Fingerprint Advances Will Fight Cybercrime

"This research paves the way toward efficient methods of preventing unauthorized access to handheld devices, such as cell phones, wireless handheld devices and electronic audio players, as well as to secure Web sites," explained Venu Govindaraju, Ph.D., principal investigator, UB professor of computer science and engineering, and director of the university's Center for Unified Biometrics and Sensors (CUBS). "It also will help make fingerprint matching for forensic applications more effective."

Fingerprint access potentially can eliminate the need for consumers to remember all those annoying passwords, he added.

The UB research addresses a key problem that has emerged in the quest for fingerprint access to electronic devices and Web sites: quantifying how much security is possible with fingerprinting, given that most commercial sensors tend to capture only partial fingerprints.

"This problem needs to be overcome before it will be possible to routinely replace passwords with fingerprints," Govindaraju said.

The UB research specifies the physical dimensions of the keypad sensor in order to achieve specified levels of security, an issue that is of growing importance as devices become ever smaller.

Govindaraju explained that any company considering using fingerprint matching for access will want to be able to quantify what level of security is possible.

"With passwords, this is an easy task," he said, "obviously a six-letter password will be much more difficult to break than a three-letter password because there are so many more possible combinations."

Similarly, Govindaraju and his colleagues decided to try to quantify how big a fingerprint image has to be in order to achieve an acceptable level of security.

"For the first time, we have determined the minimum surface area required for fingerprint scanning in order to achieve a level of security that is roughly comparable to the security achieved with a six-letter password," he explained.

Called the Automated Partial Fingerprint Identification system, the algorithm developed by the UB scientists enables computer systems of, say, banks or online retailers, to determine whether or not to grant access, by securely matching two fingerprint images (the stored one and the "new" one) even when only part of the print is captured.

That's important, Govindaraju explained, because whether they are fingerprints, facial images or voice inputs, biometrics often are captured under less than ideal conditions.

"Since our matching method assumes that the fingerprint image is not complete, it allows for more robust feature matching," he said.

The work was published in Pattern Recognition, the Journal of the Pattern Recognition Society.

In a similar vein, the UB researchers solved another problem that stems from the fact that unlike a password, even the right fingerprint comes out slightly differently each time it's imaged.

"With passwords, it's always the same characters and the user hits the right keys," he said. "But with fingerprints, every time you touch the sensor, the image will be slightly different, just as no two photographs are ever exactly the same."

In order to protect a user's identity and access data, databases such as those of credit card companies don't store the exact password that you type into the computer each time. Rather, they store an "irreversible" transformation (called a "transform") of that password and when the entered password matches with the stored transform, access is granted.

To securely match fingerprint images with their "transforms," he explained, a robust system will have to ensure that it can compensate for the fact that from time to time, even the right fingerprint will vary in the amount of pressure that was used to create it, the amount of moisture on the finger or the part of the print that is captured.

"The algorithm we developed allows the system to make a transformation of the fingerprint image by encoding certain features of the fingerprint and then transforming them in a way that is unique to that fingerprint," said Govindaraju.

"This is one of the first implementations of what is known as a cancelable biometric, using standard feature representations, because what is being stored is not the fingerprint image itself, but a transformation of that image," he said. "It is nearly mathematically impossible to reverse engineer it."

A patent has been filed on this technology.

The research was funded by the University at Buffalo, a premier research-intensive public university, the largest and most comprehensive campus in the State University of New York.

Source: University at Buffalo

Software Helps Developers Get Started with PIV Cards
The National Institute of Standards and Technology has developed two demonstration software packages that show how Personal Identity Verification (PIV) cards can be used with Windows and Linux systems to perform logon, digital signing and verification, and other services. The demonstration software, written in C++, will assist software developers, system integrators and computer security professionals as they develop products and solutions in response to Homeland Security Presidential Directive 12 and the FIPS 201-1 standard.
A Laptop Circle of Trust
Laptop computers are quickly becoming standard-issue equipment for enterprise workforces across the globe, but the productivity gained from this added mobility comes at a price: increased exposure to theft, loss and damage.
Invention IDs Computer Users By Typing Patterns
Thirteen years ago Dr. Marcus Brown, associate professor of computer science at The University of Alabama, and one of his now former graduate students were awarded a patent for their novel invention which identifies a person by how they type their name.
The Web: Mobsters extinguish firewalls
Firewall? Forgetaboutit. Cyber-criminals, including the mafia, are now so savvy they can penetrate past these supposedly sturdy security measures and hack your computer network, whether you work at a university, Fortune 500 company or smaller firm, experts tell UPI's The Web.
Probing Question: Is it safe to pay my bills over the Internet?
Managing your money is no easy task. While television commercials make it look easy to do all your banking online in just five minutes, on the next channel, insurance companies warn of crooks that will steal your identity and your money. What’s the deal? Is it safe to pay your bills online?
Hitachi develops grip-type finger vein authentication technology
Hitachi, Ltd. announced the development of a grip-type finger vein authentication technology, which upon gripping of a door handle, instantaneously recognizes the finger vein pattern and confirms the identity of the person trying to enter. Thus, an authorized person only has to grip a door handle to open a locked door to enter a room, home or vehicle.
Feds bolstering online banking security
Federal banking regulators are ordering financial institutions to bolster their Internet security by the end of next year, hoping to halt identity theft. But experts tell UPI's The Web that the measures still may not be strong enough, and may, in the words of Mark D. Rasch, senior vice president and chief security counsel of Solutionary Inc., a Bethesda, Md.-based IT developer, inspire "false confidence" among consumers.
Lenovo Unveils Industry's Thinnest and Lightest 14-inch Widescreen Notebook
Lenovo today announced the ThinkPad Z-Series, the first widescreen multimedia ThinkPad notebooks with integrated Verizon Wireless Broadband Access (WWAN). ThinkPad Z Series is designed for mobile and small business users who rely on one notebook computer for both work and life demands.

Fingerprint Advances Will Fight Cybercrime

Related stories:

News discussion: