journal of Computer Applications,

volume 13-No, 7, Jan 2011.

[4 ] Ruchir Choudhry ―Biometrics for Global Web Authentication: an Open Source Java/J2EE-Based Approach‖ International Journal Of

computer Theory and Engineering, Vol 3, No.2, Apr 2011.

[5 ] Mandeep Kaur, Akshay Girdhar and Manvjeet Kaur ―Multimodal Biometric System Using speech and Signature‖

International Journal of Computer Applications .Vol 5 - No. 12, Aug

2010.

[6 ] B.Fu, S.X.Yang, J.Li, and D.Hu, ―Multibiometric cryptosystem:

Model structure and performance analysis,‖ IEEE Trans.

Inf. Forensics security, Vol.4, no.4, pp.867-882, Dec 2009.



700

[7 ] M.Martinez-Diaz, J.Fierrez, J.Ortega-Garcia, ―Towards mobile

authentication using dynamic signature verification: Useful features

and performance Evaluation,‖ in Proc.19th Int.Conf.Pattern Recogn., Dec.2008, pp.1-5.

[8 ] Yi Wang, Jiankun Hu, Kai Xi and Vijayakumar

Bhagavatula ―Investigating Correlation – Based Fingerprint Authentications Schemes for Mobile Devices Using the J2ME

technology‖ International Journal on computer Science and

Technology. Vol 6- No.7, Dec 2007.

[9 ] K.Nandakumar, A.K.Jain, and S . Pankanti, Fingerprint-based fuzzy

vault: Implementation and performance,‖IEEE Trans. Inf. Forensics

Security, vol.2, no 4, pp.744-757, Dec.2007.

[10 ] Y.Wang, J.Hu, and F.Han. Enhanced gradient based algorithm for

the estimation of fingerprint orientation fields. Applied Mathematics

and Computation, online Aug 2006.

[11 ] C.Watson, C.Wilson, M.Indovina, B.Cochran; ‖Two

Finger Matching With Vendor SDK Matchers‖; NIST Interagenc.

biometric based secured authentication in mobile web services

Documents