Keesing Journal of Documents & Identity, issue 32, 2010

As a rule one always looks for a trusted person to pass sensitive information along. Since security is better than trust, the information is made unreadable (or even invisible) to outsiders. This alleviates the requirements for the carrier, but does not eliminate them altogether. If not every person involved can be trusted or if their identity can be assumed by a third party, the transfer of information may be tampered with.

In modern communication technology the role of the trusted person is taken over by a key code. Similar to a bank vault, the information can only be accessed when all the keys are correct. The fraud sensitivity then moves from information theft to identity theft. Once the key is stolen, a third party can pose as the person that

is identified by the key. The daily newspapers are full of stories about the fraudulent use of PIN codes and smart cards. As this can be seen as putting the cart before the horse, biometrics has been proposed as the obvious improvement. After all, it relates to the person directly instead of through some randomly assigned number.

Ideally, the derived key value should be too big to guess, and the construction should be too random to allow improved guessing by structural observations. The solution can be found in living material that grows and changes through underlying, but not fully understood, processes. It is comparable to the fact that weather is so hard to predict despite the use of supercomputers: the observation is on a process that is the outcome of a number of non-observable processes. This makes for a large variety. Moreover, if the observation can be confined to a living process, committing fraud becomes extremely hard to achieve, if ever.

Biometrics disciplinesFor these reasons, biometrics technologies promise to provide highly secure authentication systems. They are usually classified according to the ease-of-use, cost, accuracy and perceived intrusiveness. The most well-known biometric disciplines are fingerprint, facial

© Keesing Reference Systems B.V.

Hand veins secure personal accessPromising alternative to fingerprints and retinal identification

Biometric identification is an important security application aiming for non-intrusive capture and real-time processing. Security systems based on fingerprints and retinal patterns have been widely developed, but can be easily falsified. Recently, identification by vein patterns has been developed as a promising alternative.

by Ben Spaanenburg & Suleyman Malki

Table 1: Biometric Technologies (adapted from RAND report, June 2000)

Object Robustness Accuracy Intrusion

Geometry hand moderate low touching

finger moderate low touching

Structure finger tip moderate high touching

iris high high near

face moderate moderate near

Vascular palm high high casual

finger high high casual

retina high high close

Dynamics speech moderate low remote

writing low moderate touching

key-stroke low low casual

General interestGeneral interestInnovationInnovation 1

Lambert (Ben) Spaanenburg started

his academic journey

at Twente University

(Enschede, The

Netherlands) in the

field of VLSI design.

At IMS in Stuttgart he

has co-created the

neural control for the

Daimler OSCAR 1992

prototype. Further

research in neural

image processing

evolved into software

activities in the area

of interior decoration

design. In 2002 this

resulted in Dacolian,

a company which held

60% of the license

plate recognition

world market before

it merged into Q-Free

ASA. Until recently

he was Professor in

Silicon Systems at Lund

University.

Keesing Journal of Documents & Identity, issue 32, 2010

and vein recognition, but there are more. Table 1 lists the principle methods and a number of body parts on which they can be applied. Early attempts to bring something practical to society included the measuring of either the hand outline (in operation at Ben Gurion airport since 2003) or the skull. From there on the move has been towards more complex features, or to a higher dimensionality in time or space. In space, there has been a shift from outline to 2-D textures and sub-surface vascular patterns. In time, detection schemes based on speech, writing, typing and walking have been developed.

Most of these methods are susceptible to fraud as they lack the link to nature. This applies in particular to still observations, where the image generation does not rely on living organisms (geometry & texture).

Fingerprint technology provides a good balance between the four characteristics listed in the previous paragraph, making it the most common technology of today. But such systems are demonstrated to be very sensitive to fraud by reproduction, while technical considerations, such as sensor quality and temperature, decrease the usability. One may assume that this argument also applies to dynamic observations. For instance, the dynamics of speech are hard to copy, but not impossible for single words or short sentences. On the other hand, vein patterns of either a hand palm or finger, or the iris of an eye offer stable, unique and repeatable biometrics features.

Vascular systems based on eye veinsThe oldest vascular systems are based on eye veins. They come in two categories, retinal scanning and iris scanning.

• Retinal scanning uses the retinal capillary patterns that absorb light, which is why they can be made visible by proper illumination. On the inside of the eye cavity, the incoming light falls on a sandwich of three layers consisting of the capillaries, the blood vessels and the supporting fibres. As the lens opening is small the scanner should be close to the lens to see the retina, and perfect alignment without eye movement is necessary to have a reproducible measure. The use of the retina for this type of authentication was already suggested in the 1930s1, but it was not until 1984 that it was commercially exploited by EyeDentify. The technique is intrusive and possibly damaging for the eye. Furthermore, the stability of the pattern is not guaranteed as all kinds of diseases may change it.• Iris scanning uses the texture of the iris, the

anatomical structure covering the pupil, for controlling the diameter and size of the opening and therefore the amount of light. In its emphasis on structural features, iris scanning is similar to finger printing. The iris patterns can be observed from a relatively large distance and the technology is therefore less intrusive than retinal scanning. This has made for a clear competition between the two, starting from the introduction of the first IrisAccess system in 1994, originally developed by John Daugman of Cambridge University2. Today, iris scanners are still based on the same algorithmic concepts. Unfortunately, such a system can be easily fooled by glasses and lenses worn by the user.

History of vascular systemsAs early as in 1987, Joe Rice considered hand vein patterns for identification purposes3, but his employer saw no need for further development. After that it was

Figure 1CBAS algorithmic

structure.

© Keesing Reference Systems B.V.

