First, in the past decade, the bank's informationization has made considerable progress. Computerized, networked, and intelligentized banking services have been significantly improved. Technology applications have evolved from stand-alone processing to network systems, and have grown from regional concentration to national concentration. Information construction has significantly improved the bank's service function to the society and improved the bank's management level and competitiveness. However, with the deepening of dependence on information systems by banks' business and management work, and the development of new financial services such as online banking, the security of information systems has become increasingly prominent, and the task of strengthening information system security has become more and more important. The more urgent. In recent years, crimes involving bank-related internal crimes, fraudulent fraud after the issuance of bank cards (cards), and online bank fraud have occurred from time to time. In this series of financial cases, some use the bank information system user identity authentication to identify only the credentials and password defects. Therefore, "identity authentication" has become an important part of the security application of the bank's IT system. The authenticity of the identity authentication in the bank IT system must rely on advanced technical means to achieve.
Current human biometric identification technologies include iris, retina, fingerprint, palm print, face, sound, handwriting dynamics, etc., from May to October 2001, CESG (Communications Electronics)
The Security Group commissioned the National Physical Laboratory (NPL) in the United Kingdom to analyze and compare the above-mentioned human biometric identification technologies through extensive experimental research and to publish in the experimental results: iris recognition is “the most accurate†and “handlingâ€. The fastest and hardest to fake. Therefore, if iris recognition technology is widely used in bank IT systems, it will greatly improve the security and reliability of banking IT systems, reduce the possibility of bank crimes through identity fraud, and reduce the existing and potential in banking IT systems. Security vulnerabilities and risks.
Second, iris identity authentication technology introduced
(A) What is the iris
The iris is a ring of tissue between the pupil of the human eye and the white of the eye. It is the visible part of the human eye. It is the most reliable human life identification. See picture:
(II) Characteristics of iris as a basis for identity authentication
The uniqueness and stability of the human iris tissue are the highest, the irreversibility and the strongest anti-deception are the most ideal basis for identity authentication. (See the table below)
The uniqueness is determined by the complexity of the iris formation. Iris twins have different iris texture information, and the same person has different iris textures for the left and right eyes
High stability iris texture has been formed at the 7th month of the fetus. Life is unchanged after 6-18 months of birth. It does not change with age, occupation, or lifestyle. It is not contaminated. It will not wear out. It does not change texture due to disease. structure
Strong anti-deception can not artificially imitate or artificially imitate other people's iris tissue, use cloning technology can not be copied. The iris does not leave any traces, and it does not lead to illegal acquisition of characteristic signals due to residual traces
Highly collectable irises have a visible shape and can collect information from a certain distance without the user touching the device
(III) Iris recognition technology
The iris recognition technology includes iris image acquisition, iris detection, living iris discrimination, iris image quality assessment, iris region location, iris image normalization, iris image enhancement, iris image feature expression and extraction, and iris feature matching. .
Iris image acquisition and image preprocessing are the first step in recognition and are the most difficult and critical steps. Must be able to deal with the iris eyes of the special eye type of yellow people, mainly: small degree of eyelashes, drooping eyelashes, blocking the effective area of ​​the iris; small texture of the iris, unlike the texture of the Caucasians; little color difference between pupils and irises, unclear boundaries In grayscale images, the iris and sclera boundaries may also be less pronounced. At the same time, consider the effects of various glasses on the image.
The main purpose of feature extraction is to extract the iris code through a certain texture analysis method. This algorithm must be adaptable to the acquired image size, rotation, translation, lighting and other factors. At the same time, the iris recognition technology requires a small amount of computation and can be run in a microprocessor chip.
The iris code comparison and matching need to compare and match the extracted iris code with the previously acquired iris code to determine the identity of the user. Of course, the calculation of the algorithm of the iris code comparison is also required to be small in order to facilitate the later process of the comparison to be implanted in the IC card chip.
