|
A surge in online transactions
has put a spotlight on security concerns
involved in accessing confidential information
over public networks. To protect this
information, enterprises must have mechanisms
to authenticate users, prevent unauthorised
access and maintain an irrefutable record
of transaction activity.
CMC Biometric Authentication
System (BAS) enables web based applications
to be authenticated more securely with
biometrics. This solution provides an
external authentication service for Tivoli
Access Manager (TAM). It is an integrated
solution for TAM.
The BAS is a set of modules
for Registration and Authentication of
users (Verification) based on fingerprints.
BAS is the most sophisticated, durable
and high-quality fingerprint authentication
system. It is ideal for a quick and large
daily volume of trouble-free registrations
and verifications. BAS uses Logiprint
Device for capturing fingerprints
during registration and verification.
Registration of the users
needs to be done before authentication.
Only registered users can be authenticated.
Registration is a one time activity whereas
Authentication will be done whenever required.
Registered fingerprints will be stored
in the db2 database against the
username of users. The system matches
the scanned fingerprint captured during
authentication against the registered
fingerprints that exist in the database.
Features
|
|
Highly
secured authentication system |
|
|
Effective matching algorithm |
|
|
Minimal
False Acceptance Ratio |
|
|
Simple
Registrations |
|
|
Easy
Verifications |
The solution contains following
steps.
Environment
Setup
The following installations are required:
|
|
Fingerprint
device's drivers (on client &
registration system). |
|
|
BAS Workstation software (client,
server & registration system). |
|
|
BAS Registration Module (registration
system). |
|
|
AS
Server side API and .cab files (server
system). |
Registration
|
|
The
"Registration Tool"
can be used to capture fingerprints
of a given user. Multiple templates
of the finger can be captured and
the maximum number of templates can
be configurable. |
|
|
The users must also be registered
in WebSEAL. |
Configuration
at client
|
|
The
client should have IE browser with
version 5.5 or later installed and
it should allow interaction of ActiveX
controls on web pages. |
Configurations
at Server
|
|
The
server should have the FPActiveX.ocx
as a registered ActiveX control. |
|
|
Install
the BAS server side API at the server. |
Verification
Following are the Steps for Verification:
|
|
Client
accesses WebSEAL. |
|
|
Client is prompted to authenticate. |
|
|
Client enters username and
provides fingerprint. |
|
|
The fingerprint is encoded and sent
over http then Client submits the
login form |
|
|
The
encoded data is sent along with the
username to the BAS server-side
API |
|
|
The server side API performs the matching
and result is sent to WebSEAL. |
|
|
WebSEAL
parses the response and builds a TAM
credential based on the user ID and
sends a redirect to the client and
the client resubmits the original
request. |
|
|
WebSEAL
sends the stored request to the backend
server. |
|
|
Backend
server returns a response and then
WebSEAL sends the response
to the client |
|
