NFC & Biometrics Christophe Rosenberger
OUTLINE GREYC - E-payment & Biometrics Contactless transactions Biometric authentication Solutions Perspectives 2
GREYC Research Lab Research Group in Computer science, Automatics, Image processing and Electronics of Caen Laboratory staff: 7 CNRS researchers 25 Full professors 18 Associate professors 48 Assistant professors 79 PhD students 17 permanent staff 30 Engineers and post-doc Research topics: Electronics Image processing Algorithmic Document analysis Multi-agents Robotics navigation Automatics Computer security Natural language processing Biometrics Cryptography 3
Research units CODAG: Constraints, Data mining, Graphs HULTEC: Human Language Technology AMACC: Computation models, Cryptography, Complexity MAD: Models, Agents and Decisions IMAGE : Image AUTO : Automatics ELEC : Electronics E-payment & Biometrics 4
E-payment & Biometrics Members (29): 3 full professors, 2 associate professors, 4 assistant professors, 4 permanent engineers, 8 PhD students, 2 Post-docs, 6 engineers. Research topics (2): Biometrics and Trust Application: E-payment Research projects: ASAP(ANR), LYRICS(ANR), PAY2YOU(FUI), CAPI(FUI), ADS+(FUI), INOSSEM(GE), LUCIDMAN(EUREKA) 5
E-payment & Biometrics Biometrics: Operational authentication that respects the privacy of users Le pôle TES Biometric le sans-contact authentication (palm veins, keystroke dynamics ) Evaluation of biometric systems (usability, security ) Protection of biometrics (cancelable biometrics, smartcards ) GREYC Keystroke Keystroke dynamics authentication 6
OUTLINE GREYC - E-payment & Biometrics Contactless transactions Biometric authentication Solutions Perspectives 7
Contactless transactions E-Secure transactions Different technologies are combined E-transactions ( E-secure Transactions Cluster) 8
Contactless transactions Why contacless is better? It is faster There are many possible terminals for the transaction Smartcard, mobile phone, tablet, POS... It allows low cost applications Advertising, couponing... In some cases, it is more easy to use Transport, physical access control... 9
Contactless transactions User authentication: Holding an object (smartcard, mobile phone...) and Knowledge of a PIN code or OTP Limitations: More related to machine authentication Not so difficult to attack No real relationship between the user and its authenticator 10
Contactless transactions Biometrics : The only one authentication method using an authenticator related to the user 11
OUTLINE GREYC - E-payment & Biometrics Contactless transactions Biometric authentication Solutions Perspectives 12
Biometrics Biometric modalities: Biological analysis: EEG signal, DNA Behavioural analysis: Keystroke dynamics, voice, gait, signature dynamics... Morphological analysis: Fingerprint, iris, palmprint, finger veins, face, ear 13
Biometrics Biometric system: general architecture 14 Source ISO/IEC19794-1 Information technology Biometric data interchange formats Part 1: Framework
Biometrics Advantages: The only one user authentication method It is more easy to use It is much more difficult to attack or falsify 15
Biometrics Drawbacks: False rejection and acceptance are possible In general, it is not possible to revoke a biometric data It is sensitive to the replay attack There are many privacy concerns 16
OUTLINE GREYC - E-payment & Biometrics Contactless transactions Biometric authentication Solutions Perspectives 17
Solutions Two types of device: Specific ones with a biometric sensor Classic ones Two locations for the biometric authentication: 18 User Service provider
Specific solutions: user Match and capture on device Fingerprint sensor http://www.authentec.com/ 19
Specific solutions: user Match and capture on contactless card solution Comparison between the template and the capture Storage of the template fingerprint Fingerprint sensor 20 http://www.e-smart.com/
Specific solutions: terminal Match and capture on device solution NFC reader Fingerprint sensor http://www.taztag.com/ 21
Specific solutions: terminal Capture on device solution http://ekemp.en.alibaba.com http://www.acs.com.hk/ 22 http://www.naturalsecurity.com/ http://www.supremainc.com/
Specific solutions Discussion: There are many solutions especially for terminals Nearly all of them use fingerprint as biometric modality well known and cheap technology fast capture and verification very good performance 23
Other solutions Solutions without any specific sensor: Smartcard: storage of the biometric template match on card Smart object (mobile phone, tablet, laptop...) webcam : Face recognition Hand shape Finger knuckle print Ear... Finger Knuckle Print 24 Face Ear Hand shape
Other solutions Smart object (mobile phone, tablet, laptop...) microphone : speaker recognition: text-dependent or free-text keyboard : keystroke dynamics: passphrase, password or challenge touch screen : interaction: passphrase, password, challenge, task signature dynamics 25 Touch screen interaction Voice Signature dynamics Keystroke dynamics
Other solutions Discussion: There are many possible solutions The most interesting candidates are: voice touch screen interaction signature dynamics face hand shape 26
OUTLINE GREYC - E-payment & Biometrics Contactless transactions Biometric authentication Solutions Perspectives 27
Perspectives Biometric authentication will be necessary To make a real user authentication In order to guarantee the security of a contactless transaction Many trends have to be considered How to protect the biometric template? It is better to use a challenge based biometric authentication How and who will realize the enrolment? How to guarantee users privacy? 28
29 http://www.epaymentbiometrics.ensicaen.fr/