February 19th, 2002, 03:35 PM
Authentication with biometrics
I'm working on a project where I use fingerprints for authentication on the internet instead of passwords. This is what happens: Someone accesses my web-site. To log on they put their finger on a fingerprint-pad and then some pre-installed software sends the whole fingerprint to my server for authentication. The transmission is encrypted using PKI. If OK, they gain access to an extranet.
Many applications use biometrics for authentication, but I think mine's a little different. Other apps map the fingerprint against a password on the client, and then sends the password for authentication on the server. But I use a sentralized database of fingerprints.
What I need to know is if there are other solutions similar to mine that you know about. I've searched the net and haven't found anything (just the apps that map to passwords). Perhaps some of you can help me out? Thanks!
February 19th, 2002, 06:30 PM
Just out of curiousity, how big is of a file is a fingerprint. If I remember correctly, they can be quite large if you want a lot of detail (which is required for good security). I am not sure if my shared 56k modem could handle logging on to your system. That is why most companies send an encrypted password derived from the fingerprint, instead of the fingerprint itself.
\"Ignorance is bliss....
but only for your enemy\"
February 19th, 2002, 06:42 PM
I don't know if you are interested in the commercial side of things, but I believe that SecuIT, a Korean company does something similar. They are specialized in biometrics applications. You can find them on the web at:
February 19th, 2002, 06:46 PM
I have a only few interesting links you can try out, its mainly about authentication against your local workstation from a server and a link to a developer site (huge amount of different information and links). Hope you'll find something of interest?
Alphabetical List of Security Developer's Kits
Alphabetical List of Biometric Authentication Products
February 19th, 2002, 06:50 PM
The fingerprints are about 60 KB. There are a number of reasons why most companies send passwords instead of fingerprints. As you can imagine comparing pictures in a database will slow it down if there are a high number of different pictures. Also there are legal issues, am I allowed to store other peoples fingerprints? A fingerprint is a very personal thing, much like a social security number or other identification. And you only got 10 fingerprints, so what if I loose one of your fingerprints. You only got 9 left. But these issues are not the scope of my project. If only I can make a solution that works, I'll be more than happy!
BTW, the equipment I'm using can be found on www.precisebiometrics.com. They deliver the fingerprint-pad and an SDK for developers.
February 19th, 2002, 06:54 PM
Your best bet is not to start worrying too much about legality at this stage. If all developers thought about the full legal aspects during the development phase, I think we still would be in the iron age.
I would think that anyone who wants access to your site willingly gives you a copy of their fingerprints. Thus, you obtained the information legally. If you want more protection, make them sign a statement that they have given you this information for identification purposes from their own free will.
Also ... avoid selling the information
February 19th, 2002, 07:17 PM
Thanks for the links (now I got some reading to do) and taking interest in my project!
February 19th, 2002, 07:24 PM
sounds really interesting. Let us know how it turns out.
February 19th, 2002, 07:38 PM
Biometrics is kind of cool, but there is only one prob. It would never work for web authentication because it requires everyone wanting to use it to have a fingerprint scanner. Which can be very expensive and will definately not happen in the near future. It does have some pretty good uses though. Like physical security access.
BTW....the product you described sounds like the NEC biometrics product. If it isn't, check out NEC. They have had the fingerprint DB technology available for years.
I know quite a bit about biometric technology, if you have any questions, please just ask here or email me if you wish.
February 19th, 2002, 07:43 PM
How about Ethentica, we've been testing thie rstuff and seems pretty solid.
(That meams it hasn't crashed a system or locked me out)
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson