Service Integration for Biometric Authentication

Unimodaalsete biomeetriliste süsteemide kasvav kasutuselevõtt era- ja riigiasutustes näitab biomeetriliste autentimissüsteemide edu. See aga ei tähenda, et biomeetrilised süsteemid pakuvad terviklikku autentimislahendust. Unimodaalsetes biomeetrilistes süsteemides ilmneb hulk piiranguid, mida on võimalik ületada kasutades multimodaalseid biomeetrilisi autentimissüsteeme. Multimodaalseid süsteeme peetakse töökindlamaks ja võimeliseks rahuldama rangeid jõudlusvajadusi. Lisaks võimaldavad multimodaalsed süsteemid arvestada mitteuniversaalsuse probleemiga ja tõhusalt tõrjuda võltsimisrünnakuid. Vaatamata suhtelistele eelistele on multimodaalsete biomeetriliste süsteemide realisatsioon ja kasutusmugavus jäänud fundamentaalseks väljakutseks tarkvaraarenduses. Multimodaalsed süsteemid on enamasti sulam unimodaalsetest süsteemidest, mis on valitud vastavalt äriprotsessi ja vaadeldava keskkonna nõuetele. Nende süsteemide mitmekesisus, lähtekoodi kättesaadavus ja juurutamisvajadused muudavad nende arenduse ja kasutuselevõtu oluliselt kulukamaks. Tarkvaraarendajatena üritame me lihtsustada arendusprotsessi ja minimeerides selleks vajamineva jõupingutuse suurust. Seetõttu keskendub see töö olemasolevate biomeetriliste süsteemide taaskasutatavaks muutmisele. Eesmärgiks on kirjeldada teenuste integratsiooni raamistik, mis automatiseerib heterogeensete biomeetriliste süsteemide sujuvat seadistamist ja paigaldust ning vähendab arenduse töömahtu ja sellega seotud kulutusi. Selle eesmärgi saavutamiseks kõrvaldame me vajaduse korduva stsenaariumipõhise ühilduvate süsteemide arenduse ja integratsiooni järgi. Biomeetriliste süsteemide arendus muudetakse ühekordseks tööks. Me esitleme ka vahendeid heterogeensetest avatud lähetekoodiga ja kommerts biomeetrilistest süsteemidest koosnevate multimodaalsete biomeetriliste süsteemide seadistamiseks ja paigaldamiseks lähtuvalt valdkonnaspetsiifilistest autentimisvajadustest. Võrreldes levinud praktikatega vähendab meie lähenemine stsenaariumi-spetsiifilise biomeetrilise autentimissüsteemi arendusele ja paigaldusele kuluvat töö hulka 46,42%.The success of biometric authentication systems is evident from the increasing rate of adoption of unimodal biometric systems in civil and governmental applications. However, this does not imply that biometric systems offer a complete authentication solution. Unimodal biometric systems exhibit a multitude of limitations which can be overcome by using multimodal biometric authentication systems. Multimodal systems are considered more reliable, and capable of meeting stringent performance needs and addressing the problem of non-universality and spoof attacks effectively. Despite the relative advantages, implementation and usability of multimodal biometric systems remain a fundamental software engineering challenge. Multimodal systems are usually an amalgamation of unimodal biometric systems chosen in accordance with the needs dictated by the business process(es) and the respective environment under consideration. The heterogeneity, availability of source code, and deployment needs for these systems incur significantly higher development and adaption costs. Being software engineers, we naturally strive to simplify the engineering process and minimize the required amount of effort. Therefore this work focuses on making the existing biometric systems reusable. The objective is to define a service integration framework which automates seamless configuration, and deployment of heterogeneous biometric systems, and minimizes the development effort and related costs. In this effort we replace the need for development and integration of scenario-specific compatible systems by repetitive scenario-specific configuration and deployment of multimodal biometric systems. The development of biometric systems is minimized to a one-time effort. We also present tools for configuration and deployment, which respectively configure and deploy multimodal biometric systems comprising of heterogeneous open source and/or commercial biometric systems required for fulfillment of domain specific authentication needs. In comparison to the prevalent practices, our approach reduces the effort required for developing and deploying reliable scenario-specific biometric authentication systems by 46.42%

