Documentos de Académico
Documentos de Profesional
Documentos de Cultura
2009DigitalPersona,Inc.
BestPracticesforImplementingFingerprintBiometricsinApplications
Introduction
Fingerprintbiometricsmakesitfastandeasyforyour applicationtodeterminewhoisusingit.Biometrics canbeusedto: IdentifyuserswithoutrequiringotherformsofID (suchasusernames,IDnumbersorswipecards). Verifyanotherformofidentificationwithout requiringpasswordsorPINs. Confirmthatparticularactionsarebeing performedbytherightuserturningthe fingerprintsensorintoakindofEnterkeythat tellsyourapplicationwhoisdoingwhat. Preventunauthorizedaccessandstopformer usersfromsneakingintoyourapplication. Thiswhitepaperprovidesavarietyofguidelinesand tipsthatcanhelpyouusefingerprintbiometricsto boostthesecurityandusabilityofyourapplication.It complementsthedocumentationprovidedfor DigitalPersonassoftwaredevelopmentkits, OneTouchforWindowsandOneTouchI.D. ComplianceFingerprintscanbeusedto provideanaudittrailidentifyingwhocamein contactwithsensitivedata. LossPreventionSupervisorsfingerprints canberequiredforspecialactions, facilitatingadherencetocorporatepolicies. WorkforceManagementFingerprints provideaccuratetimeandattendance tracking,reducingwaste. AccountabilityFingerprintscantieactions tospecificindividualsdeterring inappropriatebehavior. Fingerprintsprovideacompellingwayto differentiateyourapplication:
Benefitsof UsingFingerprintBiometrics
KeystoaSuccessfulApplication
Applicationsthatusefingerprintbiometricsmost successfullyoftenhavethefollowingattributes: SimplesetupYourapplicationshouldguide usersthroughregisteringorenrollingtheir fingerprint,typicallywhenauseraccountis added.Thisusuallytakesaboutaminuteandis onlydoneonce,ofteninthepresenceofa supervisororadministrator.
2009DigitalPersona,Inc
BestPracticesforImplementingFingerprintBiometricsinApplications
Whenaddingfingerprintstoyourapplication,the mostimportantconceptstounderstandare: FingerprintsareuniqueNotwopeople,even identicaltwins,havethesamefingerprints. EverybodyhasfingerprintsBut,sometimesthe printsononeormorefingerscanbecomedifficult toread.Roughphysicallaborcanwearprints down,anddryskin(whetherduetoclimateor constantwashingwithalcoholbasedcleaners) canmakeprintshardertodetect.Incontrast, bodyoilonfingerscanactuallyhelpmake fingerprintseasiertoread.
PrivacyAlwaysstoreandusefingerprint templates,notrawimages.Thisismuchmore efficientandhelpsprotectusersprivacy. ImagesandTemplatesWhenausertouchesa fingerprintsensor,thehardwarescansthepadof theirfingertocaptureanimageoftheir LoggingRecordallusesofandfailurestouse biometrics,includingdetailssuchastime,place, contextwithinyourapplication,andsoon. fingerprint.Commercialapplicationsrarelyuseor storetherawfingerprintimages;instead,they converttheimageintoamuchsmaller mathematicalrepresentationcalledafingerprint templateandthendiscardtheoriginalimage. Templatescannotbeconvertedbackintothe originalimage. RegistrationorEnrollmentScanningapersons fingerprintsthefirsttimeiscalledregistrationor enrollment.Thisistypicallydonebyanapplication inacontrolled,securesetting,oftenunderthe supervisionofanattendant.Duringenrollment,it iscommonpracticetocapturemultiplescansofa fingerprinttoincreaseaccuracyandsothat peoplecanlatertouchthefingerprintsensorfrom differentangles. MatchingComparingonefingerprinttemplate againstanothertemplate(usuallytheonecreated duringtheregistrationprocess)toseeiftheyboth representthesamefingerprintiscalledmatching.
