This was for an assignment in Automatic Data Capture, a class at Arkansas State University. The idea is simple: add biometrics to passwords. This is not the same as use biometrics AS passwords. The idea is that you walk up to a device (ATM, POS thing, whatever) and you enter your Username, then you enter your bio-password. A bio-password consists of normal password characters typed on a keyboard, with biometric input as additional characters – as part of the bio-password.
So, you might have a password that is Abcde12345, and now your new improved bio-password is:
“Ab[left middle finger]cd1[right index finger]2345”
The biometric portion of the bio-password would need to be input at the correct position in the bio-password as the user entered it.
We developed an application as a proof-of-concept using a fingerprint reader, and opensource software. The application uses only a fingerprint reader as biometric input, but the idea could easily be extended to other types of biometric input.
So, the source is available to play with if you are interested. I don’t have enough bandwidth to host the whole virtualbox image, so I’ve just posted the source below with brief explanations of each file. It should be fairly clear where things go if you LOOK at the code.
A quick technical and architectural description follows:
- This runs on linux (fedora 19 was used) and leverages apache and suexec to run the user interface and change uids.
- It uses libfprint for handling the fingerprint data
- The application is written in C and Perl, and uses Template Toolkit for the view.
- The C application communicates with the libfprint driver, and does the fingerprint scanning, and is based on example code that comes with libfprint.
- The perl handles the input from the GUI, an html template, one character at a time, using jquery ajax. It runs the C application, processes input, controls the application, and evaluates the final submission of the bio-password.
To run this application, you’ll need a recent linux distro with perl, template toolkit, apache, and standard development tools.
Note this application is only a proof-of-concept. It is not designed for security, or scalability. The password is currently stored as plain text.
Here’s the code
The zip file contains the html template, the main PERL file, an example password file, and the modified verify.c and enroll.c from the examples provided with Libfprint. Some things not included are the images, and the apache configuration. The images are not essential, and apache config is the default with the exception of activating the /~username home directory functionality – just uncomment that section of the default httpd.conf file. The program requires template toolkit which can easily be installed using CPAN. And of course you’ll need to compile those C programs using make in the examples folder of Libfprint source.
Note: Because this was work done for an AState class, AState owns the IP. There do not appear to be any restrictions on my use of though, so it is published here for public consumption. It would be fairly simple to re-implement the idea in any language or with other biometrics.