8/8/2019 Collaborative Fingerprint Authentication by Smart Card and a Trusted Host
http://slidepdf.com/reader/full/collaborative-fingerprint-authentication-by-smart-card-and-a-trusted-host 1/5
Collaborative Fingerprint Authentication by Smart Card and a Trusted Host
Y.S. Moon, H.C. Ho, K.L. Ng, S.F.Wan, S.T.Wong
Department of Computer Science and Engineering
The Chinese University of HongKong
Shatin, N.T.,HongKong.
Email: [email protected]
Abstract
Smart card is an important component in e-commerce
security. In aprevious CCECEpaper, we introduced the
idea for verification of the ownership of a smart card
using fingerprint. An owner's fingerprint is registered
into a smart card. When using smart card on a
computer, the card software will match the user's
fingerprint with that stored in the card. This paper
describes the continuation work of this research. Our
goal is to extendthe role ofthe smart card to become an
active authenticator for participation in fingerprint
authentication process.The
heart ofproblem lieson
thelimited computing power of the card's processor. This
paper reports the detailed descriptions of the design,
implementation and experiments.
1 IntroductionSmart card[6], which is a credit card sized plastic card,
embedded with a special type of hardwired logic or a
microprocessor to holtl critical information securely, is a
good choice of light-weighted hardware assisted
cryptographic devices for protection at the client side,when conducting some kinds of online activities, such
as e-commerce[9] on the intemet.
In recent years, there is an increasing trend of using
biometrics information such as eye retina, fingerprint,etc for user authentication in order to strengthen thesecurity measures of different electronic/embeddedsystems, including smart card systems. However, most
of these systems have a common insecure characteristicthat the biometrics authentication process is solely
accomplished out of the smart card processor. For
example, in fingerprint-based card systems, the card
needs to insecurely release the critical fingerprint mastertemplate information into a host computer with anextemal fingerprint reader to perform the fingerprint
matching.
In a previous CCECE paper[8], we introduced the idea
for verification of the ownership of a smart card using
fingerprint. One or more fingerprints of the owners areregistered into smart card. When the owner uses his
smart card on a computer, the card software will attemptto match the user's fingerprint with that stored in the'
card. In this way, the authentication of smart card can be
established. This paper describes the continuation work
0-7803-5957-7/00/$10.00©2000 IEEE
108
which attempts to improve the time complexity and
reduce the data leakage possibility in ourmethod.
2 Fingerprint Authentication Basic and its
Application in Our ProjectIn our work, fingerprint comparison is chosen as the
biometrics authentication tool for its maturity in termsof algorithm availability and hardware feasibility. The
novel technique for fingerprint identification [1],[2],[3]
has been well developed in the field of image
processing. Generally speaking, when we want to
compare two fingerprint images, it is needless to
accomplish this using a pixel-by-pixel methodology. On
the contrary, we can simply compare some pre-extra(:ted
features. In this regard, we have adopted the minutiae
method [1],[2],[3],[4],[5] in our work.
Minutiae refer to the ridge ends and ridge branches of a
fingerprint image. After some ad-hoc minutiae
extraction process [1],[2],[3],[4],[5], we obtain a set of
minutiae which is unique for every person[12]. This
process transforms the fingerprint-matching problem
into a more general point-matching problem. Several
well-known point-pattem-matching algorithms havebeen proposal in the late80's[1l].
We conducted our work using smart card equipped with
a 5 MHz Java processor[7] with no floating-pointarithmetic support. In our previous work, after we had
added a fixed-point arithmetic support to the smart card,
the card processor required about 7-10 seconds to
accomplish the point matching process. One way to cut
down this f i g u r ~ i i s to let the computer hosting the smartcard reader tqcarry out a more substantial share of thecomputational work. Unfortunately, this implies that
more fingerprint data must be transferred out of the
smart card so that data leakage becomes a problem. Inthe following part, we will discuss our continued e1fort
in this direction to enable the matching process becompleted in real time and secure manner.
3 Abstracted .M,:odel of Fingerprint
MatchingIn our recent work, we focus on enhancing the
performance of minutiae matching process on the smart
card. We assume that the process ofminutiae extraction
is done by a fingerprint capture device equipped with a
DSP chip. Before discussing our new algorithm design,
8/8/2019 Collaborative Fingerprint Authentication by Smart Card and a Trusted Host
http://slidepdf.com/reader/full/collaborative-fingerprint-authentication-by-smart-card-and-a-trusted-host 2/5
let us review the whole process fingerprint
authentication in this section briefly.
3.1 Fingerprint Authentication ProcessThe process of fingerprint authentication can be divided
into 3 main steps. They are:
3.1.1 Image Pre-Processing EnhancementThis refers to the refinement of the original fingerprint
image against image degradation in the fingerprint
reader.
from the sc'anner, we extract the minutiae points from a
captured image using the host computer, and stl:>re the
points into a template file, called live template. Data of
the live template file is sent to the smart card, which
computes translation and rotation difference between
the live template and the master template. By using
these two values, the live template can be transformed
in a state ready for point-to-point matching with the
master template. Finally, we obtain a percentag{: match
result.
MP is a 2D co-ordinate (MP_X, MP_Y) and,
Figure 1 Original system architecture
4.2 Different New Approaches
4.2.1 The Cartesian Approach
In our new design, we perform some pre-match
computation is conducted in the host computer in order
to reduce the workload of the smart card. When
generating the master template file, we compute theaverage posit ion (MP) and orientation (MO) of the
points in the master template and attach these two
values to themastertemplate in the smart card.
Smartcardost computer
3.1.2 Minutiae Extraction
This refers to fingerprint feature extraction. The
following algorithm is mainly based on the techniques
used in [4].
The 4 main steps are listedbelow:
Step 1 Conversionfrom original image to Binary image
Apply a low pass filter to smooth the high frequency
regions of the print and apply threshold into each
segment of the image.
Step 3 Skeleton refinement and transformation
In this stage, the skeleton obtained is transformed into a
sta te from which valid Minutiae information can be
extracted.
Step 4 Enrollment
Select some of the Minutiae and store them into a
template file. The position, type and orientation of each
Minutia, are stored as a master template inside the smart
card.
Step 2 Binary image to one pixe l wide skeleton
conversion
Using spatial domain method and thinning rules,
consider each pixel with its neighbors, generate a one
pixel-wide skeleton image.
3.1.3 Authenticate with the Live Scan Image
After we have captured the user fingerprint image from
the fingerprint reader, we'can apply the above
mentioned image processing techniques to transform the
image into necessary minutiae points and compare them
with the master template. Due to the difference between
displacement and orientati'on between the live scanned
image and the master image, it is necessary to rotate and
translate the live scanned image before doing a point-to
point matching procedure. After this process, we can
compute the percentage match result by using a point
to-point type matching procedure. Subsequently, a
decision can be made by comparing the percentagematch value and a pre-defined threshold value[4],[5].
4 Modified Approaches
4.1 Original Design
In our original system, which we called the "Hard
Way", after we have obtained the. live scanned image
where Xi is the x co-ordinate of ith minutiae, Y j is the y
co-ordinate of the i th minutiae, OJ is the minutiae
orientation of the ith minutiae in the mas ter template
and N is the total number of minutiae points i.n master
template.
The calculation ofLP and LO is similar.
During authentication, after we have obtained the live
template file, we will compute the average position (LP)
and orientation (LO) of the live template. Then, MP and
MO are sent to the host computer from the smart card.
Points of live template will be transformed in the host
109
8/8/2019 Collaborative Fingerprint Authentication by Smart Card and a Trusted Host
http://slidepdf.com/reader/full/collaborative-fingerprint-authentication-by-smart-card-and-a-trusted-host 3/5
8/8/2019 Collaborative Fingerprint Authentication by Smart Card and a Trusted Host
http://slidepdf.com/reader/full/collaborative-fingerprint-authentication-by-smart-card-and-a-trusted-host 4/5
4.3.1 Point-to-Point Matching (Polar Form)
In the Cartesian point-matching algorithm, two points
match if the minutia from live image fall into the
bounding box of master image. In the Polar Form
algorithm, we have a different way for computing the
error bounds.
Firstly, we define the size of the bounding box:
Figure 5 Initial guess
For two points, if I rl - r21 < 10 and I 1 - 2 I < 60
degree, then they are considered to be the preliminarily
matched. Further computation is necessary to verify
their closeness.
If two points fulfil the above requirement, the arc length
(r2 * ( 1 - . 2)) will be calculated. If the arc length <I0, these two points will be regarded as matched. In
some cases, more one point from the live template may
match to one point in the master. Using the
approximation formula: area = arc * (r2 - rl), we will
compute the areas of the error bounding rectangles for
all of the matching points in the live template, The point
associated with the smallest rectangle will be regarded
as best matched point.
Figure 6 Best match approach
4.4 Assumption
When we conduct the experiment of the above
approaches, we have assumed that the numbers of
minutiae in the master and the live scan template are
approximately the same. Significant difference between
the number of minutiae extracted from the live scan and
that from master template can lead to the inaccuracy in
the comparing the orientation angle and the minutiae
average position. Our assumption is valid since theincrease in the difference in the minutia number implies
the increase in the number of noisy points detected,
signalling us to reject the live scan template and re
acquire the candidate's fingerprint again. Here, we
should ensure that the minutiae stored in the master
template are not noisy points, else false rejection rate
can increase. This can be achieved by scanning more
than once during master template registration.
5 Time Complexity AnalysisIn this section, we would like to investigate the
performance issues of our new design of fingerprint
computation in the smart card system.
