International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 3, March 2013)
695
Biometric Based Secured Authentication in Mobile Web
Services Ms. K. M. Brindha Shree
1, Mrs. M. Rajalakshmi
2
1Lecturer, Department of CSE, P. A. College of Engineering and Technology, Pollachi, Tamil Nadu 2Assistant Professor, Department of CSE, P. A. College of Engineering and Technology, Pollachi, Tamil Nadu
Abstract— Web service is a responsible for the
machines to communicate with each other in World Wide
Web. Most of the Web services in real world application
developed were to work on PC Platforms, not in mobile. Web
services developed on Mobile platforms have to overcome the
challenges in this platform. Mobile based web services provide
interoperability. In today’s development of technology, Hand
held devices are ruling the world, so there is a need of
mobile based services. The security in terms of mobile
phones is the issue due to misplacement of the device or in
terms of theft. Web services used in the mobile devices should
be more secured to avoid the loss of data and unauthorized
access of the web services. In the mobile devices accessing
web services using a username and password combination
leads to unauthorized access. To avoid this issue, Instead
of this traditional combination, username along with one
of the Biometric is used. In the Proposed system,
fingerprint is used as a Biometric. Fingerprint
authentication system provides more secured Web Service
Application as fingerprint implies users own identity.
Keywords— Biometric, Finger Print,
Interoperability, Mobile, Web services, World Wide Web.
I. INTRODUCTION
Biometric based secured authentication in mobile web
services is proposed. Biometrics is one of the
authentication techniques that rely on measurable
physiological and unique characteristics that can be
automatically verified. A biometric system may operate
either in verification mode or identification mode
depending upon the application context. The need for
highly secure identification and personal verification
technologies is becoming apparent due to the level of
security breaks and transaction fraud increases.
Biometric-based solutions are providing the
confidential transactions and personal data privacy. Based
on the characteristics, biometrics can be divided into two
categories. First one physiological, it depends on the direct
measurements of a part of the human body.
The second one is behavioural, it depends on the
measurements and data derived from an action
performed by the user and measuring some
characteristics of the human body indirectly. Two groups
of biometric-recognition tasks are: identification and
verification or authentication. If the database is very large
then identification requires a large amount of processing,
and is time consuming. It is mainly used to determine the
identity of a suspect from crime- scene information. If the
user sample is only matched with a claimed identity-stored
template and is often used to access places or information
when the verification requires less computer load.
A web service is defined as a software system designed
to support interoperability which means machine-to-
machine interaction over a network. It interfaces
between an application programming. Across the internet it
can be published, located and invoked. It is subjected to
unauthorized intrusion when the web service is
connected to the internet. Security is needed in order to
ensure the availability, confidentiality and integrity of
the web services. For the strong authentication access
controls such as biometrics should be employed. It is the
most robust method to verify and identify an
individual, when the person is enrolled. Finger print
recognition system is a best method that has always
gives the promise of highly accurate identity
verification. Proposal describes how finger print
biometric authentication helps to access web services.
II. EXISTING SYSTEM
The existing system focuses on the use of biometric
person recognition for secure access to restricted data or
services using a mobile phone with internet connection. In
the existing system, mobile phone is used as a biometric
capture device. The main objective of the system is that it
captures, and recognizes later, can be performed at the time
of standard web session, thus allowing a multiplatform
biometric web access.
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 3, March 2013)
696
Novel mobile-phone application architecture is
proposed. The use of an embedded web browser, biometric
is captured and sends to the web server. By the use of a
mobile phone the biometric is captured during web session.
The captured biometric can be stored in the server or used
with local or remote.
Whenever a mobile phone is used, it is used to perform
a biometric recognition during a web session. Instead of
password the biometric-user authentication can be used.
Applet Java, JavaScript, Microsoft Silver light and
ActiveX control has been found to analyse the technologies
used for embedded programs in a web page in order to
capture and send the biometrics.
Three Biometric features are developed, namely online
signature, speech and face
A. Online Signature system
For accessing to a remote site the online-signature
system is designed to replace the password by the user’s
signature.
i). Client side: To enable multi device authentication
from both PC-like and Mobile-like web browsers. System
has been developed. For that a touch screen in the mobile is
required. By this signature is captured. The signature
data is captured from the PC-like browser, a Java Applet.
Signature data is first captured locally, and then it sends the
captured data to the server, that has been developed. The
Java applet allows the use of a graphic tablet, to provide
greater versatility. In the mobile device, a mobile
application with .NET programming environment has been
developed for signature acquisition.
ii). Server side: An Apache server and Tomcat
application server is used in the server side. The server
modules are used to capture and pre-processing has been
developed in the hypertext-processor (PHP) programming
language. By using Java the verification engine
was developed.
