BIOMETRIC IDENTIFICATION OF PERSONS A SOLUTION FOR TIME & ATTENDANCE PROBLEMS Emil PRICOP Petroleum-Gas University of Ploiesti, emil.pricop@gmail.com Keywords: fingerprint, RFID, access control, biometric, person identification Abstract. The management of the employees time is a very important task in every company. In this paper we will present a time & attendance system based on biometric identification of persons. This solution has some innovative characteristics: improved security the system is based on fingerprint analysis, an unlimited number of users - the user data is stored on RFID card, real-time statistics accessible over the Internet the devices could be connected to a network or Internet and the statistics could be viewed as any Web page. The system was implemented at a research company in Ploiesti. The management of the employees time is very important in the actual business environment. It is very important to know how much time every person spends in the company, what hour he entered or left the building. There have been designed many systems to accomplish this task, saving time resources and money. Many of them use a personal identification number or a card for user identification. In this paper we will describe the characteristics of a time & attendance system based on fingerprint identification of persons. That system has some innovative characteristics: improved security, unlimited number of users, real-time statistics and remote management. There are mainly three categories of methods for personal identification. The first category contains the techniques that rely on an object that is in the possession of the user (a card, a badge). The methods in the second category are based on the knowledge of the user (passwords, PIN Personal Identification Number). The third category is composed by methods that use anatomical characteristics of persons, known as biometrics. Biometrics are by far the best methods used today in recognition technologies, especially fingerprints being widely used for this purposes, both in military and commercial environments. The cards could be stolen, the passwords could be forgot or discovered, but the fingerprints cannot be reproduced, forged or stolen. A system that uses biometrics along with another method (card or PIN) is considered highly secure. Biometrics represents automated methods for person identification based on a physiological or behavioral characteristic. Among the features measured are: facial features, fingerprints, iris and retina features, hand veins, hand geometry, handwritten signature, keystroke dynamics and voiceprint. Among all biometrics, fingerprint based identification is the oldest, well documented and often used method. Sir Francis Galton proposed the use of fingerprint for identification purposes in the late 19 th century. He wrote a detailed study of fingerprints in which he presented a classification system using all ten fingerprints. Automatic fingerprint-based identification systems have been available since 1960s, but only in the last few years these methods have been used on a large scale. Fingerprints are represented by the pattern of ridges and furrows on the surface of a fingertip. The fingerprints are unique and the patterns remain unchanged throughout life. Fingerprints are so distinct that even the ones of identical twins are different. The prints of each finger of the same person are also different.
Generally, an algorithm used for fingerprint recognition has the following steps: loading the fingerprint image from an sensor or from a file; enhancing the quality of the image by modifying the contrast; image binarization; final image processing and extraction of distinct points; generation of fingerprint template. Enhancing the quality is needed because the images obtained from sensors have poor contrast. The images have 8 bit grayscale color depth. The binarization process has the role to convert the image from 8 bpp (grayscale) to 1 bpp (black/white) color depth. The simplest way to use image binarization is to choose a threshold value, and classify all pixels with values above this threshold as white, and all other pixels as black. The problem then is how to select the correct threshold. In many cases, finding one threshold compatible to the entire image is very difficult, and in many cases even impossible. Therefore, adaptive image binarization is needed where an optimal threshold is chosen for each image area. This process is very important because it make the difference between ridges and furrows. The final processing of the images has the role to filter the noises, to reveal the ridges and the furrows. The processing eliminates the false distinct points. This operation is described in literature [J1], [M1]. The selection of characteristic points could be done using many distinct algorithms. Many commercial systems use a simple algorithm based on detection of bifurcations or terminations of the fingerprint s elements. There is defined a window of 3 x 3 pixels form the binarized image. If the central pixel is 1 and has exactly three neighbor pixels of value 1, then there is a bifurcation. If the central pixel is 1 and it has only one neighbor with value 1, then the pixel is a termination. After the identification of bifurcations and terminations, the algorithms compute the mean distance between the ridges and allocate unique identifiers. During this step the algorithm could generate some false characteristic points, which could affect the precision of the identification. The methods for removing these points are described in [D1, J1, L1, M1, R1 and Z1]. The last step of the algorithm is