With the advancement of digitalization, the conveniences of life have improved, but at the same time, threats such as information leaks and business disruptions due to spoofing have increased. To deal with these threats, biometric authentication has been drawing attention as a means of authenticating identity for a long time. In particular, Hitachi’s finger vein authentication technology features a high authentication accuracy and has been implemented for many applications, such as for payments at financial institutions and retail stores and for authenticating identity in various businesses. Hitachi has invented PBI that protects biometric data so that these biometric authentication technologies can be used more safely and securely. Also, Hitachi has launched a new contactless authentication solution that supports the ways of working and living in the new normal with PBI as the core technology. In the future, the company will work with a variety of partners to provide products that meet the needs of a wide range of fields, with the aim of further promoting their use.
COVID-19, which appeared in 2019, is one factor that has accelerated the widespread adoption of lifestyles supported by digital technologies, such as remote work and cashless payments, which are now called the “new normal.” In this environment, in order to protect organizations and individuals from threats such as information leaks and business disruptions due to identity theft, the identities of people must be authenticated with high accuracy even in remote environments.
Consequently, biometric authentication has been attracting attention as a technology for enabling secure identity authentication, and its use has been expanding. Hitachi has developed and started to offer a contactless vein authentication device and a biometric software development kit for PC cameras, both of which are capable of contactless, large-scale authentication using finger vein authentication technology that has been adopted in many fields and is capable of highly accurate identity authentication.
This article presents these products, as well as solutions for the new normal using public biometric infrastructure (PBI) technology, and future expected developments.
Biometric authentication methods use fingerprints, faces, veins, irises, and other unique features. Veins, in particular, show less change over time than other biometric data, and have sufficient complexity to provide high authentication accuracy.
Hitachi began basic research on finger vein authentication technology in 1997, and began selling products for entry/exit access control systems in 2002. Since then, the market has been expanding to a wide range of domestic and international fields, including the financial sector and government services(1).
The Act on the Protection of Personal Information of Japan and the General Data Protection Regulation (GDPR)(2) of the EU require vendors and service providers to securely manage biometric data.
In particular, in electronic payment and Internet banking, digital signatures are issued using a private key from the public key infrastructure (PKI), and in order to securely manage the private key and biometric data pair for users, typically, they are stored in a hardware security module (HSM) such as an integrated circuit (IC) card(3). However, this method not only incurs the cost of issuing physical media, but also requires reissuing procedures by mail or other means in case of loss, which imposes financial and time costs on both service providers and users.
In response to the challenges in the previous section, Hitachi proposed the concept of PBI(4) and developed biometric signature technology as an enabling technology. The features of PBI are described in the following sections based on Figure 1.
Figure 1 — PBI System and Features
In the public biometric infrastructure (PBI), it is difficult to recover an authenticated biometric or fuzzy key from a public template because of the unidirectional nature of the error-correcting coding process. Also, during authentication, a fuzzy key extracted from a different biometric than the one used for registration will fail to recover the private key. Due to this property, the private key can only be used by the registered user.
As explained in the previous section, combining Hitachi’s biometric authentication products with PBI enables secure management of biometric data and private keys without the use of HSMs.
The two features of PBI—biometric protection and biometric digital signature—are particularly compatible with the FinTech field and have been adopted at service counters and automated teller machines (ATMs) in financial institutions.
With the advent of PBI, the value that biometric authentication can provide and the fields of application have expanded dramatically, including ATMs, bank teller services, and electronic payments in stores. Furthermore, the lifestyle of the new normal that has evolved as a result of the appearance of COVID-19 in 2019 has given rise to a need for contactless and large-scale authentication products that can be used in fields where an unspecified large number of users are expected.
These market trends led Hitachi to develop the Hitachi Contactless Vein Authentication Unit C-1 and the Hitachi Biometric SDK (software development kit) for Windows*1 Front Camera to meet a wide range of needs. This section will provide an explanation of these products.
Figure 2 — Comparison of Existing Products and the C-1
Existing products use a canopied housing and capture vein patterns by transmitted light from light-emitting diodes (LEDs) placed on the top. The C-1 was designed to be used by an unspecified large number of users and supports contactless finger vein authentication by using an open housing without a canopy and a reflective light system that emits LED light from inside.
Hitachi has developed several finger vein authentication products up to now, but all of them were for small-scale authentication of one to several hundred people using 1:N authentication*2, and even higher accuracy was needed for large-scale authentication such as empty-handed cashless payment and access control at event venues. Also, existing small-scale authentication was not a problem for these products because only a limited number of users used the same device, but in large-scale authentication, an unspecified large number of users use the same device, and so it became necessary to allow contactless use to prevent the spread of infectious diseases such as COVID-19. With this as a backdrop, Hitachi developed the Hitachi Contactless Vein Authentication Unit C-1 as a highly accurate and contactless large-scale authentication device.