B. Voice-Based System
After authentication by speech, this application allows
services/local data of the mobile device to be accessed,
although the biometric recognition is performed remotely.
i). Client side: A system has been developed that
provides multiservice authentication from both a PC
and mobile device. In a PC browser, a Java Applet is
used to capture/recognize the voice and sends voice to the
server.
For speech attainment in the mobile device, an
application in the .NET framework which operates almost
the same as the signature system has been developed, but
it has three dissimilarity as follows
1) The URLs required to manage the application from
the remote-resource access are within the application code,
which means it provides highest security but less
versatility.
2) POST method is used to send the signature.
3) In order to manage the local access the up loader-
component functionalities have been modified. The remote
result of verification is accessed through messages
introduced in the PHP page code responsible for the
verification of the voice. While processing and testing the
speech sample the up loader components also manages an
errors.
ii). Server side: An Apache web server has been used.
By using PHP programming language other server
modules have been developed, for the capture engine. The
pre- processing and verification engine uses C and UNIX
Shell.
C. Face-Based System
After authentication by Face, this application allows
services/local data of the mobile device to be
accessed, although the biometric recognition is performed
remotely. The characteristics are same to those shown in
the speech based system, but an only difference is
capturing the face image instead of speech to perform the
authentication. Face based application was developed and
has been performed, especially for Windows Mobile and
Android devices. No one has approached the biometric
recognition in a mobile Environment through the web.
It has been proved that the standard solutions to
approach the problem in PC platforms, using Applets Java
and ActiveX controls do not work under mobile platforms.
Hence a new alternative is needed. To develop a biometric
web application, embedding a web browser in a mobile-
phone application, using a modular architecture Instead of
embedding an application in the mobile phone.
III. PROPOSED SYSTEM
The proposed system focuses on the Biometric Based
Secured Authentication in Mobile Web Services. The main
objective is, a biometric authentication in mobile web
services is proposed. The user fingerprint is used as an
authentication. Biometric is stronger than passwords and
balances between security and performance.
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 3, March 2013)
697
To enhance mobile identification and remote
authentication and to enable multi model biometric
interoperability by Combining biometrics and web
services. The capabilities and reach of biometrics is
improved by using Web services as a means for
interoperability.
A. Web Services for Biometric Devices
WS-Biometric Devices, or WS-BD, is a control
protocol for biometric devices. It is a new command for
biometric devices. It uses the XML language for the web; it
does not require proprietary knowledge of sensor.
i). Fingerprint: Fingerprint- based identification is the
oldest method among all the biometric techniques, which
has been successfully used in many applications. Thus
everyone is known to have unique, invariable
fingerprints. A Large volume of fingerprints are collected
and stored everyday in a wide range of applications
including access control, forensics and driver license
registration. Hence an automatic recognition of people
based on fingerprints requires that the input fingerprint be
matched with a large number of fingerprints in a database.
ii). Fingerprint Based Devices: The fingerprint reader
or scanner is certainly the most appreciable achievement of
biometrics technology, which is growing as a breakthrough
in security victuals. This device is based upon storing and
comparing the key.
iii). Fingerprint Classification: It is desirable to classify
these fingerprints in an accurate and consistent manner
to reduce the search time and time complexity, so that
the input fingerprint is required to be matched only with
the subset of the fingerprints in the database. Hence it
leads to the need of fingerprint classification. The
Fingerprint classification technique is used to assign a
fingerprint into one of the several pre-specified types
such as arch loop whorl. First the given input finger print
is matched at an indecent level to one of the pre-specified
types and then, it is compared to the subset of the database
containing that type of fingerprints at finer level.
iv). Fingerprint Matching: A fingerprint is made of
series of crests and grooves on the surface of the finger. By
the pattern of crests and grooves as well as the minutiae
points, the uniqueness of a fingerprint can be determined.
The minutiae points are local ridge characteristics such
as delta, crossover, island, ridges bifurcation or a ridge
ending.
B. Architecture
According to proposal, the modules are as follows
i). Data Capturing and Pre-processing: The fingerprint
is captured from the fingerprint reader. The non-
overlapping and unwanted regions are removed by
pre- processing.
ii). Feature Extraction Pattern: The algorithm used in
Feature Extraction Pattern is Filter Bank Based
Fingerprint Matching.
iii). Decision Making: The template stored in the
database is compared with the extracted features.
iv). Accessing Web Services: If the pattern is matched,
then the user access to the web services is allowed.