the generation of fingerprint template. The size of the template depends on the number of distinct points that have been memorized and it is between 100 and 480 bytes. In this paper we will describe a system that implements the algorithm presented before. The size of generated fingerprint templates is about 320 bytes, which is sufficient for usage in an access control / time & attendance system. The equipment used for person identification has some special characteristics. The fingerprint template is not stored on a memory inside the device, but it is stored on a RFID card memory. This system uses a biometric characteristic and an object that is on the possession of the user for personal identification, so the security level is greater than the one of conventional systems. RFID Radio Frequency IDentification is an automated data collection technology, which use radio communication for data transfer between two entities: a reader and a mobile entity that must be identified. The mobile entity is known as a RFID tag. This tag has two sections: one for radio communication and a memory used for storing data and custom fields. There are mainly two categories of RFID tags: active and passive tags. The active tags are writeable and readable and have an internal power source (a battery), so the lifetime of an active tag is limited. The passive tags obtain the energy from the magnetic field of the reader. These types of tags are smaller, cheaper and could be used an unlimited time. In this paper we
will discuss only the passive RFID tags. The functionality of RFID passive tags is very simple. When a tag is in the nearby of a reader, it detects the radio signals generated by the reader and starts to transmit the data stored in the memory. The radio signal generated by the reader offers the power needed to function and the synchronization data for communication between the two entities. The cards used in this system are passive tags and works on 13,56 MHz (High Frequency), having the reading distance between 1 and 3 meters. The tag has a writeonce read-many memory of about 1 KB, which could be programmed only when the card is issued to the user and could be read by any compatible reader. The system is based on the analysis of the fingerprint, the encryption of the template and the storage in the memory of the RFID card. When a person wants to use the system he must place the RFID card in the nearby of the reader, then the system reads the data on the card and asks the user to put the finger on the fingerprint sensor. The fingerprint reader scan the finger of the user and then a template is created in real time. After that the generated template is compared with the one stored in the card s memory. If the templates match, the comparison score is better than a threshold value, then the person is identified and has access granted. The RFID card could store not only the fingerprint templates, but other information such as permitted or restricted operation codes, zone codes where the user has access, the expiration date of the card. Each fingerprint access controller with integrated RFID reader has an internal memory where is stored an event log. This log contains every system event such as: successful user identification, failed user authentication, modifications of system s configuration, user enrollment, user account removal. The event log could be downloaded via RS232/485 or Ethernet (RJ45) interface. The RS485 serial interface could connect up to 127 devices to create a local network. The Ethernet interface uses TCP/IP protocol, so there could be created a distributed time & attendance system with devices connected via VPN or Internet. The system architecture is presented in the figures below. Figure 1 System architecture for a single location
Figure 2 The architecture of a distributed system Any access way door - has a fingerprint access controller with an integrated RFID card reader. When a user wants to enter or exit a building or a zone of a building he must authenticate using the card, issued by the system administrator, and the fingerprint. The access controller is a complex device. It could recognize a person in a time smaller than 1 second. False acceptation rate (FAR number of unauthorized users that may be recognized by error as an authorized user) is under 0.05%. The device has both serial and Ethernet interfaces for data communications and connectors for relay outputs, alarms or buzzers. The device could log up to 70000 events. The device could be configured remotely, using special software, or locally using the keyboard and the menu on this equipment. Figure 3 The fingerprint access controller with integrated RFID card reader
Using the event log and appropriate software we created a powerful time & attendance system. The solution described in this paper is an efficient and discrete way of monitoring the work time for each employee in a company, providing the statistics needed for evaluation of each person performances. The event log has the following format: <USER_ID> <DATE> <TIME> <EVENT_CODE> USER_ID is a 8 character numeric unique user identifier DATE is the date stored in YYYY/MM/DD format TIME is the time when the event happened in HH:MM:SS format EVENT_CODE has one character that encodes the event. Examples: A The user was identified C The user was not identified K The system configuration was modified A sample record from the log is: 00001234 2008/05/17 08:55:23 A The event log is imported in the MySQL database tables. The database has three tables: employee_data, which stores the employee personal data and realize the logical connection between them and USER_ID, from