Just a side note - IF the database runs on another host than the device performing the scans there is always a subject of security as I understand this iris scanning is meant to provide security. If you do the matching on a machine different than the one that actually gives the user some "access" then you have to think whether you are not making yourself vulnerable to things such as man-in-the-middle attack, a situation when an intruder substitutes the host with the database server with his own version (e.g. by rerouting you to a different machine) or simply performs a successfull attack against the host that contains the database. Since you have no control over the other host, protection against such attacks is not a trivial task.
To this I have to add my 2 pence. If you have to have a connection to an outside source then the best way to get around security issues would be to keep a local copy and only update from the master list nightly. To further muddle the attacker add an additional table to your data set to hold hashes specific to each terminal. If you pull an update and the hashes dont match, and a random sampling doesn't match then something is amiss.
Local data should be sqlite while external master list can be whatever best fits, though from a safety standpoint I would bet against MS SQL. If you want security don't run the OS and DBMS by the same company. If someone wanted to break in and they knew you used windows server the safe bet would be to assume that said server will also be running MS SQL or Oracle.
For the scan. Is this a straight scan no additional input or will there be a more traditional card swipe/id key entry along with the scan?
Bookmarks