ImportantConceptsAboutFingerprints
Biometricsliterallymeansthemeasuringofa personsphysicaltraits.Itisatechnologythatcanbe usedtorecognizeandauthenticateindividualsbased onwhotheyare,insteadofwhattheyknow (passwordsorPINs)orwhattheypossess(keysor swipecards). Therearemanytypesofbiometrics,includingpalmor irisscanning,voiceandfacerecognition.Fingerprints arethemostwidelyusedformofbiometricsin commercialapplications.Fingerprintsensorsarenow builtintomostnotebookcomputers,areofferedasan optiononmanybrandsofpointofsale(POS)stations, andareincreasinglybeingusedindoorlocks,medical dispensarycabinets,andotherembeddeddevices.
2009DigitalPersona,Inc
BestPracticesforImplementingFingerprintBiometricsinApplications
2009DigitalPersona,Inc
BestPracticesforImplementingFingerprintBiometricsinApplications
StepsforUsingFingerprintsinYourApplication
Togetthemostoutoffingerprintbiometricsinyour applications,focusonthefollowingareas: WheretoStoreFingerprintTemplates AccessingStoredFingerprintTemplates EnrollingUsersFingerprints CheckingforDuplicateEnrollments PreloadingTemplatesatApplicationStartup LookingUpUsersbyTheirFingerprint Signon FingerprintsasanEnterkey Approvals Signout RemovingUsers Logging Yourapplicationimplementsthelogicforthese policies,givingyoutheflexibilitytochoosethemost appropriateoptionsforyourcustomers.
WheretoStoreFingerprintTemplates
Thefingerprinttemplatesthatarecreatedwhenevera userenrollsfingerprintsneedtobestoredinaway thatyourapplicationcanaccessthemandknowthe useraccountstowhichtheycorrespond. Yourexistinguseraccountdataprobablyalreadyhas someformofUserIDthatcanbeusedtoquicklylook upinformationabouttheuser(e.g.,ausernameorID number).Fingerprintscanprovideaquickwayto determinethisUserIDwithouthavingtoasktheuser foranotherformofID. Therearetwocommonapproachestochoosingwhere fingerprinttemplatedataisplaced:
Fingerprintscanbeusedtoimplementvarious securityprocessestomakeyourapplicationeasierto useandmoresecure: IdentifyusersbytheirfingerprintGiveusers touchandgoauthenticationwithouttheneed forotherformsofID,likeusernames,swipecards orIDnumbers. VerifyanotherformofIDFingerprintscanbe usedtoconfirmthatausernameorIDnumber providedbytheuseractuallybelongstothem. ThisavoidstheneedforpasswordsorPINswhich canbeeasilylost,stolenorshared.
Where
How
ExtendExisting UserAccountData
Addfingerprint templates(atleast two)asextrafieldsin thedatayoustore abouteachUserID. Takes advantageof yourexistingdata backupand managementtools. Requireschangesto existinguserdata structures.
UseASeparate Database
Storefingerprint templatesina separatedatabase alongwiththe UserIDtowhich theycorrespond. Insulatesfingerprint templatesfromuser dataforenhanced privacyandsecurity. Addsanother databasetobackup andmaintain.
Fingerprinttemplatesaretypicallyrepresentedas binarydatastoredinvariablelengtharraysofbytes.
2009DigitalPersona,Inc
BestPracticesforImplementingFingerprintBiometricsinApplications
AccessingStoredFingerprintTemplates
Ifyourapplicationcanbeusedbymultiplepeopleat thesametime(suchasfromdifferentcomputers,POS stationsorotherdevices),youcanminimizememory consumptionandcodecomplexitybycreatinga separateserviceforstoringandlookinguptemplates. Thisservice,whichcanevenrunonaseparate computer,canbecalledbyotherpartsofyour applicationusingtechnologiessuchasRPC,DCOM, WCF,orWebServices.Itprovidesaninternalinterface foryourapplicationtolookuptheUserIDassociated withagivenfingerprinttemplate.Keepingstored fingerprintdatainsulatedfromyourendusersalso helpstoprotectpeoplesprivacy.
