[Interview] Sony Discusses Finger Vein Authentication System for Mobile Devices
Sony Corp developed "mofiria," a finger vein authentication technology for PCs and mobile devices such as cell phones (Press release). The company expects that the technology will more easily downsize those devices than existing palm vein and finger vein authentication systems.
This time, Nikkei Electronics interviewed General Manager Satoshi (Steve) Amagai and Technology Manager Ken Iizuka at FVA Business Development Office in FeliCa Business Division, B2B Solutions Business Group of Sony, about mofiria's characteristics and underlying technologies as well as the company's business plan. (Interviewer: Tadashi Nezu)
Q: Please explain the characteristics of the new finger vein authentication technology?
Sony: Its biggest feature is the capability to make a finger vein authentication system small enough to be embedded in a mobile device. It is difficult with existing technologies.
Moreover, we achieved accuracy as high as that of general finger vein authentication systems while increasing its authentication processing speed. It's stressful when authentication process is slow. So, we aimed at enhancing user convenience and security level at the same time.
It took 0.015 seconds for mofiria to recognize an individual using Intel Corp's microprocessor (2.8GHz) for notebook PCs, and 0.25 seconds using an ARM9 core-based microprocessor (150MHz) for mobile phones. As for accuracy, its false rejection rate (FRR) was 0.1%, and its false acceptance rate (FAR) was 0.0001%, meeting the criteria for finger vein authentication systems.
Q: How did you realize those capabilities?
Sony: As for technical aspects, mofiria's advantages lie in its simple device structure, methods to acquire vein pattern data and compress them, and function to adjust the finger position, to name a few.
The technology enables to simplify finger vein authentication systems thanks to the adoption of the "reflection scattering method," which directs near-infrared rays from LEDs at finger veins at an angle and uses a CMOS sensor to catch light reflected and scattered in the finger. With this method, verification systems can be made smaller because LEDs and CMOS sensor can be positioned on the same level in a system.
The process to acquire finger vein pattern data can be roughly divided into three stages. First, the CMOS sensor takes the image of light reflected and scattered in a finger. Due to "reduced hemoglobin" in blood, which absorbs near-infrared rays, veins look dark.
Second, a vein pattern is extracted through several filtering processes, including a process for removing noise. Third, the vein pattern is converted into an image called a "skeleton pattern," in which the thickness of the pattern lines is equal regardless of area.
This conversion is necessary because the thickness of the vein pattern varies as the volume of blood flow changes in accordance with location and environment. Thus, for reliable authentication, this skeleton pattern plays an important role.
(Continue to the next page)
Before storing the acquired skeleton pattern in memory as matching data, the data volume is compressed to about a 1/10. I can't reveal details, but characteristics are extracted from the skeleton pattern.
Because of its small size, the matching data do not have to be stored in, for example, an external server. The data volume is small enough to be stored in a FeliCa card or a SIM (subscriber identity module) card, not to mention a mobile device.
So, matching data can be kept in a mobile device. To authenticate an individual, the skeleton pattern is restored from the matching data in a mobile device and compared with another skeleton pattern taken from a finger placed on the sensor.
Matching data is, of course, encoded when being stored. Users can select an encryption technology. DES, AES and Sony's "Clefia" can be used.
Basically, a ball of a finger has to be directed at the CMOS sensor. But a vein pattern can be recognized even if the finger is not placed with much care. If, by chance, the vein pattern cannot be recognized due to wrong positioning, all you need to do is to adjust the position of the finger. In case the finger is not correctly placed, three kinds of finger vein patterns are stored as matching data.
Q: What kinds of applications do you have in mind?
Sony: Let me explain it using its adoption to a PC as an example. First, mofiria can be used for logging on to a PC. When a PC is used by more than one person, it is possible to switch between users by holding their fingers over the sensor.
Also, each finger can be associated with an application. For example, the browser starts with the index finger, presentation software is launched with the middle finger and the display jumps to an Internet shopping site with the ring finger. User verification at shopping sites can be done using finger veins as well.
Q: When mofiria is actually incorporated in a mobile device, what kind of system structure it will take?
Sony: It varies as required specifications change from device to device. We have to change various parameters such as the distance between the CMOS sensor and LEDs, their angles and the number of LEDs.
As authentication is executed by a processor in a mobile device and matching data is stored in its memory, we just need to add LEDs and a CMOS sensor. And it is possible to enhance the level of security by using a dedicated LSI and memory for authentication.
We will discuss with our clients how to develop the system for commercialization. Our goal is to make it not stand out like a fingerprint authentication system so that it can be more easily employed for consumer products.
If such a highly secure technology as vein authentication can be introduced to mobile phones, users will be able to store more important information in their mobile phones. The greater number of fingers that need to be verified, the higher level of security can be ensured.