There is no easier way
to integrate fingerprint: BioIDENTICA®
FF
User registration
to go: versatile and flexible
| BioIDENTICA®
FF is an SDK for the integration of fingerprint authentication into arbitrary
applications which efficiently saves cost
where most of it arises: during integration. To achieve this goal, BioIDENTICA®
FF provides standard operations like the registration
of users completely including graphical user interface. As a consequence,
any development cost reduces almost to zero here. |
|
|
Registration
FFEnrolGUI.exe
|
|
|
|
|
|
|
|
The
User Registration is ready to go
Simplest interfaces to your application
| For Identification,
the developer can take advantage of simplest interfaces which partly even
allow an integration into existing applications without any changes. So
BioIDENTICA® FF on successful identification enables the start
of arbitrary programs including hand over of appropriate control parameters.
If, e.g., an application has been designed to authenticate by user name
and password and provides the user interface for it, then BioIDENTICA®
FF is able to simulate keystrokes. On successful authentication, user name
and password which have been stored as encrypted user data, are transferred
into the appropriate input fields. Furthermore, data can be written into
a text file which is processed separately. This can be used, for example,
for time recording. |
|
|
Identification
FFIdent.exe
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The
Identification only requires minimum building effort
Fully integrated hardware control for a multitude
of fingerprint sensors
| BioIDENTICA®
FF completely takes over the device control od fingerprint sensors. Per
registry, the preference of the worldwide most accepted fingerprint sensor
devices can be adjusted. Naturally, BioIDENTICA® FF is based
on the same technology which already proved to be the
best in a test of the German BSI. |
Optimum data protection guaranteed: Privacy
by Design
| BioIDENTICA®
FF emphasizes data protection and privacy.
The reference data which are created by BioIDENTICA® FF during
registration (enrolment) are encrypted instantaneously, namely with a system
key and an administrator key. The system key prevents a direct reading
of the sensitive biometric data and serves as basic encryption of the user
data. The administrator key is provided by the integrator or end customer
and prevents the security-critical exchange of the biometric data with
competing applications as well as the unauthorized readout of the user
data. The key for a biometric data set cannot be changed afterwards, for
security reasons, always a new registration is required. Neither you, nor
we, nor your customer have access to the unencrypted biometric data! |
Reliable client-server operation
| The strongly encrypted Reference
Archive can be stored locally as well as centrally. Is it stored on a server,
the client Identification temporally sets up a local copy of the full archive
or specified parts of it. After successful start of the Identification,
this makes the client independent of
the quality of the network connection. |
|
|
|
|
|
|
|
|
|
Any
number of applications share one Reference Archive
Terminal server? No problem!
| With only a single parameter,
BioIDENTICA® FF may switched to support terminal server operation.
Two operation modes are available. With USB sensor devices from UPEK and
a fast LAN connection, only the sensor is operated on the client. The rest
is securely working on the server. If the available connection is slowly,
the whole fingerprint recognition may be operated on the client, but controlled
by the server. Only the result has to be transmitted. In this operation
mode, all sensors are supported! |
Most diverse security scenarios addressable
| BioIDENTICA®
FF is able to meet various protection requirements.
If the computational platform is already protected against unauthorized
access by other means, BioIDENTICA® FF components can comfortably
be controlled by Windows shortcuts and batch files. This way numerous application
cases are "programmable" and testable using a simple editor. Higher demands
can be fulfilled by controlling the BioIDENTICA® FF components
with a compiled program which is written in arbitrary programming languages. |
And how does BioIDENTICA FF work?
| This is the way, BioIDENTICA®
FF operates: All biometric processes are provided by two independent executable
programs: FFEnrolGUI.exe and FFIdent.exe.
The detail functions are determined by (command line) starting parameters.
These control parameters can be stored, e.g., as batch file, or a little
bit more comfortable but less flexible, as Windows shortcut, if controlling
is not done by an own program. |
User Registration
| The program FFEnrolGUI.exe
stores ("enrolment") and manages the fingerprint and user data in the Reference
Archive directory. In principle, the use of FFEnrolGUI defines the beginning
of every operation of a fingerprint application. Afterwards it is only
required for changes in the working process. As control parameters, administrator
password, archive path, number of user data per finger, display mode of
the user data (hidden or open), and the header text for the user data are
forwarded. (Typical user data are alias name (real names are not recommended
for privacy reasons), employee number, path of programs to be started,
passwords, or user IDs.) Hidden user data are shown as dots during input.
Besides the enrolment of a finger, test verifications (ID is to be given
in advance) and test identifications (ID is delivered on successful recognition)
can be performed. Especially the identification allows a fast locating
of a user in larger Reference Archives in the case of required changes.
