System architecture

We propose a hybrid fingerprint identification system, named HFIS, for HTTP-based (HFIS-HTTP) and TCP-based (HFIS-TCP) architectures. The proposed HFIS consists of the PC-based Client or Embedded-based Client as access control devices and the backend servers include the Fingerprint Server, Database Server, TCP/IP Server and Web Server. HFIS-HTTP is an FIS with features transferred by using the HTTP protocol for the browser/server model.

It is suited for Internet-based environments. HFIS-TCP is an FIS with features transferred by using the TCP protocol for intranet applications. TCP-based proprietary protocols have been designed for higher security between Embedded-based Client and TCP/IP Server. They are very suited for Intranet-based environments. Figure 9 illustrates the system architecture of our proposed HFIS.

Figure 9. Proposed HFIS system architecture.

3.1.1 Fingerprint Server

Fingerprint Server is the critical part of the proposed HFIS. Its system architecture is shown in Figure 10. The application of fingerprint identification is developed by C language and running on an Ubuntu Linux with Intel Xeon 2.0GHz CPU×4 and 4GB RAM. It is mainly in charge of the requests of fingerprint extraction and matching from TCP/IP Server and Web Server which means that two specific socket listeners on two different ports are necessary, say, port 80 for HTTP packets and port 1500 for TCP packets.

As to the capability of the server design, it handles all the incoming requests by multithread processes. The maximum concurrent threads allowed in a Linux operating system is 1024, but some are used for system itself. Therefore, when all the processes are occupied,

Fingerprint Server will reply an error message “Exceed the max concurrent” to the middleware in Web Server or TCP/IP Server. Fingerprint Server also involves in the cache design. When Fingerprint Server boots, all fingerprint features stored in the database will be written into the cache with user ID as index for matching, so that it can greatly reduce the data fetch time from database. By such a design, the matching speed can reach around 200,000 fingerprint features per second, and the maximum capacity of features in the cache is 500,000.

Figure 10. Fingerprint Server architecture.

3.1.2 Database Server

We adopt open source database MySQL (5.5.21) as Database Server in HFIS. TCP/IP Server and Web Server can access Database Server by JDBC (Java Data Base Connectivity) which is the Java API used for performing SQL command with regardless to the low level driver of database and the related accessing APIs.

Data stored in the database includes department information, entrance information, access log information, and user information such as user ID, user name, RFID, fingerprint data, and also the access authorization information. Besides, IT department can also create an

enterprise cloud space for internal resource access such as email system, on-line meeting, project status tracking, documentations sharing, and so on.

These applications are easy to use and very helpful to enhance the efficiency of enterprise management. In the meanwhile, because the industry properties protection is very important, using the fingerprint authentication to control the right of resource access and keeping access records for tracking can bring the higher security.

3.1.3 TCP/IP Server

TCP/IP Server developed by Java plays as a role of middle bridge among Embedded-based Client, Fingerprint Server and Database Server. It is always listening to the incoming messages on the specific port 1600 and responsible for data forwarding, flow control, and log management. It forwards all the request messages collected from Embedded-based Clients to Fingerprint Server and responds the execution result to the corresponding Embedded-based Client. Some of these execution results will be saved as the users’ access records in the database.

TCP/IP Server, Fingerprint Server and Embedded-based Client are formed as a 3-tier client/server model and the back and forth messages are packed as TCP packets. The data packet between TCP/IP Server and Fingerprint Server is also the TCP/IP format.

3.1.4 Web Server

The Web Server is established by Apache (2.4.1) with PHP (5.4) development for data forwarding, flow control, and log management. Just like the TCP/IP Server, it is the middle and transparent bridge between PC-based Clients and Fingerprint Server as a 3-tier structure.

It accepts the HTTP request messages from web browsers of PC-based Clients and forwards these requests to Fingerprint Server and replies the HTTP response messages back to clients.

3.1.5 Embedded-based Client

The Embedded-based Client we proposed is a lightweight fingerprint identification device (LwFD) which is developed based on ARM Cortex A8 SoC as the kernel chip with embedded 96 KB RAM, 256 KB flash and 802.3 MAC/PHY and the embedded Linux as the kernel system. The peripherals include the fingerprint reader, RFID reader, keypad and the LCD display. Figure 11 shows the hardware architecture of LwFD.

Figure 11. Hardware architecture of LwFD.

In contrast to PC-based Client, LwFD gets less computational power but much lower cost and lower power consumption. Beside the drivers of peripherals, the most important part of the kernel is the fingerprint algorithm porting. Fingerprint algorithm porting takes much computing power and large memory resources. The reason of fingerprint algorithm inside the Embedded-based Client is to extract the features from fingerprint images, but not for matching.

For double security mechanism, the feature can be transferred to server together with the RFID information [25] in encrypted format through TCP/IP protocols. The RFID is a secure

response time and also can be used as the backup solution for the situation of network failure.

It means that depending on the users’ access authorization, the RFID information of some group of users or all users should be stored in the embedded flash memory of the particular Embedded-based Client for the situation of network failure.

3.1.6 PC-based Client

With the HTTP protocols, the PC-based Client can be various platforms, such as Windows, Linux, iOS and Android on PC, laptop, tablet and even the smart phone. All these platforms connect to Web Server as the browser/server architecture. Each client can easily execute the web browser to access the web services provided by the Web Server. Figure 12 illustrates the Windows application design for PC-based Client.

Fingerprint Reader

USB

Fingerprint Reader SDK Fingerprint Algorithm

(Extraction) OCX Object

HTTP

System Application (Web Browser) Web Server

PC-based Client

Figure 12. Windows application design for PC-based Client.