EaSy: Efficient and Secure System for Utility Service Registration 1 Nor Zaidi Haron, 2 Siti Aisah Md Junos@Yunus, 3 Mohd Sa'ari Mohamad Isa, 4 Azmi Awang Md Isa *1 Universiti Teknikal Malaysia Melaka, Malaysia, zaidi@utem.edu.my 2,3,4 Universiti Teknikal Malaysia Melaka, Malaysia, {aisah,saari,azmiawang}@utem.edu.my Abstract Present-day practices to apply utility services in government and private offices require customers to handwrite their information on paper-based application forms. Such tedious and slow task practices are becoming irrelevant nowadays where computer and information technology are ubiquitous. This manuscript presents an efficient system for applying utility services in a secure manner. Referred to as Efficient and Secure Utility Application System (EaSy), the proposed system retrieves the customers' information from their nationality identity card (NIC) and transfers the information to a dedicated application in a PC environment. For security measures, the fingerprint verification of the authentic customers is required before their formation can be retrieved from their NIC. A commercialized NIC reader is connected to the computer via universal serial bus communication. The dedicated application was developed the Visual Basic software consisting the digital application forms that mimic the handwritten paper-based form. A study case at the Malaysian Immigration Office and our postgraduate laboratory was performed to evaluate the effectiveness of the proposed system. Results from the performance evaluation show that EaSy offers three times faster to complete a registration procedure compared to handwriting practices. Note that, the proposed system can easily be adapted for other utility services by developing the desired utility service forms. 1. Introduction Keywords: PC-based applications, Fingerprint, Smart card Presently, customers are required to fill in an application form when applying a utility service manually. It means that the basic information such as names, address, age, date-of-birth, etc. need to be written on the application form. Although this procedure has been long practiced, it is a tedious and time-consuming task especially with the rapid development of computer and information technology. In addition, this traditional practice is prone to mistakes and vulnerable to fraud. Because of these limitations, government agencies are unable to provide efficient services to citizens; while private agencies make less productivity from their services. This manuscript presents an efficient system for applying utility services in a secure manner. Referred to as Efficient and Secure Utility Application System (EaSy), the proposed system retrieves the customers' information from their nationality identity card (NIC) and transfers the information to a dedicated application in a PC environment. For security measures, the fingerprint verification of the authentic customers is required before their formation can be retrieved from their NIC [1]. A commercialized NIC reader is connected to the computer via universal serial bus communication. The dedicated application was developed the Visual Basic software consisting the digital application forms that mimic the handwritten paper-based form. A case study at the Malaysian Immigration Office and our postgraduate laboratory shows that EaSy can improve the efficiency and productivity of government and private agencies. Note that, the proposed system can easily be adapted for other utility services by developing the desired utility service forms. The rest of the manuscript is organized as follows. Section 2 provides some background related to the proposed system. Section 3 presents the block diagram and the methodology used to develop the proposed system. Section 4 gives the performance evaluation and survey analysis of the proposed systems. Finally, the manuscript is concluded in Section 5. 2. Formatting your manuscript This section provides the background study used to develop EaSy project. It starts with the current practices that use handwritten paper-based forms. Then, the section presents describe briefly the International Journal of Digital Content Technology and its Applications(JDCTA) Volume8, Number1, February 2014 19
Malaysian Identity card followed by the smartcard reader. Thereafter, theoretical background on fingerprint minutiae and fingerprint scanner is given. 2.1. Handwritten paper-based forms Handwritten paper-based forms are widely used in government and private offices when applying a service. Customers are required to handwrite their personal details on the handwritten paper-based forms. For example, this practice is required when applying new electricity connection and opening a new bank account. Figure 1 shows an example of handwritten paper-based form. The form requires common customer s information such as name, address, NIC number, gender, birth date, birth place, etc. The completed forms are then submitted to the officer who will key-in the customer s information into the computer system. These application procedures have been put into practice for some time. Although this practice offers portability, readability and availability, it has numerous disadvantages such as timeconsuming, repetitive procedures, prone to mistakes and frauds, and require extra cost for storage [2]. 