A team of UCLA graduate student researchers is working to
eliminate a variety of security and privacy problems by creating a
portable device that would identify users by their thumbprints.
Instead of relying on passwords or signatures to verify
identity, users of the device meant to hang on one’s keychain
““ appropriately called ThumbPod ““ would use thumbprints
to approve financial transactions.
The team, led by Ingrid Verbauwhede, an associate professor of
electrical engineering, has created a prototype version of the
device it hopes will replace credit cards.
Credit card owners are typically protected by fraud only by an
identification number and a signature, said electrical engineering
doctoral candidate Patrick Schaumont.
Credit card and identity theft problems can plague victims for
years.
According to the Federal Trade Commission, victims of identity
theft can be affected in a variety of ways, from losing job
opportunities to being arrested for crimes they did not commit.
Others can spend years cleaning up bad credit histories.
“There’s a disconnection between the real world and
the electronic world, because you can steal passwords and you can
forget PIN codes,” Schaumont said. “Our goal is to
bring these two together using biometrics.”
Biometrics uses measurable physical characteristics, such as
retina scanning and voice recognition, to verify identity.
It is difficult to exploit the bond that links credit cards to
banks, but most credit card thieves attack the link between credit
cards and users, said electrical engineering doctoral candidate
Bo-Cheng Lai.
“It’s hard to verify the link that this is your
card,” Lai said.
Researchers designed ThumbPod to counter security attacks at
every level, from transmission of information to a bank to physical
tampering.
Even if a device is stolen, it cannot recognize a thief’s
thumbprint, lending much more security than credit cards, Schaumont
said.
Theoretically, users would enroll in ThumbPod at a local bank
and receive a customized unit.
ThumbPod takes a picture of a user’s fingerprint and looks
for minute, distinct characteristics in the image. The fingerprint
is then encrypted on the ThumbPod unit so it cannot be accessed by
thieves.
Producing a device that stores and verifies biometric
information in an egg-sized gadget poses some challenges.
“A lot of computing is necessary to process your
fingerprint,” Schaumont said.
Detailed processing requires more energy, so some accuracy has
to be sacrificed to make ThumbPod portable.
Researchers have to balance accuracy with energy consumption,
but simulations have shown thumbprint processing on a small scale
is accurate enough, said Shenglin Yang, an electrical engineering
doctoral candidate.
If shrunken down, ThumbPod has a false accept rate of 0.01
percent and a false reject rate of less than 1 percent.
In addition to preventing credit card fraud, ThumbPod could have
other uses.
“Though the original idea was to replace the current
credit card system, you can use it for any authentication
application, like entering your car,” Lai said.
Credit card companies like Visa have experimented with
biometrics.
“Biometrics is an excellent way of form of identification
and verification,” said Colin Baptie, a spokesman at Visa
International.
In addition to hurting credit card owners, credit card fraud and
theft costs credit card companies dearly.
“Worldwide, about 10 cents in every $100 spent is lost to
fraud,” Baptie said.