06-06-2012, 10:31 AM
On the Use of Mobile Phones and Biometrics for Accessing Restricted Web Services
On the Use of Mobile Phones and Biometrics.ppt (Size: 130 KB / Downloads: 42)
Aim
The mainstay of this project is to present an application that allows a mobile phone to be used as a biometric-capture device. The main contribution of our proposal is that this capture, and later recognition, can be performed during a standard web session, using the same architecture that is used in a personal computer (PC).
Synopsis
The use of biometric person recognition for secure access to restricted data /services using a mobile phone with Internet connection have been dealt. Biometrics can be divided into two categories based upon the underlying characteristic they are using: physiological and behavioral. There are three general categories of user authentication: 1) something you know, e.g., passwords and personal-identification numbers (PINs), 2) something you have (e.g., tokens), and 3) something you are (e.g., biometrics).
Today, with the advancement of mobile handsets and wireless networking, mobile devices have both the network access and computing capacity to provide users with a diverse range of services (e.g, secure payment , e-banking, e-commerce (better: m-commerce), etc.). We have, then, a very popular device, with increasing functionality and access to personally and financially sensitive information; therefore, the requirement for additional and/or advanced authentication mechanisms is essential.
The problem of capturing and sending the biometrics to the web server via PC is very easy to solve using embedded applications in the web pages. The proposal of this project is to present a novel mobile-phone application architecture to capture and send the biometric to the web server based on the use of an embedded web browser. The current mobile technology is not ready for embedded applications in mobile web browsers; however, it is prepared for our solution, which is very easy and effective, as will be seen.
Existing System
Many commercial and research efforts have recently focused on this subject. However, in spite of the great amount of particular applications that can be found, the cost of changing or modifying biometric platforms, the lack of normalization in capture-device technology, and communication protocols, as well as social-acceptance drawbacks, are all barriers to the popularization of biometric recognition.
The dominant approach on current control access is via password or PIN, but its weaknesses are the most clearly documented: if it is easy to remember, it is usually easy to guess and hack into, but if it is difficult to attack, it is usually difficult to remember; hence, a lot of people write them down and never change them.
The problem with tokens is that they authenticate their presence, but not the carrier; they can be easily forgotten, lost, or stolen, and, as it happens with the credit cards, can be fraudulently duplicated. As a result, biometry appears as a good solution, which is generally used, in addition to the previous authentication methods, to increase security levels.
Proposed System
The main contribution of our proposal is that this capture, and later recognition, can be performed during a standard web session, using the same architecture that is used in a personal computer (PC). Today, with the advancement of mobile handsets and wireless networking, mobile devices have both the network access and computing capacity to provide users with a diverse range of services.
The main characteristics of our proposal with regard to the state of the art are Simplicity, Low Cost, Multiplatform, Multibiometrics and Secure. A lot of works/applications can be found that focus on the use of biometry with mobile devices; however, as far, none of them show a similar system to the one in this paper: a general proposal to capture biometrics by means of a mobile phone during a standard web session. This capture can only be stored in the server or used with remote (i.e., web service) or local (i.e., mobile data or application) restricted access.
Server Design
The server side contains the main parts of the functionality of the proposed architecture. In our first module we deal upon accessing the Server Tier designing part of our project. We deal on working with Tomcat Server and designing our web pages using Struts.
Client Registration and ID Generation
On the client side, the biometric acquisition software is deployed. Our architecture proposes to leave only the data-capturing module on the client side, with the rest of the modules at the server side.
This means that the applications developed need no special memory or processing requirements, since the main computer load falls on the execution of a web navigator and standard mobile devices (e.g., touch screen, microphone, camera, etc.) are used to capture the biometrics. We perform Client Registration from our mobile end to connect it to our server which in turn creates account id and user id for the respective client.
User Login and Image Capturing Engine
Biometric Capturer takes in charge of calling and managing the mobile capture devices and a biometric up loader is in charge of sending the biometric data to the server and managing this uploading. A Client makes a login using his account id and user id, and the server performs a validation using his details. The Biometric Capturer captures the client’s image and passes on to the server.
Feature Extraction and e-Banking
This module collects the raw biometric data and prepares them for processing by the verification engine. This is based on biometric data supplied by the server-side capturing engine, and it generates the feature vectors. In addition to obtaining the features vector or sequence of feature vectors, it is usual to perform further geometric transformations. The database contains information from the users of the system (i.e., user’s database subsystem) and their biometric templates (i.e., user’s templates subsystem).
The matcher compares the information received against the template of the client stored in the database, thereby generating a numeric comparison score. The Score-normalization is to improve the system performance or to use a universal decision threshold. From the comparison of the score with a decision threshold, this determines whether the user is accepted or rejected and is, thus, granted or denied access to the system or protected services and transmits the output back to the client.
