Fingerprint authentication to GIS Servers


Fingerprint authentication to GIS Servers


Key words: Biometrics, Authentication, XML, SOAP

Background

Biometric access control is becoming more and more used these days. At our university, as part of the BioLANCC project, a biometric security solution has been developed. The system proved quite good results and is currently in use in our institute (you can see the cool finger scan devices we have near the doors of our function rooms).

Fingerprint can be also used to authenticate to web servers. The advantage is that the user does not need to remember passwords (you don?t need to remember your fingerprint).

Diploma thesis contents

Description of concept

In the diploma thesis a fingerprint authentication system for our GIS servers should be developed. The solution should allow a person having a fingerprint scanner to access our GIS platform. A general schema is pictured below:

A client first scans his fingerprint. The fingerprint scanner sends a message to the BioLANCC (the management system) announcing that the user is recognized. The BioLANCC will then act as an authentication authority, that is, it will create an authentication token stating that the user was authenticated and will send this token to the client.

Whenever the client wants to access the GIS Server, he/she will first present the token received from the authentication authority. Since the GIS Server trusts the authentication authority, the client will get access to the server.

Description of activities

First, the BioLANCC should be extended so that it can act as an authentication authority. At this point the available standards for security assertions should be evaluated (SAML, X509.3, etc.) and one of them should be chosen for the implementation. Furthermore, a protocol for the communication between client and BioLANCC should be developed.

Secondly, the UniBwMap client should be extended so that it is able to request security tokens from the BioLANCC and it can forward the tokens to the GIS Server. The client should use SOAP to access the GIS Server and the security token should be encoded in the SOAP header.

Finally, a server-side component should be developed that shall intercept the messages from the client, verify the authentication token and when everything is ok would forward the message to the GIS Server.

Programming languages

? BioLANCC Authentication Authority Module: Java

? Client extensions: Java

? Server-side component for authentication: Java / C# / C++

Resources

? BioLanCC Web site: http://ptk.informatik.unibw-muenchen.de/servlet/Item_Query?cmd=listitems&mode=detail&itemid=299

? UniBwMap Web site: http://inf3-www.informatik.unibw-muenchen.de/~opincaru/UniBwMap/

? SAML Standard: http://www.oasis-open.org/

? A open source SAML implementation: www.opensaml.org

? WS-Security Standard: http://www.oasis-open.org/

? ?Secure Web Services under Microsoft .NET? - Studienarbeit Tim Fisher



Aufgabensteller: Prof. G. Teege
Betreuer: Cristian Opincaru

Download > Prototyp einer Diplomarbeit Prototyp einer Diplomarbeit