Introduction to PalmSecure SDK V02

November, 2016
FUJITSU Ltd.

FUJITSU CONFIDENTIAL
PalmSecure SDK V02
 Contents of PalmSecure SDK V02
 System Overview
 Professional Edition (PE) / Enterprise Edition (EE)
 Development summary by SDK V02 PalmSecure
 PalmSecure Product (Reference)
 SDK Support Web
 Introduction for U-Guide

FUJITSU CONFIDENTIAL 1 Copyright 2015 FUJITSU LIMITED

Contents of PalmSecure SDK V02
 Contents inside the SDK package

<Contents>

PalmSecure Hand guide

Sensor

USB License
interface Agreement
cable Sheet
etc
FUJITSU CONFIDENTIAL 2 Copyright 2016 FUJITSU LIMITED
Contents of PalmSecure SDK V02
 The following SWs can be downloaded from the SDK
Web Site.

Downloadable Contents
Authentication Library

Sensor Driver

Sample Interface

Sample Application

Various Supporting Tools

etc
<SDK Support Web>

FUJITSU CONFIDENTIAL 3 Copyright 2016 FUJITSU LIMITED

Contents of PalmSecure SDK V02
Software
Authentication Library
 A library form program that enables you to enroll/authenticate users with palm vein data
 Used for developing applications for Windows or Linux.
 There are 2 types of libraries, Professional Edition (PE) and Enterprise Edition (EE).
 PE: Allows you to enroll, capture, verify and identify palm vein data on a client.
 EE: Allows you to verify and identify palm vein data in multi-thread on a server.

Sensor Driver
 Interface between the USB driver and the authentication library and there are 3 types:
 Conventional Sensor Driver (Windows Version): for PalmSecure sensor (EOL)
 Sensor Driver for Extended Function (Windows Version): for PalmSecure sensor V2
 Sensor Driver for Extended Function (Linux Version): for PalmSecure sensor V2

Sample Interface/Sample Application

 Provided in below environment
 for Microsoft .NET Framework (app development using VB.NET or C#)
 for Java (app development using Java)

FUJITSU CONFIDENTIAL 4 Copyright 2015 FUJITSU LIMITED

Contents of PalmSecure SDK V02
Manuals
System Development Guide
 Provides an overview of the SDK and describes points of concern in development.

Authentication Library Reference Guide

 Describes the interface between the Palm Vein Authentication Library and applications.

Hardware Drawings
 Contains externals size of the hardware such as sensor and the drawing concerning the
installation of sensors.

Sensor Instruction Manual

 Describes how to handle the sensor.

FUJITSU CONFIDENTIAL 5 Copyright 2016 FUJITSU LIMITED

PalmSecure SDK V02
 Contents of PalmSecure SDK V02
 System Overview
 Professional Edition (PE) / Enterprise Edition (EE)
 Development summary by SDK V02 PalmSecure
 PalmSecure Product (Reference)
 SDK Support Web
 Introduction for U-Guide

FUJITSU CONFIDENTIAL 6 Copyright 2015 FUJITSU LIMITED

System Overview (System Configuration)
Standalone Client-Server
<Client> <Client> <Server>

Standalone template Client Server template

DB DB
Application Application Application

V33 Lib (*PE) V33 Lib (*PE) V33 Lib(**EE)

Client OS Client OS Server OS

PalmSecure PalmSecure
Sensor Sensor

• 1 to N identification (1 to 5,000) • 1 to N identification (1 to 10,000)

• NO multi-threading function • multi-threading function
• Client OS is limited to :Win 7SP1/8.1/ • Server OS for server is limited to: Win 2008 R2/2012/ 2012
10(x86, x64) or Linux (kernel 2.6.32 or R2(x64) or Linux (kernel 2.6.32 or later: x64 only)
later: x64 only)

FUJITSU CONFIDENTIAL 7 Copyright 2016 FUJITSU LIMITED

Standalone System Architecture
 Standalone Configuration
Customer’s Application
Data Storage
DB
Files
5 Enrollment
SDK Functions
Enrollment Procedure
1: request for enrollment
2: capture palm vein data
3: convert to template
4: send template
5: save template to storage
FUJITSU CONFIDENTIAL
login to a system,
Business Functions open a door, time &
attendance, etc.
Execute
Business
Business Application Operations
1 control
guidance
Authentication screen
4 1 2 6
Bio-API Authentication Procedure
1: acquire template
3 Enrollment Authentication 4 5 2: request for authentication
3: capture palm vein data
Authentication Lib (PE) 4: convert to template
5: authentication
Sensor Driver 6: send result
PalmSecure Sensor
2 3
8 Copyright 2016 FUJITSU LIMITED
Client/Server System Architecture
◆ Client/Server Configuration

<Client> login to a system,

Business Functions open a door, time &
Execute attendance, etc. <Server>
control Business
guidance
screen
Operations Data Storage
Business Application (client) Business Application (server)

