Biometrics - Fingerprint Login for Lotus Notes


Fingerprints have been used to identify people for several decades. With the advent of low cost inkless fingerprint scanners and the ample compute power available in client workstations, biometrics in general, and fingerprints in particular, are being considered for many secure authentication applications. Lotus Notes is a groupware product supporting e-mail, calendar management, workflow, and, perhaps more importantly, (shared) database access and management. Because of this wide spectrum of capabilities that allows true collaborative computing, privacy and security are of primary importance in such groupware applications. Lotus Notes has a strong reputation in this regard. We have implemented a system that integrates the intrinsic high security of Notes with the conveniences of fingerprints for client authentication. A screen shot of the working system is shown below.
The overall process of replacing the passwords is simple. The "change password" Notes API call allows for replacing passwords by other authentication methods. It is assumed that the user gets an initial text password and will then be required to change it at the first login to the Notes system. At that point, the fingerprint-based authentication will replace the password-based method. During enrollment, the user alternates between the primary finger and alternate finger to provide as much variation as possible between the two samples. The enrollment process also checks to ensure that the primary finger and alternate finger are truly different by matching them against each other.
    After this, the user is no longer asked for a password during login. Rather, he simply places his finger on the scanner which automatically detects, analyzes, and matches his fingerprint and grants access if the result conforms to his stored credentials.

    Selected publications:

    Secure Fingerprint-Based User Authentication for Lotus Notes
    N. Ratha, J. Connell, R. Bolle
    ACM Multimedia and Security Workshop, October 2001.

    Fingerprints have been used to identify people for several decades. With the advent of low cost inkless fingerprint scanners and the ample compute power available in client workstations, biometrics in general, and fingerprints in particular, are being considered for many secure authentication applications. Lotus Notes is a groupware product supporting e-mail, calendar management, workflow, and, perhaps more importantly, (shared) database access and management. Because of this wide spectrum of capabilities that allows true collaborative computing, privacy and security are of primary importance in such groupware applications. Lotus Notes has a strong reputation in this regard. In this paper, we describe the architecture of a system that integrates the intrinsic high security of Notes with the conveniences of fingerprints for client authentication. We discuss several design challenges that had to be addressed to achieve a successful product level system design and development. A demo of the finished system is also available.