|
|
|
Device Specific Controls
BAPI provides custom hardware channels for any hardware provider and any
device technology. Furthermore, the flexible architecture of BAPI allows
for custom extensions to the device and granular device control. This creates
great flexibility with regard to BAPI's ability to accommodate for new technologies,
such as presently emerging combination devices. These custom hardware channels
also make it easier to offer device control to the application managing
the devices, and thus provide for consistency while maintaining flexibility.
|
| Other biometric specifications do not provide
for custom functions or modules. This becomes particularly apparent with
PKI combination devices such as the Sony Fingerprint Identification Unit,
FIU-710. Without the BAPI channel control tools, users are unable to perform
device-specific functions such as to logging on to the device itself, to
access the user file system, or to control the device's key generation functionality.
|
Device Drivers
Independent Hardware Vendors (IHV) who develop biometric devices usually
concentrate their development efforts on making the best possible hardware.
By supporting a standard set of API's, a vendor is able to take advantage
of existing applications written to this standard. This way, customers do
not have to worry about which vendor has the better application and API
support; instead, they can concentrate on the actual merits of hardware
devices including size, cost, performance, and accuracy. Hardware-focused
companies often struggle with device driver support. BAPI provides a framework
equal to the standard Windows Device Developers Kit/ Windows Device Module
(DDK/WDM) model. It is not quite a simple "fill in the blank"
procedure, but the process of producing a device driver is simplified and
streamlined considerably, and reduced to hours of work instead of weeks.
|
|
Less structured biometric standards,
such as the BioAPI specifications, provide a minimal framework for creating
device drivers, and opposing and contradictory hardware interests have
often been integrated into these driver specifications. Driver guidelines
are open to individual interpretation, and typically impractical for focused
device manufacturers. The driver development burden remains heavy on the
hardware manufacturer who generally have their core competency in hardware
development.
|
Return to Top  |
|
|
Inefficiencies for Developers
BAPI provides a standardized driver interface to prevent a number of inefficiencies.
It is inefficient to require an application developer to write a driver
and learn a new software developer's kit (SDK) for each biometric device
they need to support. Conversely, it does not make sense to ask a hardware
vendor to develop a different device driver to interface with each application
running on separate operating systems and hardware platforms. Finally,
it is unacceptable to force the end-user to deal with many different applications
and separate device driver files.
|
|
Responsibilities
A biometric standard that leaves the GUI, client-server interaction,
and other critical functional elements up to the interpretation of individual
developers, does not provide tight and subsequently secure integration
with the OS. It causes each application to enroll users, maintain their
own user lists, and assign user privileges. Such a standard only exports
API's to manipulate biometric devices with no impact on security or
OS interaction.
|
User Management
A biometric standard that does not demand consistency in enrollment and
verifications across all technologies and devices leaves it up to the developers
to define their own user management mechanism. This will not only put pressure
on the application developer to design such a mechanism, this will also
impact the user experience as the system may require the user to enroll
and verify multiple times. Through the tight integration with SecureTec
and I/O Software's Authentication Platform BAPI offers developers an immediate
access to a single point of user management. |
|
'Biometric Knowledge'
Also, the application developer does not need to have knowledge of how
a biometric technology works. Through a single interface application developers
and their clients get immediate access to a multitude of biometric and
even non-biometric hardware.
|
|
|
|
|
Flexibility and Modularity
No single biometric technology can even remotely address all the security
and convenience needs of enterprise-level or governmental clients. One
highly secure technology may not be cost-effective for a low security
environment, while another application may require convenient but not
absolutely bulletproof technology. Or-and this has emerged as a critical
scenario-different technologies, biometric and non-biometric, need to
be combined to assure the client of the system's value. As a result, the
ability to mix and match technologies and devices with a single application
is one of the prime requirements of any biometric standard.
BAPI is designed to work most efficiently
in such a complex and demanding environment. The functions to capture,
create template, process, verify/match, and identify/match are mandatory
for all BAPI compliant technologies. This makes it possible to embed
more than one BAPI compliant technology into a single interface enrollment
and verification process, and enables a mix and match of technologies
and devices. The functionality in BAPI even allows working with a common
template, applying different algorithms depending on the needs and requirements
of the application and device.
|
Layered Biometrics
BAPI fully supports the ability to create biometric layers within an application
and, as such, BAPI offers the modularity to control the devices at each
layer. Other standards lack the mandatory interoperability needed to create
biometric layers although they may theoretically support layered biometrics.
