Authentication is the act of confirming the truth of an attribute of a single piece of data (datum) or entity. Fingerprint recognition or fingerprint authentication refers to the automated method of verifying a match between two human fingerprints. Fingerprints are one of many forms of biometrics used to identify individuals and verify their identity.
Authentication
Android M Developer Preview offers new APIs to let you authenticate users by using their fingerprint scans on supported devices, and check how recently the user was last authenticated using a device unlocking mechanism (such as a lockscreen password). Use these APIs in conjunction with the Android Keystore system. The Android Keystore system lets you store private keys in a container to make it more difficult to extract from the device. Once keys are in the keystore, they can be used for cryptographic operations with the private key material remaining non-exportable.
Fingerprint Authentication
To authenticate users via fingerprint scan, get an instance of the new android.hardware.fingerprint. FingerprintManager class and call the FingerprintManager.authenticate() method. Your app must be running on a compatible device with a fingerprint sensor. You must implement the user interface for the fingerprint authentication flow on your app, and use the standard Android fingerprint icon in your UI. If you are developing multiple apps that use fingerprint authentication, note that each app must authenticate the user’s fingerprint independently.
Use KeyGenerator to create a symmetric key in the Android Key Store which can be only be used after the user has authenticated with fingerprint and pass a KeyGeneratorSpec.
Use KeyGeneratorSpec.Builder.setUserAuthenticationRequired to permit the use of the key only after the user authenticate it including when authenticated with the user's fingerprint.
Use FingerprintManager.authenticate to tart listening to a fingerprint on the fingerprint sensor with a Cipher initialized with the symmetric key created.
Use FingerprintManager.AuthenticationCallback#onAuthenticationSucceeded() callback after the fingerprint (or password) is verified.
To use this feature in your app, add the USE_FINGERPRINT permission in your manifest.
If you are testing this feature, follow these steps:
Your app can authenticate users based on how recently they last unlocked their device. This feature frees users from having to remember additional app-specific passwords, and avoids the need for you to implement your own authentication user interface. Your app should use this feature in conjunction with a public or secret key implementation for user authentication.
To set the timeout duration for which the same key can be re-used after a user is successfully authenticated, call the new android.security.keystore.KeyGenParameterSpec.setUserAuthenticationValidityDurationSeconds() method when you set up a KeyGenerator or KeyPairGenerator. This feature currently works for symmetric cryptographic operations.
Avoid showing the re-authentication dialog excessively -- your apps should try using the cryptographic object first and if the the timeout expires, use the createConfirmDeviceCredentialIntent() method to re-authenticate the user within your app.
Authentication
Android M Developer Preview offers new APIs to let you authenticate users by using their fingerprint scans on supported devices, and check how recently the user was last authenticated using a device unlocking mechanism (such as a lockscreen password). Use these APIs in conjunction with the Android Keystore system. The Android Keystore system lets you store private keys in a container to make it more difficult to extract from the device. Once keys are in the keystore, they can be used for cryptographic operations with the private key material remaining non-exportable.
To authenticate users via fingerprint scan, get an instance of the new android.hardware.fingerprint. FingerprintManager class and call the FingerprintManager.authenticate() method. Your app must be running on a compatible device with a fingerprint sensor. You must implement the user interface for the fingerprint authentication flow on your app, and use the standard Android fingerprint icon in your UI. If you are developing multiple apps that use fingerprint authentication, note that each app must authenticate the user’s fingerprint independently.
Use KeyGenerator to create a symmetric key in the Android Key Store which can be only be used after the user has authenticated with fingerprint and pass a KeyGeneratorSpec.
Use KeyGeneratorSpec.Builder.setUserAuthenticationRequired to permit the use of the key only after the user authenticate it including when authenticated with the user's fingerprint.
Use FingerprintManager.authenticate to tart listening to a fingerprint on the fingerprint sensor with a Cipher initialized with the symmetric key created.
Use FingerprintManager.AuthenticationCallback#onAuthenticationSucceeded() callback after the fingerprint (or password) is verified.
To use this feature in your app, add the USE_FINGERPRINT permission in your manifest.
1 2 | <uses-permission android:name="android.permission.USE_FINGERPRINT" /> |
- Install Android SDK Tools Revision 24.3, if you have not done so.
- Enroll a new fingerprint in the emulator by going to Settings > Security > Fingerprint, then follow the enrollment instructions.
- Use an emulator to emulate fingerprint touch events with the following command. Use the same command to emulate fingerprint touch events on the lockscreen or in your app.
adb -e emu finger touch <finger_id>
Confirm CredentialYour app can authenticate users based on how recently they last unlocked their device. This feature frees users from having to remember additional app-specific passwords, and avoids the need for you to implement your own authentication user interface. Your app should use this feature in conjunction with a public or secret key implementation for user authentication.
To set the timeout duration for which the same key can be re-used after a user is successfully authenticated, call the new android.security.keystore.KeyGenParameterSpec.setUserAuthenticationValidityDurationSeconds() method when you set up a KeyGenerator or KeyPairGenerator. This feature currently works for symmetric cryptographic operations.
Avoid showing the re-authentication dialog excessively -- your apps should try using the cryptographic object first and if the the timeout expires, use the createConfirmDeviceCredentialIntent() method to re-authenticate the user within your app.
No comments:
Post a Comment