collaborative fingerprint authentication by smart card and a trusted host

8/8/2019 Collaborative Fingerprint Authentication by Smart Card and a Trusted Host

http://slidepdf.com/reader/full/collaborative-fingerprint-authentication-by-smart-card-and-a-trusted-host 1/5

Collaborative Fingerprint Authentication by Smart Card and a Trusted Host

Y.S. Moon, H.C. Ho, K.L. Ng, S.F.Wan, S.T.Wong

Department of Computer Science and Engineering

The Chinese University of HongKong

Shatin, N.T.,HongKong.

Email: [email protected]

Abstract

Smart card is an important component in e-commerce

security. In aprevious CCECEpaper, we introduced the

idea for verification of the ownership of a smart card

using fingerprint. An owner's fingerprint is registered

into a smart card. When using smart card on a

computer, the card software will match the user's

fingerprint with that stored in the card. This paper

describes the continuation work of this research. Our

goal is to extendthe role ofthe smart card to become an

active authenticator for participation in fingerprint

authentication process.The

heart ofproblem lieson

thelimited computing power of the card's processor. This

paper reports the detailed descriptions of the design,

implementation and experiments.

1 IntroductionSmart card[6], which is a credit card sized plastic card,

embedded with a special type of hardwired logic or a

microprocessor to holtl critical information securely, is a

good choice of light-weighted hardware assisted

cryptographic devices for protection at the client side,when conducting some kinds of online activities, such

as e-commerce[9] on the intemet.

In recent years, there is an increasing trend of using

biometrics information such as eye retina, fingerprint,etc for user authentication in order to strengthen thesecurity measures of different electronic/embeddedsystems, including smart card systems. However, most

of these systems have a common insecure characteristicthat the biometrics authentication process is solely

accomplished out of the smart card processor. For

example, in fingerprint-based card systems, the card

needs to insecurely release the critical fingerprint mastertemplate information into a host computer with anextemal fingerprint reader to perform the fingerprint

matching.

In a previous CCECE paper[8], we introduced the idea

for verification of the ownership of a smart card using

fingerprint. One or more fingerprints of the owners areregistered into smart card. When the owner uses his

smart card on a computer, the card software will attemptto match the user's fingerprint with that stored in the'

card. In this way, the authentication of smart card can be

established. This paper describes the continuation work

0-7803-5957-7/00/$10.00©2000 IEEE

108

which attempts to improve the time complexity and

reduce the data leakage possibility in ourmethod.

2 Fingerprint Authentication Basic and its

Application in Our ProjectIn our work, fingerprint comparison is chosen as the

biometrics authentication tool for its maturity in termsof algorithm availability and hardware feasibility. The

novel technique for fingerprint identification [1],[2],[3]

has been well developed in the field of image

processing. Generally speaking, when we want to

compare two fingerprint images, it is needless to

accomplish this using a pixel-by-pixel methodology. On

the contrary, we can simply compare some pre-extra(:ted

features. In this regard, we have adopted the minutiae

method [1],[2],[3],[4],[5] in our work.

Minutiae refer to the ridge ends and ridge branches of a

fingerprint image. After some ad-hoc minutiae

extraction process [1],[2],[3],[4],[5], we obtain a set of

minutiae which is unique for every person[12]. This

process transforms the fingerprint-matching problem

into a more general point-matching problem. Several

well-known point-pattem-matching algorithms havebeen proposal in the late80's[1l].

We conducted our work using smart card equipped with

a 5 MHz Java processor[7] with no floating-pointarithmetic support. In our previous work, after we had

added a fixed-point arithmetic support to the smart card,

the card processor required about 7-10 seconds to

accomplish the point matching process. One way to cut

down this f i g u r ~ i i s to let the computer hosting the smartcard reader tqcarry out a more substantial share of thecomputational work. Unfortunately, this implies that

more fingerprint data must be transferred out of the

smart card so that data leakage becomes a problem. Inthe following part, we will discuss our continued e1fort

in this direction to enable the matching process becompleted in real time and secure manner.

3 Abstracted .M,:odel of Fingerprint

MatchingIn our recent work, we focus on enhancing the

performance of minutiae matching process on the smart

card. We assume that the process ofminutiae extraction

is done by a fingerprint capture device equipped with a

DSP chip. Before discussing our new algorithm design,



let us review the whole process fingerprint

authentication in this section briefly.

3.1 Fingerprint Authentication ProcessThe process of fingerprint authentication can be divided

into 3 main steps. They are:

3.1.1 Image Pre-Processing EnhancementThis refers to the refinement of the original fingerprint

image against image degradation in the fingerprint

reader.

from the sc'anner, we extract the minutiae points from a

captured image using the host computer, and stl:>re the

points into a template file, called live template. Data of

the live template file is sent to the smart card, which

computes translation and rotation difference between

the live template and the master template. By using

these two values, the live template can be transformed

in a state ready for point-to-point matching with the

master template. Finally, we obtain a percentag{: match

result.