2.1. National Identity Card Figure 1. An example of a handwritten paper-based form Most countries in the world necessitate their citizens to have a national identity card (NIC) as a proof of their citizenship. For example, all Malaysian have their Malaysian National Registration Identity Card (MNRIC), referred to as MyKad (and MyKid for children) [3]. MyKad contains the embedded ATMEL 64K Electrical Erasable and Programmable Read Only Memory that can store the personal information of the holder permanently. Several information about the holder are stored inside MyKad including the name, identity number date of birth, address religion, etc. 2.2. Smart card reader A smartcard reader is used for reading data from a smartcard. A smart card such as NIC and MyKad requires physical contact with the card. Usually this type of reader is used by inserting the card to the reader. The communication between the card and reader is often ISO 7816 T=0 with can be up to 115 kilo baud [4]. This baud rate means that the interface enables large data transport without the overhead of anti-collision and wireless breakdown issues that are a result of the card moving in and out of the reader. 2.3. Fingerprint minutiae Human fingerprint is one of many other subjects that represent a person s identity. It represents only the person alone literally at the fingertips. The ridges on the fingers helps the hand to grip things as the same way a rubber tread pattern helps a tire grip on the road. The ridge was actually formed by the combination of genetic and environmental factors. Fingerprint minutiae are is the small details on the ridges. It can occur at various places in the ridges. There are several types of minutiae features such as ridges ending, bifurcation and short ridges [5,6]. Minutiae cannot be seen with the naked eye as it is the very small details of a fingerprint. 2.4. Fingerprint scanner 20
Fingerprint scanner is a device used to capture the human fingerprint and change it into an image. It is being used for security matter like in police stations, high security buildings and even on the computer keyboard. Since fingerprint is a unique marker for a person, it is reliable to use for security features. The main task of a fingerprint scanner is to analyze human identity by collecting a print sample and compare it to another sample on record [7]. In order to accomplish this aim, two steps are required [8]: (i) sense the image of the person s finger, and (ii) determine whether the pattern of ridges and valleys in the image match the pattern of ridges and valleys in pre-scanned image. There are two types of fingerprint scanner that are optical scanner and capacitance scanner. Both types come up with the same sort of image, but they go about in completely different ways in terms of getting the image. 3. Proposed System As mentioned earlier, the proposed system enables the service registration to be made quickly and securely. To realize this system, several steps have been followed and are described in this section. It begins with the block diagram of the proposed system. Thereafter, the section explains the commercialized NIC reader used in the project followed by the digital application form development. 3.1 Block diagram Figure 2 illustrates the block diagram of the proposed systems, which consists of two main parts: (i) a wireless NIC reader and (ii) software application. The main components of the NIC reader are a fingerprint scanner for identity authentication, a microcontroller chip as the controller of the reader and a Zigbee transceiver for transferring data between the reader and computer. The software application (hereinafter referred to as app to distinguish it from application form ) running on a computer that comprise the application forms. Card slot Fingerprint scanner NIC reader Microcontroller USB Software application Computer Figure 2. Components that form the proposed system 3.2 NIC reader A commercialize NIC reader equipped fingerprint reader was used in the project [9]. The reader, MorphoSmart 1300 Series or MSO 1300, is produced by Sagem. It is specially designed for authentication and security purposes using smartcard and fingerprint technologies. The MSO 1300 Series scanner is based on the optical sensor and can store up to 500 users fingerprint images. The main advantages of this MyKad reader is it provides a flexible, ergonomic and cost-effective solution for the fast and secure processing of quality fingerprint images. With two authentication functions: match-on-card and match-on-fingerprint functions, the reader guarantees the faultless protection of information. Figure 3 depicts how the MSO 1300 scanner works whereby an NIC is inserted into its slot and the holder s fingerprint is put on the fingerprint scanner. 21
3.3 Software app Figure 3. The commercialized NIC reader used in the project Figure 4 illustrates the entire operation of the proposed system. There are five main functions that can be performed on the software app s GUI; they are as follows: Start Load Form Verify No Read MyKad and load holder s information on the digitalized form Print Form Hardware connected? Print? No Yes Read minutiae form MyKad No Yes Clear Form Matched? Yes Reset? End Yes No Figure 4. Flowchart of the system operation 22
