With the rapid growth of the Internet, many new e-commerce applications are being developed, and deployed. For example, retail purchasing and travel reservations over the web using a credit card are very common commercial applications. Today, the users are recognized using a userId and password combination for identification and authentication purposes. Very soon, more secure methods for authentication and possibly identification involving biometrics, such as fingerprint and face images, will be replacing these simple methods of identification. An automated biometrics system involves acquisition of a signal from the user that more or less uniquely identifies the user. For example, in fingerprint-based authentication a user's fingerprint needs to be scanned and some representation needs to be computed and stored. Authentication is then achieved by comparing the representation of a newly scanned fingerprint to the stored representation. In a speaker verification system a user's speech signal is recorded and some representation needs to be computed and stored. Authentication is then achieved by comparing the representation of a newly recorded speech signal to the stored representation.
In many unattended applications, the server or other computing device has the burden of ensuring that the data transmitted from a client is current and live information, not previously acquired or otherwise constructed or obtained information. With the rapid growth of the Internet, users are expected to be involved in a variety of remote unattended transaction applications. The application server has to ensure that the transmitted information is fresh and has been acquired at the time requested, even more so in the case when any multimedia information is being submitted. It is very easy to store digital multimedia information and recycle the stale information to the server. In many e-commerce applications, if the multimedia information is being used in a time-sensitive fashion, it is very important to ensure the authenticity of the multimedia information for successful operation of the system.
One of the main advantages of Internet-based business solutions is that they are accessible from remote, unattended locations including the user's home. However, the biometrics signals can be intercepted or stored on the local machine in these remote and unattended locations or otherwise obtained from applications where the user uses her/his biometrics. The recorded signals can then later be reused for unknown, fraudulent purposes such as to impersonate a registered user of an Internet service. The simplest method is that a signal is acquired once and reused several times. Simple perturbations can be added to this previously acquired signal to give an impression that it is fresh. Detection of such misuse is difficult to determine at the server side. A more sophisticated attacker might create phony Internet businesses and acquire a copy of a user's biometric signal and then with intelligent modifications to the signal, pose as this user to other Internet service providers. The financial implications of such attacks can be substantial.
Fingerprints have been used for identifying persons for several decades. In an automatic fingerprint identification system, the first stage is the image acquisition stage where the subject's fingerprint is sensed. The acquired image is then processed and matched against a stored template. There are several techniques to acquire a fingerprint including scanning an inked fingerprint, and inkless techniques using optical, capacitative and other semiconductor-based sensing techniques. These sensing techniques typically locate ridges and valleys in the fingerprint.