Android authentication app capturing biometric data continuously and covertly
- or -
Post a project like this3138
£1.0k(approx. $1.2k)
- Posted:
- Proposals: 11
- Remote
- #892877
- Awarded
Expert in Android, iOS and Web development - PHP, Flutter, Node Js, Angular,React Js, .NET, WordPress, IONIC, Woo Commerce, e Commerce
Peyrat-le-Chateau
Ranked Top 5 CERT in PPH with Microsoft GOLD partner | .NET Framework | Umbraco | PHP/WordPress | Native & Cross Platform Mobile App | MEAN | MERN
Ahmedabad
Software Consulting Services with expertise in Mobile application & games development, web based enterprise portals and websites.
Lucknow
Web Development,Mobile Application Development,Android Application Development,IOS Application Development,Website Design,Software Development
Ahmedabad
52172112246013316827937860175066929310269561029945103151810318801037376
Description
Experience Level: Intermediate
Estimated project duration: 3 - 4 weeks
I need to develop an android app as a proof of concept for my project.
Briefly, it is an authentication solution utilises a mixture of several available biometric techniques (no initial PIN nor token) based upon the device configuration.
The following is a more detailed description but please don’t be freaked out by the details as it is just a proof of concept not commercial. Also, there no need to have it all at once – we can initially have only the collection part of the biometrics and save them on a database on a server (cloud) (Phase1).
It is an authentication solution utilises a mixture of several available biometric (no initial PIN nor token) techniques (based upon the device configuration (can operate on mobile/tablet/desktop/laptop but we can start with android mobile only)). For instance, if a mobile device is not equipped with an inbuilt camera, the system will only choose keystroke analysis and voice verification to verify the user.
The system does also consider the assumption that different services and data require different security provisions. Through understanding the risk associated with particular user actions and services/apps, the protection level required can vary from almost none for checking the time, medium for texting, to significantly high for online banking. The level of confidence is continuously fluctuating based upon the captured biometrics samples (in that it is determined according to the intervals and quality of the samples), which is subsequently reflected on the user privileges, enabling the device to shutdown functionality if insufficient confidence exists (i.e. according to the output of the verification along with the elapsed time and the risk level associated to the services, the authentication system responds by continuing granting user access, freezing some processes, or locking the system).
It is deemed to operate securely in any web service from a variety of client devices, utilising available biometrics of fingerprint, voice, face, and/or keystroke samples. The classification process and authentication decisions are both performed on the online server (cloud) side in order to capitalise upon the features of cloud computing (e.g. universality, scalability and adaptability). Therefore, the model will be hosted in the cloud acting as a centralised Managed Authentication Service Provider (MASP). It is envisaged that it would shift the verification processing to the MASP and enable the digital devices a user has to interconnect (using for example NFC) and consolidate their identity confidence level, minimising the need for enrolling on and authenticating to each device. Further functionality it provides would be on the service level where the real-time identity status is passed to the MASP whenever the user is accessing a web service. For example it can incorporate the biometrics of face, voice and behaviour profiling, alongside proximity to fellow logged-in device(s) by enabling the separate and differing devices of a particular user within a close proximity to communicate their own authentication status and confidence, thus establishing an accumulative level of confidence.
Therefore, there should be a database to be stored remotely (cloud) (literally it will be a server). The database will store user captured (images /voice / fingerprint ... etc), Biometrics data/weight/device info, the risk level of each app on the device, and the alignment between the confidence level on the user and the risk level of the apps…etc.
Eventually, the proposed authentication mechanism must address a number of characteristics:
- leveraging the available devices capabilities without requiring additional device and there should be at least one biometric feature to be used);
- The level of protection (risk) can be determined manually by the user from inside our app, e.g. on a scale from 0 (no risk at all such as watching the clock) to 5 (highest risk such as banking).
- deploying an on-going identity confidence level based upon the captured biometrics samples, which is subsequently reflected on the user privileges and mapped to the risk level associated to them, resulting in relevant reaction(s) (i.e. the lock will be dependent on the confidence level that this is the genuine user, e.g. if the confidence level is 95% the user will be able to access all apps and device functions but between below that until 85% only the banking app will be locked and so on the confidence level degrades when the user leaves the device until reaching a specified threshold leading to locking the whole device);
- There will be a Website to allow to manage all users profiles and devices plus it'll be provide reports and the ability to lock/unlock users or devices, check the cloud database,...etc.
