BioAXS

About BioAXS
Mission Statement Press Room President's Message CEO's Message COO's Message CFO's Message

Finger Prints Face Recognition RFIID BioCard Finger Print + Face Recognition

SharePoint Based TimeTracker SharePoint Based Correspondence Management SharePoint Based Bulk Metadata SharePoint Based Installation Setups Microsoft Outlook Addin Finger Print Time & Attendance System Finger Print Network Attendance Finger Print Door Access Control System Finger Print Networked Door Access Control Payroll Management System Payroll Integrated With Attendance Patient Management System Clinic Management System Gym Management System Prisoner/Staff Recognition System Litigation Management System Intelligent Museum Finger Print Windows Logon Finger Print Web Logon

SharePoint Consulting

Architecture and Design

Custom Development and Integration

Deployment

Training

Annual Support Application Development & Maintenance Product Engineering Systems Integration

Demos Brochures Help Lines

Features User Guide

	Recent News

KCC Software USA

BioAXS has choosen KCC Software as representative partner for BioAXS in the United States. Both organizations are working together to finalize a Pre-Bid process to secure a contract in Litigation Management System for a Florida Based Insurance Firm.

IPS Australia

Integrated Project Solutions (IPS) is a leading independent Australian Project, Construction Design and Fabrication Manager.
The company provides project, construction and design management services to the mining, mineral processing, oil and gas, chemical and petrochemical, government and industrial sectors.

IPS has chosen BioAXS to shift their all projects to Microsoft SharePoint 2010...

Punjab Prisons

BioAXS was asked to deliver a Finger Print recognition system for staff and prisoners for the Prisons in Punjab. A comprehensive solution is installed at IG office Lahore and is being tested at Sahiwal Central Jail.

Tandoor Recognition System

In collaboration with Punjab Government, BioAXS has developed a Finger Print solution for recognition of Tandoor Owners buying flour from Flour Mills in Punjab at a subsidized price.

AUTOSOFT DYNAMICS

BioAXS has installed a Finger Print recognition door control system at AutoSoft. The specialist of the system is having Finger Print recognition at both ENTRY and EXIT points.

SIMCO AS

SIMCO The leading Scandinavian Car-Electronics has chosen BioAXScard Finger Print online login solution as well as adapting our security technology, controlling sensitive information for Police, Insurance and the Scandinavian Customs…

Computing Services & Security S.A's Appointment

Computing Services & Security S.A (CSS) is a Swiss company with a wide dealer network in Switzerland and France CSS has over 15 years of solution integration experience working with Siemens.

CSS is also privileged to represent IBM, HP, Microsoft, RSA, Citrix and DigitalPersona in both countries.

BioAXS has appointed CSS to look after countries of Switzerland and France exclusively for its solutions/products.

ID SCAN Belgium

BioAXS is pleased to announce appointment of IDSCAN Belgium’s appointment as an exclusive reseller in country of Belgium.

IDSCAN has started training and learning implementation techniques of BioAXS Solutions in different segments of market.

BOI Thailand

BioAXS has been approved by Board of Investment Thailand to operate its Software Development business free of TAX and carry out duty free import/export for 8 years.

BOI Thailand advised, it’s willing to support Software Engineers from Pakistan and India to come and work closely along with Thai Engineers to fill the Gap of Software Development Thailand is facing today.

FAQs

What are the features of Matcher on Card?

Advantage against other solutions

Applications which use a PIN authentication on a smart card, may be extended to biometric authentication without changing the infra structure. Example: SIM card for mobile phones. Even in the case of a loss of the phone and/or the SIM card no unauthorized access to the net is to be feared.

As the reference template need not leave the card, more privacy is guaranteed.

Drawback

There is only limited processing power and memory space available on the smart card. This requires some compromises with regard to biometric verification performance.

What must be observed with respect to security when dealing with "Template on Card"?

We consider the following possibilities for storage of biometric references on a chip card:

The chip card is a pure memory card, storage is unencrypted.

The chip card can be read by anyone who finds it.

The chip card can be duplicated by anyone; however, only the authorized can use it.

In principle, cards with references of non-authorized users can be produced which grant access to the system.

If the authorized user's (non-biometric) data is saved on the card, the danger of compromisation when lost is high.

The chip card is a pure memory card, storage is encrypted.

The chip card can be read by anyone who finds it, but the contents cannot be interpreted.

The chip card can be duplicated by anyone; however, only the authorized can use it.

Authentication via cards with references of non-authorized users is generally prevented.

Compromisation of data is prevented.

The chip card is a processor card ( smart card ) with crypto function

The chip card's stored data can only be read and interpreted by a trustworthy communication partner (e.g., a protected PC or a protected server via a non-protected PC)

Duplication of the chip card is preventable

Authentication via cards with references of non-authorized users is generally prevented

Compromisation of data is prevented

It depends on a specific application which security level is necessary and what will be the possible solution.

How may a PC access control with "Template on Card" look like?

