ABSTRACT 

 

In spite of their widespread use and ubiquity, passwords are unreliable as an 

authentication methodology because they can be hacked or even guessed, yet when it comes to 

biometrics it is very hard to impersonate someone. Therefore, biometric authentication schemes 

are currently widely recognized as the strongest authentication technologies available on the 

market. 

  Identity providers and claims-based identity  are  emerging technologies that aims to 

decouple the authentication logic from the applicationâs business logic. This can be done by 

assigning the authentication task to the identity provider and establishing a trust relationship 

between the application and the identity provider so that the application relies on the identity 

provider to authenticate the application users. 

  The project aims to develop an identity provider that uses fingerprint  and facial 

biometrics to authenticate users. The identity provider task is to determine the identity of the user 

and pass the identity information to the relying applications which trust this identity provider. 

  For security purposes, the biometrics data of users is stored on a local server within the 

sponsoring companyâs intranet. This local server is located behind firewalls and itâs address can 

only be resolved internally within the intranet due to use of NAT. Therefore, the server doesnât 

have a global  IP address. Windows Azure cloud platform has a powerful component called 

âWindows Azure Service Busâ which was used to solve this tough connectivity problem. 

  The project also aims to develop a simple employees management application that can be 

used as an example of a relying application that relies on the developed identity provider to 

authenticate the users. 

  Project management principles and software development lifecycle techniques were 

applied during the project implementation. This approach has significantly streamlined the 

project implementation process and the project objectives have been met. 

TABLE OF CONTENTS 

 

DICLARATION OF ORIGINALITY   – –  ii 

ABSTRACT   – – –  iii 

صÙختسÙÙا   – – – iv 

ACKNOWLEDGEMENT   –  v 

DEDICATION – vi 

TABLE OF CONTENTS   – – – vii 

LIST OF FIGURES   – – –  ix 

LIST OF ABBREVIATIONS   – – – xi 

1 INTRODUCTION   – – 1 

11 Introduction   – – – 1 

12 Project Background – – – 1 

13 Problem Statement   – – 1 

14 Motivation   – 1 

15 Objectives   – 2 

16 Thesis Layout   – – 2 

2 LITERATURE REVIEW   – – – 3 

21 Introduction   – – – 3 

22 Authentication – – – 3 

23 Biometrics – 4 

231 Generic biometric authentication system   – – – – _  5 

232 Fingerprint biometrics   – – – – –  6 

2321 Fingerprint characteristics – – –  6 

2322 Issues in fingerprint recognition technology – –  7 

233 Face biometrics – – – – –  8 

2331 Processing workflow –  8 

24 Software Architectural Concepts   – – 9 

241 Claims-Based Authentication and Identity Providers – – – _  9 

2411 Components of the claim-based authentication   – –  10 

2412 Claims-based authentication standards   – –  12 

242 Service oriented Architecture – – – – –  13 

243 Model-View-Controller (MVC) – – – –  14 

2431 Components interaction   – – –  15 

25 Programming Languages, Platforms, Technologies and Tools – 16 

251 Programming languages – – – – _  16 

252 Platforms   – – – – – –  16 

253 Technologies   – – – – – _  16 

254 Tools – – – – – –  18 

3 METHODOLOGY – – – 20 

31 Introduction   – – 20 

32 Project Initiation – 20 

33 Project Planning   – 22 

331 Scope planning – – – – – _  22 

332 Time planning – – – – –  22 

333 Risk management planning   – – – – –  23 

34 Project Execution – – 23 

341 Software requirements   – – – – –  24 

342 Software design   – – – – – _  24 

3421 BioSTS – – –  25 

3422 Employees Administration Module   – –  35 

3423 Employees Access Module   –  37 

3424 Security Issues   – –  37 

35 Project Monitoring and Controlling   – – 38 

36 Project Closing – – 38 

4 IMPLEMENTATION AND RESULTS   – – 39 

41 Introduction   – – 39 

42 Software Construction   – – 39 

421 BioSTS – – – – –  39 

422 Employees Administration Module   – – – – –  43 

423 Employees Access Module – – – – –  45 

43 Software Verification   – – – 47 

44 Software Deployment   – – – 47 

5 CONCLUSION AND FUTURE WORK   – – 48 

51 Project Review   – – 48 

52 Limitations   – – – 48 

53 Future Work   – – – 49 

BIBLIOGRAPHY – – – 50 

Appendix A : Project Management Documents – – A-1 

Appendix B : Software Engineering Documents   – B-1 

 

