Professional Documents
Culture Documents
J2EEBiometrics PDF
J2EEBiometrics PDF
Biometric Authentication
for
J2EE Applications
Ramesh Nagappan
Staff Engineer
Sun Microsystems
Reid Williams
Goal
Agenda
Understanding Biometric Authentication
Importance of Biometrics
Enabling technologies
Logical Architecture
Biometrics in J2EE Applications
Implementation Strategies
Biometric Single Sign-On (SSO)
Internet is a faceless
Channel...Unless you
have a mechanism to
physically verify a
person....you
would not know who
is really accessing
your application.
Cartoon by Peter Steiner. The New Yorker, July 5, 1993
issue (Vol.69 (LXIX) no. 20) page 61
What I Have
BIOMETRICS
Physical
Behavioral
Characterstics
What I Am
Java Card
Smart Card
Certificates
What I Know
PIN
Password
Mom's Maiden
Name
SS#
DOB
Pet's Name
Template Size
Fingerprint
Face
84 bytes 2k
Hand Geometry
9 bytes
Iris
Retina
96 bytes
Voice
70k 80k
Signature
Fingerprint w/ Minutiae po
Accuracy is measured by :
Lower the ATV means the greater the accuracy and reliability of the
authentication
Enabling Technologies
Biometric Scanner
BioAPI
Browser Plug-In
Logical Architecture
Fingerprint
Scanner
Windows
Windows Environment
Environment using
using
Biometric
Biometric
Authentication
Authentication
via
via GINA
GINA Module
Module
Web Client
SunRay
SunRay
with
SunRay with
with
USB
USB
Fingerprint
Scanner
USB Fingerprint
Fingerprint Scanner
Scanner
using
using
Biometric
using Biometric
Biometric
Authentication
Authentication
Authentication
via
via
Solaris
PAM
via Solaris
Solaris PAM
PAM
Internet
Internet
Fingerprint
Scanner
Fingerprint
Scanner
SSL
SSL
J2EE
J2EE
Platform
Platform
JAAS
JAAS
Module
Module
SSL
SSL
Biometric
Biometric
Biometric
Authentication
Authentication
Authentication
Server
Server
Server
SSL
SSL
SSL
SSL
Directory
Directory
Directory
Server
Server
Server
Web Client
HTTP/SSL
HTTP/SSL
Traffic
Traffic
SSL
SSL
SSL
SSL
Linux
using
Linux Environment
Environment using
using
Biometric
Biometric
Authentication
Authentication
via
via PAM
PAM Module
Module
Web Client
Web
Web Clients
Clients using
using
Biometric
Biometric
Authentication
Authentication
via
via Browser
Browser Plug-in
Plug-in
Or
Or
IP
IP Enabled
Enabled scanner
scanner
Enrollment/Personalization
Enrollment/Personalization
Enrollment/Personalization
Station
Station
Station
Implementing
Biometric Authentication
for
J2EE Applications
JAAS LoginModule
Biometric Scanner Device
Understanding JAAS
.. .
Required: Defines that the associated login module must succeed with
authentication.
Requisite: Defines that the associated login module must succeed for the overall
authentication to be considered as successful
Optional: Defines that the associated login module authentication is not required
to succeed.
2005 JavaOneSM Conference | Session 3477 | 24
Implementation Strategies
Understanding
Biometric Single Sign-on
Once authenticated...
Enabling Technologies
Architecture
How it works
DEMO
Biometric Single Sign-on for a Web Portal
31
More information at
www.coresecuritypatterns.com
2005 JavaOneSM Conference | Session 3477 | 32
33
Biometric Authentication
for
J2EE Applications
Ramesh Nagappan
nramesh@post.harvard.edu
Reid Williams
reid.williams@alum.mit.edu
2005 JavaOneSM Conference | Session 3477