However, there is no way for an application to control the functionality
of these layers. If the application wishes to control a specific layered
feature, it must use its own implementation. Furthermore, the user experience
will be inconsistent, since a different company will provide the UI for
each layer.
|
Return to Top
|
|
|
Graphical User Interface
BAPI offers a consistent Graphical User Interface (GUI) for all users
regardless of the technology or the application deployed. In BAPI, the
hardware integrators must only provide a thin and simple Biometric Device
Modules (BDM). BAPI's built-in user interface takes the GUI burden off
the BDM developer, since the appropriate function calls can be mapped
to provide a consistent and easily recognizable user interface. Other
standards continue to ask developers to implement their own GUI functionality
within their biometric device module, or in some instances they make a
'standardized' GUI voluntary.
|
|
User Interaction
In addition to putting considerable pressure on the hardware manufacturer
- who is usually concerned with driver development and not the GUI - the
lack of mandatory requirement prevents a uniform user experience. Different
providers will choose different avenues to interact with the user, thus
automatically preventing consistent look and feel. It also has a considerable
impact on the user value of the application if the users and the administrators
have to handle multi-factor authentication through an inconsistent GUI.
|
|
|
|
|
BAPI offers a well-balanced
mixture of control and flexibility. It includes mandatory requirements
that control functionality to improve end user and developer experience.
It also supports advanced device functionality, promoting flexibility
and interoperability where it is required to accommodate the needs of
integrators and application developers. The following implementation scenario
shows how BAPI performs in real-live applications:
|
|
|
|
Digital Certificates
- BAPI/SecureTec seamlessly integrates with PKI and any related digital
certificate technology. The PKI infrastructure addresses concerns regarding
data integrity, data sharing between biometric and non-biometric devices,
as well as the security of communication within a system.
|
|
Future Biometrics - 'Monolithic' standards offer
two simplified functions: enroll and verify. This makes it impossible
for future upgrades of incremental upgrades, such as new algorithms, to
be implemented without replacing one or more device modules in their entirety.
Adding a completely new technology to an existing system under such a
framework will also pose major user interface issues, as user interfaces
are defined by each individual OEM and cannot be governed and defined
uniformly to facilitate integration. BAPI allows for a granular replacement
or addition of components and functionality without removing or replacing
complete systems, and without affecting existing user experience after
an upgrade.
|
|
Bio-Token - BAPI makes accommodations for self-contained
Bio-Token and hybrid devices. BAPI/SecureCore fully supports this functionality
through the CBAPI extension within BAPI. CBAPI truly exemplifies the modularity
of BAPI. It was added to the original BAPI without any changes to the
underlying architecture.
|
|
Multiple Biometrics - Multiple biometrics are fully
supported by a universal and consistent user interface that also allows
for a simple implementation of layered biometrics. The user experience
will remain consistent regardless of which (and how many) biometric technologies
are implemented within a system. The precise specifications given for
devices that adhere to the BAPI standard allows for a consistent user
experience and for easy 'mix-and-match' of devices and technologies.
|
|
Smart Card & Biometrics - BAPI/SecureCore leverages
its modular functionality to allow for unified and seamless integration
of all tokens, biometrics, combinations of the two, and nested combinations.
|
|
Trusted Devices - BAPI has a set of functions for
using trusted devices. Trusted devices accept digital certificates from
outside sources and encrypt and sign the data with their own certificates.
This is particularly important when devices and workstations are connected
to a system through the Internet or a VPN. BAPI fully defines the functionality
to accommodate for these devices.
|
| Third-Party Application - BAPI/SecureTec
offers an SDK and other third-party developer tool sets, which simplify
the development of applications. These tools specifically provide developers
with the ability to easily integrate with a vast combination of devices.
|
|
External Database - BAPI/SecureTec can fully leverage
the modularity and consistency of the BAPI architecture to interface with
external authentication services and databases. BAPI has the ability to
allow and enhance the interoperability between similar technologies.
|
|
Certification - BAPI/SecureTec is supported by
a toolset and certification process that ensures full quality and compliance
with BAPI from the OEM device driver level to the application level. The
process is also designed to ensure full compatibility within a system
when multiple technologies are present.
|
Return to Top
|
IHV/OEM