Enrollment 4 Enrollment 5 DB

7
Authentication Authentication 5 Files
1 4 4
Bio-API 1 4 7Bio-API

Enrollment 3 Authentication 3 6 Authentication

Authentication Lib (PE) Authentication Lib (EE)

Sensor Driver Enrollment Procedure Authentication Procedure

1: request for enrollment 1: request for authentication
PalmSecure Sensor
2 2: capture palm vein data 2: capture palm vein data
2
3: convert to template 3: convert to template
4: send template 4: send template
5: save template to storage 5: acquire template
6: authentication
7: send result
FUJITSU CONFIDENTIAL 9 Copyright 2016 FUJITSU LIMITED
System Overview (Development Requirements)
Serial number FAT13S1C02
PC CPU Client: Intel® Core™ 2 Duo 2.40GHz or more
Server: Intel® Core™ 2 Duo multi-core at 2.40GHz or more
NOTE: requires SSE3/SSSE3
Memory Client: x86 version = 1GB or more
x64 version = 2GB or more
Server : 2GB or more
USB USB2.0 (Must be able to provide 500mA current to the Sensor.)
HDD Space : 231MB or more (Client) and 222MB or more (Server)
OS Windows® (Client side) - Windows 7 SP1 Professional (x86 and x64)
- Windows 8.1 Pro Update (x86 and x64)
- Windows 10 Pro (x86 and x64)
Windows® (Server side) - Windows Server 2008 R2 SP1 Standard (x64)
*1 - Windows Server 2012 Standard (x64)
- Windows Server 2012 R2 Update Standard (x64)
NOTE: The sensor connection to the server is not supported.
Linux (Client/Server) kernel 2.6.32 or later (x64)
Development languages C/C++ (recommended), Java, VB.NET, C#

*1 The installable authentication library in the server side is only limited to Enterprise Edition. Enterprise Edition is an optional product and require for
additional cost. Moreover, Enterprise Edition cannot be installed in the client side.

FUJITSU CONFIDENTIAL 10 Copyright 2015 FUJITSU LIMITED

Authentication Method
1 to 1 (Verification)
 Compare the captured palm vein data with the specified palm vein template. (using a
second factor to specify a single template)

1 to N (Identification)
 Search the template database that is similar to the captured palm vein data. (N must be
under 5,000 in a standalone configuration or under 10,000 in a client/server configuration)

Method usability speed accuracy

1 to 1
Need a second factor Fast High
(verification)
1 to N Slowdown as the N Decrease as N
Only using palm
(identification) increases increases

＜認証時間の目安（参考値）＞
・ 1：1認証 約1秒
・ 1：N認証 約2～3秒 ※N＝1000手の場合
※上記時間は保証値ではありません。動作環境や運用方法、各種設定等で異なります。

FUJITSU CONFIDENTIAL 11 Copyright 2016 FUJITSU LIMITED

Large Scale 1 to N Identification
 In cases when the N exceeds 5,000 (or 10,000)
Second Factor Palm Vein
(date of birth, phone number,
organization code, etc.)
+ (left or right palm)

Date of birth 19561003 19861203 20010203 19770304 19990301 20020606

Whole
palm vein
database Palm
vein data
...
Narrow down by entering 20010203
Palm, vein Identify based on
data with extracted database
the ID
20010203
...

 The second factor needs to be chosen to narrow down the database to be below 5,000 (in a
standalone configuration) or 10,000 (client/server configuration)
 １：N認証での運用を検討される場合、【付録】1:1認証（照合）と1:N認証（識別）を合わ
せてご参照ください。

FUJITSU CONFIDENTIAL 12 Copyright 2016 FUJITSU LIMITED

Formant of Palm Vein Template
The new i33 format has been introduced from Authentication Library
V33 aside from the traditional i format. For new customers, we
recommend the i33 format.
Authentication 1 to N Authentication
Mode Template size
accuracy identification speed
Template size will increase FRR: 1.00%(no retry) Standalone: 5,000 It will take more time
due to capturing palm vein FAR: 0.00001% Client/Server due to processing
i33 data in higher resolution. (capturing twice) 10,000 higher resolution
palm vein data.
format -Enrollment: about 15KB
-Authentication: about
8KB
-Enrollment: about 3KB FRR: 1.00%(no retry) Both Standalone & It is faster than i33
-Authentication: about FAR：0.00008% Client/Server: 1,000 format.
4KB (capturing once/non-
i format compressed)

Same as using Authentication Library V32

FRR: False Rejection Rate

FAR: False Acceptance Rate
FUJITSU CONFIDENTIAL 13 Copyright 2016 FUJITSU LIMITED
PalmSecure Licenses Lineup
PE Developer license Development Environment
• Developer license to start the
application development (depended
to installed client) PE PE PE
• 10 licenses are included in the SDK. (Development) (Development)
・・・ (Development)

