views:

188

answers:

2

Hi guys.

I need to implement authentication in a php app but using fingerprint as part of credentials.

So, sincerely I'm kind of lost here.

1) Do I need a product (reader) with javascript SDK? I've seen some using ActiveX but obviously this will work just for IE. I would like a cross-browser solution here.

2) On server side, I suppose I'll natively call some C/C++/Java libs from my php code. Is it right?

As you can see, any paper/orientation you could give me would be appreciated.

A: 

buddy you cannot do it using php - its a scripting language..

but their remains hope you can use .net technologies like c# or vb for hardware porting. my view is too twisty, which is, 1. do authentication using .net technologies. 2. pass the authentication result to php using asp like embedding result in XML/JSON

i don know how much success rate you will get from this solution.

Try......

Have a nice day

Jaison Justus
A: 

Jaison, "you cannot do it" and "PHP" don't belong in the same sentence.

Berserkpi, you can do this in PHP, but only parts of it. I don't know about the hardware but I can generalize the parameters of your project.

Fingerprinting is going to have to be done on some sort of client machine. That means a fingerprint-reading device hooked up to something like a computer, probably through a USB or other serial connection.

I can't tell you how that fingerprinting is going to work, but you'll need to get a program running on the machine that submits your fingerprints for authentication. Those fingerprints are going to be sent to a server, probably through a POST request and a PHP API you've set up. This is going to be the toughest part.

The tough part is that you need those prints to be consistant -- w/web apps you don't get in with a password that kinds of looks like your password; either the user can be authenticated or the password is rejected. With fingerprints that may not be the case.

Whatever it is, so long as it's consistant you can consider it more or less like an MD5 hash. You match it against a hashed version you store in your database and if it matches you authenticate her by generating a token (maybe another MD5) hash that is good for an hour or so.

editor
Let me c if I'm following u.On client side I need the reader to support web browser, perhaps using an activex or java applet... So the client needs: reader, drivers and web browser plug-in?.On server side I need some libs that compare the POSTed fingerprint, these libs seem very specialized, these don't compare the hole image . Is not that easy, the libs must find some "Minutia features" in common.That's what I've learned from your answers and reading some papers.
berserkpi
Pretty much. You need to read a fingerprint from a client machine and send it to a remote server. For the server to authenticate in a normal way, it needs the prints to be consistant. Because minute differences would lead to different fingerprints, this is going to be tough.
editor