Biometric Fingerprint Security in FileMaker

Biometric Fingerprint plug-in for FileMaker

We here at Productive Computing just released a redesigned and overhauled new version of our Biometric Fingerprint Reader plug-in for FileMaker, bringing new life to this security-minded option for the FileMaker platform. Among the many updates to version 2,  the plug-in now includes added 64-bit compatibility.

There have been questions, however, about how a fingerprint reader can help secure a solution: How do the readers pick up data from the fingerprint? What kind of information is extracted? What’s the difference between different kinds of scanner types? Let’s dig in and see what we can find!

Biometric Security

Using our plug-in, fingerprints are scanned by either a U.ARE.U 4500 or U.ARE.U 5160 fingerprint scanner, which are considered “optical” scanners. Optical scanners capture biometric data by taking a picture of the finger using LED lighting and imaging hardware, and then extracting the fingerprint details from the image. The details are compiled into what is known as “minutiae”, which refers to the specific unique features of each finger: whorls, ridges, any distinguishing marks such as scars or cuts, and so on. Minutiae data is then converted to a binary data format, which can be used by consuming applications for authentication, validation, or other processes that need the biometric information.

Optical vs. Capacitive

Fingerprint scanners come in numerous different types of scanning techniques, the most common being optical scanners and capacitive scanners.

As mentioned above, optical scanners take a picture of the fingerprint when scanned, using optical methods to extract and interpret the biometric data. The quality of the pictures taken by optical scanners are strong enough that they can extract critical information from the picture to generate unique biometric data for each finger. An example of an optical scanner would be the U.ARE.U 5160 fingerprint device, which our Biometric Fingerprint Reader plug-in is compatible with.

Capacitive scanners, however, use a mild electrical current to map critical biometric data for a scanned fingerprint. Since human skin is conductive, an electrical current runs along the surface of the skin, mapping higher and lower resistance points that correspond to the peaks and valleys of the ridges of a fingerprint, and then generates the encoded biometric data from these points of resistance. An example of a capacitive scanner would be the CrossMatch EikonTouch 710 fingerprint device.


How the Biometric Fingerprint Reader Works

Let’s take a look under the hood a bit and talk specifically about the Biometric Fingerprint Reader plug-in, using our FileMaker demo file as an example.

The first thing we must do is to initialize the libraries of the plug-in, preparing the system to process biometric data.

After running through the initialization process, we must enroll users, storing their biometric data and allowing for later verification. When the function PCFP_Enroll is called, the initialized biometric library will open up a custom Windows form window and call the U.ARE.U SDK the plug-in uses to start the enrollment process.

The process prompts the user to choose a finger, scanning it four times and building a comprehensive set of biometric data. The user can optionally choose more fingers to enroll, or simply complete the enrollment process to commit the data into memory. After enrollment, the system should use the PCFP_ImportUserFromDevice function to extract the biometric data for the specified finger, storing it into a record in FileMaker as binary container data.

This stored biometric data can be passed back to the plug-in for verification. If the user hasn’t enrolled in the current FileMaker session, but has data stored in FileMaker, data can be uploaded to the biometric libraries using the PCFP_AddFingerprintToUser function in preparation for verification.

If the user has enrolled in the current FileMaker session, then their finger data will already be in place and it is made immediately available for verification. When the system calls the PCFP_Identify function to verify the user, the biometric library opens up a second custom Windows form window and brings up the identification process. This process takes one or more fingerprint scans and compares the captured data against the in-memory repository of enrolled fingerprints; if it finds a sufficient match, the function returns success, otherwise the function will report a failure.

The chance of a false positive match, where the finger scanned matches someone that should not actually be a match, is about 0.001%, according to the DigitalPersona U.ARE.U developer’s guide and based on the SDK’s developer tests.

Suppose we have a different kind of scenario other than the traditional “here are all of the functions” demo file situation: a time clock system, for example.

Our theoretical solution is intended to clock users, workers, technicians, etc. in, logging when they became “on the clock” and also clock users out, marking them no longer at work. This can be scripted easily enough with simple button clicks and FileMaker interface designs, but let’s suppose we want to verify that the users are who they say they are, and clock them in without even asking what their username is, using the Biometric Fingerprint Reader plug-in.

With the assumption that the users have already enrolled their fingerprints according to company standards, we can design a workflow as such:

  1. User accesses the time clock system, bringing them to the primary interface to clock in and start their shift
  2. User clicks the button to start their shift; the solution then makes sure the biometric library on the machine is fully loaded with all enrolled users, and brings up the Identification form via the PCFP_Identify function, prompting the user to identify themselves
  3. User scans one (or more) of their enrolled fingers with on the attached fingerprint scanner device
  4. The system validates the scanned finger, and returns the registered user name of the identified user on a successful result
  5. This username is then passed through FileMaker scripting to locate the user account by the username, bringing the user to their time clock dashboard, and clocking them in

This example makes use of one, possibly two, different functions:

  1. PCFP_AddFingerprintToUser, which is used to populate the biometric library in memory with fingerprint data for each user in the solution, and
  2.  PCFP_Identify, which performs the identification of the user and returns the valid user’s name.

The end result is a simple, one-click-one-scan process that authorizes the user and starts their time clock entry. The same process can be used for clocking them out.

It’s important to note here that the Biometric plug-in is not a replacement for standard FileMaker security. The plug-in is intended as an additional tool on the toolbelt of the FileMaker developer, allowing them to add in extra security for use at run time, instead of preventing access to the file or securing the file on the server.

Possible Use Cases for the Biometric Fingerprint Reader Plug-in

  • Time clock systems
    • User clocks in and out with a fingerprint scan for their shift
  • Manager approval scenarios
    • If performing a specific action in the system requires manager approval (such as voiding an invoice, accessing a secure section of the database, or changing financial information), the manager can “allow” it with a scan of the finger
  • Locking or unlocking a record
    • The manager can scan a fingerprint to lock or unlock a record, preventing modification unless the manager provides a fingerprint scan for approval
  • Hiding sensitive information
    • Field data can be hidden from view; if the user wishes to see this hidden data, they would scan their finger, and if they have sufficient security permission, the hidden data can be revealed
  • Access to open a module
    • Much like manager approval scenarios, the system can prevent access to a module of the solution unless the user scans their finger to validate that they have sufficient permission to see it
  • Tracking repeat customers
    • If you have a business that requires you to verify customer information and retain sensitive customer data, using fingerprint verification can quickly and effectively reference repeat customers and confirm identity

Putting It Into Practice

Let’s wrap this up. Now that we know how the scanners works, what goes into extracting meaningful information from a user’s fingerprint, and some use cases for the plug-in, how does all that fit with FileMaker?

The biometric data that comes from a scanned finger adds an additional “key” to the user’s keychain, letting the system enforce additional security in order to allow the user access to certain protected layouts or to privileged data. It all comes down to the user’s particular security needs, and how they envision a secure biometric component fitting into their daily workflow.

Visit our website for information and to download a demo of our Biometric Fingerprint Reader plug-in.