108 V. Conti et al. / A multimodal technique for an embedded fingerprint recognizer in mobile payment systems
board (Field Programmable Gate Array) [26]. The prototyped recognizer overcomes safety problems in
the treatment of the biometric features (Replay Attacks) using the Advanced Encryption Standard (AES)
to encrypt/decrypt biometric signatures stored in FPGA memory. The use of the AES algorithm also
overcomes the problem of unauthorized access to the stored biometric templates (Database Attacks).
With this approach, the biometric sensor has on board all the information needed to perform the whole
user authentication task. No sensible biometric information is transmitted between client and server, or
networked workstations before user authentication is made. In addition, the choice of a FPGA-based
deviceenhancesthe designed sensor performance in terms of both executiontime and working frequency.
The self-contained sensor has been prototyped using the Biometrika FX2000 fingerprint scanner [30], as
the acquisition module, and the Celoxica RC203Eboard [26], equippedwith aXilinx VirtexII FPGA [28],
as the fingerprint processing engine.
2.2. Biometric identity management
Identity management in an electronic environment involves registration, storage, protection, issuance
and assurance of a user’s personal identifier(s) and privilege(s) in a secure, efficient and cost effective
manner. Biometric identity management is concerned with the large-scale management of the biometric
identities for an enrolment population. A narrow view is traditionally based on the enrolment step and
the authentication step:
Identity Registration. A robust enrolment process is the main function that every authentication
system must provide. A weak enrolment process will lend inaccuracies in the system and an unreliable
authentication infrastructure. Ideally, a good enrolment process is one in which the credentials of the user
are properly checked at the enrolment stage. An enrolment process where neither party can repudiate
their participation in the transaction is the best way to address the quality of data and maintain a robust
identification process;
Identity Assurance. Identity management solutions must assert an individual’s identity to the appli-
cations running in a system/platform. There are two main methods for user recognition:
– Verification is the process verifying an individual’s identity based on the presentation of a claim
with one or more biometric features. For a given claim, the system matches the presented biometric
data against the corresponding previously stored, labelled data and returns a matching identification
score;
– Identification is the process verifying an individual’s identity without the use of a claim: user
identification is performed processing theentire enrolled population(database) andgivinga matching
identification score for each item. The highest matching identification score will label the processed
feature. Identification is usually used for small populations or subsets of people;
Identity Protection deals with the protection and the integrity of an individual’s identity. A simple
biometric reader installed in a workstation in a protected environment does not represent a secure
infrastructure: this can be a very dangerous practice since their security is weak. A secure approach
involves the encrypting of biometric data during both the enrolment and verification phases, as well as
the security countermeasures listed in the previous section.
3. Techniques for fingerprint recognition: Past approaches
A fingerprint is composed of ridges and valleys which form unique geometric patterns in the skin [1].
Parallel ridge lines are characterized by end points and bifurcations, called minutiae. Minutiae are