EnrollingUsersFingerprints
Eachpersonwhowillbeusingfingerprintswithyour applicationhastoenrolltheirfingerprintswithyour software.Manyapplicationsmakethispartoftheuser accountcreationorprovisioningprocess.Typically,an administratororotherauthorizeduserbringsupthe appropriatescreenwithinyourapplicationandhelps theuserthroughtheirinitialfingerprintscans. Themiddlefinger,indexfingerandthumboneach handtypicallyprovidethebestfingerprintstouse. Toavoidmatchingproblemsincaseofan injuredfinger,yourapplicationshouldaskusers toregisterfingerprintsfromatleasttwofingers. Graphicalscreensshouldbeusedtoguidetheuser throughtheenrollmentprocess.Whiletouchinga fingerprintreaderisanatural,easytounderstand
2009DigitalPersona,Inc
BestPracticesforImplementingFingerprintBiometricsinApplications
CheckingforDuplicateEnrollments
Withbiometrics,youcaneasilycatchpeoplewho attempttoenrollmorethanoncetouseyour application.Thisgivesyoutheabilitytoconsolidate olderaccounts,avoidaccidentalduplicate registrations,andpreventfraudulentattemptsto masqueradeassomebodyelse. Yourapplicationcaneithercheckforduplicatesinreal timeduringenrollmentorofflineaspartofadatabase cleansingprocess.Eitherapproachcanbe implementedwithOneTouchI.D.andisusefulevenif yourapplicationonlyusesfingerprintstoverify anotherformofID.
LookingUpUsersbyTheirFingerprint
Fingerprintsprovideanaturalwayforyourapplication torecognizetheuserwithouttheneedforother formsofID(e.g.,usernames,IDnumbers,orswipe cards).Peoplelearnquicklyhowtousefingerprints andcandosonaturally,withouthavingtostopor interrupttheflowofwhattheyaredoing.Thismakes fingerprintsidealnotonlyforsignon,butalsofor confirmingwhoisperformingimportantoperations especiallywhenmultiplepeoplemightbeinvolved (suchasforanapproval). OneTouchI.D.isspecificallydesignedforfingerprint identification.Asmentionedabove,ifyourapplication canbeusedbymultiplepeoplesimultaneouslyfrom separatedevices,thiscapabilityisbestimplemented inaseparateserviceormodulethatmultipleinstances ofyourapplicationcancallatthesametime. Wheneverafingerprintisscanned,yourapplication willbenotifiedsothatitcanextractatemplatefrom thefingerprint(seethesectiononSignOnbelowfora moredetaileddescription).Yourcodeshouldthen passthetemplatetotheserviceormodulethatis callingOneTouchI.D. Yourserviceormodulemayreceivemorethanone possiblematchbackfromOneTouchI.D.1 Ifthis happens,yourcodecandoanexplicitmatchagainst thefirstreturnedtemplatetoseeifitisthecorrect enrolledtemplate.Ifitisnot,yourapplicationshould logwhichusersweremismatchedandalertthe administratorthattheFalseAcceptRatehasprobably beensettoolow.
PreloadingTemplatesatApplicationStartup
TouseOneTouchI.D.,yourapplicationwillneedto loadalltheenrolledfingerprinttemplatesinto memorybeforeanylookupscanbeperformed.Since thisprocesscanpotentiallytakeanumberofseconds toaminuteormoredependinguponthenumberof templates,loadingtheenrolledfingerprinttemplates shouldbedoneonceatstartupintheservice mentionedabove.Donotwaituntilthefirsttimean attemptismadetolookupormatchafingerprint. Whenyourapplicationstarts,haveititerateoverthe enrolledfingerprinttemplates(whereveryouhave chosentostorethem)anduseOneTouchI.D.toadd eachone,alongwithitsUserID,toanidentification collectionobject.Oncethisisdone,individual lookupswilltypicallytakelessthanasecond,even whentherearethousandsofenrolledtemplates. Ifyouarenotusingfingerprintsfor identification,butonlytoverifyanotherformof ID,youdonotneedtouseOneTouchI.D.anddonot needtopreloadtemplates.
