##(see the SpecSpec for an explanation) * '''Launchpad Entry''': https://launchpad.net/distros/ubuntu/+spec/fingerprint-authentication * '''Created''': <> by ChristianNeumair * '''Contributors''': ChristianNeumair * '''Packages affected''': == Summary == Users should be able to use Fingerprint readers for authenticating themselves, using the [[http://www.bioapi.org/internationalversion.html|BioAPI]] framework, for example for login or sudo. When not being used for login or sudo functions, the fingerprint reader should send scroll signals. == Status of Implementation == A BioAPI library implementation is available from [[http://www.qrivy.net/~michael/blua/|Michael R. Crusoe's homepage]], which also has a BioAPI PAM module. The UPEK TouchChip (shipped with ThinkPads) [[http://www.upek.com/support/dl_linux_bsp.asp|offers]] a binary kernel module. Gerard Klaver is working on a driver for Authentec fingerprint readers, see [[http://gkall.hobby.nl/authentec.html|his page]]. When Authentec was contacted in January of 2006, they also stated that they were working on a linux driver, to be released within six months. I contacted them too, after I read this page and because I will buy a Lenovo 3000 N100 soon. They told me ''"Authentec does not have a generally available Linux SDK at this time. Full support of Linux will be addressed in a future 2007 release."'' - I also looking forward to this, and its including into Ubuntu. If I can help somehow, for example testing sth. on my laptop, documenting sth. - then feel free to contact me! PS: Is there a launchpad group/project already for this? Thanks to Andreas Grotz, the Authentec 2501 now has a working GPL driver that I could use to capture my fingerprint, see [[http://www.ag-networking.com/|this]]. It would be great if this could be integrated in Edgy+1. Clemens Schulz is also working on a driver, that was/will be(?) available [[http://www.csz-online.de/projects/aes2501lnx/|here]]. See also [[http://wiki.tauware.de/blog:authentec|this]] blog entry by Reinhard Tartler. There is a project on gna working on the aes2501 [[http://home.gna.org/aes2501/index_en.html|here]]. What about [[http://www.reactivated.net/fprint/wiki/Main_Page|fprint]]? it already handles various fingerprint sensors and supports identification. Also, it seems easier than bioapi. == Status of Distribution Support == Debian packages for the BioAPI library are available from [[http://www.qrivy.net/~michael/temp/|Michael R. Crusoe's homepage]]. The PAM module and the TouchChip drivers have not been packaged yet, various pages ([[http://www.thinkwiki.org/wiki/How_to_enable_the_fingerprint_reader|ThinkWiki]], [[http://linux.spiney.org/debian_gnu_linux_on_an_ibm_thinkpad_t43p_fingerprint_reader|linux.spiney.org]]) provide information on additional setup steps. * '''Debian''' effort to provide fingerprint support: http://wiki.debian.org/FingerForce * '''Fedora''' 11 will support logging in with a fingerprint. See the [[http://fedoraproject.org/wiki/Features/Fingerprint|Fedora's wiki]]. == Plan of Action == I just finished creating Ubuntu packages for pam-bioapi and the upek BSP (Biometric Service Provider). They work with the bioapi 1.2.3 debian package from upstream. This is how I'd like to proceed for this: Tasks: * build packages for bioapi (lots of patchwork expected) * upload working pam-bioapi and bioapi-bsp-upek packages * ask people to create bioapi-bsp-authentec package * be happy, dance in a circle * start documenting/fixing the rough edges * port the free thinkfinger driver to the bioapi interface to become a free drop-in replacement for the commercial driver == Potential security risks == As Ubuntu should provide a secure user experience, it show inform users about the potential risks of using a finger print: * Passwords are stored in your head - your finger print is stored on every surface you touched... * It is known, that finger print readers can be easily tricked, with faked finger prints, that were taken from surfaces. * Passwords can be changed - finger prints *not* So finger prints should not be used on machines, that should be protected against illegal access. (Since the finger print is normally "stored" all over the keyboard). == US Export Rules == US Export Rules might come into play here. Basically, some parts might not be exportable from the United States. Read more at http://www.reactivated.net/weblog/archives/2006/10/fingerprinting-legal-issues-update/ ---- CategorySpec