NFIS2 works!

Despite the earlier legal concerns about libdpfp (which still stand), I went ahead and requested a NFIS2 CD and integrated it into libdpfp locally.

The good news: it works brilliantly. Minutiae detection and comparison completes instantaneously and the results appear to be accurate and reliable. In other words, if I scan my finger twice it says its the same finger, and if I scan two different fingers it says they are different. I’m now in a position to follow up my larger plans of producing a generic fingerprinting library for a range of hardware, except…

The bad news: I’m not going to distribute any more work on libdpfp until I have found legal advice which tells me it’s OK to do so. I’m now at the position where I have a load of code I can throw at lawyers and say “this is exactly what I want to distribute”, so this is where the hunt begins.

If anyone has suggestions for people I might contact (even non-legal types who might be able to pass me on to someone), or has experience seeking advice in this kind of area, please contact me. I’m aware that such advice will probably cost money, although I don’t have any idea how much. Raising funds to cover costs might be a possibility.

In summary I’m looking for someone who understands (or can figure out how to interpret) US export control laws. I guess I also require a tech type who understands the concepts of software distribution to some degree. Any guidance appreciated!

8 thoughts on “NFIS2 works!

  1. Anonymous

    You might want to try asking Electronic Frontier Foundation [] as well.

  2. Lasse Bigum

    I’m sure Luis Villa could be helpful, he’s a lawstudent that blogs on Planet Gnome that has a special interest in this area.


    Quote from “About me”:
    “I’m a first year student at Columbia Law School, where I hope to focus on technology and intellectual property law, with a particular interest in helping creative people to be creative without interference from lawyers.”

  3. Dan Merillat

    I’ve studied the export restrictions, and here’s the scoop.

    There’s two categories that finger-print technology falls under.

    4A003: Digital Computers/Electronic Assemblies. Physical hardware, fast machines. Processors that are capable of exceeding .75 TeraFlops peak performance.

    4D001 Software specially designed or modified for the development, production or use of equipment controlled by 4A001 through 4A004

    CC (Crime Control) applies to software for computerized finger-print equipment controlled by 4A003 for CC reasons.

    My reading of this is that 4D001 only applies if it is designed in conjunction with a high-speed system or cluster of systems controlled under 4A003. Since technically the NFIS2 software could be used in an embarassingly parallel way on a cluster of computers to achieve > .75 peak terraflops, it is listed as being ‘export controlled’.

    Email the EFF your question, and feel free to include my reading of the export control lists.

  4. Jani-Matti Hätinen

    This is slightly OT for this post, but I was just wondering whether libdpfp (or an authentication system based on it) will support authentication based on a sequence on fingerprints (as opposed to just a single fingerprint).

    What I mean is that the fingerprint-based authentication would be strengthened by using a user defined sequence of fingerprints (e.g. left index finger, left middle finger, right index finger, left middle finger) somewhat like a biological password.

    I’m asking this because I’d like to be able to provide fairly strong security for my users through a purely fingerprint-based approach rather than a fingerprint-password combination (which IMHO is a major PITA for users in comparison to current, purely password-based solutions).

  5. Pingback: dsd’s weblog » Blog Archive » Announcing fprint project

Comments are closed.