Overview
The Uniqueness of FingerScan
Integration into an Existing System
How it Works
Security Model
FingerScan Benefits
System Requirements

Overview

FingerScan is a comprehensive biometric solution for employing fingerprint identification over the Web. It allows a website authentication and authorization system to utilize a fingerprint scanner on the user side by allowing end-users to login using a combination of a user name and a fingerprint.

Biometric identification has several advantages over the traditional user-name/password security model:

• It allows for a more secure and reliable way of identification since while a password can be guessed, cracked, stolen, or forgotten, a fingerprint cannot be guessed or cracked.
• When used in addition to a traditional username/password model, fingerprint identification adds an extra layer of security which makes it that much more difficult for an unauthorized user to gain access to the system.
• Fingerprint scanners are becoming widely popular, and almost all major laptop manufacturers are starting to produce models with built-in finger reader devices. Similarly, more companies are starting to use finger readers as part of their security model. This trend is expected to continue and to expand drastically in the near future as more and more establishments rely on biometrics for user identification.
• This model allows users to utilize existing finger readers that are already built into their laptops (and, most likely, are not used very often), so there is no need to purchase any additional hardware.

The Uniqueness of FingerScan

The main idea behind FingerScan is to allow the end user to sign-on to a remote service or website using her fingerprint without the need to install any additional components or software.

There are three major principles that differentiate FingerScan from other biometric solutions:

• Unlike many other biometric solutions that require the end-user to either install additional drivers or an SDK, FingerScan relies completely on web-based components and the remote FingerScan server. FingerScan interacts with the finger reader using a Java applet, which is automatically downloaded by the browser when the user accesses the website’s log-in screen.
• Because the user-view aspect of FingerScan is entirely web-based, the user is not limited to the organization’s internal network. This means that any website can use FingerScan to allow remote users to access it using their finger readers.
• FingerScan manages the security aspect of the client system by allowing the application to validate user sessions, as opposed to other solutions that put the task of managing security entirely on the client.

Integration into an Existing System

FingerScan can be easily integrated into any existing, Java-based, application. All that is required is a database and a web server engine that can run Java. FingerScan includes several components:

FingerScan Server/Web Service

The FingerScan Server holds most of the functionality required for the finger validation. It handles the authentication, authorization, and all the auxiliary functionality. The Web Service runs on Apache AXIS and uses SOAP to communicate with the calling applets.

FingerScan SDK

The SDK can be used by the client application to access and manage the functionality of the Web Service. This is done to simplify as much as possible the interaction of the client application with FingerScan.

FingerScan Database

The database stores the user identities with the fingerprints, as well user sessions that are used to identify valid users who are logged in. It also stores keys that can be generated by the client application in order to allow the user to enroll into the system. For more details, please see the How it Works section below.

Applets

There are two applets that come with FingerScan, a sign-up applet and a login applet. The sign-up applet should be integrated into a page where the end user can enroll her fingerprint into the system. The login applet is used to allow the user to log-on to the client application using an already enrolled fingerprint.

Both applets can be easily integrated into a web page that is defined by the client application.

Below is an illustration of how the various components can be plugged into an existing application.

How it Works

The process of user identification is as simple as a more traditional user-name/password model. It involves the following steps:

1. The end user goes to the enrollment page where she is presented with the sign-up applet. The user then enters her user name and a secret key (both of which she has received earlier from the client organization).
2. After verifying the user identity, the applet will ask the user to swipe her finger on the fingerprint scanner device. At the point the enrolment process is complete and the user can now log on to the system.
3. The user can now use the login applet, which is a part of the client defined login page, to sign on using the user-name and fingerprint.

Security Model

The main objective behind FingerScan is to introduce biometrics into an existing system’s identification process in order to make it more secure, or easier to use without compromising security. Security in this case is not an option, but the cornerstone of the application.

That is why FingerScan ensures a very high level of security by implementing it in several layers:

• SSL – FingerScan uses an encrypted SSL connection between the Web service and applets to minimize any chance of tampering or interception of the communicated data.
• Database Encryption – All of the crucial data in the database is encrypted utilizing the Entrust Authority Security Toolkit.
• PKI and CA – FingerScan uses a Public Key Infrastructure to encrypt all of the data and transmissions. The public and private keys are imported from a certificate that can be specified by the client application.

FingerScan Benefits

• Allows for remote authentication/authorization using a finger reader
• Manages the session security on behalf of the client application
• Does not require any software to be installed on the user side
• Inherently secure with the usage of PKI, SSL, and data encryption
• Integrates almost seamlessly into an existing client application

System Requirements