2009DigitalPersona,Inc
BestPracticesforImplementingFingerprintBiometricsinApplications
Oncetheappropriateenrolledtemplatehasbeen identified,yourserviceormodulecanthenreturnthe UserIDassociatedwiththetemplatetoyour application.Youmaywishtoalsoreturntheenrolled templatethatwasmatchedsothatthecallercan cacheitforquickmatchinginthefuture. Neverimplementfingerprintidentificationby iteratingoveryourdatabaseofenrolled fingerprinttemplates,matchingeachoneindividually. Thisapproachisveryinefficientandwillmakeusers thinkyourapplicationisslow.Instead,useOneTouch I.D.Atmost,onlyeverdoindividualmatchingagainst asmallcacheofrecentlyusedtemplatesasan optimization.
Ifyouwillbeusingfingerprintstoconfirm actionsthatareperformedfrequently,obtaina copyoftheenrolledfingerprintfromyourfingerprint lookupserviceormoduleandcacheitinyour application.Yourcodecanthenrapidlyperforma directmatchagainstthefingerprintincachebefore attemptingafulllookup. Finally,alwayscreatealogentrywheneveruserssign onandnotewhetherornottheyusedtheir fingerprint.Evenifyoudonotcreateapolicyrequiring theuseoffingerprintstosignon,itisstillagoodidea tonotewhenanyonewithregisteredfingerprints signsonwithoutusingthem.Thiscanhelpcustomers spotpotentialproblemsearly.
SignOn
Themostcommonuseoffingerprintsisforsignon, eitherasaformofidentificationorasawayto confirmanotherformofID. Whenauserscanstheirfingerprintduringsignon, yourapplicationwillreceiveaneventfromthe fingerprintSDKindicatingthatanimageortemplate (dependingonwhichSDKyouareusing)isavailable.If yourapplicationisusinganSDKthatprovidesaraw image,immediatelyextractthefingerprinttemplate anddiscardtheoriginalimage. IfyouareusingfingerprintsasaformofID,yoursign oncodecancallyourlookupserviceormodule(see above)todeterminetheUserIDofthepersonwho touchedthefingerprintreader. Ifyouareonlyusingfingerprintsforverification,then yourapplicationcanusetheotherformofIDto determinewhichUserIDtolookup.ThatUserIDcan thenbeusedtofindtheusersenrolledtemplatesto compareagainst.
TwoFingerMatching
Forextrahighsecurity,youcanrequestand matchtwofingerprintsinsteadofjustone.To avoidsurprisingusers,alwaysaskforboth fingerprints,evenifthefirstonecorrectly matches. Thistechniquecanalsobeusedtoimprove recognitionratesforpeoplewithhardtoread fingerprints.
2009DigitalPersona,Inc
BestPracticesforImplementingFingerprintBiometricsinApplications
FingerprintsasanEnterKey
Fingerprintsareusefulformorethanjustsignon. Theyareafast,intuitivewayforuserstoconfirmthat theyarewhotheysaytheyarewhenperforming individualapplicationfunctions,suchas: Enteringneworders Changingordeletingimportantdata Openingacashdrawerinacashregister Printingsensitiveinformation Accessingclientcreditcardnumbers
ofusersrises.Instead,useOneTouchI.D.todelivera vastlysuperioruserexperience.
Approvals
Fingerprintscanhelpguideuserstofollowproper businessprocesses.Theyprovideasimplewayto allowotherpeople(suchassupervisorsor administrators)toauthorizeactionsrequiringspecial permissionswithoutcumbersomeswitchingofusers. Yourapplicationimplementsthelogicforapprovals, givingyoufullcontrol.Foroperationsthatrequire authenticationfromsomebodywithspecialprivileges, provideavisualpromptexplicitlyidentifyingthe privilegelevelrequiredortheroleoftheperson needed(e.g.,ManagerFingerprintRequiredfor Override). AsimplewaytoimplementapprovalsistouseOne TouchI.D.toidentifywhichuserscannedtheir fingerprintand,ifthatuserisproperlyauthorized, taketheappropriateaction.Thiseliminatestheneed topromptforanotherformofidentification(e.g.,a username,loginname,IDnumberorPIN)to determinewhichuserhasscannedafingerprint. Workflowisfastandefficientandapowerfulaudit trailcanbecreated. IfyouarenotusingOneTouchI.D.anddont wishtopromptforanotherformofID,youwill likelyneedtoimplementsomeformofpersistent cachingtoavoidhavingtoiterateoverthelistofall registeredfingerprints.However,thisaddssignificant complexitytoyourapplicationandcangreatlyreduce performance. Alwayshaveyourapplicationlogallapprovalattempts successfulandfailed.
