Hitachi Review

Contactless Authentication Solution Using Finger Vein Authentication Technology

Skip to main content

Hitachi

Hitachi Review

Highlight

With the advancement of digitalization, the conveniences of life have improved, but at the same time, threats such as information leaks and business disruptions due to spoofing have increased. To deal with these threats, biometric authentication has been drawing attention as a means of authenticating identity for a long time. In particular, Hitachi’s finger vein authentication technology features a high authentication accuracy and has been implemented for many applications, such as for payments at financial institutions and retail stores and for authenticating identity in various businesses. Hitachi has invented PBI that protects biometric data so that these biometric authentication technologies can be used more safely and securely. Also, Hitachi has launched a new contactless authentication solution that supports the ways of working and living in the new normal with PBI as the core technology. In the future, the company will work with a variety of partners to provide products that meet the needs of a wide range of fields, with the aim of further promoting their use.

Table of contents

Author introduction

Manabu Takatani

Manabu Takatani

  • Authentication Solutions Department, Security Business Innovation Division, Service Platform Business Division, Services & Platforms Business Unit, Hitachi, Ltd. Current work and research: Design and development of biometric authentication solutions.

Hikotaro Suzuki

Hikotaro Suzuki

  • Authentication Solutions Department, Security Business Innovation Division, Service Platform Business Division, Services & Platforms Business Unit, Hitachi, Ltd. Current work and research: Design and development of biometric authentication solutions.

Naoki Tsubaki

Naoki Tsubaki

  • Authentication Solutions Department, Security Business Innovation Division, Service Platform Business Division, Services & Platforms Business Unit, Hitachi, Ltd. Current work and research: Design and development of finger vein authentication products.

Josuke Matsuki

Josuke Matsuki

  • Authentication Solutions Department, Security Business Innovation Division, Service Platform Business Division, Services & Platforms Business Unit, Hitachi, Ltd. Current work and research: Security design in biometric products. Certifications: Registered Information Security Specialist.

Mitsuhiro Yamaguchi

Mitsuhiro Yamaguchi

  • Authentication Solutions Department, Security Business Innovation Division, Service Platform Business Division, Services & Platforms Business Unit, Hitachi, Ltd. Current work and research: Development of biometric authentication solutions.

Introduction

COVID-19, which appeared in 2019, is one factor that has accelerated the widespread adoption of lifestyles supported by digital technologies, such as remote work and cashless payments, which are now called the “new normal.” In this environment, in order to protect organizations and individuals from threats such as information leaks and business disruptions due to identity theft, the identities of people must be authenticated with high accuracy even in remote environments.

Consequently, biometric authentication has been attracting attention as a technology for enabling secure identity authentication, and its use has been expanding. Hitachi has developed and started to offer a contactless vein authentication device and a biometric software development kit for PC cameras, both of which are capable of contactless, large-scale authentication using finger vein authentication technology that has been adopted in many fields and is capable of highly accurate identity authentication.

This article presents these products, as well as solutions for the new normal using public biometric infrastructure (PBI) technology, and future expected developments.

PBI for Security and Convenience in Biometric Authentication

Finger Vein Authentication Technology

Biometric authentication methods use fingerprints, faces, veins, irises, and other unique features. Veins, in particular, show less change over time than other biometric data, and have sufficient complexity to provide high authentication accuracy.

Hitachi began basic research on finger vein authentication technology in 1997, and began selling products for entry/exit access control systems in 2002. Since then, the market has been expanding to a wide range of domestic and international fields, including the financial sector and government services(1).

Challenges of Biometric Authentication Technology

The Act on the Protection of Personal Information of Japan and the General Data Protection Regulation (GDPR)(2) of the EU require vendors and service providers to securely manage biometric data.

In particular, in electronic payment and Internet banking, digital signatures are issued using a private key from the public key infrastructure (PKI), and in order to securely manage the private key and biometric data pair for users, typically, they are stored in a hardware security module (HSM) such as an integrated circuit (IC) card(3). However, this method not only incurs the cost of issuing physical media, but also requires reissuing procedures by mail or other means in case of loss, which imposes financial and time costs on both service providers and users.

Digital Signature Technology Using Biometric Data as a Key

In response to the challenges in the previous section, Hitachi proposed the concept of PBI(4) and developed biometric signature technology as an enabling technology. The features of PBI are described in the following sections based on Figure 1.

Figure 1 — PBI System and FeaturesFigure 1 — PBI System and FeaturesIn the public biometric infrastructure (PBI), it is difficult to recover an authenticated biometric or fuzzy key from a public template because of the unidirectional nature of the error-correcting coding process. Also, during authentication, a fuzzy key extracted from a different biometric than the one used for registration will fail to recover the private key. Due to this property, the private key can only be used by the registered user.

