redCognition: New opportunities for identification
During the year 2012, the RISC Software GmbH, in cooperation with the redCognition Innovation & Development GmbH, realized a web interface for controlling a biometric access control.
The central point of the work of the RISC Software GmbH was to thereby facilitate the expansion of a given solution by connections to mobile devices.
The task included, among other things, the implementation of the following functionality to allow the execution of the entire workflow and the integration of mobile devices such as smartphones.
- Access to a camera to create a reference image of a user.
- Access to a card reader to determine the identity of a user.
- Registration of a new authorized user with a reference image stored on the server.
- Verification of user authority by taking a picture, which is sent to a biometric service for comparison with the reference image.
For this purpose, the library components provided by the company redCognition for controlling the camera and card reader, as well as the implementation of biometric algorithms for face detection, were linked together, extended by a database solution for storing the captured user information and their reference images, and made available via a web interface.
Another project conducted by the RISC Software GmbH in collaboration with the same customer includes the integration of biometric features in public key infrastructures.
This is particularly interesting, since it makes the storing of the private key obsolete, and thus circumvents the problem of the loss or compromise of a user’s private key. This is particularly important because the cryptographic security of RSA requires the exclusive access of a user to his private keys.
So that the key does not need to be saved, it is regenerated from a random number of high quality, if necessary. The random number is unique to each user and is initially generated based on real random events. Access to the random number is thereby secured by a multifactorial user authentication, which consists of a user name, PIN, and biometric authentication, and the random number is stored in a database. The unique association between the random number of a user and the resulting generated key pair was achieved by modifying the configuration of the used functions from the OpenSSL library.
Based on the key pair of the user, a request for a user certificate or a corresponding certificate can also be created to integrate the user into a public-key infrastructure.
In order to enable the user-friendly control of these functions, as well as other services of redCognition via a web browser, a website was additionally developed as a user interface.