Whenyouhaveanactionthatyouwanttoconfirmby afingerprint,prompttheusertotouchthefingerprint sensorandobtainatemplateasdescribedabove. Then,sincemostpeopletendtousethesame fingeroverandover,ifyourapplicationhas previouslycachedtheenrolledtemplatethatwas successfullymatchedatsignon,thentrytomatchthat cachedtemplatefirst. Ifyourapplicationisntcachinganyrecentlyused templates,orthetemplatedidntmatch,doalookup usingtheapproachdescribedaboveforsignon.This willtellyouwhetherthefingerprintcamefroma differentfingeronthesamepersonorfromadifferent person. Ifthefingerprintdoesntcomefromtheuserwho signedon,youcanusethetemplatetodetermineif anotherauthorizeduserisattemptingtouseyour application.Thisisaneasywaytoimplement approvalsbysupervisorsorotherprivilegedusers(see nextsection). Makesurethatyourapplicationlogsthefactthatthe actionwasconfirmedwithafingerprint. Asstatedbefore,neveriterateoverallenrolled fingerprintslookingforamatch.Itwillmake yourapplicationveryslow,particularlyasthenumber
2009DigitalPersona,Inc
BestPracticesforImplementingFingerprintBiometricsinApplications
SignOut
Whenausersignsoutofyourapplication,all temporarycopiesoffingerprinttemplatesthatyour applicationiskeepinginmemoryshouldbereleased. IfyourapplicationisnotusingOneTouchI.D.butis maintainingitsownpersistentcacheofregistered fingerprinttemplatesthathaverecentlybeenused, makesurethecacheisproperlyupdated. Asalways,makesureyourapplicationlogsthefact thattheuserhassignedout.
Logging
Fingerprintsarevaluableasadeterrentto inappropriatebehavior,asawayofimproving usability,andasavaluablesourceofdataforanaudit trail.Yourapplicationshouldautomaticallylogall authenticationandsecurityactivities,including: Wheneverauserenrollsafingerprint. Wheneversomebodyhastroubleenrolling. Wheneveraduplicateenrollmentisdetected. Wheneversomebodysignson,confirmsanaction orotherwiseauthenticateswiththewaysin whichtheyauthenticated. Wheneversomebodytriestoauthenticatebut cant. Wheneversomebodywhohasfingerprints enrolledauthenticateswithoutthem. Wheneversecuritysettingsarechanged especiallyFalseAcceptRate.Settingthis improperlycanhaveseriousconsequences.Make suretoincludeboththeoldandnewvalues.
RemovingUsers
Usingfingerprintstocontrolaccesstoyourapplication makesiteasytoimmediatelyblockaccessbypeople whosepermissionshavebeenrevoked(e.g.,former employeesorpeoplewhochangedroles). Theeasiestapproachistodeleteanytemplates associatedwiththeformeruser.Ifyourapplication usesOneTouchI.D.,removetheuserfromthe identificationcollectionthatwascreatedatstartupto immediatelypreventtheirfingerprintsfrombeing recognized.Thendeletetheregisteredtemplates fromtheuserdatarecordorfromtheseparate fingerprinttemplatedatabase. Ifyouwishtoprovidetheabilityforcustomers toflagterminateduserswhoattempttouse theirfingerprintstogaininappropriateaccess,donot immediatelyremovetheusersfingerprinttemplates. Instead,marktheusersaccountdataasdisabled. Then,whenauserattemptstoaccessyour application,simplycheckthestatusofthatusers accounttodeterminetheiraccessrightsandlogany failures. Ifyourapplicationdoesprovidesuchtemporary retentionofbiometricdata,makesurethatyou givecustomerstheabilitytopermanentlyflushthe
2009DigitalPersona,Inc
10
BestPracticesforImplementingFingerprintBiometricsinApplications
TroubleshootingandPreventingProblems
Thefollowingcapabilitiescansimplifyyourcustomers useoffingerprintsandavoidcommonproblems. forgiving,particularlywhenfingerprintsareusedfor identification(forverification,thesettingsrarelyneed tobechanged).