Load form: this function starts the registration software. Verify: this function performs verification by comparing the sensed and stored fingerprint of the customer (MyKad holder). Read MyKad: this function retrieves stored data of the authenticated customer and fills in the corresponding fields of the digital application form. Print: this function prints the digital application form that has been filled with customer s information. Clear Form: this function resets all information of the customer. Apart from these five functions, there are several decisions that have to be made by the app; they are as follows: Hardware connected?: this decision function ensures that the MyKad is inserted properly. If it is not inserted properly, MyKad cannot be read. Matched?: this function ensures only authentic customer can use the system whereby the sensed and stored fingerprint of the customer must match when they are compared. If they are not matched, MyKad cannot be read. Print?: this function is to decide whether to print or not the digital application form. Reset?: this function is to decide whether the customer information will be deleted at the end of the procedure. 3.3.1 Digital application forms In order to provide a solution to the handwritten paper-based form, a digital form is created. The digital application form is created using Microsoft Visual Basic 6 [10]. For the digital application form to be visually realistic, the size of the form must be the same with the real handwritten paper-based form. However, Microsoft Visual Basic 6 has the limitation to create a large form. This is because the software resolution needs to be defined by the programmer. To solve this limitation, Multiple Document Interface (MDI) can be used. Using an MDI form as the background, another form can be created and can be put on top of the MDI form. Once it has been designed, the top MIDI form can be viewed in all sections as there will automatically prompt a vertical or horizontal scroll bar at its right side and down side; see Figure 5. Figure 5. Digital form developed by stacking two MDI forms 23
3.3.2 Software app functions As mentioned in the previous subsection, there are five functions of the EaSy operation. These functions were created using button menu, each of which has dedicated Visual Basic coding to operate it. For example, Figure 6 illustrates a portion of the Verify button code. 3.2.2 Software development kit Private Sub cmdverify_click(). If result = 0 Then cmdread.enabled = True Else MsgBox "Matching Against MyKad Failed".. Figure 6. A portion of Verify button code In order for the developed Visual Basic 6 application to communicate with the commercialized fingerprint scanner, a software development kit (SDK) was used [9]. This SDK was provided by the company that sold the scanner. The SDK that consists of driver file was installed followed by the MorphoMyKad.dll file using command prompt; see Figure 7. 4. Performance evaluation Figure 7. The.dll file installation This section provides the evaluation and analysis results of this proposed system. It starts with the setup of the performance evaluation and survey of the proposed EaSy and handwriting methods. Thereafter, the section presents the evaluation results. 4.1 Performance evaluation and survey setup In order to ensure the functionality and efficiency of the proposed EaSy, the evaluation of the handwritten paper-based form practices was performed. This evaluation was carried out at the Department of Immigration Malaysia where applicants filled in the handwritten paper-based forms to apply their passport. The survey objective is to measure the time taken by the applicants to complete the application form. There are 33 applicants participated and are divided into three different age ranges: (i) 18 to 29, (ii) 30 to 39, and (iii) 40 and above. Note that, the time measurement focuses only on the personal detail section of the application form. 24
The similar evaluation setup was prepared to evaluate EaSy. It was performed at the Postgraduate Laboratory of Universiti Teknikal Malaysia Melaka, Melaka. A measurement of time taken for participants to complete the digital passport application form was performed. The number of applicants including faculty students and staffs is equal to the numbers of the applicants participated in the handwriting measurement. The reason for this methodology is to have a fair comparison and analysis. The applicants are also divided into three different age ranges as in the handwriting measurement. Also, the time measurement only focuses on completing the personal detail part of the form. 4.2 Handwriting versus EaSy evaluation results Figure 8 shows the evaluation results for both registration methods. The gray bars represent the average time taken for applicants to complete filling in the personal detail section on the paper-based form for applying Malaysian passport. On the other hand, the black bars denote the average time for participants who use EaSy application system. The results show that the proposed EaSy system is able to complete the application procedure by at least three times quicker than the handwriting method. As the age of the customer become older, the difference becomes significant. For customer having an age of 40 and above, the proposed system can offer four times faster than handwriting method. The evaluation results clearly show that the handwriting method has a significant impact on age. For example, applicants customer at the age of 40 and above require two times longer than that of 18 to 29 years old. The result proves that age is one of the factors that determine the time efficiency of the application procedure. This difficulty is not the case for EaSy whereby applicants at the age of 40 and above require only 1.3 times longer than that of at the age of 18 to 29 years old. Handwriting EaSy 350 Average time in seconds 300 250 200 150 100 50 0 18 29 30 39 40 and above Age Range Figure 8. Completion time of a registration procedure using handwriting and EaSy methods 4.3 Survey analysis Table I gives the survey results of nine questionnaires regarding the functionality, efficiency, convenience ability and marketability of EaSy compared to handwriting method. In general, more than 75% applicants agree with the security and fast performance offered by EaSy. This positive perception is due to EaSy is computerized and equipped with a fingerprint scanner. The use of MyKad and a computerized system that makes the application process more easily contribute to 75% convenience 25
score and 83% mistake avoidance score. In terms of confidence level of using MyKad to complete personal information of an application form, the score is 75% showing that the EaSy is sufficiently secure. The simplicity of EaSy enable 90% of the participants agree the proposed system can help such groups of people. Two third of the participants would like to try out if an organization uses the system similar to EaSy; the remaining one third do not trust to use NIC due to the card sometimes does not respond to the reader. There are only 25% of the participants disagree that this system can be sold into the market. Security is the main issues that participants argued. Since this system uses NIC as the source of information, people might think that it is not secure to pass all the true details to some organizations. Nevertheless, the percentage of selling this system into the market is still high and there is still hope for this system to be sold in the market. The survey also shows that 67% of participants say the system is at least averagely good but only 17% saying the system is at the best. From this number, it can be deduced that the proposed system still lacks some features to attract people from using it. This limitation will be investigated and developed in the future. Questions (Compared to handwriting method) Table 1. Survey questionnaire analysis Agree (%) Disagree (%) Is EaSy more secure? 92 8 Is EaSy faster? 83 17 Is EaSy more convenience? 75 25 Is EaSy can avoid mistakes during registration procedure? 83 17 Do you feel confident using NIC as the source of personal information? 75 25 Is EaSy help senior, disable and less literate citizen for registration procedure purpose? 92 8 If you go to any organization that uses this similar type of system, would you give a try 75 25 Is EaSy can be marketed? 75 25 What would rate this system in the rate of 1 to 5? 1 represent the worst and 5 represent the best. 5. Conclusion Best (%) Good (%) Moderate (%) 17 67 16 This manuscript presented an innovative registration system that can be employed for registering a service in government and private offices. The idea behind this innovative system is the utilization of smart card and computing technology together with the biometric verification. A software application that consists of dedicated digital forms imitating handwriting registration forms was developed using Visual Basic software. This software application was developed to work with a commercialized smart card reader with a fingerprint scanner attached to it. This secure smart card reader ensures only the authentic customers can use the system. Results of the performance evaluation and survey analysis prove that the proposed system has the potential to improve the efficiency and productivity of government and private offices. Future work is to replace the commercialized smartcard reader with our own contactless national identity card reader that uses wireless communication instead of universal serial bus communication. 6. References [1] G. Selimis, A. Fournaris, G. Kostopoulos and O. Koufopavlou, Software and Hardware Issues in Smart Card Technology, IEEE Transaction on Communications Surveys & Tutorials, Vol. 11, No. 3, pp. 143-152, 2009. 26
[2] H. F. Neo, P. H.P. Yeow, U. C. Eze and H. S. Loo, Organization Adoption of MyKad Initiative, Journal of Communications of the IBIMA, Volume 2012, Article ID 542549, pp.1-9, 2012., DOI: 10.5171/2012.542549 [3] R.C.-W. Phan and L.A. Mohammed, On the Security and Design of MyKad, In Proceedings of the 9th Asia-Pacific Conference on Communications, Vol. 2, pp. 721 724, 2003. [4] D.-S. Kim, S.-Y. Lee, B.-S.Kim, S.-C. Lee and D.-J. Chung, On the Design of an Embedded Biometric Smart Card Reader, IEEE Transaction on Consumer Electronics, Vol. 54, Issue. 2, pp. 573-577, 2008. [5] J. Gu, J. Zhou, and C. Yang, Fingerprint Recognition by Global Structure and Local Cues, Journal of IEEE Transaction on Image Processing, Volume 15, Issue 7, pp. 1952-1964, July 2006. [6] M. L. R. and D. Khosla, Fingerprint Identification in Biometric Security Systems, International Journal of Computer and Electrical Engineering, Vol. 2, No. 5, pp. 852-855, October, 2010. [7] Batool and A. Tariq, Computerized System for Fingerprint Identification for Biometric Security, In Proceeding of the 2011 IEEE 14th International Multitopic Conference, pp. 102-106, 2011. [8] A. Kumar and C. Kwong, Towards Contactless, Low-Cost and Accurate 3D Fingerprint Identification, Proceedings of IEEE Conference on Computer Vision and Pattern Recognition, pp. 3438 3443, 2013. [9] S. Morpho. MorphoSmart Optic (MSO) 1300 Series. Available online http://www.morpho.com/identification/secure-biometric-access/fingerprint-sensors/morphosmarttm-mso-1300-serie/ [10] R. Stephens, Visual Basic 2010: Programmer s Reference. Willey Publishing, Indianapolis, 2010. 27