14 Replies Latest reply on Jan 1, 2017 12:21 PM by bertrand

    FileMaker <-> TouchID

    Draco

      Hi,

       

      There is a way to link FileMaker and TouchID, the idea is to enter a fingerprint in a field (via TouchID) and then later search for that field (via TouchID)

       

      regards

      Draco

        • 1. Re: FileMaker <-> TouchID
          philmodjunk

          FileMaker Pro or in FileMaker GO?

           

          In FileMaker GO on your iOS device, this is a supported feature. It's not a built in Feature in FileMaker Pro.

          • 2. Re: FileMaker <-> TouchID
            Draco

            Hi Phil,

            A ) in FileMaker Go is supported... allowing to enter the fingerprint in a field of a table, to later allow to search the records that match that fingerprint ?

             

            or

             

            B ) in FileMaker Go is supported... only supported at the access level to BD, that is to say, only to open the DB (Only to validate user via fingerprint)?

             

            regards

            Draco

            pd: sorry my english

            • 3. Re: FileMaker <-> TouchID
              Mike_Mitchell

              May I ask why you would want to do this? It's not a good security practice to store credentials - including biometrics - inside your database.

              • 4. Re: FileMaker <-> TouchID
                Draco

                ... of course Mike, I need to avoid falsification of identity,... using biometric devices, ... for : find -> verify ...I must before enroll.

                 

                To achieve the subsequent verification I must save the biometric information (this information will be kept encrypted) and take all the measures that the case deserve.

                 

                I think there is only one way, .. use plugin.

                 

                regards

                Draco

                • 5. Re: FileMaker <-> TouchID
                  Mike_Mitchell

                  I don’t think I’m making myself clear. Should someone penetrate your security, the credentials of other users would be exposed. They can do this in multiple ways. (And please don’t tell me about your home-grown security protocol. That almost always introduces vulnerabilities into the system.)

                   

                  Again, WHY do you need to do this? I can think of no use case where storing credentials inside the database is necessary.

                  • 6. Re: FileMaker <-> TouchID
                    Draco

                    Hi Mike

                     

                    - The use of the fingerprint reader is a requirement of my client.

                    - I understand your safety recommendations, but ...

                    - Is there any way to use a fingerprint reader without enroll ?

                     

                    ________________________________________________

                     

                    They can do this in multiple ways. (And please don’t tell me about your home-grown security protocol.

                    That almost always introduces vulnerabilities into the system.)

                    stage

                    There are 3 registration points (using fingerprint). After a few days people will receive a notice to pick up a gift, the gift can be withdrawn at any of the three registration points. To withdraw the gift they will be asked to identify themselves through the fingerprint reader.

                     

                    ________________________________________________

                     

                    There is another method, which allows the use of a fingerprint reader, without having to keep the credentials inside the database ?

                    ... (considering that after some days I will need to validate the identity of the same person)

                     

                    You may not have understood your observation correctly ... but, do you recommend not using fingerprint readers, ... as a means to authenticate users?

                     

                    ________________________________________________

                     

                    I'm interested and I'm concerned about safety. But I do not think it prudent to freeze the project for a characteristic requested by my client, ... because there is a possibility that someone will violate the security of my application, ... that possibility exists in all kinds of things, and we will put everything our part to mitigate that risk.

                     

                     

                    thank you, for your comments

                     

                    Draco

                    • 7. Re: FileMaker <-> TouchID
                      Mike_Mitchell

                      I'm not saying you shouldn't use a fingerprint reader. What I'm saying is that you shouldn't store the fingerprint data in your database.

                       

                      Perhaps you can use a hash algorithm to scramble the fingerprint data before it enters the database. This might help, but you still have the same basic problem.

                       

                      This is not a question of just some remote possibility of being hacked. Security is everything in today's world. It is your responsibility as a developer not to implement something that has a known vulnerability, that violates best practices. This places your client at risk.

                       

                      There may be an external fingerprint reader that you can use that can store just a hash in the database. I would investigate that possibility.

                      2 of 2 people found this helpful
                      • 8. Re: FileMaker <-> TouchID
                        philmodjunk

                        There are a number of fingerprint scanners that control access to a device--which could be a Kiosk set up for this project. That may be sufficient here. The user uses touch ID to open the device, then enters some additional info--such as a password emailed to them in order to open FileMaker. The password's account can identify the user and enable you to have your solution do what is needed.

                        • 9. Re: FileMaker <-> TouchID
                          bigtom

                          How is TouchID supported in this was in iOS? InsertFromDevice(Fingerprint)???

                          • 10. Re: FileMaker <-> TouchID
                            Mike_Mitchell

                            It’s not, as far as I know. I believe the OP intends to use an external fingerprint reader.

                            • 11. Re: FileMaker <-> TouchID
                              bigtom

                              Ok. When I see TouchID I think about the native fingerprint hardware in iOS. An external reader would work. As mentioned storing biometric data needs to be approached with caution. As far as I know iOS stores heavily encrypted biometric data on the device with a limit of 5 per device and this is never shared or cloud data.

                              • 12. Re: FileMaker <-> TouchID
                                philmodjunk

                                I understand Mike's concerns, but the best of both worlds may require:

                                 

                                a) a very, very limited access auto-logon

                                b) don't store anything in the file not needed--especially avoid any data that can be used for identity theft if there is no use for that data in the file.

                                c) Use a plug in to encrypt/decrypt the biometric data in a field and store only the encrypted version of this data.

                                d) Use encryption at rest for all files

                                e) the user accesses FileMaker with that limited access account that is locked down to as few functions as possible (and yes, this will still be a point of vulnerability). And if the biometric data matches, you use that to identify the user and only then re-login to a slightly less limited account.

                                 

                                Recognize that this is not perfectly secure, but it's probably the best that you can do and then only if the software that comes with the scanner can be effectively interfaced with FileMaker--that will require discussions with the scanner provider's tech support. And since it's not don't store any data in this file that will cause problems if stolen if you can possibly avoid doing so. If you can't limit the data in the way that I describe, then FileMaker may simply not be the solution that you can use at this time unless a plug in developer has come up with a secure method of interfacing FileMaker access with a Finger print scanner.

                                • 13. Re: FileMaker <-> TouchID
                                  Draco

                                  Hi, thanks bigtom,... for what you say, TouchID is not an option, ... I will use the plugin.

                                  Thank you all

                                   

                                  regards

                                  Draco

                                  • 14. Re: FileMaker <-> TouchID
                                    bertrand

                                    As I've understood FileMaker Go 15 - Keychain enhancements - Passcode and Touch ID | FileMaker , Touch Id is a supplimentary operation to grant access.

                                    It permits to unlock keychain and authorize registered user/password to be used.

                                     

                                    I think that Touch ID is part of IOs secutity system and not a plugin of Filemaker Go.

                                    The fingerprint is registered in keychain or IOs internal tables and can not be stored in a FileMaker field.

                                    2 of 2 people found this helpful