Continuous and transparent multimodal authentication: reviewing the state of the art

Individuals, businesses and governments undertake an ever-growing range of activities online and via various Internet-enabled digital devices. Unfortunately, these activities, services, information and devices are the targets of cybercrimes. Verifying the user legitimacy to use/access a digital device or service has become of the utmost importance. Authentication is the frontline countermeasure of ensuring only the authorized user is granted access; however, it has historically suffered from a range of issues related to the security and usability of the approaches. They are also still mostly functioning at the point of entry and those performing sort of re-authentication executing it in an intrusive manner. Thus, it is apparent that a more innovative, convenient and secure user authentication solution is vital. This paper reviews the authentication methods along with the current use of authentication technologies, aiming at developing a current state-of-the-art and identifying the open problems to be tackled and available solutions to be adopted. It also investigates whether these authentication technologies have the capability to fill the gap between high security and user satisfaction. This is followed by a literature review of the existing research on continuous and transparent multimodal authentication. It concludes that providing users with adequate protection and convenience requires innovative robust authentication mechanisms to be utilized in a universal level. Ultimately, a potential federated biometric authentication solution is presented; however it needs to be developed and extensively evaluated, thus operating in a transparent, continuous and user-friendly manner

CardioCam: Leveraging Camera on Mobile Devices to Verify Users While Their Heart is Pumping

With the increasing prevalence of mobile and IoT devices (e.g., smartphones, tablets, smart-home appliances), massive private and sensitive information are stored on these devices. To prevent unauthorized access on these devices, existing user verification solutions either rely on the complexity of user-defined secrets (e.g., password) or resort to specialized biometric sensors (e.g., fingerprint reader), but the users may still suffer from various attacks, such as password theft, shoulder surfing, smudge, and forged biometrics attacks. In this paper, we propose, CardioCam, a low-cost, general, hard-to-forge user verification system leveraging the unique cardiac biometrics extracted from the readily available built-in cameras in mobile and IoT devices. We demonstrate that the unique cardiac features can be extracted from the cardiac motion patterns in fingertips, by pressing on the built-in camera. To mitigate the impacts of various ambient lighting conditions and human movements under practical scenarios, CardioCam develops a gradient-based technique to optimize the camera configuration, and dynamically selects the most sensitive pixels in a camera frame to extract reliable cardiac motion patterns. Furthermore, the morphological characteristic analysis is deployed to derive user-specific cardiac features, and a feature transformation scheme grounded on Principle Component Analysis (PCA) is developed to enhance the robustness of cardiac biometrics for effective user verification. With the prototyped system, extensive experiments involving 25 subjects are conducted to demonstrate that CardioCam can achieve effective and reliable user verification with over 99% average true positive rate (TPR) while maintaining the false positive rate (FPR) as low as 4%

Mobile personal authentication using fingerprint.

Cheng Po Sum.Thesis submitted in: July 2003.Thesis (M.Phil.)--Chinese University of Hong Kong, 2004.Includes bibliographical references (leaves 64-67).Abstracts in English and Chinese.List of Figures --- p.iList of Tables --- p.iiiAcknowledgments --- p.iv摘要 --- p.vThesis Abstract --- p.viChapter 1. --- Mobile Commerce --- p.1Chapter 1.1 --- Introduction to Mobile Commerce --- p.1Chapter 1.2 --- Mobile commence payment systems --- p.2Chapter 1.3 --- Security in mobile commerce --- p.5Chapter 2. --- Mobile authentication using Fingerprint --- p.10Chapter 2.1 --- Authentication basics --- p.10Chapter 2.2 --- Fingerprint basics --- p.12Chapter 2.3 --- Fingerprint authentication using mobile device --- p.15Chapter 3. --- Design of Mobile Fingerprint Authentication Device --- p.19Chapter 3.1 --- Objectives --- p.19Chapter 3.2 --- Hardware and software design --- p.21Chapter 3.2.1 --- Choice of hardware platform --- p.21Chapter 3.3 --- Experiments --- p.25Chapter 3.3.1 --- Design methodology I - DSP --- p.25Chapter 3.3.1.1 --- Hardware platform --- p.25Chapter 3.3.1.2 --- Software platform --- p.26Chapter 3.3.1.3 --- Implementation --- p.26Chapter 3.3.1.4 --- Experiment and result --- p.27Chapter 3.3.2 --- Design methodology II ´ؤ SoC --- p.28Chapter 3.3.2.1 --- Hardware components --- p.28Chapter 3.3.2.2 --- Software components --- p.29Chapter 3.3.2.3 --- Implementation Department of Computer Science and Engineering --- p.29Chapter 3.3.2.4 --- Experiment and result --- p.30Chapter 3.4 --- Observation --- p.30Chapter 4. --- Implementation of the Device --- p.31Chapter 4.1 --- Choice of platforms --- p.31Chapter 4.2 --- Implementation Details --- p.31Chapter 4.2.1 --- Hardware implementation --- p.31Chapter 4.2.1.1 --- Atmel FingerChip --- p.32Chapter 4.2.1.2 --- Gemplus smart card and reader --- p.33Chapter 4.2.2 --- Software implementation --- p.33Chapter 4.2.2.1 --- Operating System --- p.33Chapter 4.2.2.2 --- File System --- p.33Chapter 4.2.2.3 --- Device Driver --- p.35Chapter 4.2.2.4 --- Smart card --- p.38Chapter 4.2.2.5 --- Fingerprint software --- p.41Chapter 4.2.2.6 --- Graphical user interface --- p.41Chapter 4.3 --- Results and observations --- p.44Chapter 5. --- An Application Example 一 A Penalty Ticket Payment System (PTPS) --- p.47Chapter 5.1 --- Requirement --- p.47Chapter 5.2 --- Design Principles --- p.48Chapter 5.3 --- Implementation --- p.52Chapter 5.4 --- Results and Observation --- p.57Chapter 6. --- Conclusions and future work --- p.62Chapter 7. --- References --- p.6

Envisioning technology through discourse: a case study of biometrics in the National Identity Scheme in the United Kingdom

Around the globe, governments are pursuing policies that depend on information technology (IT). The United Kingdom’s National Identity Scheme was a government proposal for a national identity system, based on biometrics. These proposals for biometrics provide us with an opportunity to explore the diverse and shifting discourses that accompany the attempted diffusion of a controversial IT innovation. This thesis offers a longitudinal case study of these visionary discourses. I begin with a critical review of the literature on biometrics, drawing attention to the lack of in-depth studies that explore the discursive and organizational dynamics accompanying their implementation on a national scale. I then devise a theoretical framework to study these speculative and future-directed discourses based on concepts and ideas from organizing visions theory, the sociology of expectations, and critical approaches to studying the public’s understanding of technology. A methodological discussion ensues in which I explain my research approach and methods for data collection and analysis, including techniques for critical discourse analysis. After briefly introducing the case study, I proceed to the two-part analysis. First is an analysis of government actors’ discourses on biometrics, revolving around formal policy communications; second is an analysis of media discourses and parliamentary debates around certain critical moments for biometrics in the Scheme. The analysis reveals how the uncertain concept of biometrics provided a strategic rhetorical device whereby government spokespeople were able to offer a flexible yet incomplete vision for the technology. I contend that, despite being distinctive and offering some practical value to the proposals for national identity cards, the government’s discourses on biometrics remained insufficiently intelligible, uninformative, and implausible. The concluding discussion explains the unraveling visions for biometrics in the case, offers a theoretical contribution based on the case analysis, and provides insights about discourses on the ‘publics’ of new technology such as biometrics