Intermediate objective of the project is the study of the security of the two techniques separately (polarization film and camera sensor) using commercial cell phone cameras and the development of a cell phone App and a database able to manage the identification system. The intermediate objective was largely achieved, and the ability to recognize a PUF consisting of a polarization pattern on a thin film applied to Iphone and Sumsung mobile phone cameras was experimentally verified. Also developed was the noise-based feature from the camera’s capture sensor that is embedded on the photos it captures. Furthermore, a first version of a smartphone App was created (AXIT s.r.l.) for connection to a control server for verifying camera authentication; the server has also been equipped with a database for the management and storage of the reference images.

In the second phase of the project, the polarization PUFs will be used in an integrated way with the electronic ones and their functioning will be verified.

APP – Design and operation

Each PUF, consequently for each user, is therefore associated with a unique fingerprint. Based on this assumption, the following protocol was defined for the acquisition and storage of the fingerprint.

During the configuration phase, a reference image must be saved. The image, following the pre-established protocol, must be taken on a blank screen of an LCD screen (monitor, TV, etc.) with the PUF applied to the camera. Once acquired correctly, this is sent, through the specific App (client), to the server which receives it through the corresponding specific application and saves it in the database (enrollment phase). This fingerprint will allow the system, during the subsequent verification phase, to compare the acquired images with the reference pattern, and, on the basis of the matching operation, establish whether or not the authentication is verified and therefore deny or grant the authentication towards the requested service: in the scenario envisaged by the AUTHENTIC project towards services oriented to the FinTech sector.

  • The user is notified of an authorization request via the App. It should be imagined, for example, that this authentication procedure is entered on the access front-end of a specific FinTech service.
  • Once the App has been opened, the user is asked to access his profile, via credentials or possibly via biometric recognition (fingerprint, FaceID).
  • At this point it is possible to read the details about the authentication request, and the user is asked to take a photo according to the pre-established methods (for example, in this case, a photo of a white screen on an LCD screen).
  • The acquired photo can either be replaced, with the possibility of taking a photo again, or saved and sent to the application server which provides storage in the database and launches the check operations.
  • The photo is processed and subjected to the authentication algorithm, which compares specific parameters relating to image quality and patterns present with the reference photo present in the database. If the photo satisfies the parameters and exceeds the pre-established threshold, the authorization is granted, otherwise it is denied and the user is given the possibility to repeat the acquisition (possibly by applying specific limitations to this functionality).