 LIST OF FIGURES 

 

Figure 2-1 Generic biometric authentication system   – 6 

Figure 2-2 Fingerprint points types – – 7 

Figure 2-3 Face recognition system processing workflow   – – – 8 

Figure 2-4 Claims-based identity workflow   – – 9 

Figure 2-5 The format of the token   – – 10 

Figure 2-6 How does the STS works   – – 11 

Figure 2-7 The complete scenario of the claims-based authentication   – – 11 

Figure 2-8 SAML 20 token format   – – 13 

Figure 2-9 Service components – – 14 

Figure 2-10 MVC design pattern   – – 15 

Figure 2-11 Internet connectivity challenges   – – 17 

Figure 2-12 The service bus as a relay service   – – 18 

Figure 3-1 Project management lifecycle and software development lifecycle overlapping   – – 21 

Figure 3-2 Project time plan â“ page 1   – – 22 

Figure 3-3 Project time plan â“ page 2   – – 23 

Figure 3-4 The high level architecture of the system – – 24 

Figure 3-5 The STS process workflow   – – 25 

Figure 3-6 IdentityServer architecture   – – 26 

Figure 3-7 Data flow used by UareU SDK in fingerprint recognition – 28 

Figure 3-8 Transmitting the fingerprint as FMD over a network   – – 29 

Figure 3-9 Fingerprint enrollment/authentication block diagram   – – 29 

Figure 3-10 Face recognition REST API description   – – 30 

Figure 3-11 Face detection REST API description – – 31 

Figure â 3-12 Tags saving  REST API description – – 31 

Figure â 3-13 Faces training  REST API description   – – 31 

Figure 3-14 Face recognition enrollment flow chart – – 32 

Figure 3-15 Face recognition authentication flow chart   – – – 33 

Figure 3-16 Overall authentication process workflow   – 34 

Figure 3-17 Employee enrollment use case   – – 36 

Figure 3-18 Modify employeeâs enrollment use case   – – 36 

Figure 3-19 Change employeeâs fingerprint use case   – – 36 

Figure 4-1 BioSTS architecture   – 39 

Figure 4-2 The customized users store – – 40 

Figure 4-3 The UserRepository Class   – – 40 

Figure 4-4 The ClaimsRepository class   – – 41 

Figure 4-5 Fingerprint authentication user interface – – 41 

Figure 4-6 Face authentication user interface   – – 42 

Figure 4-7 The BioSTS Users Repository Service   – 42 

Figure 4-8 Configure the Employees Administration Module to trust BioSTS – – 43 

Figure 4-9 The Administration module employees list – – 43 

Figure 4-10 The Administration module employee profile modification   – 44 

Figure 4-11 Administration Module Service   – – 44 

Figure 4-12 âAdministration Module Serviceâ service bus configuration   – 45 

Figure 4-13 Employees Access module home page   – – 45 

Figure 4-14 Employee information page   – – 46 

Figure 4-15 Employees Access Service   – – 46 

Figure 4-16 Employees Access Service service bus configuration   – – 46 

   

LIST OF ABBREVIATIONS 

 

IIS    Internet Information Services 

NAT    Network Address Translation 

SOA    Service Oriented Architecture 

SAML    Security Assertion Markup Language 

WIF    Windows Identity Foundation 

WCF    Windows Communication Foundation 

SDLC    Software Development Life Cycle  

RP    Relying Party         

STS    Security Token Service