(d) Comparison of iris identification technology with other biometric authentication technologies
Biometric Identification Technology: A technology that uses human biometrics to identify and authenticate. It is based on two basic characteristics: "Each person's biological characteristics are not the same" and "Biometrics are measurable or automatically recognizable and verifiable." Human biological characteristics include physiological characteristics or behavioral patterns. Physiological features include hand shape, fingerprint, face shape, iris, retina, pulse, and auricle. Behavior features include signature, voice, and key intensity. Compared with human characteristics such as face, fingerprint, and sound, human biological iris identification has the following unparalleled advantages:
Biometric uniqueness stability immutability high reliability identity discrimination
The highest and highest iris (can not be transplanted) The highest can be
Fingerprint and palmprint are higher (easy to wear and tear) Higher (can be transplanted by surgery, or make fake fingerprints) Higher is not possible
Lower sounds lower (changes with age, physical condition, time, etc.) Lower (can be recorded) Lower not possible
Handbook signature is lower (can be imitated) Lower not possible
Lower face (change through makeup and plastic surgery)
III. Application of Iris Authentication Technology in Banks
With the continuous development of iris identity authentication technology and the continuous reduction of technology application costs, the security requirements of banking IT systems have been continuously strengthened. Iris authentication technology has a wide range of application prospects in various application systems of banks. The application of iris identity authentication technology in banks is mainly as follows:
(I) Application in Bank Security Protection System
The bank’s business outlets, vaults, and safes are all key units for theft prevention. The central computer room and accounting archives within the bank are also important places for strict control of access. The various rules and regulations of the bank require that such places must be compliant with regulations, and they must be authorized and registered before entering. However, no matter how strict the regulations are and how safe passages are designed, security doors are opened with keys or IC cards, etc. These things are easily stolen, borrowed, lost, and counterfeited, causing certain security risks. The use of iris recognition technology is an effective solution to this problem.
(1) System composition
Iris recognition access control system consists of iris image collector, iris processor, server, access controller and other components.
(2) System topology,
(3) Function Introduction
The system can extract human iris information and identify identities accordingly, achieving access control functions. Users can use log files such as user operations, administrator operations, and alarms to perform point management for users.
(II) The operator's identity authentication of the bank's internal management system and business system
Account verification, entry, exit, and business authorization of the bank's internal accounting services, credit services, and auditing systems all need to verify the identity of the operator. The business authorization of the integrated business system is the first line of defense against front-office personnel's operational risks. The front desk personnel of banks are under intense work pressure. They need to develop their businesses and control risks. Some network managers often ignore the control of risks in order to strengthen their business development, devolving their business delegation responsibilities, and putting operator numbers, passwords, and operation cards. Handed over to the general operator, causing some blind areas for operational risk control. Bank management systems such as ERP systems, CRM systems, information management systems, process management systems, and mobile office systems also need to verify the identity of operators. The management system in the bank will not have a lot of operational risks, but these systems contain a lot of customer information, business information and so on. All of this information belongs to trade secrets, and the operator can only refer to the information within his own authority. Many of the management systems in the industry adopt the B/S structure model. The B/S structure brings convenience to the system access, and it also brings uncontrollability to access control. As long as you know the operator's number and password, you can access other people's information resources, causing security risks of information leakage.
The iris identity authentication technology can solve the authentication problem of the bank's internal management system and business system operators. After centrally registering and manually registering iris information at all levels of banking operations, the iris identity authentication mechanism replaces the existing verification mode of "Tcardholders", operator numbers, and passwords to effectively curb the use of disguised identities, misappropriation of passwords, and illegal authorization. Manipulate the behavior of IT systems in a manner that enables truly reliable operator identification.
Application architecture:
(III) Application of Bank Customer Trading System
You don't need to bring your passbook or card to the bank to handle business, you don't need to bring cash and bank cards to buy things at the supermarket, and you don't need to use passwords to get money at ATMs. These things seem to be far away from us and you have an iris After the authentication technology, it has become far away.
In fact, the passbooks and bank cards used in the banking business are for the purpose of identifying the identity of the customer. The identity card and password are used to confirm the identity of the customer. Both of these features can be achieved with iris authentication. The traditional identity authentication methods for bank cards, ID cards and passwords have certain security risks. For example, bank cards are stolen, lost, copied, forged, and passwords are guessed, peeked, defrauded, intercepted, or even duress duress. The use of iris authentication technology can circumvent the above risks. Because the human iris has high reliability and uniqueness, the possibility of being counterfeited is zero, so that the legitimate unique identity of the legitimate customer can be ensured.