  1. Registration process
    In PBI, the biometric data of the user is captured at the time of registration, and information called a fuzzy key is generated by a fuzzy-key extractor algorithm. Generally, biometric data includes variations such as position, orientation, external light, and other factors that change with each capture, but this fuzzy key extractor algorithm can convert them into consistent information.
    Next, the private key of the separately generated PKI key pair is kept secret with a fuzzy key and generates information called a public template. A special error-correcting code is used to keep the private key secret. Due to the unidirectional nature of this conversion process, it is difficult to recover a fuzzy key from a public template.
  2. Signature process
    To issue a digital signature by PBI on electronic transaction information, the fuzzy key is extracted from the biometric data of the user in the same way as in registration. This fuzzy key is combined with the public template, and special error-correcting code processing is used to temporarily recover the PKI private key.
    If the public key registered in the biometric infrastructure and the recovered private key form a pair, the private key can be used to issue a digital signature on electronic transaction information in the same way as a PKI digital signature. This is particularly important because, if the feature value margin of error between the registered fuzzy key and the signature fuzzy key is not sufficiently small, it is difficult for anyone other than the user to obtain the PKI secret key since the recovery of the private key fails.
  3. Signature verification
    The digital signature issued in (2) can use the PKI public key of the biometric authentication infrastructure to confirm the integrity of the electronic transaction information through the same process as PKI signature verification.
    Thus, by combining PBI with existing biometric authentication products, it is possible to securely manage biometric data and private keys without using HSMs such as IC cards.

PBI for Expanding Hitachi Biometric Authentication

As explained in the previous section, combining Hitachi’s biometric authentication products with PBI enables secure management of biometric data and private keys without the use of HSMs.

The two features of PBI—biometric protection and biometric digital signature—are particularly compatible with the FinTech field and have been adopted at service counters and automated teller machines (ATMs) in financial institutions.

Contactless and Secure Authentication Solutions for the New Normal

With the advent of PBI, the value that biometric authentication can provide and the fields of application have expanded dramatically, including ATMs, bank teller services, and electronic payments in stores. Furthermore, the lifestyle of the new normal that has evolved as a result of the appearance of COVID-19 in 2019 has given rise to a need for contactless and large-scale authentication products that can be used in fields where an unspecified large number of users are expected.

These market trends led Hitachi to develop the Hitachi Contactless Vein Authentication Unit C-1 and the Hitachi Biometric SDK (software development kit) for Windows*1 Front Camera to meet a wide range of needs. This section will provide an explanation of these products.

Hitachi Contactless Vein Authentication Unit C-1

Figure 2 — Comparison of Existing Products and the C-1Figure 2 — Comparison of Existing Products and the C-1Existing products use a canopied housing and capture vein patterns by transmitted light from light-emitting diodes (LEDs) placed on the top. The C-1 was designed to be used by an unspecified large number of users and supports contactless finger vein authentication by using an open housing without a canopy and a reflective light system that emits LED light from inside.

Hitachi has developed several finger vein authentication products up to now, but all of them were for small-scale authentication of one to several hundred people using 1:N authentication*2, and even higher accuracy was needed for large-scale authentication such as empty-handed cashless payment and access control at event venues. Also, existing small-scale authentication was not a problem for these products because only a limited number of users used the same device, but in large-scale authentication, an unspecified large number of users use the same device, and so it became necessary to allow contactless use to prevent the spread of infectious diseases such as COVID-19. With this as a backdrop, Hitachi developed the Hitachi Contactless Vein Authentication Unit C-1 as a highly accurate and contactless large-scale authentication device.

To achieve high authentication accuracy, the Contactless Vein Authentication Unit C-1 uses three fingers for finger vein authentication instead of a single finger, which was used before. Using three fingers makes significantly more information available for authentication to achieve higher authentication accuracy (see Figure 2).

Figure 3 — C-1 System ConfigurationFigure 3 — C-1 System ConfigurationThe C-1 does not store biometric data in the device, but stores it as a PBI public key on an authentication server on the network to avoid the risk of leaks due to a theft. In addition to the C-1 device, the authentication system consists of an authentication server and a POS terminal (or control PC or similar device) that is connected to the C-1 and performs authentication control.

Also, to enable smooth reading of three fingers even without contact, the product design uses an open structure that emits light-emitting diode (LED) light from the underside of the finger instead of the conventional structure that emits infrared LED light from above the finger. As a contactless open-type device, the product was more affected by the surrounding environment and by how the fingers were held up than conventional models, but these problems were resolved by developing a new high-sensitivity imaging system and highly robust authentication algorithm.

The open-type design allows a barcode reading function to be installed as an additional function from existing models. This makes it possible for a single device to read barcodes on membership cards and perform finger vein authentication as well as perform identity verification using both barcodes and fingers.