MP is a 2D co-ordinate (MP_X, MP_Y) and,

Figure 1 Original system architecture

4.2 Different New Approaches

4.2.1 The Cartesian Approach

In our new design, we perform some pre-match

computation is conducted in the host computer in order

to reduce the workload of the smart card. When

generating the master template file, we compute theaverage posit ion (MP) and orientation (MO) of the

points in the master template and attach these two

values to themastertemplate in the smart card.

Smartcardost computer

3.1.2 Minutiae Extraction

This refers to fingerprint feature extraction. The

following algorithm is mainly based on the techniques

used in [4].

The 4 main steps are listedbelow:

Step 1 Conversionfrom original image to Binary image

Apply a low pass filter to smooth the high frequency

regions of the print and apply threshold into each

segment of the image.

Step 3 Skeleton refinement and transformation

In this stage, the skeleton obtained is transformed into a

sta te from which valid Minutiae information can be

extracted.

Step 4 Enrollment

Select some of the Minutiae and store them into a

template file. The position, type and orientation of each

Minutia, are stored as a master template inside the smart

card.

Step 2 Binary image to one pixe l wide skeleton

conversion

Using spatial domain method and thinning rules,

consider each pixel with its neighbors, generate a one

pixel-wide skeleton image.

3.1.3 Authenticate with the Live Scan Image

After we have captured the user fingerprint image from

the fingerprint reader, we'can apply the above

mentioned image processing techniques to transform the

image into necessary minutiae points and compare them

with the master template. Due to the difference between

displacement and orientati'on between the live scanned

image and the master image, it is necessary to rotate and

translate the live scanned image before doing a point-to

point matching procedure. After this process, we can

compute the percentage match result by using a point

to-point type matching procedure. Subsequently, a

decision can be made by comparing the percentagematch value and a pre-defined threshold value[4],[5].

4 Modified Approaches

4.1 Original Design

In our original system, which we called the "Hard

Way", after we have obtained the. live scanned image

where Xi is the x co-ordinate of ith minutiae, Y j is the y

co-ordinate of the i th minutiae, OJ is the minutiae

orientation of the ith minutiae in the mas ter template

and N is the total number of minutiae points i.n master

template.

The calculation ofLP and LO is similar.

During authentication, after we have obtained the live

template file, we will compute the average position (LP)

and orientation (LO) of the live template. Then, MP and

MO are sent to the host computer from the smart card.

Points of live template will be transformed in the host

109



4.3.1 Point-to-Point Matching (Polar Form)

In the Cartesian point-matching algorithm, two points

match if the minutia from live image fall into the

bounding box of master image. In the Polar Form

algorithm, we have a different way for computing the

error bounds.

Firstly, we define the size of the bounding box:

Figure 5 Initial guess

For two points, if I rl - r21 < 10 and I 1 - 2 I < 60

degree, then they are considered to be the preliminarily

matched. Further computation is necessary to verify

their closeness.

If two points fulfil the above requirement, the arc length

(r2 * ( 1 - . 2)) will be calculated. If the arc length <I0, these two points will be regarded as matched. In

some cases, more one point from the live template may

match to one point in the master. Using the

approximation formula: area = arc * (r2 - rl), we will

compute the areas of the error bounding rectangles for

all of the matching points in the live template, The point

associated with the smallest rectangle will be regarded

as best matched point.

Figure 6 Best match approach

4.4 Assumption

When we conduct the experiment of the above

approaches, we have assumed that the numbers of

minutiae in the master and the live scan template are

approximately the same. Significant difference between

the number of minutiae extracted from the live scan and

that from master template can lead to the inaccuracy in

the comparing the orientation angle and the minutiae

average position. Our assumption is valid since theincrease in the difference in the minutia number implies

the increase in the number of noisy points detected,

signalling us to reject the live scan template and re

acquire the candidate's fingerprint again. Here, we

should ensure that the minutiae stored in the master

template are not noisy points, else false rejection rate

can increase. This can be achieved by scanning more

than once during master template registration.

5 Time Complexity AnalysisIn this section, we would like to investigate the

performance issues of our new design of fingerprint

computation in the smart card system.

Our original system which uses the smart card processor

to do the transformation process and the point-to-point

matching process, takes about 10 seconds to finish the

authentication process. About 40% of time was spent on

transferring fingerprint template data to the smart card

and another 60% spent on the actual authentication

computation. The new system takes only 3-4 seconds to

complete the complete authentication process. 50% of

time is used to transfer data. Two separate data transfer

sections actually take place. The first one refers to the

data transfer from the smart card to the host computer.

