Is it possible to use Mobile's fingerprint scanner as biometric device for authentication at server?

Question

These days, almost all the mobile being launched have fingerprint scanners inbuilt. We can definitely authenticate the user at phone level (apps like Google Pay use it ), but is it possible to use the Mobile's fingerprint scanner as a biometric device for authentication it at server level? If yes, how can that be implemented? If not, why is it not possible and what can be done to smoothen this process?

Answer 1

I think it would be much better if you use an external biometric device instead of a fingerprint scanner on mobile. You can follow How to Set Up Biometric Authentication in Android or Fingerprint Authentication using Android’s Biometric API

Answer 2

You should probably look into the authenticate(CryptoObject) methods of FingerprintManager (deprecated) and BiometricPrompt, which integrates with KeyStore. The supported cryptographic operations include mac, cipher, and signature.

I'm not sure how your server/client architecture works specifically, but you can generate keys that are only usable after a user has authenticated with biometrics.

Here's a sample app with a few examples.

Answer 3

Yes you can achieve it at server level.

If you have access to the Fingerprint scanner of the device then you can get the fingerprint address/code of the user which can be stored on your server. The next time the user tries to log in, use some mini-system or function based on the environment your working on to check if the value sensed by the sensor equals the value stored in your at your server and provide the access accordingly.

However, I still recommend not using any such feature for server authorization.

But I doubt if this method will be accurate...I would recommend researching on how fingerprint sensors work in order to not give your users an hard time.