Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: Authentication with biometrics

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    472

    Question Authentication with biometrics

    Hi all!
    I'm working on a project where I use fingerprints for authentication on the internet instead of passwords. This is what happens: Someone accesses my web-site. To log on they put their finger on a fingerprint-pad and then some pre-installed software sends the whole fingerprint to my server for authentication. The transmission is encrypted using PKI. If OK, they gain access to an extranet.

    Many applications use biometrics for authentication, but I think mine's a little different. Other apps map the fingerprint against a password on the client, and then sends the password for authentication on the server. But I use a sentralized database of fingerprints.

    What I need to know is if there are other solutions similar to mine that you know about. I've searched the net and haven't found anything (just the apps that map to passwords). Perhaps some of you can help me out? Thanks!
    ---
    proactive

  2. #2
    AntiOnline Senior Member souleman's Avatar
    Join Date
    Oct 2001
    Location
    Flint, MI
    Posts
    2,883
    Just out of curiousity, how big is of a file is a fingerprint. If I remember correctly, they can be quite large if you want a lot of detail (which is required for good security). I am not sure if my shared 56k modem could handle logging on to your system. That is why most companies send an encrypted password derived from the fingerprint, instead of the fingerprint itself.
    \"Ignorance is bliss....
    but only for your enemy\"
    -- souleman

  3. #3
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295

    Commercial version

    Proactive,

    I don't know if you are interested in the commercial side of things, but I believe that SecuIT, a Korean company does something similar. They are specialized in biometrics applications. You can find them on the web at:

    SecuIT

    Cheers,

    BrainStop

  4. #4
    Senior Member
    Join Date
    Nov 2001
    Posts
    742
    I have a only few interesting links you can try out, its mainly about authentication against your local workstation from a server and a link to a developer site (huge amount of different information and links). Hope you'll find something of interest?

    SAF link
    Alphabetical List of Security Developer's Kits
    Alphabetical List of Biometric Authentication Products

  5. #5
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    The fingerprints are about 60 KB. There are a number of reasons why most companies send passwords instead of fingerprints. As you can imagine comparing pictures in a database will slow it down if there are a high number of different pictures. Also there are legal issues, am I allowed to store other peoples fingerprints? A fingerprint is a very personal thing, much like a social security number or other identification. And you only got 10 fingerprints, so what if I loose one of your fingerprints. You only got 9 left. But these issues are not the scope of my project. If only I can make a solution that works, I'll be more than happy!

    BTW, the equipment I'm using can be found on www.precisebiometrics.com. They deliver the fingerprint-pad and an SDK for developers.
    ---
    proactive

  6. #6
    Senior Member BrainStop's Avatar
    Join Date
    Jan 2002
    Posts
    295

    Legality ...

    Your best bet is not to start worrying too much about legality at this stage. If all developers thought about the full legal aspects during the development phase, I think we still would be in the iron age.

    I would think that anyone who wants access to your site willingly gives you a copy of their fingerprints. Thus, you obtained the information legally. If you want more protection, make them sign a statement that they have given you this information for identification purposes from their own free will.

    Also ... avoid selling the information

    Cheers,

    BrainStop

  7. #7
    Senior Member
    Join Date
    Nov 2001
    Posts
    472
    Thanks for the links (now I got some reading to do) and taking interest in my project!
    ---
    proactive

  8. #8
    Senior Member
    Join Date
    Dec 2001
    Posts
    1,193
    sounds really interesting. Let us know how it turns out.
    Trappedagainbyperfectlogic.

  9. #9
    Senior Member
    Join Date
    Jan 2002
    Posts
    458
    Biometrics is kind of cool, but there is only one prob. It would never work for web authentication because it requires everyone wanting to use it to have a fingerprint scanner. Which can be very expensive and will definately not happen in the near future. It does have some pretty good uses though. Like physical security access.

    BTW....the product you described sounds like the NEC biometrics product. If it isn't, check out NEC. They have had the fingerprint DB technology available for years.

    I know quite a bit about biometric technology, if you have any questions, please just ask here or email me if you wish.

  10. #10
    Priapistic Monk KorpDeath's Avatar
    Join Date
    Dec 2001
    Posts
    2,628
    How about Ethentica, we've been testing thie rstuff and seems pretty solid.

    www.ethentica.com

    (That meams it hasn't crashed a system or locked me out)
    Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
    - Samuel Johnson

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •