Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

Biometrics with perl

by schweini (Friar)
on Oct 02, 2004 at 18:00 UTC ( [id://395910] : perlquestion . print w/replies, xml ) Need Help??

schweini has asked for the wisdom of the Perl Monks concerning the following question:

honoured monasterians,

so i've been told to incorporate biometrics in the form of a fingerprint-scanner into one of my systems (basically a time-tracker) - does anyone have some experience with that? where do i start? google wasn't much help for me due to the incredible marketing-hype it has to cut through to get to the real information.

AFAIK, fingerprint-scanners usually simply scan the fingerprint (duh!), and then pass on that info as a grayscale bitmap to some program that tries to detect at least some of the "minutae" (whirls, bends, etc.), which then get passed on to some fingerprint-matching program, which tries to do a partial match on the found minutae against the stored ones.
what i'd love to have is someway to basically say something like
$user = $fingerprint_matcher->find($scan_data, $database)

in perl. if at all possible, cross-platfoem (windows and linux).
so, anyone know of where to look for something like that? security is not the primary issue, and i am well aware of all the drawbacks to a fingerprint-solution, and informed my superiors on that, but they are willing to accept that.

Update: Maybe i should rephrase my basic question to: "Does anyone know of some pre-made hardware/software package i can talk to with perl? in the worst case by parsing files?"

Replies are listed 'Best First'.
Re: Biometrics with perl
by InfiniteSilence (Curate) on Oct 02, 2004 at 20:52 UTC
    You might try Mentalix's API and the associated examples. It appears to be a commercial package so expect to add a proposal for money to your "superiors."

    Celebrate Intellectual Diversity

Re: Biometrics with perl
by pg (Canon) on Oct 02, 2004 at 18:20 UTC

    Perl is cross-platform.

    The first thing you have to wrroy about is the algorithm, and the language is not really that important. I can imagine what the algorithm does is just whole lots of math, Perl can do it, other languages can do it as well. Pick one that you are familiar with.

    Study a little bit about image analysis, especuilly, texture analysis. Don't think internet helps much, too specific. You need some book in this area.

Re: Biometrics with perl
by WhiteBird (Hermit) on Oct 02, 2004 at 19:09 UTC
    While not an answer to your question, I'd recommend that when you write the code you incorporate some double-check type of algorithm into the program. As an end-user of a finger print scanning security system I am continually frustrated. The security officer that installed the system sums my troubles up by saying "You have a problematic fingerprint". Nine times out of ten the program will not match my fingerprint and refuses me entry to our server room. Eventually, if I keep trying it will recognize my print as being "authorized" and the door will finally open.

    If you find some perlish solution to this task, I hope you'll be able to find a better way to do it.

Re: Biometrics with perl
by Albannach (Monsignor) on Oct 03, 2004 at 14:41 UTC
    For another option, NEUROtechnologija has both Windows and Linux SDKs for a variety of fingerprint hardware devices. I have no personal experience with these products however.

    For the roll-your-own option, perhaps you could look into more conventional image duplicate-finding approaches, some of which have been discussed here, e.g. by BrowserUk, though you'd need access to the raw scanner images, and have to experiment with the comparison to see if it can be tuned to be sensitive enough to find a reasonably small number of matches without deciding that all fingerprints in your database are matches. I'd think you'd use the fingerprint only as a first identifier, then prompt for a password, so the fingerprint tool need only narrow down your ID to a small number of potential matches in your database, not a single person.

    Finally, as interesting as I find the problem, I must say I have serious doubts about biometrics, both in ethical and practical senses. For starters, even in my personal circle of friends and relatives I can count half a dozen missing digits. Then there is the recent suggestion that fingerprints are not so easy to accurately compare as has been thought (and indeed haven't really been properly investigated), and the now famous gelatine hack. Perhaps something like a hardware key would be easier and safer to implement in your instance?

    I'd like to be able to assign to an luser

      Any passive security system can by bypassed given enough time, effort, and money. The object is just to make the cost of bypassing security higher than the gain, and unless you're doing high-stakes research or DoD work, a simple fingerprint / password system should be sufficient. Possible improvements might include:

      Finger temperature scan and/or blood gas reading (former might be faked by warming gelatin, latter is much harder to)

      Automatic digital photograph of the finger as it comes close to the scanner (if it looks odd, it's gelatin or has been cut off)

      Weight plate (place feet here, test for weigh within x pounds of last scan with same fingerprint and pass)

      Retinal scan (though if you have one, why do fingerprint?)

        I certainly agree that anything can be broken, but I am particuarly wary of complex bleeding-edge (if you will) technology systems that appear to improve things (in this case security, but that isn't the only case), but really serve more to hide insecurities behind flash and sizzle.

        Just to extend the argument a bit more:

        • finger temperature scan - pointless as skin surface temperature is most certainly not constant enough in any individual to be useful as even a partial identifier
        • blood gas reading - perhaps harder to fake, but why bother when like temperature, it too is not going to be consistent enough in a single user (did you have a beer at lunch?)
        • automatic digital photograph of the finger as it comes close to the scanner - now there's some cool AI: first step, see if you can tell a moving finger from a moving sausage reliably in real time. Better attack: mount the gelatin on a real finger.
        • weight plate - pretty crude, depends on clothing (seasonal), number of devices clipped to the subject geek, and whether they went to the all-you-can-eat down the street for lunch. Anyway, if you want to steal someone's finger, it's an easy matter to weigh them too.
        • retinal scan - perhaps the best of the lot, but given the poor science behind finger prints, I'm similarly loath to assume these are correct. It also wouldn't surprise me if there are legal problems regarding employees with disabilities as there are with most biometrics.

        I'm no expert and I've doubtless missed things, but my point is an RFID ID badge or similar with a suitably long encryption key and photo is far simpler, useable by both machine and human security staff, easy to issue, easy to confirm, and easy to cancel. I'm sure it too has truckloads of problems, but when we step past the intriguing academic exercise into practical application, simple wins with me every time.

        I'd like to be able to assign to an luser

Re: Biometrics with perl
by HelgeG (Scribe) on Oct 04, 2004 at 09:11 UTC
    This kit (BioTouch) from Identix might fit your bill. They alson have an SDK available in addition to the included software, so if the included software does not work, you could roll your own.

    There is no mention of Linux support on their website, but one review said there was Linux support for the reader. You could contact Identix directly to verify this.