Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

Bio Approval Workflow (aka SPOS) CodePlex site

February 2, 2009

The CodePlex site has been created, and initial demo code uploaded, for the Bio Approval Workflow (aka Secure Purchase Order System, or SPOS) sample. See here.

The current code implements a native Win32 command-line tool that calls the Windows 7 Biometric Service API. Specifically, WinBioIdentifyWithCallback and related routines. Kudos to the Microsoft Windows Security product group folks for making the ramp-up relatively painless.

A few specific notes about that ramp-up. First, don’t forget to install the latest Windows 7 SDK and DDK. Confusingly, you need the DDK even for the basic client-side user-mode components (including winbio.h and winbio.lib). Technically, I’m not even sure that you need the Win 7 SDK for this, but the current sample assumes that it’s there.

Second, for reference, I previously blogged about the fingerprint reader being used for testing. No problems.

Third, as I mentioned in the above post, my current Win 7 test machine is 64-bit. I briefly forgot that fact, and tried running a 32-bit version of the above command-line sample. It threw a WOW exception and failed to run. I see a copy of winbio.dll in %SystemRoot%\SysWOW64, so I’m not sure why it failed, and I made no attempt to debug. Anyway, we’ll be sure that all of our samples build and run natively on 64-bit, so this should be an edge case at best.

Fourth, the current plan is to constrain the SPOS target scenarios to AD domain-based user accounts only. Thus, the sample code has only been tested in that scenario.

Search:

Archives

Recent Posts

• Cloud developers
• Microsoft Security Intelligence Report v8
• Windows LNK bug and SCADA vuln
• Mobile devices + Cloud
• Concurrency, Security, and Windows

RSS Feed

Blogroll

Security Focus: