Designing Windows Biometric Framework fingerprint management applications
Updated: August 23, 2010
This topic provides design guidance to developers of fingerprint management applications (FMAs) that are compatible with the Windows® Biometric Framework (WBF).
This information applies to the following operating systems:
- Windows Server 2008 R2
- Windows 7
To ensure a consistent, high-quality biometric experience for users in Windows 7, we recommend that you follow the guidelines presented in this topic when you write a fingerprint management application (FMA).
Fast user switching (FUS) is a feature that allows users to switch between user accounts on a single PC without quitting applications and logging off. This is a typical scenario for home users sharing a single PC. This topic provides guidelines for designing a fingerprint management application (FMA) that supports FUS.
The Biometric Devices control panel is the primary interface for configuring the Windows Biometric Framework (WBF). This topic describes this control panel.
This topic describes fingerprint management application (FMA) task link behavior
This paper is for:
- Developers and product managers who are planning or implementing FMAs built on the WBF.
- Fingerprint sensor vendors who ship bundled software to run on Windows 7 with their sensors.
- Independent software vendors (ISVs) who implement sensor-independent enrollment experiences.
- Independent hardware vendors (IHVs) who can benefit from a better understanding of how FMA developers would interact with their sensors.
This topic assumes that the reader has a basic understanding of the WBF, the Windows Biometric Driver Interface (WBDI), Windows 7 user experience guidelines, and general fingerprint management concepts.
This topic provides guidelines for fingerprint management applications (FMAs) that are built on the WBF. After reading this topic, readers will be better equipped to design FMAs that work efficiently on top of the WBF. The information in this document:
- Assists independent software vendors (ISVs), independent hardware vendors (IHVs), and original equipment manufacturers (OEMs) in designing FMAs that work seamlessly with supported fingerprint sensors on Windows 7.
- Helps to ensure a consistent end-user experience.
- Enables biometric devices and software solutions to interact smoothly.
By conforming to the guidelines presented in this topic, FMA developers will be able to make the most out of the biometric support that is available in Windows 7. Some of the advantages offered by the WBF include:
- Lower support costs. Integrating with the WBF lowers the support costs of biometric solutions by providing a consistent core experience and diagnostic infrastructure.
- No need for custom integration with specific devices. The WBF enables multiple biometric devices and software solutions to coexist on a single machine without the need for custom integration.
- Biometrics feature discovery. The WBF promotes biometrics as a technology by integrating it with core Windows user experiences. The WBF publishes discovery points through Device Manager, Devices and Printers, Control Panel, Searchable Tasks, and other mechanisms.
- Simplified adoption. The WBF simplifies the incorporation of biometric capabilities into new applications by providing a platform application programming interface (API) that works across all devices.
|Biometric unit (BU)||A common representation of a biometric device that is provided by the Windows Biometric Service (WBS).|
|Complete unenrollment||The act of removing all of a user’s fingerprint-matching templates from all available storage adapters and removing the user’s authentication information from the Windows Biometric Credential Manager.|
|Enrollment||In the context of biometrics, enrollment is the process of supplying reference samples of a biometric for later matching. In fingerprint enrollment, the user needs to provide a sample on the sensor (swipe or touch) to make a matching template.|
A user-friendly term for either:
A fingerprint record is linked to the sensor that was used to enroll the fingerprint. A user’s finger could have a fingerprint association with multiple sensors, and thus have a record for each sensor.
|Fingerprint management application (FMA)||A third-party application that extends WBF by providing management capabilities and enables additional scenarios, including enrollment experiences, Web single-sign-on, and management of proprietary attributes of a fingerprint biometric device.|
|Personally identifiable information (PII)||Data that is considered PII is privacy-sensitive and must be treated with special care. Fingerprints and biometrics fall into this category.|
|Registration||Another term for enrollment.|
|Unenrollment||To remove one or more fingerprint templates from one or more storage adapters. It is possible to unenroll some fingerprints for a user and leave other fingerprints enrolled. Complete unenrollment refers to removing all fingerprint data for a given user.|
Windows 7 provides native support for fingerprint biometric devices through the WBF. This framework provides:
- A more consistent user experience.
- A common platform and a set of interfaces for software developers.
- Improved manageability and serviceability of fingerprint biometric devices in Windows.
The WBF components that deliver these features include the following:
- Core platform components, including a driver interface definition, a pluggable expansion platform, and a client API.
- User-experience components that provide a consistent user experience in the Windows operating system. This component includes support for the core scenarios of logon and user account control (UAC).
- Management components that let users and administrators configure biometrics and biometric devices. These components support biometric configuration either locally on a single computer system or globally for a domain through Group Policy.
- A WBF component-distribution mechanism that lets biometric drivers and other components be distributed through Window Update and Action Center.
For more information about the WBF, see Related topics. For information about the Biometric Devices Control Panel, see Biometric Devices Control Panel.
You can build a range of high-value applications using the WBF API. Such an application might be either:
- A simple enrollment application.
- A complex suite of applications and management capabilities.
Applications in the second category are commonly referred to as fingerprint management applications (FMAs). In addition to providing an enrollment capability, an FMA might perform one or more of the following tasks:
- Provide additional mechanisms for managing user data, such as enrolling or deleting fingerprint templates.
- Provide mechanisms for managing and configuring devices, such as performing firmware upgrades.
- Expose proprietary capabilities of a device.
- Serve as a configuration point for third-party WBF-enabled applications such as Web single-sign-on (Web SSO) and fast user switching (FUS).
- .NET Framework Developer Center
- Windows Biometric Framework: Code-Signing Guidelines
- Windows 8.1 device experience
- Introduction to the Windows Biometric Framework
- Windows Biometric Framework API
- Design apps for the Windows desktop
- CredUIPromptForWindowsCredentials function
- GetVersionEx function
- LsaLogonUser function
- OSVERSIONINFOEX structure
- SID structure
- WinBioAcquireFocus function
- WinBioEnrollBegin function
- WinBioEnrollCapture function
- WinBioEnumBiometricUnits function
- WinBioEnumEnrollments function
- WinBioGetDomainLogonSetting function
- WinBioGetEnabledSetting function
- WinBioGetLogonSetting function
- WinBioGetProperty function
- WinBioLocateSensor function
- WinBioLocateSensorWithCallback function
- WinBioLogonIdentifiedUser function
- WinBioReleaseFocus function
- Strong Passwords
- Windows Data Protection