Finally, please find attached rough designs for the main app interfaces (just as an example) you/we can modify as needed.
Briefly, it is an authentication solution utilises a mixture of several available biometric techniques (no initial PIN nor token) based upon the device configuration.
The following is a more detailed description but please don’t be freaked out by the details as it is just a proof of concept not commercial. Also, there no need to have it all at once – we can initially have only the collection part of the biometrics and save them on a database on a server (cloud) (Phase1).
It is an authentication solution utilises a mixture of several available biometric (no initial PIN nor token) techniques (based upon the device configuration (can operate on mobile/tablet/desktop/laptop but we can start with android mobile only)). For instance, if a mobile device is not equipped with an inbuilt camera, the system will only choose keystroke analysis and voice verification to verify the user.
The system does also consider the assumption that different services and data require different security provisions. Through understanding the risk associated with particular user actions and services/apps, the protection level required can vary from almost none for checking the time, medium for texting, to significantly high for online banking. The level of confidence is continuously fluctuating based upon the captured biometrics samples (in that it is determined according to the intervals and quality of the samples), which is subsequently reflected on the user privileges, enabling the device to shutdown functionality if insufficient confidence exists (i.e. according to the output of the verification along with the elapsed time and the risk level associated to the services, the authentication system responds by continuing granting user access, freezing some processes, or locking the system).
It is deemed to operate securely in any web service from a variety of client devices, utilising available biometrics of fingerprint, voice, face, and/or keystroke samples. The classification process and authentication decisions are both performed on the online server (cloud) side in order to capitalise upon the features of cloud computing (e.g. universality, scalability and adaptability). Therefore, the model will be hosted in the cloud acting as a centralised Managed Authentication Service Provider (MASP). It is envisaged that it would shift the verification processing to the MASP and enable the digital devices a user has to interconnect (using for example NFC) and consolidate their identity confidence level, minimising the need for enrolling on and authenticating to each device. Further functionality it provides would be on the service level where the real-time identity status is passed to the MASP whenever the user is accessing a web service. For example it can incorporate the biometrics of face, voice and behaviour profiling, alongside proximity to fellow logged-in device(s) by enabling the separate and differing devices of a particular user within a close proximity to communicate their own authentication status and confidence, thus establishing an accumulative level of confidence.
Therefore, there should be a database to be stored remotely (cloud) (literally it will be a server). The database will store user captured (images /voice / fingerprint ... etc), Biometrics data/weight/device info, the risk level of each app on the device, and the alignment between the confidence level on the user and the risk level of the apps…etc.
Eventually, the proposed authentication mechanism must address a number of characteristics:
- leveraging the available devices capabilities without requiring additional device and there should be at least one biometric feature to be used);
- The level of protection (risk) can be determined manually by the user from inside our app, e.g. on a scale from 0 (no risk at all such as watching the clock) to 5 (highest risk such as banking).
- deploying an on-going identity confidence level based upon the captured biometrics samples, which is subsequently reflected on the user privileges and mapped to the risk level associated to them, resulting in relevant reaction(s) (i.e. the lock will be dependent on the confidence level that this is the genuine user, e.g. if the confidence level is 95% the user will be able to access all apps and device functions but between below that until 85% only the banking app will be locked and so on the confidence level degrades when the user leaves the device until reaching a specified threshold leading to locking the whole device);
- There will be a Website to allow to manage all users profiles and devices plus it'll be provide reports and the ability to lock/unlock users or devices, check the cloud database,...etc.
Finally, please find attached rough designs for the main app interfaces (just as an example) you/we can modify as needed.
Abdul A.
100% (6)Projects Completed
3
Freelancers worked with
3
Projects awarded
40%
Last project
14 Nov 2016
United Kingdom
New Proposal
Login to your account and send a proposal now to get this project.
Log inClarification Board Ask a Question
-
There are no clarification messages.
We collect cookies to enable the proper functioning and security of our website, and to enhance your experience. By clicking on 'Accept All Cookies', you consent to the use of these cookies. You can change your 'Cookies Settings' at any time. For more information, please read ourCookie Policy
Cookie Settings
Accept All Cookies