Hitachi Review

Finger Vein Authentication Applications in the Field of Physical Security

Skip to main content

Hitachi

Hitachi Review

Social Infrastructure Security and its Digitalization

Finger Vein Authentication Applications in the Field of Physical Security

Highlight

Biometric authentication has been coming into widespread use recently as a solution to the problems of ID/password leakage and reuse, and lost smart cards/keys. PCs and mobile terminals are increasingly providing it as a standard feature. Biometric authentication applications are expected to grow in the future from high-level security uses such as automated gates at immigration checkpoints, to service improvements such as pay-by-finger. Hitachi has developed a highly accurate proprietary finger vein authentication technology that supports this growing range of applications. This article looks at how finger vein authentication is being applied in the field of physical security, discussing walkthrough-style authentication, PBI pay-by-finger authentication, and finger vein authentication technology provided by the visible-light cameras found in smartphones. These applications are promising for use as personal authentication platforms for social infrastructure.

Table of contents

Author introduction

Shuichi Murakami

Security Businesses Division, Service Platform Business Division, Services & Platforms Business Unit, Hitachi, Ltd. Current work and research: System design and business development of finger vein biometric systems.

Yoshiaki Yamaguchi

Security Businesses Division, Service Platform Business Division, Services & Platforms Business Unit, Hitachi, Ltd. Current work and research: System design and business development of finger vein biometric systems.

Mitsutoshi Himaga, Ph.D.

Security Businesses Division, Service Platform Business Division, Services & Platforms Business Unit, Hitachi, Ltd. Current work and research: Development of finger vein biometric products and their application systems. Society memberships: The Institute of Electronics, Information and Communication Engineers (IEICE).

Takeshi Inoue

Security Businesses Division, Service Platform Business Division, Services & Platforms Business Unit, Hitachi, Ltd. Current work and research: System design and business development of finger vein biometric systems.

1. Introduction

Biometric authentication is becoming widespread as a solution to the problems of ID/password leakage and reuse, and lost smart cards/keys. Smartphones and PCs are increasingly providing fingerprint authentication and facial authentication features, and progress is being made on standardization through efforts such as the work of the FIDO*1 Alliance.

Biometric authentication is expected to spread from high-level security applications such as automated gates at immigration checkpoints, to service improvements such as pay-by-finger. Hitachi has developed a number of technologies that support this growing range of applications, including a highly accurate proprietary finger vein authentication technology and a technology called public biometrics infrastructure (PBI) that is the first of its kind*2 in the world(1).

This article looks at how finger vein authentication is being applied in the field of physical security. It discusses walkthrough authentication, pay-by-finger authentication, finger vein authentication technology for financial institutions using visible-light smartphone cameras, and applications being used in Europe.

*1
FIDO is a trademark or registered trademark of FIDO Alliance, Inc.
*2
As determined by Hitachi as of April 2018.

2. In-house Verification of Walkthrough Finger Vein Authentication

In December 2014, Hitachi’s R&D Group developed a walkthrough finger vein authentication technology for the security gates of a large and highly trafficked facility(2). The technology provides accurate personal identification of users simply by having them hold their fingers over a sensor while walking along. This enables the use of finger vein authentication at the gates of office buildings and event venues that require the sort of high-accuracy, high-speed throughput that has previously been difficult to attain.

2.1 Overview of In-house PoC Testing at Hitachi Omori 2nd Building

Hitachi conducted large-scale in-house proof-of-concept (PoC) testing for about one year to test this technology and uncover any problems. A total of five units were installed at the Hitachi Omori 2nd Building for use by the roughly 1,000 employees working at the Omori site. Two walkthrough PoC test units were installed at the first-floor front entrance, two were installed at the service entrance, and a registration unit was installed. The units at the front entrance worked in conjunction with flap gates, and the units at the service entrance with automatic doors. The equipment was connected to a management server in the security office to create a security system enabling central management of features such as employee access logs and anti-passback (see Figure 1).

Figure 1—Configuration of System for PoC Testing of Walkthrough Finger Vein Authentication TechnologyProof-of-concept (PoC) testing devices were installed at the building’s front entrance and service entrance.

2.2 PoC Testing Objectives and Findings

The main objectives of the in-house PoC were:

  1. To confirm throughput: No queues should form;
  2. To confirm the effect of long-term use on authentication accuracy; and
  3. To confirm usability: Investigate issues during operation.

