Building a secure, enterprise-grade fingerprint identification system requires careful architecture on both the client (biometric collection) and server (template matching and storage) sides. The VeriFinger Extended SDK by Neurotechnology provides the essential tools, components, and client-server infrastructure needed to build these scalable solutions.
The framework, core security considerations, and implementation steps for building secure systems with this toolkit are detailed below. Core Components of the Extended SDK
Unlike the Standard SDK (which is optimized for standalone applications), the Extended SDK is purpose-built for web-based, mobile, and large-scale networked client-server applications. It includes:
Fingerprint Extractor: Converts raw images from a fingerprint reader into isolated, mathematical minutiae templates.
Fingerprint Matcher: Performs high-speed 1-to-1 verification and 1-to-many identification (matching up to 40,000 fingerprints per second per core).
Matching Server: A ready-to-use, server-side multi-threaded component that queues and processes inbound authentication requests across a network.
Database Support Modules: Built-in connectors for secure relational databases including Microsoft SQL Server, Oracle, PostgreSQL, MySQL, and SQLite. Architecture of a Secure Fingerprint System
A secure biometric system must isolate the client capture environment from the backend matching environment to protect against template tampering, reverse engineering, and man-in-the-middle attacks.
[ Client App / Mobile ] │ ▲ │ │ Secure TLS 1.3 Tunnel (Signed Encrypted Payloads) ▼ │ [ Matching Server Components ] ──(RAM Memory Cache) │ ▲ ▼ │ Secure Database Queries Encrypted Relational Database 1. Secure Enrollment (Client-Side)
The client interface interacts with the physical biometric reader via the SDK’s internal Device Manager.
Live Scanning & Quality Assessment: To prevent users from spoofing sensors with rubber, latex, or gelatin, use the built-in deep learning-based Spoof Fingerprint Detection. The system evaluates the image quality using adaptive image filtration to check for wetness, dryness, or partial scans.
Template Generalization: The VeriFinger Extractor can merge multiple scans of the same finger into a single, high-fidelity generalized template, minimizing false rejection rates during future authentications. 2. Network Transmissions
Zero Raw Images: Raw fingerprint images should never be permanently saved or sent long distances over the network. Once the client extracts the mathematical template, the raw bitmap should be immediately purged from memory.
Payload Encryption: Ensure the extracted template payload is encrypted (e.g., using AES-256) and signed cryptographically with a transient timestamp before being transmitted to the matching server via an encrypted TLS tunnel to prevent replay attacks. 3. Matching and Storage (Server-Side)
RAM-Only Matching Operations: For rapid 1-to-many lookups, the server maps proprietary biometric templates directly into the system’s RAM.
Database Security: The permanent storage layer handles template tables. While a Neurotechnology biometric template cannot be reverse-engineered back into a printable visual image of a fingerprint, it is still sensitive data. Encrypt the database at rest, and implement strict Access Control Lists (ACLs) so only the matching server process can communicate with it. Step-by-Step Implementation Flow
Developing with the SDK typically involves the following development steps: SDK contents and fingerprint components – Neurotechnology
Leave a Reply