Professional Documents
Culture Documents
Biometric Authentication For J2EE Applications: Ramesh Nagappan Reid Williams
Biometric Authentication For J2EE Applications: Ramesh Nagappan Reid Williams
Biometric Authentication
for
J2EE Applications
Ramesh Nagappan
Staff Engineer
Sun Microsystems
Reid Williams
Member of Technical Staff
Sun Microsystems
Internet is a faceless
Channel...Unless you
have a mechanism to
physically verify a
person....you
would not know who
is really accessing
your application.
Java Card
Smart Card
What I Have
Certificates
PIN
BIOMETRICS What I Am What I Know Password
Physical Mom's Maiden
Behavioral Name
Characterstics SS#
DOB
Pet's Name
2005 JavaOneSM Conference | Session 3477 | 7
Biometric Authentication By Definition
Biometric Authentication refers to the use of
physiological or behavioral characteristics of
a human being to identify or verify a person.
A process of verifying a persons identity
based on his or her unique physical or
behavioral attributes, referred to as biometric
samples.
Fingerprints, Face geometry, Iris or Retinal patterns, Ear
geometry, DNA, Body odor and so forth.
Voice, Hand writing, Key stroke pattern and so forth.
Based on pattern-recognition algorithms that
allows determining the authenticity of the
biometric sample.
2005 JavaOneSM Conference | Session 3477 | 8
Biometric Authentication Process
Accuracy is measured by :
False Acceptance Rate (FAR)
False Rejection Rate (FRR)
Failure to Enroll (FTE)
Cross-over Error Rate
Ability to Verify (ATV)
ATV = (1 FTE) * (1 FRR)
Lower the ATV means the greater the accuracy and reliability of the
authentication
Biometric Scanner
A Biometric scanner device which allows to capture a biometric sample.
For example, a fingerprint scanner device scans the surface of a finger
and obtains the patterns from the fingerprint.
The scanner device can be integrated using USB or Serial or Ethernet
interfaces.
BioAPI
Standard based API for developing personal identification applications that
interfaces with biometric verification devices
Fingerprint scanners, facial recognition devices, iris and retina scanners,
voice recognition systems, and so forth.
Most biometric vendors offer Java Implementation for BioAPI.
http://www.bioapi.org
Browser Plug-In
To support Web browser-based client authentication, browser plug-in that
allows interacting with a biometric scanner to acquire biometric samples
Windows
Windows Environment
Environment using
using
Biometric
Biometric SunRay
SunRay with
SunRay with
with
Authentication
Authentication USB
USB Fingerprint
USB Fingerprint Scanner
Fingerprint Scanner
Scanner
Fingerprint via
via GINA
GINA Module
Module using
using Biometric
using Biometric
Biometric
Web Client Authentication
Authentication
Authentication
Scanner
via
via Solaris
via Solaris PAM
Solaris PAM
PAM
SSL
SSL
Module
Module
J2EE
J2EE Biometric
Biometric
Biometric SSL
SSL
JAAS
Directory
JAAS
SSL
SSL SSL
SSL Directory
Directory
Internet
Internet Platform
Platform Authentication
Authentication
Authentication Server
Server
Server
Server
Server
Server
Fingerprint
Web Client
Scanner
HTTP/SSL
HTTP/SSL
Traffic
Traffic SSL
SSL
SSL
SSL
Linux
Linux Environment
Environment using
using
using
Biometric
Biometric
Authentication
Authentication
via
via PAM
PAM Module
Module
Fingerprint
Web Client
Scanner
Enrollment/Personalization
Enrollment/Personalization
Enrollment/Personalization
Web
Web Clients
Clients using
using Station
Station
Station
Biometric
Biometric
Authentication
Authentication
via
via Browser
Browser Plug-in
Plug-in
Or
Or
IP
IP Enabled
Enabled scanner
scanner
2005 JavaOneSM Conference | Session 3477 | 15
Implementing
Biometric Authentication
for
J2EE Applications
JAAS Options
Required: Defines that the associated login module must succeed with
authentication.
Requisite: Defines that the associated login module must succeed for the overall
authentication to be considered as successful
Sufficient: Defines the associated login modules successful authentication
sufficient for the overall authentication.
Optional: Defines that the associated login module authentication is not required
to succeed.