Summary of the impact

Between 2003-2008 our research into an efficient multifactor-multimodal biometric authentication method for smartcards enabled Ecebs (http://www.ecebs.com/), a small-to-medium enterprise company specialising in smartcard software solutions to increase their patent portfolio, widen its product and service offering, improve their competitive position and create new business opportunities. In 2007 Ecebs was acquired by Trainline Investment Holdings Ltd (today known as The Trainline.com), and subsequently in 2012 by Bell ID, a global provider of smartcard/contactless/mobile solutions.

Underpinning research

In 2003, there was a trend toward basing identity checks on "something you are" (eg biometrics of fingerprints) rather than "something you know" (eg pin numbers). However the biometric solutions deployed caused concerns both from having known security vulnerabilities and because the principal method used for storing biometric characteristics could result in the release of data into third-party systems that could lead to identity theft and civil liberty infringements. Consequently, there was a significant commercial opportunity for new products or techniques that were capable of both storing biometric profiles and performing the authentication (matching) process without any critical disclosure.

Our research began by establishing the functionality and capabilities of biometrics against emerging security attack scenarios, and proposed the development of a solution which could address both potential attack vectors and user concerns around data protection, by porting responsibility for the storage and matching to a smartcard, enabling a user to maintain control. However, a challenge was to establish a real-time secure solution which had acceptable level of performance given the practical constraints of smartcard technologies (ie low computational power, a restricted instruction set and limited code capacity --- smartcards then typically only had 16-bit 24mhz reduced instruction set microprocessors with 8kb ram and up to 1mb of memory). We developed a novel, reliable and convenient approach to user authentication that was multifactor (ie "something you are" and "something you have") and multimodal (it used multiple representations and matching algorithms for the same biometric indicator).

Using fingerprints as an exemplar we presented a representation/encoding scheme based on the their characteristics' relative spatial relationships rather than the normal practice of using global position coordinates and orientation[1], thus overcoming the requirement for template alignment that was impractical given the reduced instruction set and addressed the challenges of fingerprint displacement, rotation, and deformation. We drew upon feed-forward concepts from control theory to establish a disturbance rejection method capable of differentiating between equivalent and extraneous data based on macroscopic ridge curvature characteristics. This addressed practical system limitations by reducing the effects of measurable disturbances, yielding a significant reduction in the amount of computation enabling a real-time matching assessment[2].

The algorithm demonstrated excellent levels of matching accuracy (acceptance rates of 94.5%, 91.6% and 86.6% for false acceptance rate less than 1%, 0.1% and when no false matches occurred) and satisfied real-time response requirements (the implementation of disturbance rejection resulted in a computational reduction of ~84% giving a decision in under three seconds, a time-frame compatible with interactive usage).

Two patent applications with Ecebs emerged and facilitated standards compliance, giving Ecebs a strong competitive advantage. The first patent application [P1] was for the inventions of [1] and [2]. The second related to the extension of biometrics beyond traditional identity authentication to develop a real-time method of establishing levels of intoxication (with applications in health and safety) through the measurement of natural human reactions (eg pupillary light reflexes).

References to the research

P1 M. Govan, "Hybrid Biometric Systems", European patent pending. Filed: 13 July 2007. Latest renewal: 10 July 2013. Web: https://register.epo.org/application?number=EP07766223. (NB This patent was originally defined as "Feedback in Biometric Systems" but was redefined and archived within the patent family.)

P2 European patent application. Filed: 22 June 2006, though not continued Web:
https://register.epo.org/application?number=EP06755595

Funding

F1. T. Buggy (PI), M. Govan (RA), TSB Knowledge Transfer Partnership on "Enhanced Security Mechanisms to protect the data held on smartcards", Jan 2003 — Aug 2005. Worth £67,120.
(http://info.ktponline.org.uk/action/details/partnership.aspx?id=5919)

F2. M. Govan (RF), GCU-Ecebs Research Fellowship on "Biometric Embedded Solutions". Ecebs contribution of £34,000 x 3 = £102,000 from 2005 to 2008.

Details of the impact

In 2003, Ecebs was an advanced software technology small-to-medium enterprise company with fewer than 20 employees that specialised in smartcard software development and solutions. It created rapid development technology that could be deployed across an all encompassing range of smartcard applications (including payment, ticketing, contactless systems, authentication, and healthcare), which were exploited within a variety of organisations, ranging from large blue chip companies and government departments to specialist firms.

The impact of our work for Ecebs included [S3]:

• a significant improvement in the company's competitive position [S1,S2] in this domain and creating new business opportunities.
• a revitalised and broadened product (and patent) portfolio developed from a much greater appreciation of the strengths and weaknesses of techniques and technologies deployed in biometric systems (e.g., hardware constraints, data representations, algorithms; applicable standards) together with the emerging security attack scenarios.
• sharper more focused branding and marketing borne out of greater visibility in the market place as an originator of biometric solutions rather than a value added reseller
• a much stronger understanding of the external competitive and technological environment and in particular the strengths and weaknesses of competitor product offerings
• a comprehensive set of product development and technology learning resources that were used to increase the expertise and develop new and existing staff
• a understanding of other opportunities in the area of biometrics and software development, allowing the company to build on further innovative product concepts (eg the utilisation of biometric profiles beyond the traditional identity authentication applications).

In 2007 Ecebs was acquired for £18.7m by Trainline Investment Holdings Ltd (today known as TheTrainline.com)[S4], an online rail ticket service provider, and in 2012 sold on to Bell ID (2012), a global provider of smart card/contactless/mobile solutions for an undisclosed sum[S5]. On purchase Bell ID noted that "Ecebs' solutions are used extensively throughout the UK and are now reaching international markets."[S6]. Both acquisitions included Ecebs' employees, products, and intellectual property.

Ecebs continue to trade and are still pursuing identity authentication products and services based on using the 'Feedback in Biometrics' series of applications for identity authentication [S3], but have now dropped the 'Secure Pupil Response Testing' applications " given the (strategic) direction (they) are heading" [S3].

Beyond the impact for Ecebs our work [1,2] is cited in two books that are widely used by both practitioners and educators as comprehensive reference sources within the field: The Handbook of Fingerprint Recognition (cited in Chapter entitled "Securing Fingerprint Systems" Springer, 2009) and Pattern Recognition, Machine Intelligence and Biometrics (cited in Chapter entitled "Fingerprint Identification — Ideas, Influences, and Trends of New Age", Springer, 2011).

Our work in [P1] has been cited in the search report for the patent application entitled "Logo or Image Recognition" by Yahoo Inc. (2011) [S7].

Sources to corroborate the impact

This section should list sufficient sources that could, if audited, corroborate key claims made about the impact of the unit's research.

S1 KTP Final Report

S2 KTP Case Study — http://www.strath.ac.uk/Other/ktp/Casestudies/ktp-ecebs-low%20res.pdf

S3 Email from Stephen McSpadden, Solutions Manager and Russell McCullagh, Managing Director of Ecebs Oct/Nov 2013

S4 http://www.traverssmith.com/news-publications/press-releases/recommended-%C2%A3187m-takeover-of-advanced-smartcard-technologies-plc-by-trainline-investments-holdings-ltd/

S5 http://www.strata-partners.com/downloads/Thetrainline_Case_Study.pdf

S6 http://www.bellid.com/media1/news/196-bell-id-acquires-ecebs-ltd

S7 http://worldwide.espacenet.com/publicationDetails/citingDocuments?CC=US&NR=2010002915A1&KC=A1&FT=D

S8 Further email from Stephen McSpadden, Solutions Manager and Russell McCullagh, Managing Director of Ecebs Oct/Nov 2013