Our original system which uses the smart card processor
to do the transformation process and the point-to-point
matching process, takes about 10 seconds to finish the
authentication process. About 40% of time was spent on
transferring fingerprint template data to the smart card
and another 60% spent on the actual authentication
computation. The new system takes only 3-4 seconds to
complete the complete authentication process. 50% of
time is used to transfer data. Two separate data transfer
sections actually take place. The first one refers to the
data transfer from the smart card to the host computer.
The data are simply two average values of the master
template. The second one transfers the whole live
fingerprint template from the host computer to the smart
card. Another 50% of time are used to process the
authentication computation which is a simple point-to
point matching procedure.
Refer to the point-to-point matching pseudo-code in our
previous paper[8], we can see that the time complexity
of the point-to-point-matching algorithm is 0 (n2).
Assuming the number of Minutiae Points exist in both
the master template and the live scan template are 20
respectively, the worse case of the number' of
comparisons is 20 x 20 = 400.
6 Experiment ResultsIn our experiment, we want to examine the consistency
of accuracy and time complexity of the proposed pointpattern matching algorithms. We have generated 10
pairs of fingerprint template as sample test data.
.6.1 Consistent AccuracyWe run our sample data using the cartesian co-ordinate
approach and the polar co-ordinate approach in PC
platform. We found that the matching results of the
111
8/8/2019 Collaborative Fingerprint Authentication by Smart Card and a Trusted Host
http://slidepdf.com/reader/full/collaborative-fingerprint-authentication-by-smart-card-and-a-trusted-host 5/5
sample data are consistent with each other. The result is
shown below:
Data Percentage match Percentage matchset computed by Polar computed by
coordinate approach Cartesian coordinateapproach
1 100% 1000/0
2 89% 94%
3 100% 100%
4 100% 100%
5 92% 91%
6 0% 0%
7 100% 100%
8 100% 100%
9 89% 100%
10 100% 100%
Remark: there are about 20 mmutIae In both master and
live template in each data set.
Though the above result shows the consistency of the
two approaches is satisfied, the accuracy greatly
depends on the detennination of the average position
(centroid) which in tum depends on different betweennumber of minutiae extracted from master and live
fingerprint image. Otherwise, the result can deteriorate
significantly
6.2 Time RequirementWe ran the sample data using cartesian co-ordinate
approach and polar co-ordinate approach inside the
smart card. We found that the average time to complete
the cartesian point pattern matching algorithm is about
1.0 second, and the average time to complete the polarpoint pattern matching algorithm is about 0.8 second.
Noted that the above average time does not include the
transfer time of data to smart card. The average data
transfer time is about 2.5 seconds. Therefore, the totaltime for a complete authentication is 3-4 seconds which
is an obvious improvement compare with our last year
result.
'7 Conclusion and FutureWork
In contrast to traditional approach on fingerprint
matching, like string matching[5], our approach issolely based on 2D geometry, which is more suitable tobe run by smart card with limited processing power.
However, the corresponding error tolerance ability willbe weakened. The next phase of this project comes to
requirement analysis of the .image pre-processing and'
feature extraction against noisy minutiae with respect to
smart card basedmatching algorithm.
112
References
[1] D. Maio, D. Maltoni, S. Rizzi, "An efficient
approach to on-line fingerprint verification",proceedings VIII Int. Symp. on Artificial
Intelligence, Mexico, Oct. 1995.
[2] D. Maio, D. Maltoni, "Direct Gray-Scale Minutiae
Detection in Fingerprints", IEEE Transactions on
Pattern Analysis Machine Intelligence, v. 19, no.I, pp. 25-29,1997.
[3] O. Bergengruen, Matching Minutiae of Fingerprint
Images, pp. 5-7 1994
[4] J. D. Stosz, L. A. Alyea, Automated system for
fingerprint authentication using pores and ridge
structure[5] A. Jain, L. Hong, R. Bolle, On-line Fingerprint
Verification, pp. 1-33, 1996
[6] Hendry, Smart Card Security and Applications,
Artech House, Inc., 1997
[7] . http://www.gemplus.com
[8] Y.S. Moon, H.C. Ho, K.L. Ng, "A Secure Smart
Card System with Biometrics Capability"
Proceedingsof
the 1999 IEEE CanadianConference on Electrical and ComputerEngineering, Edmonton, pp. 261-266,May 1999.
[9] Y.S. Moon, H.C. Ho, "Secure Transport Protocol
for E-Commerce - SET versus SSL", inMult imedia Infonnation Systems in Practice,Springer Verlag Press, pp. 389-397, Dec. 1998,
Hong Kong.
[10] P.M. Griffin, C. Alexopoulos, "Point Pattern
Matching Using Centroid Bounding", IEEETransactions on System, Man and Cybernetics,vol. 19, No.5, September/October 1989.
[11] G.S. Cox., G. de Jager., " A Survey on PointPattern Matching and a New Approach to Point
Pattern Recognition", Processing of the 1992
South African Symposium on Communicationsand Signal Processing, pp.243-248, 1992.
[12] F. Galton, Finger Prints, Macmillan, London,
1892.