Content

Scroll back

Fingerprint Authentication

A biometric authentication factor for fingerprint authentication was integrated into the Agile Authentication Provider (ALAP). A server based verification component was developed and a corresponding authentication plugin for the EGIZ Authenticator was developed.

The biometric authentication factor consists of two phases. The rollout phase is executed once to create a binding between the server component and the users fingerprint. The authentication phase is executed for every authentication process and relies on the created binding of the rollout phase. The android fingerprint API allows the generation of a secret key which can only be used after a fingerprint was presented. During the rollout phase the public part of this key is registered at the server component. During the authentication phase the server component generates a random nonce. A digitial signature of this nonce is generated with the secret key that is protected by the android fingerprint API. This signature is verfied at the server component. The ability to create this siganture proofs the successfull provision of the fingerprint.

A demonstration video is available: 
Scroll forward