Also, identification serves as proof for a successful derolment (deletion
of a user). |
Identification
| The program FFIdent.exe
carries out all identifying functions and constitutes the interface to
the target application, i.e., the application which benefits from the user
authentication by fingerprint. With version 1.2 the following control parameters
may be used: Archive path, administrator key, subset of user IDs from the
Reference Archive which is to be provided for identification, output mode
for user data (text file, keystroke simulation, program start), output
of identification date and time, formatting of output (with special key
functions, delays, and additional text), focus control, and termination
mode. |
How your application might look like:
Example: door opener
by fingerprint
| Definition of task: This
simple application case is to be performed on a separate, protected PC
which also stores the Reference Archive. The door is controlled by an electric
strike which is to be active for 3 s during opening. All authorized users
have the same rights. Simplest solution: |
| • |
FFIdent.exe
is started by hand or by auto start once using a Windows shortcut ("FFIdent2Door.lnk")
and then operates continuously. |
| • |
Should an authorized finger
be recognized, FFIdent starts a program for relay control which provides
voltage to the electric strike for 3 s and then falls back to quiescent
state. For this purpose, the RelayCardCommander
is ideally suited. |
| The sequential working flow
is determined by three files: |
| • |
FFIdent2Door.lnk
(shortcut to FFIdent.exe with appropriate parameters for FFIdent and RelayCardCommander) |
| • |
FFIdent.exe |
| • |
RelayCardCommander.exe |
| Alternatively, the parameter
set for FFIdent and RelayCardCommander can be separated. In this case we
get 4 files in the working flow sequence, where FFIdent then does not start
RelayCardCommander.exe but the shortcut RelayCardCommander.lnk: |
| • |
FFIdent2Door.lnk
(shortcut to FFIdent.exe with appropriate parameters) |
| • |
FFIdent.exe |
| • |
RelayCardCommander.lnk
(shortcut to RelayCardCommander.exe with appropriate parameters) |
| • |
RelayCardCommander.exe |
|
Example: Time &
attendance control by fingerprint
| Definition of task: The
time instants of arrivals and exits are to be collected in a text file
which is read, analyzed, and deleted by another application. Simplest solution
on an own PC: |
| • |
FFIdent.exe is started once
manually or by autostart using a Windows shortcut ("FFIdent2File.lnk")
and then operates continuously. |
| • |
As soon as a known finger
is recognized, FFIdent writes the user ID or the employee number together
with date & time into a text file ("FFArrivalExit.txt") using append
mode. As user feedback, a click is made audible by the PC loudspeaker.
(Even an arrival and an exit finger could be defined.) |
| All functions are being
realizable by parametrization of FFIdent.exe. The sequential flow is determined
by the following three files: |
| • |
FFIdent2File.lnk
(shortcut to FFIdent.exe with appropriate parameters), starts: |
| • |
FFIdent.exe,
writes into: |
| • |
FFArrivalExit.txt |
| Arrival and Exit can be
distinguished by the use of different fingers or by examining the booking
sequence. |
|
Example: Web page logon
by fingerprint
| Definition of task: Here,
the user name and password for opening special web sites (online banking,
online shops, email services, etc.) are to be replaced by fingerprint.
Simplest solution: |
| • |
A batch file which is started
manually using a Windows shortcut opens a web address which is stored as
link or URL and then starts FFIdent with appropriate parameters. As soon
as the web site has opened, the cursor is set into the first input field
(usually the user name) using the mouse, and then the finger is to be placed
on the sensor. |
| • |
On successful recognition
FFIdent writes the user name to the cursor position. Then FFIdent lets
jump the cursor to the password field, fills in the securely stored password
there and then sends the web form. |
| The following files define
the processing flow: |
| • |
Shortcut to batch file,
e.g., Website.lnk |
| • |
Batch file, e.g., Website.bat
with control parameters for FFIdent, to start the next two files |
| • |
WebsiteURL.lnk |
| • |
FFIdent.exe |
|
Example: File encryption
using WinZip
| For WinZip a command line
accessory is available which allows a comfortable file encryption controlled
by FFIdent. Here, the Zip password is stored as encrypted user data. The
following example is especially suited to regular encrypted back-up tasks
where the files reside in a fixed directory. Simplest solution: |
| • |
FFIdent is opened by Windows
shortcut ("FFIdent2WinZip.lnk") with the appropriate
control parameters. |
| • |
As
soon as the right finger is detected, FFIdent starts the command line WinZip
with the appropriate control parameters and password from the user data. |
| The following files constitute
the working flow: |
| • |
Shortcut FFIdent2WinZip.lnk
to FFIdent with appropriate parameters |
| • |
FFIdent.exe
to start the command line WinZip (WZZIP.EXE) |
| • |
WZZIP.EXE |
|
Example: Online banking
| Even more complex starting
procedures can be automated manually by FFIdent. As example we consider
an online banking software which is operated on a secured PC platform.
After starting, the banking software first asks for an opening password
and then for the password to access the online account. Simplest solution: |
| • |
The banking software, say,
"Banking.exe",
is started manually via shortcut to the batch file "Banking.bat". Using
the same Banking.bat, FFIdent is started twice (subsequently) with different
parameters according to the different passwords. (The passwords are stored
as encrypted user data.) |
| • |
After
starting the banking software, FFIdent starts the first time and writes
the first password into the ready password field if recognition was successful.
Then FFIdent terminates and starts again with new parameters. |
| • |
In
the banking software, the user chooses the command "Update account status"
and waits for the corresponding password window. After the finger being
recognized again, FFIdent writes the second password into the second field
and terminates automatically. |
| Four files determine the
working flow: |
| • |
Shortcut to batch file,
e.g., Banking.lnk |
| • |
Batch file, e.g., Banking.bat
with parameters for FFIdent, to start the next two executables |
| • |
Banking.exe |
| • |
FFIdent.exe
(2x) |
|
Example: Start different
programs by different fingers
| Although there may be better
methods: With BioIDENTICA® FF it is easy to assign 10 different
programs to 10 different fingers. This is done during registration. One
push on the fingerprint sensor is sufficient to start the desired program
automatically. Simplest solution: |
| • |
FFIdent is started manually
via a shortcut with appropriate parameters and then operates continuously. |
| • |
On
successful identification of a registered finger N, the corresponding program
("ProgramN.exe") is started. |
| Three files determine the
working flow: |
| • |
Shortcut
to FFIdent.exe with control parameters, e.g., FFIdent2Program.lnk |
| • |
FFIdent.exe,
starts "ProgramN.exe" on identification of finger "N" |
| • |
ProgramN.exe |
|
Technical
Data
|
|
