Re: Biometric Hardware integration

• Previous message: sunit: "CryptImportkey() returns an error NTE_BAD_VER"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Sat, 22 Oct 2005 23:23:42 -0500

While a free SDK is a neat idea if you want to integrate Fingerprint Sensors
into an application or use a Fingerprint Sensor Windows Logon, these SDKs
are inadequate. The problem with these SDKs is that they do not deal with
the real and complicated problems that arise when using Biometrics for
authentication. Simply creating an SDK that allows an Application writer to
initialize the Fingerprint Sensor hardware and capture a Fingerprint is not
enough. There must also be functions that can convert a Fingerprint Image
into a template for storage and comparisons. Just for clarification a
template can be described as a string of numbers that represent specific
properties of a particular Fingerprint image but is NOT the Fingerprint
image and cannot be converted back into the Fingerprint image. No one would
be comfortable having a program that stored the their actual fingerprint
image (except possibly the FBI) for obvious reasons of security. To create
templates and match these templates against other templates the SDK must
have access to an Algorithm. The algorithm is responsible for the creation
of the template and the matching of templates. If the algorithm is not very
good then an Applicaton that uses an SDK that incorporates it will have a
very hard time enrolling and matching User fingerprints. Beyond templates an
SDK must have some Hooks that allow an Application Writer to retrieve the
templates for storage, backup and matching. It would be nice if the SDK has
a Database layer that could add, delete, find and match templates along with
the ability to associate data with the templates. If the SDK has these
database capabilities at it is intended for multi-user use then it needs to
have some sort of mechanism for keeping the data associated with the
template "in Sync" with the outside world or simply between all instances of
Application. If a Synchronization mechanism is not available and there is
not a central database that is accessible at all times. Then the Application
Writer will need to require that the User to perform a Fingerprint
Enrollment on EVERY machine they wish to use. Please remember that there are
many people out there that use laptops and systems that are not connected to
the network or a central server at all times and if the Fingerprint reader
is being used for authentication into an important application or for Logon
to the OS then the important data must be "cached". In the case just
described and SDK must have some form of database caching facility to deal
with disconnected systems and it must have a mechanism to replicate and
changes to the shared cached information when the system is connected. If
there is no replication of shared important information then the information
can become out of date on all the other systems sharing the updated
information. This can be dangerous and cause unexpected failures in the
Applications using it. A good example of shared information is an
application password if the password is changed on one system but this
password changes is not replicated to the other systems using it then all
these other system will fail when they make use of the password. If an SDK
says that it can be used to perform Windows OS Logon then it MUST have all
of the aforementioned features or the GINA you are creating will not always
work.

The only company I am aware that has an SDK capable of all these features is
Sig-Tec.

WWW.SIG-TEC.COM

Good Luck.

• Previous message: sunit: "CryptImportkey() returns an error NTE_BAD_VER"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]