Hitachi obtained valuable data on these three issues. For objectives (1) and (3), it found that throughput and usability rivaled conventional contact-less card operation. For objective (2), it found that temperature differences resulted in a slightly higher false rejection rate (FRR) for some participants, but it was not significant enough to impede operation.

2.3 Work on Commercialization

The findings of the in-house PoC testing demonstrated that the technology has no performance problems. In the future, it will need to determine how to tailor the product specifications (such as size and cost) to market needs, and study commercialization approaches that make business sense.

3. In-house Verification of PBI Pay-by-Finger and Applications for Financial Institutions

3.1 In-house PoC Testing of PBI Finger-charge Money

Figure 2—Configuration of System for In-house PoC Testing of PBI Finger-charge MoneyThe cash charging device links finger vein information with cash, enabling payments to be completed by finger vein authentication alone when purchasing items.

PBI is a proprietary Hitachi authentication platform technology that combines the methods of biometric authentication and public key infrastructure (PKI). It creates a PKI using biometric information without the use of smart cards or personal identification number (PIN) codes by generating a private key from biometric information and using one-way transform to generate a PBI public key.

Hitachi is using PBI technology for in-house PoC testing designed to familiarize employees with the technology and uncover any operation problems it may have. Through this work, it aims to manage and operate authentication processes and digital signatures in a consolidated manner using finger vein information in multiple Hitachi in-house IT services.

One of the coordinated services is finger-charge money, a biometrically authenticated payment method for purchases at the store in the Hitachi Omori 2nd Building. PoC testing on it began in June 2017. The system registers finger vein information from a cash charging device, and credits the user’s account by linking the finger vein information with the cash deposited.

Paying for product purchases is done by ID input and finger vein authentication, enabling pay-by-finger in stores (see Figure 2).

In February 2018, PBI technology was combined with cancellable technology to create and start operating a 1:N sequential fusion authentication scheme. It has greatly improved user convenience by eliminating the need to enter an ID when making payments and enabling payments to be completed by finger vein authentication alone.

Hitachi is planning further expansion of its coordinated services in future.

3.2 Application Example: Yamaguchi Financial Group Branch Office System, ATMs

PBI’s first use by a domestic financial organization was by the Yamaguchi Financial Group (YFG)(3). Operation started at Yamaguchi Bank and Kitakyushu Bank in 2017, and at Momiji Bank in 2018.

PBI is in use at YFG’s branches in the automated teller machines (ATMs) and the branch office system used by the tellers. PBI uses finger vein information for personal authentication and issuing digital signatures, enabling use as an alternative to handwritten signatures or the hanko stamps (stamps registered with the bank) traditionally used in Japan when performing transactions (hanko-less transactions).

PBI also enables the use of electronic data with digital signatures in place of conventional signed or hanko-stamped transaction documents stored in paper form. It enables operations in branches to be done electronically, increasing the efficiency of banking work (paperless operations).

The use of PBI in ATMs is being progressively rolled out. Users can authenticate themselves by ID input and finger vein information alone, enabling ATM transactions to be done without a cash card (cash card-free transactions).

4. Finger Vein Authentication Applications Using Visible-light Smartphone Cameras in the Financial Industry

4.1 Challenges for Use in the B2C Market

Conventional finger vein authentication technologies use near-infrared light to obtain a high-contrast image of blood vessels, so they require dedicated hardware. The high image quality of the images created by this dedicated hardware contributes greatly to the high authentication accuracy of Hitachi’s finger vein authentication technology, but also creates challenges for use in the financial business-to-consumer (B2C) market, which is expected to enjoy major growth in the years ahead. The main challenges are:

(1) Price competitiveness
The hardware is competitively priced for corporate banking applications (financial settlement transactions for corporations). But for B2C use such as personal Internet banking, the hardware is unlikely to come into widespread use since it is more expensive than one-time password (OTP) tokens that provide a similar function.
(2) Limited portability
Finger vein authentication units are used as peripheral devices connected to a PC or other host device, usually from a USB port. The host device and a cable are therefore needed when taking the device outside, so portability is not always good.
(3) Product life cycle management
As security products, finger vein authentication units demand strict management throughout their product life cycle of distribution, operation, upgrading, and destruction. Asking B2C market end users to take on this responsibility is impossible. It would also be difficult to prevent unauthorized use of the units through disassembly or alterations by malicious end users.

4.2 Finger Vein Authentication Technology Applications Using Visible-light Cameras

Figure 3—Prototype of Visible-light Camera-based Finger Vein Authentication SoftwareThe prototype uses the smartphone’s rear camera to provide authentication by photographing the fingers so that they fit within the outline.