Development of a generic fingerprint authentication framework

Estágio realizado na ALERT Life Sciences Computing, S. ATese de mestrado integrado. Engenharia Informática e Computação. Faculdade de Engenharia. Universidade do Porto. 200

Biometrics

Biometrics-Unique and Diverse Applications in Nature, Science, and Technology provides a unique sampling of the diverse ways in which biometrics is integrated into our lives and our technology. From time immemorial, we as humans have been intrigued by, perplexed by, and entertained by observing and analyzing ourselves and the natural world around us. Science and technology have evolved to a point where we can empirically record a measure of a biological or behavioral feature and use it for recognizing patterns, trends, and or discrete phenomena, such as individuals' and this is what biometrics is all about. Understanding some of the ways in which we use biometrics and for what specific purposes is what this book is all about

Integrating biometric authentication into multiple applications

The Internet has grown from its modest academic beginnings into an important, global communication medium. It has become a significant, intrinsic part of our lives, how we distribute information and how we transact. It is used for a variety of purposes, including: banking; home shopping; commercial trade - using EDI (Electronic Data Interchange); and to gather information for market research and other activities. Owing to its academic origins, the early developers of the Internet did not focus on security. However, now that it has rapidly evolved into an extensively used, global commercial transaction and distribution channel, security has become a big concern. Fortunately, the field of information security has started to evolve in response and is fast becoming an important discipline with a sound theoretical basis. The discipline views the twin processes of identification and authentication as crucial aspects of information security. An individual access attempt must be identifiable prior to access being authorised otherwise system confidentiality cannot be enforced nor integrity safeguarded. Similarly, non-denial becomes impossible to instigate since the system is unable to log an identity against specific transactions. Consequently, identification and authentication should always be viewed as the first step to successfully enforcing information security. The process of identification and authorisation is, in essence, the ability to prove or verify an identity. This is usually accomplished using either one or a combination of the following three traditional identification techniques: something you possess; something you know; or something you are. A critical consideration when designing an application is which identification method, or combination of methods, from the three described above to use. Each method offers its own pros and cons and there are many ways to compare and contrast them. The comparison made in this study identifies biometrics as the best solution in a distributed application environment. There are, however, two over-arching hindrances to its widespread adoption. The first is the environment’s complexity - with multiple applications being accessed by both the public and the private sectors - and the second is that not all biometrics are popular and no single method has universe appeal. The more significant hindrance of the two is the latter, that of acceptance and trust, because it matters little how good or efficient a system is if nobody is willing to use it. This observation suggests that the identification system needs to be made as flexible as possible. In a democratic society, it could be argued that the best way of ensuring the successful adoption of a biometric system would be to allow maximum freedom of choice and let users decide which biometric method they would like to use. Although this approach is likely to go a long way towards solving the acceptance issue, it increases the complexity of the environment significantly. This study attempts to solve this problem by reducing the environment’s complexity while simultaneously ensuring the user retains maximum biometric freedom of choice. This can be achieved by creating a number of central biometric repositories. Each repository would be responsible for maintaining a biometric template data store for a type of biometric. These repositories or “Biometric Authorities” would act as authentication facilitators for a wide variety of applications and free them from that responsibility.Dissertation (MSc (Computer Engineering))--University of Pretoria, 2005.Electrical, Electronic and Computer EngineeringMScunrestricte

Sistema de reconhecimento biométrico baseado no electrocardiograma

Este projecto pretende criar uma plataforma do tipo framework, para desenvolvimento de software que permita a implementação de sistemas biométricos de identificação e autenticação pessoal, usando sinais electrofisiológicos. O sinal electrocardiograma (ECG) é uma característica biométrica em ascensão, existindo fortes indícios de que contém informação suficiente para discriminar um indivíduo de um conjunto vasto de população. Usa-se a framework desenvolvida para criar aplicações que permitam avaliar o desempenho de várias abordagens do estado da arte do reconhecimento biométrico, baseadas no ECG. A arquitectura típica destes sistemas biométricos inclui blocos de aquisição, préprocessamento, extracção de características e classificação de sinais ECG, utilizando tipicamente duas abordagens distintas. Uma das abordagens (fiducial) assenta em pormenores dos diferentes segmentos da forma de onda do sinal ECG, enquanto que a outra abordagem (nonfiducial) tem a vantagem de não depender criticamente desses pormenores. Neste projecto ainda será explorada uma nova variante numa abordagem (non-fiducial) baseada em compressão de dados. Finalmente, pretende-se ainda estudar o desempenho destas abordagens em sinais ECG adquiridos nas mãos, o que constitui um desafio, dado não existirem actualmente estudos sistemáticos usando este tipo de sinais