PE Distribution License
Distribution license for the 1st client
• 1 license is included in the SDK

Production Environment
PE Additional License
• Additional license for the 2nd client
*in case the authentication is done
onwards (need to purchase *EE at the server side
adequate number according to
deployment)
• Not included in the SDK

EE License
• Need to purchase when performing PE PE PE PE
the authentication at the server side (Distribution) (Additional) (Additional) ・・・ (Additional)
according to the usage of cores
by the application.
• Not included in the SDK

FUJITSU CONFIDENTIAL 14 Copyright 2016 FUJITSU LIMITED

SDK Expiration
Ex: In case of purchasing the SDK and 1 license for extending SDK support
Product 1st year 2nd year 3rd year 4th year
Allowed to access the SDK Web Not allowed to access the SDK
(SDK + Extension) Web (since not extended)

PalmSecure SDK V02 1 year access right

(valid for 1 year)
SDK purchase

<Additional purchase>
License for Extension of the Access 1 year access right
Period to the SDK Support
(valid for 1 year) Extension license Termination of the SDK support
purchase
Authentication Library V33
Professional Edition Included inside the SDK
(Development/Distribution License)

 Extension license needs to be purchased/activated before the access right to the

SDK Web expires.
 SDK Users can not access the SDK Web to download manuals/SWs or raise
questions after the access right is expired.
 In case SDK users wishes to download the latest manuals/SWs after the SDK
Web access right expiration, they need to re-purchase the SDK again.

FUJITSU CONFIDENTIAL 15 Copyright 2016 FUJITSU LIMITED

Introduction for U-Guide (Reference)
Example for inappropriate placing of hands
“U-Guide” is also ready in order to help the
user place the hand correctly apart from
“Standard guide”.
This guide is suitable for;
- General public usage
- Low frequency of daily usage
Etc.

Product Name: U-Guide

Model Number：FAT13G2A2L

* Customer should prepare PalmSecure

Sensor (FAT13M3S1) and USB cable
(FAT13L1000) in case of usage of this U-Guide.

FUJITSU CONFIDENTIAL 16 Copyright 2015 FUJITSU LIMITED

About the Authentication Accuracy
False Rejection Rate (FRR)
 The ratio to falsely reject the person when comparing with the correct data.

False Acceptance Rate (FAR)

 The ratio to falsely accept the person when comparing with others data.

 Authentication accuracy will largely be determined by the quality of enrollment

template, how the palm is been positioned during authentication, etc.
 FAR will increase in a 1 to N identification compared to 1 to 1 verification.
・The FAR for 1 to 1 verification is 0.00001%
・The FAR for 1 to 1,000 identification is 0.00001%×1,000 ＝0.01%
(This approximation formula can be applied when the N is small)

FAR will increase by 1,000 times

compare to 1 to 1 verification

FUJITSU CONFIDENTIAL 17 Copyright 2016 FUJITSU LIMITED

Narrowing Down the Target Database
 10,000 templates are the maximum figure for doing 1 to N identification.
 In case of the total number of templates exceeding 10,000, a second
factor is needed. (Ex: date of birth, phone number, organization code, etc.)
<Target Groups>

Master DB Group A Group B ... Group X

Can be Over Each group needs to be

10,000 templates below 10,000 templates

 The identification process needs to be done against the target group which
contains the target user’s palm vein template.
 Identifying against the DB that dose not contain the user’s template will result in a high
risk of false acceptance.
 Please do not design the application to identify against several target groups.
 Please always try to minimize the target database size as much as possible to avoid
the risk of false acceptance.

FUJITSU CONFIDENTIAL 18 Copyright 2016 FUJITSU LIMITED

Using PalmSecure in an Open Environment
 Open Environment: An environment that a non-enrolled user can easily attempt
an authentication.
 Please be aware that the risk of false acceptance increases when a non-enrolled
person attempts to identify.
 Please take measures to prevent/lessen such attempt (Ex: introduce a surveillance camera,
adding PIN, etc) when using in an open environment.

In case an enrolled user identifies In case a non-enrolled user identifies

Similarity (high) Similarity (high)

◎ Ms. A

Ms. A ○ Mr. B Mr. E ○ Mr. C

Acceptance line Acceptance line
× Mr. C × Ms. A
Palm Vein DB Palm Vein DB × Mr. B
(A, B, C, D) × Ms. D (A, B, C, D)
× Ms. D

When Ms. A tried to identify, Mr. B’s template
also became a candidate, however, Ms. A’s
template was more similar, therefore, the
system selected Ms. A for the identification
result. (false acceptance is not exposed)
FUJITSU CONFIDENTIAL
When Mr. E tried to identify Mr. C’s template
became a candidate, however, since Mr. E’s
data is not enrolled, the system selected Mr. C
for the identification result. (false acceptance
is exposed)
19 Copyright 2016 FUJITSU LIMITED
Copyright 2015 FUJITSU LIMITED