We consider the following implementation possibilities:
The chip card is a pure memory card, storage is unencrypted
During enrollment, a PC connected to a biometric sensor extracts the biometric features, and subsequently stores the extracted reference on chip card. At verification, the access seeker inserts her chip card into the chip card reader and then her biometric feature is again scanned. The scanned feature is then compared to the reference stored on the chip card at the PC. If the comparison exceeds a certain level of similarity, full clearance is granted to the network by sending the decrypted password (which is stored on the PC encrypted) from the PC to the server.
The chip card is a pure memory card, storage is encrypted.
See above. Additionally, however, decryption of the reference from the card is done on the PC or better yet on the server with a securely stored key. Alternatively, the comparison process should likewise occur on the server. Thereby, the current extracted feature is transmitted securely from the PC to the server.
The chip card is a processor card (smart card) with crypto function >
The communication partners of the crypto card are a PC, a biometric sensor and a protected server. During a log-on trial, the crypto card and the server create a secured connection. The server retrieves the reference data from the crypto card. Simultaneously, the PC extracts the biometric feature from the sensor's raw data and sends it (potentially secured by a one-time key) to the server where it is compared to the card's biometric reference feature. If the comparison is positive, the PC grants access to the network drives.

What is a "template"?

A template comprises the extracted unique features of the biometric data. The template is generated during the process of feature extraction, which frees the raw data coming from the biometric sensor from irrelevant information. By this way, both the storage requirements and the matching expense are reduced. Here, the definition of the template does not depend on its usage as reference or for a verification request. (Several authors only call the reference template a template, the request template is called "sample".)

How is the False Identification Rate (FIR) calculated?

During an identification, the requested feature is compared to many reference features and possibly, the similarity value will exceed the threshold for more than one reference. This is non-critical if only granting access, but can be very problematic if the correct assignment of personal data to the biometric feature is required (Example: access to a bank account via ATM).

The probability for the identification of further (by definition false) candidates (independent of the correct reference) can be calculated from the FAR since these candidates would represent false acceptances in the case of verification. Its value is given by:

1 - (1 - FAR₁)^N-1 ~ (N - 1) FAR₁

whereby FAR₁ is the False Acceptance Rate for a system with one reference. N represents the number of references. The approximation (right side) applies in the case that the resulting value lies considerably under 1.

The False Identification Rate can first be calculated after selecting one of the candidates. One standard, which is often found in practical applications, could be, for example, that the candidate with the highest similarity value is chosen (presuming that there is only one). Unfortunately, the FIR is only ascertainable when the probability density functions are available for false acceptance as well as false rejection.

Easier to calculate is the rule that multiple candidates are completely rejected, which raises the FRR and lowers FAR. The following definitions apply here:

FAR probability that a non-authorized person is identified

FRR probability that an authorized person is not identified

FIR probability that an authorized person is identified, but is assigned a false ID

These definitions result in the following formulas under ideal conditions (statistic independence, same error rates for all people, ...); where the index N is again the number of references:

FAR_N = N FAR₁ (1 - FAR₁)^N-1

FRR_N = 1 - (1 - FRR₁ - FAR₁ + N FRR₁ FAR₁) (1 - FAR₁)^N-2

FIR_N = (N - 1) FRR₁FAR₁(1 - FAR₁)^N-2

What is the difference between positive and negative identification?

In a positive identification the user is interested to be identified, in the negative case the user tries to avoid successful identification. For example, the thief is not interested in being identified by comparing the latent prints from the scene of crime with his Finger Prints. This is a negative identification. If I am authorized to get access to my office, I am strongly interested to be identified, e.g., by iris recognition. This is a positive identification.

The main impact of positive versus negative identification regards user cooperation. In the negative case the user is not willing to cooperate (even if he is "innocent") at the stage of feature acquisition. Therefore, a negative identification often needs observation. Even the sensor may be affected by the type of identification: negative Finger Print identification needs full size sensors at least for the enrollment process.

	Is biometrics more "secure" than passwords?
	This question at least poses two problems: biometrics is not equal to biometrics, and the term "secure" is in fact commonly used, but it is not exactly defined. However, we can try to collect pros and cons in order to find at least an intuitive answer. It is a matter of fact that the security of password protected values in particular depends on the user. If the user has to memorize too many passwords, he will use the same passwords for as many applications as possible. If this is not possible, he will go to construct very simple passwords. If this will also fail (e.g., if the construction rules are too complex), the next fall-back stage is to notify the password on paper. This would transform "secret knowledge" into "personal possession". Of course, not every user will react this way. Rather the personal motivation plays an important role: is he aware of the potential loss caused by careless handling of the password? It is easy if the user is the owner. But often foreign possession (e.g., that of the employer) has to be guarded, whose value one often can hardly estimate. If motivation is missing, any password primarily tends to be felt bothersome. In this case, and that seems to be the normal case, it is assumed that biometrics has considerable advantages. Contrariwise, passwords feature an unbeatable theoretic protection ability: an eight-digit password which is allowed to contain any symbol from an 8-bit alphabet offers 10²⁰ possible combinations! This is a real challenge for any biometric feature. The requirements are obvious: such a password is maximally difficult to learn, it must not be written down, it must not be passed to anyone, the input must take place absolutely secret, it must not be extorted, and the technical implementations must be perfect. This leads us to the practical aspects: the implementation must be protected against replay attacks, keyboard dummies (e.g., false ATMs), wiretapping etc. Even biometric features have to cope with such problems. However, it can be assumed that the protection of biometric feature acquisition is not easier than the acquisition of the password, provided the implementation expense is comparable! Conclusion: Surely, there are cases where passwords offer more security than biometric features. However, these cases are not common!

Previous | 1 | 2 | 3 | 4 | 5 | 6 | 7