Um modelo de autenticação biométrica para web banking

Dissertação (mestrado) - Universidade Federal de Santa Catarina, Centro Tecnológico. Programa de Pós-Graduação em Engenharia Elétrica.A autenticac¸ #ao biom´etrica, baseada em caracter´ýsticas pessoais intr´ýnsecas, h´a muito tem sido objeto do interesse da comunidade de seguranc¸a computacional. Entretanto, at´e pouco tempo atr´as a sua adoc¸ #ao se restringia a ambientes de alta seguranc¸a e aplicac¸ #oes de identificac¸ #ao criminal, por raz#oes de natureza econ#omica e tecnol´ogica. Com o aperfeic¸oamento da tecnologia e a reduc¸ #ao no custo dos dispositivos verificados recentemente, a biometria vem se popularizando, sendo freq¨uentemente apontada como uma soluc¸ #ao promissora para problemas de autenticac¸ #ao. O canal de atendimento web banking tem sido alvo de freq¨uentes ataques que levam a fraudes, o que exige reforc¸o na autenticac¸ #ao de clientes. As credenciais tradicionais de conhecimento e posse apresentam algumas defici#encias que podem ser supridas pela autenticac¸ #ao biom´etrica. Apresentamos um modelo de implementac¸ #ao para autenticac¸ #ao biom´etrica em sistemas de web banking. O modelo se utiliza da tecnologia de Servic¸os Web, que se caracteriza pela interoperabilidade e facilidade de integrac¸ #ao para os sistemas legados. A aplicabilidade do modelo ´e verificada atrav´es de um prot´otipo. Biometric authentication, based on intrinsic personal traits, has long been an object of interest to the computer security community. However, until some time ago its adoption was restricted to highly secure environments and criminal identification applications. With the recent technological improvements and reduction in device costs, biometrics has become more disseminated, being frequently touted as a promising solution for authentication problems. The web banking channel has frequently been the target of attacks leading to banking fraud, making it necessary to reinforce user authentication mechanisms. The traditional credentials of knowledge and possession show some deficiences that can be solved by biometric authentication. We present an implementation model for biometric authentication in web banking systems. The model uses the Web Services technology, which is characterized by its interoperability and easy integration to legacy systems. The applicability of the model is verified by means of a prototype

A web-centric framework for secure and binding electronic transactions

Thesis (S.M.)--Massachusetts Institute of Technology, Dept. of Civil and Environmental Engineering, 2000.Includes bibliographical references (leaves 105-110).The goal of this thesis is to present a web-centric framework for conducting secure and legally binding electronic transactions. This framework would create the confidence to achieve a large-scale replacement of paper-based transactions prevalent today, with secure and legally binding electronic transactions. The approach used - in this research effort - in achieving this goal, is two-phased. While the first phase focuses on developing a framework for conducting secure and legally binding transactions in a specific industry namely, the $3.2 Trillion construction industry, the latter part of the thesis addresses the security needs of e-commerce transactions in general through the development of an e- Notary service. The A/E/C specific implementation, in the first phase of this research effort not only provides very valuable insight into some of the most important concerns in conducting electronic transactions today, but also highlights the technology components required to conduct secure and legally binding transactions over the Internet, through the creation of models for secure communication and secure information management. Thus, it serves as a precursor to create a generic framework for conducting secure electronic transactions through the development of an e-Notary service, in the second phase, that provide secure and legally binding third-party security services to transaction service providers like e-commerce corporations and government organizations, enabling these organizations to focus on their core businessby Kiran K. Choudary.S.M

Extended Abstracts of the Second Privacy Enhancing Technologies Convention (PET-CON 2008.1)

PET-CON, the Privacy Enhancing Technologies Convention, is a forum for researchers, students, developers, and other interested people to discuss novel research, current developments and techniques in the area of Privacy Enhancing Technologies. PET-CON was first conceived in June 2007 at the 7th International PET Symposium in Ottawa, Canada. The idea was to set up a bi-annual convention in or nearby Germany to be able to meet more often than only once a year at some major conference