Providevisualfeedbackduringfingerprintuse
Whilefingerprintsarenaturallyeasyforpeopleto understand,applicationsshouldprovidefeedback duringsuccessesaswellasfailures: Prompttheuserwhenafingerprintisneeded. Warnwhenthesensorisdisconnected. Prompttheusertoretryifafingerisdetectedbut nomatchisreceivedwithinasecondortwo. Warnwhenafingerprintisreceivedbutnomatch isfound. Indicatesuccesswhenamatchisfound. YourapplicationcanmapHighorLowsettingstothe appropriatevaluesneededbytheappropriateSDKs. IncorrectlyadjustingtheFARcanhaveserious Touchthefingerprintsensorwiththeflatpadof yourfinger,notthetip. Ifyourfingersareverydry,trytouchingyour foreheadwiththepadofthefingeryouaretrying toscanandthenrescanningyourfingerprint. Ifthefingerprintsensorisdirty,gentlydabitwith thestickysideofapieceofcellophanetape.Do notrubitwithpaperanddonotgetitwet. consequences.Itisextremelyimportantthat yourapplicationsettheFARaccordingtotheSDK documentationandprovideadministratorsathorough explanationofFARoptionswithinyouruserinterface toavoidconfusion. Ifyouareusingfingerprintsforidentification,you shouldprovideawayforadministrators(butnotend users)toadjusttheFARsettings.Forexample:
Offerhelpwhenrepeatedfailuresoccur
Youcandramaticallyimprovetheuserexperienceof yourapplicationbydetectingrepeatedfailedattempts tousethefingerprintreaderandofferinghints,suchas:
TestYourApplicationwithMultiplePeople
Theeasewithwhichpeoplesfingerprintscanberead isaffectedbymanyfactors,includingdryness,age,as wellaswearandtear.Forbestresults,tryyour implementationwithmultipleanddiversepeople.
ProvideadministrativesettingsforFAR
Forsomepopulationsofusers,thedefaultFalse AcceptRatesettingsmightbetoorestrictiveortoo
2009DigitalPersona,Inc
11
BestPracticesforImplementingFingerprintBiometricsinApplications
Summary
Biometricscanhelpyouenhancethesecurityand usabilityofyourapplication.Byfollowingafewsimple guidelinesandusingDigitalPersonasbiometric softwaredevelopmentkits,youcaneasilyaddfast fingerprintidentificationandverificationcapabilities thatenableyourapplicationtorecognizeindividual userswithoutrequiringotherformsofID.Thiscanbe usedinavarietyofwaysfromsignonand confirmationofimportantactionstospecialapprovals byotheruserstohelpcombatfraudandboost customerefficiency.
DigitalPersona,Inc.,isaleadingprovideroffingerprint biometricsproductsforembeddedapplicationdevelopers, restaurant/retailPOSsolutions,enterprisesandconsumers.The companyofferssoftwareandhardwarethatprotectspeople andbusinessesbyenablingthemtocontroltheirdigital identities.Forendusers,DigitalPersonaprovidesstrongidentity protectionthatsuniquelyeasytouse;thecompanysbusiness solutionshelporganizationsaddressgrowingsecurity, complianceandlosspreventiondemands.DigitalPersonas awardwinningtechnologyhasbeenusedworldwidebyover95 millionpeople,anditssolutionsareofferedbymarketleading manufacturerssuchasHP,Dell,IBMandNCR.Formore informationcontactDigitalPersona,Inc.at+1650.474.4000,or visitwww.digitalpersona.com. 2009DigitalPersonaInc.Allrightsreserved.DigitalPersona andOneToucharetrademarksofDigitalPersona,Inc., registeredintheUnitedStatesandothercountries.Allother trademarksreferencedhereinarethepropertyoftheir respectiveowners. 2009DigitalPersona,Inc 12