Storing a fingerprint on the server, in what form, how safe is it for the client?

E

EVGENIJ NEFEDOV2018-07-09 15:07:36

Biometric identification

EVGENIJ NEFEDOV, 2018-07-09 15:07:36

It is necessary to organize access for the clients of the fitness club by fingerprint, respectively, each client will have his own account in which the fingerprint data will be stored, the server, of course, is in the data center.
How will the data be stored on the server? in the form of an image (I really would not like it) or in the form of code? gaining access to which an attacker could not do anything.
There is a category of clients who are afraid to leave their biometric data, fearing that they may fall into third hands, you need to convince them that there is nothing wrong with that.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

G

GilbertAmethyst, 2018-07-09
@nefedovgeka

And I like the print idea. Quite convenient, no need to carry a card with you.
I think it's most correct to store such data as a hash , like a password. Then, when accessing the database, third parties will not be able to find out anything, or the process will be incredibly complicated.
The user puts a finger -> A digital signature is being generated -> It is hashed and a similar hash is searched for in the database -> If it is found and it matches the client -> Success, we let the person in.
At the same time, we do not store the digital signature in the database itself, only the hashed one.
And the way to generate a digital signature is already a question more about the code in your particular case.
Another option is to make an application on the phone and work directly with the scanners there and the API for interacting with them (as Sberbank does, for example), give those who do not have a scanner in their phone a regular card. Save on equipment.