There are two specific implementation methods. One is to rely on iris identity authentication technology for identity identification and identity verification, and the other is authentication method that combines iris identity authentication technology with bank IC technology.
1, rely solely on iris identity authentication technology for identity identification and identity confirmation is the iris code that is the bank card number and use it as a transaction password. The client must sign a contract with the bank and reserve the iris information and bank card number, and establish the relationship between the iris information and the bank card number. Customers can withdraw money from ATMs, buy things in the supermarket, and trade with their eyes. The iris acquisition device on the ATM or supermarket special POS machines collects the iris information of the cardholder and extracts the iris code; after the iris code is processed by encryption Send the background iris authentication processing server; The iris identity authentication processing server decrypts the iris code and matches the client reserved iris code in the database, identifies the client's identity; finds the client's corresponding bank card number; sends the transaction to the core business system to complete the transaction .
Since the identification of the identity of the client and the identification of the identity depend on the iris code in this way, the iris code extraction algorithm and the matching algorithm must have a very small repetition rate, otherwise there will be an issue where the iris code matches two clients in the background. Because the matching of the iris code has a certain amount of computation, this application is not suitable for a large-volume system, otherwise the matching process will be very slow; the iris code is uniformly stored in the bank's background iris authentication processing server, and the iris code is in the network. The transmission must be encrypted during transmission, and the storage of the iris code in the background must also be stored in ciphertext to ensure the security and privacy of the client's iris code.
2. The authentication method combining iris identity authentication technology and bank IC technology can be said to be the safest and most accurate authentication method. The bank client's iris code information is stored in the IC card chip. When the cardholder conducts financial transactions in ATM machines, POS machines, bank counters, etc., the iris acquisition equipment collects the cardholder's iris information and extracts the iris code, and sends the iris code to the IC card, which is better than the IC card. Consistency of information, to identify and verify cardholder identity. Iris information is not stored in the background of the bank and is not transmitted between systems and networks. Only the IC card cannot be read. The comparison of iris codes is completed in the IC card, which ensures the security and privacy of the iris information. At the same time, the bank backstage does not need to save a large number of customers' iris information and does not need to compare the iris information in the background, which reduces the back-office security management pressure and improves the transaction speed. At the same time, the IC card can also give electronic signatures during the transaction, so that the security of the transaction is more secure.
Fourth, the application of iris authentication technology in the bank
From a technical point of view, the most important thing that the iris authentication technology needs to solve is the issue of universality and stability. The bank has hundreds of millions of customers. Therefore, the use of people is very broad in terms of individual differences in occupation, ethnicity, and age. An identity authentication technology based on human biometrics is necessary to be competent in the business of such a large customer base. One is that it must have a fairly complete universality. This is a very real problem, because people of different races, nationalities, ages, genders, and living conditions have a great difference in the individual physiology of the iris, and there are a large number of people wearing glasses. This requires the iris recognition algorithm and optical technology, etc. The aspect has the widest universality. In addition, there are gaps in the ability of people of different occupations and cultures to accept and use iris recognition equipment. Therefore, how to maximize the acquisition process automation, intelligence, and fooling is also placed before all manufacturers of iris recognition products. One of the most important real issues.
The iris authentication technology has had some successful cases in the application of bank security system and internal management. However, truly replacing the traditional password method with the iris identity authentication technology in the customer trading system also involves several factors other than technology. (1) National policies, laws and regulations, and other factors, iris technology must be recognized by the relevant national departments of laws and regulations, certification and support, while the formation of iris recognition technology, national standards, industry standards and product standards. (2) The degree of user acceptance of iris recognition is also an important factor. The acceptance of new technologies by customers directly affects the application effects of new technologies. The promotion and application of iris technology must be continuously strengthened so that more people can understand and have experience with this new technology. (3) Due to the human biological characteristics used by this technology, personal privacy issues will be involved. Technological means and legislative means must be used to provide appropriate protection for privacy issues. However, we may wish to make a bold assumption here, because from the current situation that developed countries in the West have successively enacted identification documents based on biometric technology, the widespread application of biometrics in the banking field is only a matter of time.