Using Biometrics While Logging In

in STEMGeeks4 months ago

We have seen Biometrics devices have been used while giving the access to certain areas, also in recent times its also been added to your personal number (Aadhaar number) in India. We have got a task to add the Biometrics functionality to login on a website.

We were exploring some options and came up one solution. The solution what we got is, the JavaScript API will capture the data through the Biometrics device and then that data will be send to the service which will do the identification or verification. We will not be handling the enrolment because that is purely the customer's responsibility.


Actual Biometrics Device

One of the qualities of biometrics devices are that it comes with set of SDKs and thus its easier for us to use that SDKs and work accordingly. In my case the SDKs I got has both JavaScript API and .Net API.

So the JavaScript API is capable of getting the image from the device in formats like RAW, PNG, Intermediate etc and thus that data can be send across to the backend for processing. One thing to note here is that we have to really think what type of data we want from JavaScript API, if it is RAW or PNG the processing time will increase due to the size of the captured data whereas intermediate is around 10 times lesser in terms of data.

In our case it was intermediate data which we are sending to the server and thus the server will match that intermediate data which is present in teh database to know that the person is authenticated or not.

For the identification we have to send some threshold value because its very rare that the data between what is enrolled and what is at the time of authentication will match 1 to 1. So the threshold is all about removing the false positive and false negative and keeping it secure. Threshold also depends on the company you are dealing with, if its banking or other then the security should be too tight otherwise one error in million is ok for other companies.

It is just the POC we are doing and till now we have not faced any issues using the device and the SDK's and it can be easily integrated with our existing login system. What we have also found out is that the device work is nothing but sending the image data to the SDK and thus all the processing should be done by the SDK itself. I must say that the SDK's processing is quite fast and thus I can see that even if we have to do 10000s of check it will keep up with the performance.

The SDKs read if the device is connected to the computer or not and once it detects it starts processing or capturing the information.

Posted with STEMGeeks

 4 months ago Reveal Comment