Finger vein data is protected by PBI, Hitachi’s proprietary, high-security template protection technology, which enables secure finger vein authentication over the Internet.

Taking advantage of the C-1’s high authentication accuracy, ease of use due to its contactless design, and high security due to PBI, it is expected to be used for empty-handed cashless payment at convenience stores, supermarkets, and other locations, for membership control, and for access control at event venues (see Figure 3).

Hitachi Biometric SDK for Windows Front Camera

As growing attention is focused on biometric authentication, the need to achieve high security, which is a characteristic of biometric authentication, at a lower cost has become more important. This is what led Hitachi to develop finger vein authentication software that uses a visible light camera built into a PC(5).

One feature of this product is that it can provide completely contactless finger vein authentication without the need for a dedicated device. Also, this product is provided in the form of an SDK with a simple application programming interface (API), thus enabling low-cost and quick development of finger vein authentication solutions.

In the development of this product, there were challenges where the authentication accuracy tended to be lower than the accuracy when using a dedicated device because (1) finger vein patterns had to be extracted from images captured in visible light, and (2) the background was cluttered and the finger placement orientation was inconsistent (see Figure 4).

Figure 4 — Issues in Development of Regular Camera Biometric SDKFigure 4 — Issues in Development of Regular Camera Biometric SDKIn the development of the finger vein authentication by regular camera biometric software development kit (SDK), an issue occurred where the authentication accuracy tended to be lower than the accuracy when using a dedicated device.

To overcome these challenges, Hitachi developed (1) vein pattern extraction technology using color information, (2) background removal (multiple finger detection) and finger orientation correction technology from captured images, and (3) authentication determination technology using multiple fingers simultaneously, and this enabled practical application of finger vein authentication using a visible light camera. Figure 5 shows an overview of the processing in this product.

This product allows users to log into PCs and business applications using finger vein authentication without the need for a dedicated device.

Figure 5 — Overview of Regular Camera Biometric SDK ProcessFigure 5 — Overview of Regular Camera Biometric SDK ProcessVarious accuracy improvement measures were implemented in a series of processes.

*1
Windows is a trademark or registered trademark of Microsoft Corporation in the United States and/or other countries.
*2
A biometric authentication method that uses only biometric data to identify an individual.

Hitachi’s Outlook for Finger Vein Authentication Technology

In addition to the finger vein authentication products described in section 3, Hitachi is using this knowledge to expand the number of supported modalities and to conduct research and development to further improve the authentication accuracy and execution speed. The PBI technology described in section 2 does not require tamper-resistant hardware such as a Trusted Platform Module (TPM), making biometric authentication feasible on even more platforms.

Looking forward, Hitachi will work to link these authentication methods and technologies to develop value-added services (see Figure 6). Security-as-a-service (SECaaS), such as linkage with payment and check-in/out, will be provided, and data utilization based on artificial intelligence (AI) and linkage with other systems using APIs will also be considered.

This linkage is not limited to the conventional vertical layer linkage that comprises a single product or service. It also includes the customer’s systems and the horizontal tiers that link technologies in different fields. In the future, Hitachi aims to use biometric authentication technology to contribute to society at the same level as infrastructure such as electricity, gas, water, and telecommunications.

Figure 6 — Future OutlookFigure 6 — Future OutlookHitachi aims to contribute to society beyond biometric authentication by providing a variety of authentication methods, and by offering added value such as payment linkage and login management using PBI as the core technology, as well as data utilization and linkage with external systems.

Conclusions

This paper described Hitachi’s finger vein authentication solutions that support the new normal, solutions that utilize PBI, and their future outlook.

Hitachi’s PBI technology, which seamlessly links the digital world with the real world, will be the core technology for identity authentication in the future. To spread this technology, Hitachi will work to expand authentication solutions that utilize finger vein authentication technology, which offers both high security and convenience, and expand its business globally through collaboration with partners in various fields.

Related information

REFERENCES

1)
Y. Matsui et al., “Global Deployment of Finger Vein Authentication,” Hitachi Review, 61, pp. 35–39 (Feb. 2012).
2)
EUR-Lex Access to European Union law
3)
Hitachi News Release, “Barclays First in UK to Launch New Biometric Reader for Customers” (Sep. 2014)
4)
K. Takahashi et al., “A Provably Secure Digital Signature with Fuzzy Secret Key and Its Application to Public Biometrics Infrastructure,” 2013 Symposium on Cryptography and Information Security (SCIS 2013) (Jan. 2013) in Japanese.
5)
N. Miura et al., “Technology and Future Prospects for Finger Vein Authentication Using Visible-light Cameras,” Hitachi Review, 67, pp. 570–578 (Aug. 2018).