FIGURE 1 FLOW DIAGRAM OF THE SYSTEM
IV. IMPLEMENTATION
A. Data Capturing and Pre-processing
In practice, the placement of finger on the scanner for
authentication is not done with the extreme care as when
placed during the enrolment and this result in rejections of
real users. The genuine acceptance rate (GAR) for
authentication of fingerprints is decreased due to the user’s
behaviour and environmental conditions. The pre-
processing algorithm is proposed to achieve good
vertical orientation and high ridge curvature area around
the core point for fingerprint authentication and
analysis to overcome this limitation.
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 3, March 2013)
698
In two stages, the algorithm is implemented. In the first
step, the process of obtaining the vertical oriented
fingerprint image is carried out. The core point detection of
a fingerprint is followed. For any type of fingerprints, the
core point detection is efficiently identified. The
developed algorithm is tested using a line based feature
extraction algorithm with a large internal database and
samples of fingerprint verification competition
(FVC). Only for the poor quality images, broken ridges are
identified which results in a difference in minutiae points.
With the proposed algorithm, the tested images were
oriented vertically and its genuine is verified by comparing
the sundries details of the oriented and un- oriented image
of the same subject.
Thus the fingerprint is captured from the fingerprint
reader. The non-overlapping and unwanted regions are
removed by pre-processing as shown in the following fig 2.
FIGURE 2 7SAMPLE INPUTS
B. Feature Extraction Pattern
The algorithm used in Feature Extraction Pattern is
Filter Bank Based Fingerprint Matching. The steps
involved in Feature Extraction is as follows
1. Have to determine a reference point and region of
interest for the fingerprint image.
a. Manually choose the reference point.
b. The appropriate orientation field is computed
and identification masks are used.
c. Poincare Index method.
2. The region of interest around the reference point is
tessellated.
a. The region of eight different directions using a
bank of Gabor filters is filtered.
3. The average absolute deviation from the mean
(AAD) of gray values in individual sectors is computed in
filtered images to define the feature vector or the finger
code.
4. Try to find directional field
i+w/2 j+w/2
Oy(i,j)= ∑ ∑ (Gx(u,v)-Gy(u,v))
u=i-w/2 v=j-w/2
θ(i,j)=1/2tan- 1
(Ox(i,j)/Oy(i,j))
Where Gx(u,v) Gy(u,v) are the gradients at each
pixel.θ(i,j) is the direction of the block (i,j).
5. Detect the singular point
a. Smooth the directional field of input
fingerprint image and estimate it.
b. To compute the Poincare index in each block
(8*8). The Poincare index is computed as follows:
Poincare(i,j)= 1/2Π∑
(k)= {
δ(k)=θ(X(k’),Y(k’))-θ(X(k),Y(k)),k’=(k+1) mod
N
Where θ(i,j) is the directional field of fingerprint.
X(k),Y(k) are the coordinates of the blocks which are in
the closed curve with N blocks. The Poincare Index is
said to be core block if it results in ½. The core point is the
centre of this block. If more than two core points are
detected, go to step 1.
C. Decision Making
The template stored in the database is compared with
the extracted features. If both the features (fingerprint) are
same then it will allow accessing the web services. If the
features are not same then it will not allow accessing the
web services.
D. Accessing Web Services
As stated in the abstract, username and one of the
biometrics of the user is used to login to the mobile web
service. Thus, some operations are performed and its
outputs are obtained from web services based on the inputs.
FIGURE 3 RESULT
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 3, March 2013)
699
V. ADVANTAGES
Fingerprint identification has many advantages by
means of identification in various fields. The identification
is accomplished by comparing the fingerprints of a new
user with the already stored template in the database. If
both the fingerprints are matched, then it is considered as a
positive match. Many identification systems which use
fingerprints go for a statistically notable match, rather than
matching the whole fingerprint, it look for key makers
which can be used for comparison.
The main advantage of fingerprint identification is that it
is very well accepted in the government and also in the
private sectors by giving better security. It has a long
history in judicial science, complete with many studies
which back up the use of fingerprints for identification.
This honourable history gives it weight and faith which are
not available to newer identification systems. Fingerprint
identification is widely understand as highly accurate and
very trustworthy, since the statistical chance of two people
on Earth having identical fingerprints is very low. It is very
easy to identify the mistaken fingerprints based on its
accuracy factor.
VI. PRACTICAL APPLICATION
The main application is to use biometric for accessing
web services. For example it is used in e-commerce or e-
banking etc.
It can also be used to access local data or applications in
the mobile phones, using remote biometric recognition.
Many types of biometric methods can be implemented on
mobile phones.