The data are simply two average values of the master

template. The second one transfers the whole live

fingerprint template from the host computer to the smart

card. Another 50% of time are used to process the

authentication computation which is a simple point-to

point matching procedure.

Refer to the point-to-point matching pseudo-code in our

previous paper[8], we can see that the time complexity

of the point-to-point-matching algorithm is 0 (n2).

Assuming the number of Minutiae Points exist in both

the master template and the live scan template are 20

respectively, the worse case of the number' of

comparisons is 20 x 20 = 400.

6 Experiment ResultsIn our experiment, we want to examine the consistency

of accuracy and time complexity of the proposed pointpattern matching algorithms. We have generated 10

pairs of fingerprint template as sample test data.

.6.1 Consistent AccuracyWe run our sample data using the cartesian co-ordinate

approach and the polar co-ordinate approach in PC

platform. We found that the matching results of the

111



sample data are consistent with each other. The result is

shown below:

Data Percentage match Percentage matchset computed by Polar computed by

coordinate approach Cartesian coordinateapproach

1 100% 1000/0

2 89% 94%

3 100% 100%

4 100% 100%

5 92% 91%

6 0% 0%

7 100% 100%

8 100% 100%

9 89% 100%

10 100% 100%

Remark: there are about 20 mmutIae In both master and

live template in each data set.

Though the above result shows the consistency of the

two approaches is satisfied, the accuracy greatly

depends on the detennination of the average position

(centroid) which in tum depends on different betweennumber of minutiae extracted from master and live

fingerprint image. Otherwise, the result can deteriorate

significantly

6.2 Time RequirementWe ran the sample data using cartesian co-ordinate

approach and polar co-ordinate approach inside the

smart card. We found that the average time to complete

the cartesian point pattern matching algorithm is about

1.0 second, and the average time to complete the polarpoint pattern matching algorithm is about 0.8 second.

Noted that the above average time does not include the

transfer time of data to smart card. The average data

transfer time is about 2.5 seconds. Therefore, the totaltime for a complete authentication is 3-4 seconds which

is an obvious improvement compare with our last year

result.

'7 Conclusion and FutureWork

In contrast to traditional approach on fingerprint

matching, like string matching[5], our approach issolely based on 2D geometry, which is more suitable tobe run by smart card with limited processing power.

However, the corresponding error tolerance ability willbe weakened. The next phase of this project comes to

requirement analysis of the .image pre-processing and'

feature extraction against noisy minutiae with respect to

smart card basedmatching algorithm.

112

References

[1] D. Maio, D. Maltoni, S. Rizzi, "An efficient

approach to on-line fingerprint verification",proceedings VIII Int. Symp. on Artificial

Intelligence, Mexico, Oct. 1995.

[2] D. Maio, D. Maltoni, "Direct Gray-Scale Minutiae

Detection in Fingerprints", IEEE Transactions on

Pattern Analysis Machine Intelligence, v. 19, no.I, pp. 25-29,1997.

[3] O. Bergengruen, Matching Minutiae of Fingerprint

Images, pp. 5-7 1994

[4] J. D. Stosz, L. A. Alyea, Automated system for

fingerprint authentication using pores and ridge

structure[5] A. Jain, L. Hong, R. Bolle, On-line Fingerprint

Verification, pp. 1-33, 1996

[6] Hendry, Smart Card Security and Applications,

Artech House, Inc., 1997

[7] . http://www.gemplus.com

[8] Y.S. Moon, H.C. Ho, K.L. Ng, "A Secure Smart

Card System with Biometrics Capability"

Proceedingsof

the 1999 IEEE CanadianConference on Electrical and ComputerEngineering, Edmonton, pp. 261-266,May 1999.

[9] Y.S. Moon, H.C. Ho, "Secure Transport Protocol

for E-Commerce - SET versus SSL", inMult imedia Infonnation Systems in Practice,Springer Verlag Press, pp. 389-397, Dec. 1998,

Hong Kong.

[10] P.M. Griffin, C. Alexopoulos, "Point Pattern

Matching Using Centroid Bounding", IEEETransactions on System, Man and Cybernetics,vol. 19, No.5, September/October 1989.

[11] G.S. Cox., G. de Jager., " A Survey on PointPattern Matching and a New Approach to Point

Pattern Recognition", Processing of the 1992

South African Symposium on Communicationsand Signal Processing, pp.243-248, 1992.

[12] F. Galton, Finger Prints, Macmillan, London,

1892.

collaborative fingerprint authentication by smart card and a trusted host

Documents