Hitachi has developed finger vein authentication technology for visible-light cameras to enable the technology’s use in the financial B2C market and to overcome the challenges above. Visible-light cameras are the typical visible-spectrum color cameras that have become very commonplace today and are found in smartphones and tablets. Hitachi has developed a technology enabling finger vein authentication using color images taken by these visible-light cameras(4). This visible spectrum-based vein authentication technology can be used to provide finger vein authentication with software only. It does not require the use of a dedicated finger vein authentication unit (see Figure 3).

The major cost reduction it enables by eliminating the need for hardware is self-evident. It significantly improves portability by running on the smartphones and tablets already in widespread use, providing finger vein authentication wherever and whenever needed. It overcomes the challenge of life cycle management by enabling distribution through app stores at almost no cost, and by enabling the addition of functions and version updates online. By eliminating the need for dedicated hardware, it reduces the risk of failure in aging products and malicious disassembly or alteration. Furthermore, at the end of its useful life, the authentication software and its data can be destroyed and deleted safely by limiting the use of the authentication software, etc.

4.3 Application to Internet Banking

Hitachi is currently aiming to release the technology for use in personal Internet banking (a promising application). Specifically, it is looking to combine the technology with PBI to create a finger vein Internet banking system for smartphones that combines security and convenience. There was very favorable feedback from the PoC testing done at a domestic financial institution in the fall of 2017, so Hitachi is now working on development, looking to start operation of the service within FY 2018.

5. Applications in Europe

The application of finger vein authentication to the field of physical security is growing overseas. This section looks at two examples from Europe.

5.1 Employee Access Control for Retail Outlets

In the UK, a major retailer with several hundred stores and about 50,000 employees (including contract employees) had been using paper-based procedures to control proper employee access at its stores. However, due to problems it was having with security and audit responses, it needed a more reliable solution to ensure employee access control.

The retailer has used Hitachi’s finger vein authentication technology to develop a system that provides employee access control at stores without paper-based procedures. The system uses tablets installed at the stores for employee access control. Each tablet has a finger vein authentication unit connected to it, and employees are authenticated using finger vein authentication when they enter and leave a store. When authentication is successful, timestamp information is automatically recorded to show when the employee entered or left. Employee finger vein information is managed on a server, which means that any store can use finger vein authentication once it has registered.

The retailer is now able to rapidly confirm identity and automatically record access information just by having employees insert their fingers into the authentication unit. The system is also connected to the retailer’s attendance and payroll systems, enabling the use of timestamp information in managing employee working hours and payroll.

When researching this solution, the retailer had considered other inexpensive biometric authentication methods such as fingerprint authentication. It decided on finger vein authentication for its accuracy and speed. The solution is currently being tested at 13 stores, and the retailer plans to expand it to all its stores within 2018.

5.2 Retail Industry Application of Pay-by-Finger

Another company in the UK, a payment services provider, offers a finger vein authentication-based credit card payment service that does not require the presentation of a physical medium (i.e. card, smartphone, or cash). The service started in 2015 and has received TV and print media coverage.

The provider’s service links a user’s credit card or bank card to the user’s finger vein information when the user registers, enabling credit/debit card payments using finger vein authentication alone on Hitachi’s finger vein authentication technology. The simple registration process can be done using a tablet or smartphone application.

Stores supporting the service let users pay just by holding their fingers over a sensor. The stores also benefit by being able to manage their customer loyalty programs based on user purchase history information. Since the system eliminates the need to produce cash or a card when paying for purchases, it helps reduce payment transaction time, enabling shorter waiting times for users at cash registers and counters.

Deciding which biometric authentication method to use was a crucial element to consider when creating the service. The provider decided to use finger vein authentication for its security features such as its anti-counterfeiting and theft prevention capabilities, along with the stability of the biometric patterns it uses.

The provider’s service has thousands of users and has been tested at festivals, retail outlets, concert venues, bars, and restaurants. User response has been very positive, with many survey respondents praising the greater convenience of the service in comparison to other payment methods. The provider expects to expand its use to a broader range of products and services such as restaurant chains.

6. Conclusions

This article has looked at some finger vein authentication technology applications in the field of physical security, examining the work Hitachi is doing in this area. Hitachi will continue to provide products and services that use finger vein authentication technology to create secure, worry-free social systems.

Download Adobe Reader
In order to read a PDF file, you need to have Adobe® Reader® installed in your computer.