Hi there;
The company has a web-based punch card application, but my boss wants to make employees punch in and out using their fingerprint rather than sharable passwords. Is there any free/open source/commercial SDKs that can be used? With a Java or ActiveX based embeddable component?
Thanks in advance.
Most of the tools i found were commercial products. But hopefully they lead you in the right direction you want to take.
Which fingerprint reader are you using?
1) Microsoft Fingerprint Reader (Formerly Digital Persona) 2) Eikon Reader 3) Other?
An easy solution is to take advantage of the automatic form-filling tools that come with either, and build a password system around that where the passwords are predefined 64+ byte long random blocks of data. Keep your web-based system but have a very minimal form that discourages entering the password client-side (through javascript), and explains that the user should touch the fingerprint scanner to punch in/out.
If possible, take each employee through the registration system by having them setup an auto-login with their fingerprint, having them look away and then privately entering the password without them watching.
Of course this is easily hacked by a tech-savy employee using a tool like asterisk key (on windows) or a dom explorer / debugger later but it should provide a minimum level of security and at the very least won't be as easily shared as your current system (which I gather is your goal).
Also, fingerprints don't really provide any type of security for a determined attack. Silly putty, superglue, and five minutes can reliably replicate any prints lying around. As long as you accept this issue you'll be OK.