To achieve high authentication accuracy, the Contactless Vein Authentication Unit C-1 uses three fingers for finger vein authentication instead of a single finger, which was used before. Using three fingers makes significantly more information available for authentication to achieve higher authentication accuracy (see Figure 2).
Figure 3 — C-1 System Configuration
The C-1 does not store biometric data in the device, but stores it as a PBI public key on an authentication server on the network to avoid the risk of leaks due to a theft. In addition to the C-1 device, the authentication system consists of an authentication server and a POS terminal (or control PC or similar device) that is connected to the C-1 and performs authentication control.
Also, to enable smooth reading of three fingers even without contact, the product design uses an open structure that emits light-emitting diode (LED) light from the underside of the finger instead of the conventional structure that emits infrared LED light from above the finger. As a contactless open-type device, the product was more affected by the surrounding environment and by how the fingers were held up than conventional models, but these problems were resolved by developing a new high-sensitivity imaging system and highly robust authentication algorithm.
The open-type design allows a barcode reading function to be installed as an additional function from existing models. This makes it possible for a single device to read barcodes on membership cards and perform finger vein authentication as well as perform identity verification using both barcodes and fingers.
Finger vein data is protected by PBI, Hitachi’s proprietary, high-security template protection technology, which enables secure finger vein authentication over the Internet.
Taking advantage of the C-1’s high authentication accuracy, ease of use due to its contactless design, and high security due to PBI, it is expected to be used for empty-handed cashless payment at convenience stores, supermarkets, and other locations, for membership control, and for access control at event venues (see Figure 3).
As growing attention is focused on biometric authentication, the need to achieve high security, which is a characteristic of biometric authentication, at a lower cost has become more important. This is what led Hitachi to develop finger vein authentication software that uses a visible light camera built into a PC(5).
One feature of this product is that it can provide completely contactless finger vein authentication without the need for a dedicated device. Also, this product is provided in the form of an SDK with a simple application programming interface (API), thus enabling low-cost and quick development of finger vein authentication solutions.
In the development of this product, there were challenges where the authentication accuracy tended to be lower than the accuracy when using a dedicated device because (1) finger vein patterns had to be extracted from images captured in visible light, and (2) the background was cluttered and the finger placement orientation was inconsistent (see Figure 4).
Figure 4 — Issues in Development of Regular Camera Biometric SDK
In the development of the finger vein authentication by regular camera biometric software development kit (SDK), an issue occurred where the authentication accuracy tended to be lower than the accuracy when using a dedicated device.
To overcome these challenges, Hitachi developed (1) vein pattern extraction technology using color information, (2) background removal (multiple finger detection) and finger orientation correction technology from captured images, and (3) authentication determination technology using multiple fingers simultaneously, and this enabled practical application of finger vein authentication using a visible light camera. Figure 5 shows an overview of the processing in this product.
This product allows users to log into PCs and business applications using finger vein authentication without the need for a dedicated device.
Figure 5 — Overview of Regular Camera Biometric SDK Process
Various accuracy improvement measures were implemented in a series of processes.
In addition to the finger vein authentication products described in section 3, Hitachi is using this knowledge to expand the number of supported modalities and to conduct research and development to further improve the authentication accuracy and execution speed. The PBI technology described in section 2 does not require tamper-resistant hardware such as a Trusted Platform Module (TPM), making biometric authentication feasible on even more platforms.
Looking forward, Hitachi will work to link these authentication methods and technologies to develop value-added services (see Figure 6). Security-as-a-service (SECaaS), such as linkage with payment and check-in/out, will be provided, and data utilization based on artificial intelligence (AI) and linkage with other systems using APIs will also be considered.
This linkage is not limited to the conventional vertical layer linkage that comprises a single product or service. It also includes the customer’s systems and the horizontal tiers that link technologies in different fields. In the future, Hitachi aims to use biometric authentication technology to contribute to society at the same level as infrastructure such as electricity, gas, water, and telecommunications.
Figure 6 — Future Outlook
Hitachi aims to contribute to society beyond biometric authentication by providing a variety of authentication methods, and by offering added value such as payment linkage and login management using PBI as the core technology, as well as data utilization and linkage with external systems.
This paper described Hitachi’s finger vein authentication solutions that support the new normal, solutions that utilize PBI, and their future outlook.
Hitachi’s PBI technology, which seamlessly links the digital world with the real world, will be the core technology for identity authentication in the future. To spread this technology, Hitachi will work to expand authentication solutions that utilize finger vein authentication technology, which offers both high security and convenience, and expand its business globally through collaboration with partners in various fields.