BifurcationDetection

EindingDetection

FeatureCorrection

Bin

ariz

atio

n

Ske

leto

niza

tion

Figu

re R

econ

stru

ctio

n

InnovationInnovation2

Suleyman Malkireceived a Ph.D.

on the subject of

‘Reconfigurable and

Parallel Computing

Structures in Structured

Silicon’ from the

Department of Electrical

and Information

Technology at Lund

University in 2008.

Prior to this he received

a Master degree in

Computer Science

and Engineering from

Lund University. His

research has been

focused mainly on the

implementation and

verification of highly

intelligent systems on

Reconfigurable Chips

(FPGA). He currently

pursues research in

collaboration with

Ericsson Research.

Keesing Journal of Documents & Identity, issue 32, 2010

Advanced Biometrics who, in 1997, developed a device using the palm of the hand. Later on, other places to find the veins such as the back of the hand and the ventral or dorsal side of a finger were exploited. The main three players in the hand vein recognition markets are all located in Japan and initially developed the devices for the local market.

One may wonder: if vascular methods are so advantageous, what kept them so long? The answer lies in its costs and therefore in the technology. Vein locations are extracted from light absorption patterns due to oxygen-depleted haemoglobin observable in the near infrared spectrum. Only after the breakthrough of LED technology have vascular methods become a practical alternative. The principle mechanism eliminates fraud by copying, while the structure is experimentally proven to be unique in a test of 40,000 genuine versus 50,000,000 imposter images.

The first generation of hand vein devices has targeted the demonstration of principle soundness. The vein images are obtained using two near-infrared LED arrays, a CCD camera and a video capture card. An early extraction algorithm4 uses fixed-point numbers to limit the processing time, and patterns are recognized with 99.45% success. Images are cleaned and compared within 100 msec. per person. Nowadays, devices show persistent results with False Reject Ratio FRR<0.01% and False Accept Ratio FAR<0.00002%5.

Currently available devices The detection of veins in the palm of the hand has been improved by Fujitsu to support contactless applications6. Similar use of the back of the hand is covered in ‘Improved Vein Pattern Extracting Algorithm

and Its Implementation’7. The primary advantage of Fujitsu’s PalmSecure device is that it allows ‘no-touch’ authentication, which is important for access control in public areas. It keeps the scanner clean and the user can refrain from for example taking his gloves off. Furthermore, environmental light plays no role in the reading. Hitachi uses the finger veins in the VeinID that has been successfully employed by major financial institutes in Japan8. The Sony Mofiria system takes the side to the finger into regard, with typical mobile applications in mind.

The early hand vein recognition devices have been successfully applied to control public access, for instance airports and banking terminals. Therefore the size, price and user friendliness were of moderate importance, and in a sense they were computer peripherals. The newer devices stress the need for price and size reduction, in order to integrate them into consumer systems such as mobile telephones and laptops. As their main purpose is to check on the authorization of a specific user, they serve as electronic keys. Such products have been demonstrated at the CEBIT in 2009.

A typical issue with biometric devices is the need for enrolment. The less robust a sensor is, the more samples have to be taken. Furthermore, the complexity of the algorithm takes its toll on the actual authentication time. For an iris scan the enrolment takes 45 seconds, and another 15 seconds for every authentication event. A vein scan requires more time as it has to handle a volume rather than a surface. In public places such as stadiums the need is for casual, real-time authentication of large numbers of people. In order to avoid excessive queues, the execution time

Figure 2Biometric authentication

in combination with

health indication.

© Keesing Reference Systems B.V.

Vascularacquisition

Health indication

Authentication

Allow/Reject

Cases analysedCases analysedInnovationInnovation 3

Keesing Journal of Documents & Identity, issue 32, 2010

per person must be brought down further by dedicated hardware such as the CBAS universal biometric engine (figure 1)9.

Future applicationsIn the not too distant future, the use of vascular methods will not be limited to access control. It has been shown that it can also present valuable information on someone’s health. Perfusion of the oxygen content is a clear health indicator and where veins can be extracted and identified, health indicators can be measured in a non-obtrusive way. This will eventually allow a type of access control where personal health can be taken into account (figure 2).

1 C. Simon and I. Goldstein, “A new scientific method of

identification”, New York State Journal of Medicine, vol. 35, no.

18, 1935, page 901-906.

2 J.G. Daugman, United States Patent 5291560, issued March

1, 1994.

3 J. Rice, Apparatus for the identification of individuals, United

States Patent 4699149, issued October 13, 1987.

4 G. Park, S.-K. Im and H. Choi, “A Person Identification

Algorithm Utilizing Hand Vein Pattern”, Korean Signal

Processing Conference, vol. 10, no. 1, 1997, page 1107-1110.

5 J. Hashimoto, “Finger Vein Authentication Technology and its

Future”, Digest Symposium on VLSI Circuits, 2006, page 5-8.

6 M. Watanabe, “Palm Vein Authentication”, chapter 5 in: N.K.

Ratha and V. Govindaraju, “Advances in Biometrics Sensors,

Algorithms and Systems”, Springer London, 2008.

7 S.-K. Im, H.-M. Park, S.-W. Kim, C.-K. Chung, and H.-S.

Choi, Improved Vein Pattern Extracting Algorithm and Its

Implementation, Int. Conference on Consumer Electronics ICCE,

Los Angeles, page 2-3, 2000.

8 Hitachi Engineering Co. Ltd., “Finger Vein Authentication

Technology”, 2009. Available online: http://www.hitachi.eu/

veinid/.

9 S. Malki and L. Spaanenburg, “CBAS: A CNN-based biometrics

authentication system”, Proceedings 12th Int. Workshop on

Cellular Nanoscale Networks and their Applications, Berkeley,

2010, page 350-355.

If you would like to respond to the contents of this article,

please send an email to kjd@keesing.nl

© Keesing Reference Systems B.V.

InnovationInnovation4