Thus it offers a wide range of possible applications
such as mobile bank transaction service security, personal
privacy protection and telemedicine examining. The sensor
data collected by mobile phones are used for biometric
identification and authentication is an emerging boundary
and has been increasingly explored in the recent decade.
VII. CONCLUSION
The problem of accessing web service by using
biometric authentication in mobile web services has been
successfully approached. It has been focused on the
problem of capturing the biometric with the biometric
reader; after the finger print matching process the
authentication gives the result as ―pass‖. Then the
permission to access the web service for a particular
application is provided.First it has been shown that there
are several related works, projects and commercial
applications about the biometric recognition.
In the proposed system the user finger print is used as
the authentication. Biometric is stronger than passwords
and balances between security and performance. Also
biometric is stable and distinctive. That means there is no
chance to forget the password because it can’t be lost or
forgotten and it is easy to remember. Biometrics are unique
in the sense, each user has a different or separate
fingerprint pattern.
Second it has been proved that the standard solutions
are used to authenticate the user’s finger print by a finger
print reader. Then it is easy to access the web service in
PC platforms. Whereas using the Applets Java, JavaScript,
ActiveX controls, do not work under mobile platforms.
Hence it needs a new alternative.
Thus the Modular architecture is needed to develop the
web application in the web page. So Android 2.2 is used to
develop a web service for the user. In this first the
collected pattern from the user which is stored on the
database. Finger print reader captures the user finger print
it is given to the finger pass plug –in. Then the current
template is matched with the already stored template if
both are matched, then it gives the result as authentication
―PASS‖ otherwise it gives the result as ―FAIL‖. If the
result is true then it is permitted to access the web service.
The main characteristics of the proposal system are:
1) It is free of charge to the user.
2) There is no difficult to access a web service, even it
is easier.
3) The server modification and mobiles multi platform
application development costs are very low.
REFERENCES
[1 ] CarlosVivaracho-Pascual and Juan Pascual-Gaspar, ―On the use
of mobile phones and Biometrics for accessing Restricted
Web Services‖ IEEE Transactions on Systems and cybernetics, Vol 42- No.2, Mar 2012.
[2 ] Abhishek Nagar , Karthik Nandakumar and Anil K.Jain
―Multibiometric Cryptosystems Based on Feature-Level Fusion‖ IEEE Transactions on Information forensics and Security,
Vol .7,No.1, Feb 2012.
[3 ] Bava Elizabeth Mathew ―Securing Web Services by Iris Recognition System‖, International Journal of Computer Applications,
volume 13-No, 7, Jan 2011.
[4 ] Ruchir Choudhry ―Biometrics for Global Web Authentication: an Open Source Java/J2EE-Based Approach‖ International Journal Of
computer Theory and Engineering, Vol 3, No.2, Apr 2011.
[5 ] Mandeep Kaur, Akshay Girdhar and Manvjeet Kaur ―Multimodal Biometric System Using speech and Signature‖
International Journal of Computer Applications .Vol 5 - No. 12, Aug
2010.
[6 ] B.Fu, S.X.Yang, J.Li, and D.Hu, ―Multibiometric cryptosystem:
Model structure and performance analysis,‖ IEEE Trans.
Inf. Forensics security, Vol.4, no.4, pp.867-882, Dec 2009.
International Journal of Emerging Technology and Advanced Engineering
Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal, Volume 3, Issue 3, March 2013)
700
[7 ] M.Martinez-Diaz, J.Fierrez, J.Ortega-Garcia, ―Towards mobile
authentication using dynamic signature verification: Useful features
and performance Evaluation,‖ in Proc.19th Int.Conf.Pattern Recogn., Dec.2008, pp.1-5.
[8 ] Yi Wang, Jiankun Hu, Kai Xi and Vijayakumar
Bhagavatula ―Investigating Correlation – Based Fingerprint Authentications Schemes for Mobile Devices Using the J2ME
technology‖ International Journal on computer Science and
Technology. Vol 6- No.7, Dec 2007.
[9 ] K.Nandakumar, A.K.Jain, and S . Pankanti, Fingerprint-based fuzzy
vault: Implementation and performance,‖IEEE Trans. Inf. Forensics
Security, vol.2, no 4, pp.744-757, Dec.2007.
[10 ] Y.Wang, J.Hu, and F.Han. Enhanced gradient based algorithm for
the estimation of fingerprint orientation fields. Applied Mathematics
and Computation, online Aug 2006.
[11 ] C.Watson, C.Wilson, M.Indovina, B.Cochran; ‖Two
Finger Matching With Vendor SDK Matchers‖; NIST Interagenc.