Microprocessor smart cards with fingerprint user authentication

Due to the great increase in Information Technology (IT) systems where user authentication is needed, security in those systems relies on using PINs or passwords. During recent years, the scientific community has been trying to improve biometric techniques to be accepted as an alternative to other user authentication schemes. One of the sectors where user identity must be verified, is the identification cards sector. In fact, if great security wants to be achieved, smart cards should be used. But cardholder verification is performed using Card Holder Verification Keys (CHV-Keys), which are PIN-based. The authors are trying to integrate fingerprint verification inside a smart card, following their works in the past. The fingerprint scheme used is shown, and the work to achieve the integration inside a commercial smart card is detailed.     

Access control system with hand geometry verification and smartcards

An access control system that joins the uniqueness of biometric verification, as well as the storage security and processing capabilities of smart cards, is defined here. The biometric technique chosen has been hand geometry, which is considered to provide low/medium security (there are other much more secure, as fingerprint, iris or retina), to be easy to use, to achieve high acceptance by users, and which performance is given throughout fast processing and medium cost. Also, the small template size needed for each user is positive for storage and processing capabilities required in the system. But the innovation in the system proposed is that the smart card not only stores the user's template, but also performs the verification process with the features set by the terminal to the card. With this improvement, the security of the system has risen because the template is never extracted from the card, avoiding duplication of such sensible data. The specifications for the enrolment process will be presented as well as the applications where this new system is recommended     

Smart card information and operations using biometrics

Nowadays many systems need a portable media to store some sensible data, such as smart cards. The information can be protected by the user with his Personal Identification Number (PIN), or through biometrics. Unfortunately, there is not a smart card today that can verify the biometric template inside it, performing this task in the terminal. The author has developed the algorithms and data structures needed to solve this problem. Therefore, he has created a smart card with user biometric authentication, based on an Open Platform smart card (in this case, a JavaCard). To achieve these results, different biometric techniques have been studied: speaker verification, hand geometry and iris recognition. Experimental results are given to show the viability of the prototype developed     

Information technology security using cryptography

It is widely known that information technology applications should be secured. During the last years, special efforts have been applied to achieve a great level of security. These efforts have increased security in some aspects, such as cryptographic algorithms and authentication techniques, etc. But many other security holes have appeared in these applications, making the improvements achieved a "waste of time and money". In this paper, some of these security holes are exposed. Using security hardware modules can overcome some of these holes, if they are designed according to the applications specification.     

Fingerprint verification using smart cards for access control systems

Over the past few years, the authors have tried to integrate biometrics into a smart card. In this paper, to improve error rates obtained with hand geometry biometrics and the costs with the iris recognition system, fingerprints are used. This technique, quite well known in the industry and deeply studied for the last century, has improved its electronic sensors, pulling down prices and, therefore, enabling its use in many more applications. The first step, as in every biometric system, is to obtain an image of the user's fingerprint. After this, a pre-processing algorithm is applied, which enables feature extraction to obtain the location and type of all minutiae, i.e., the discontinuities in the ridges and valleys of the fingerprint. Due to the fact that it is not possible to always catch the same number of minutiae, a special matching algorithm should be applied to compare the feature vector with the corresponding user's template. Efforts to integrate this matching algorithm in a low computer power device, such as a smart card, are given, showing the paths that should be followed in order to improve the security of access control and payment systems available today.     

Achieving security in integrated circuit card applications realityor desire?

It has always been claimed that smart cards provide a really high level of security, considering them as a tamper-proof device, with the possibility to auto-block some or all of the services it provides. Unfortunately, nowadays some hackers appear to have demonstrated the lack of security involved in some applications where Integrated Circuit Cards (ICC) have been used. This has led to the opinion that smart cards are not secure enough, and their security is only in the minds of the commercial companies involved with the technology. In this paper, the author explains the reasons why this hacking has succeeded. For example, sometimes memory cards have been used instead of smart cards, or very old smart cards have been issued and not renewed, or the development team involved has not used basic security techniques, such as diversified keys. The author also gives clues to achieve a high level of security depending on the final application, and the environment in which it is going to be used     

Changes to vascular biometric system security & performance

When considering biometrics for a Personal Identification System, different modalities can be considered. The final selection will depend on specific application requirements. From the several modalities existing nowadays, vascular systems have appeared on the scene lately. Vein-based identification is claimed to be as reliable as fingerprint or iris identification, but with the usability of hand geometry or even the face. As with any other biometric modalities, vascular solutions have to be deeply analyzed for all relevant factors that could affect their performance or the security level achieved. This will show the analysis of the performance and security achieved by a commercial vascular biometric system, when being applied in several real-world scenarios. These scenarios will cover typical office environments to the more extreme environments, such as extreme light and temperatures, as those suffered in a banking ATM, or with high humidity such as in a gym. The results will show the strengths of this modality, as well as those points where further improvements are needed.     

Iris-based biometric recognition using dyadic wavelet transform

A biometric identification system, based on the processing of the human iris by the dyadic wavelet transform, has been introduced. The procedure to obtain an iris signature of 256 bits has been described, as well as the feature extraction block and the verification system. The results have shown that the system can achieve high rates of security.