the event log; time_attendence_table, stores the data about the time the enrolled employee comes to or leaves the building. It is the table that contains the data necessary for computing the working time and eventually the salary for each employee. This table is archived at a preconfigured time interval, default 6 months. sys_user_data, stores the usernames, the passwords and the rights assigned for every person that uses the reporting software. The users may have different ranks such as: system administrators, operators or simple statistics viewers. The privileges are assigned corresponding to the company s hierarchy. The statistics software is a web application written in PHP. The application runs on any web server that is PHP enabled, and the statistics are available wherever in the world, where an Internet connection is present. The interface is user-friendly and the system can be used by any inexperienced user. The software has three modules: one for employee data management, another for system user data administration and one for statistics. Figure 4 Web application s interface
Employee s data management module is used for creating, removing and modifying employee profiles. The system operator should introduce personal data, information about the workplace (including the hierarchy in the company) and the working time schedule for each employee. This module is used for issuing RFID cards for each employee. All the data is introduced using forms generated dynamically by PHP scripts. System s user data management module is used for creating, removing and modifying user accounts. Each user account has some privileges corresponding to the hierarchy of the company, so a department manager can view the statistics only for his subordinates. Using this module the system administrator could define the operating rights for each user and even can delegate administrative privileges. The statistics module is user-friendly. It generates the presence reports in table or graphic format. The reports can be exported in PDF (Portable Document Format) or XLS (Microsoft Excel proprietary file) format, and the graphs can be saved in JPEG (Joint Photographic Experts Group) or PNG (Portable Network Graphics). The statistics are generated in real-time so the human resources personnel can view who is at work, who and when entered or left the building. Figure 5 The statistics module Report in table format Figure 6 The statistics module Graph report
The statistics module could generate the following reports: presence for current day; the number of hours worked by each employee; the list with present employees; the list with absent employees; the list of employees that are on holidays. The modern hardware and software technologies are used to build this complex distributed biometric time & attendance system. The fingerprint access controller with integrated RFID reader is a smart devices and could send all the log data using the TCP/IP network interface, making possible the usage of the systems in LAN, WAN environments and either in Internet. Biometric techniques seem to be the next step in order to improve the security of a wide range of applications related to identification, verification and recognition of persons, from commercial to law enforcement and criminal investigation. The software is modular by design, giving the possibility to customize the solution at costumer request. The solution could be deployed in small companies, with only one headquarter, or even in large corporations with headquarters in different countries connected by VPN or Internet. The reports are available anywhere in the world, using a simple web browser. Reliable person identification is becoming a necessity. There cannot be found any substitute to biometrics for effective person identification, reason why biometrics represents a must for any system based on identity management. Having the biometric data on a RFID card represent a step forward, because the number of users for this kind of system is unlimited, and the user is not linked with a device. References [D1] M. J. Donahue, S. I. Rokhlin, On the Use of Level Curves in Image Analysis, Image Understanding, Vol. 57, p 652-655, 1992. [F1] Klaus Finkenzeller, Rachel Waddington, RFID Handbook: Fundamentals And Applications In Contactless Smart Cards And Identification 2nd Edition, Wiley, 2003 [H1] D. Henrici, P. Muller. Hash-based enhancement of location privacy for radiofrequency identification devices using varying identifiers. Workshop on Pervasive Computing and Communications Security PerSec 2004, pp. 149 153, IEEE, 2004. [J1] L.C. Jain, U. Halici, I. Hayashi, S.B. Lee, S. Tsutsui, Intelligent biometric techniques in fingerprint and face recognition, 1999, The CRC Press. [L1] Lin Hong, Automatic Personal Identification Using Fingerprints, Ph.D. Thesis, 1998. [M1] Maio D, Maltoni D., Direct gray-scale minutiae detection in fingerprints, IEEE Transactions on Pattern Analysis and Machine Intelligence, 19(1), p.27-40, 1997. [M2] Maltoni, D., Dario, M., Jain. A., Handbook of Fingerprint Recognition, Springer, 2003 [M3] Mansfield A. J, Wayman J. L., Best Practices in Testing and Reporting Performance of Biometric Devices, NPL Report, version 2.01, 2002 [R1] N. Ratha, S. Chen, A.K. Jain, Adaptive Flow Orientation Based Feature Extraction in Fingerprint Images, Pattern Recognition, Vol. 28, p. 1657-1672, November 1995. [X1] ISO/IEC 18000. Automatic identification radio frequency identification for item management communications and interfaces. http://www.iso.org. [Z1] Wu Zhili, Fingerprint Recognition, 2002, www.comp.hkbu.edu.hk/ /~vincent/hp/fingerprintrecognition.doc