DEV Community

Vivi-clevercoder
Vivi-clevercoder

Posted on

How Fingerprint and Facial Authentication in Mission: Impossible Can be Brought to Life

Have you ever marveled at the impressive technology in sci-fi movies, such as the floating touchscreen in Iron Man and the fingerprint and iris authentication in Mission: Impossible?

Such cutting-edge technology has already entered our day-to-day lives, with fingerprint and facial authentication being widely used.

Users are paying more and more attention to individual privacy protection and thus have higher requirements about app security, which can be guaranteed with the help of authentication based on the unique nature of fingerprints and facial data.
Fingerprint and facial authentication effectively reduces the risk of account theft and information leakage when used for unlocking devices, making payments, and accessing files.

Such an authentication mode can be realized with HUAWEI FIDO: it arms your app with FIDO2 client capabilities based on the WebAuthn standard, as well as the fingerprint and facial authentication capabilities of BioAuthn.

FIDO ensures that the authentication result is secure and reliable by checking the system integrity and using cryptographic key verification. It allows password-free authentication during sign-in, a general solution that can be easily integrated with the existing account infrastructure.

Let's see how to integrate the fingerprint and facial authentication capabilities in FIDO.
Perform the steps below:

  1. Configure app information in AppGallery Connect.
  2. Integrate the HMS Core SDK.
  3. Integrate the BioAuthn-AndroidX SDK.

Click the hyperlinks of step 1 and 2 to learn more about them.
Note that in step 2 there are two SDKs:

Bioauthn-AndroidX: implementation 'com.huawei.hms:fido-bioauthn-androidx:5.2.0.301'

BioAuthn: implementation 'com.huawei.hms:fido-bioauthn:5.2.0.301'
They're slightly different from each other:
The BioAuthn-AndroidX SDK provides a unified UI for fingerprint authentication. You do not need to design a fingerprint authentication UI for your app, whereas the BioAuthn SDK requires you to design a fingerprint authentication UI for your app.

Below is the detailed description of the difference in the FAQs section of this kit:

image

This article gives an introduction about how to integrate the BioAuthn-AndroidX SDK. You can download its demo here.

Integrating the BioAuthn-AndroidX SDK
Notes:

  1. The fingerprint and facial authentication capabilities cannot be used on a rooted device.

  2. Before testing, make sure that you've enrolled facial data and a fingerprint in the testing device. Otherwise, an error code will be reported.
    Go to Settings > Biometrics & password on the device to enroll facial data and a fingerprint.

Fingerprint Authentication
To use the fingerprint authentication capability, perform the following steps:

  1. Initialize the BioAuthnPrompt object:
BioAuthnPrompt bioAuthnPrompt = new BioAuthnPrompt(this, ContextCompat.getMainExecutor(this), new BioAuthnCallback() {
    @Override
    public void onAuthError(int errMsgId, CharSequence errString) {
        showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString);
    }
    @Override
    public void onAuthSucceeded(BioAuthnResult result) {
        showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject());
    }
    @Override
    public void onAuthFailed() {
        showResult("Authentication failed.");
    }
});
Enter fullscreen mode Exit fullscreen mode

2.Configure prompt information and perform authentication.

// Customize the prompt information.
BioAuthnPrompt.PromptInfo.Builder builder =
        new BioAuthnPrompt.PromptInfo.Builder().setTitle("This is the title.")
                .setSubtitle("This is the subtitle.")
                .setDescription("This is the description.");

// The user is allowed to authenticate with methods other than biometrics.
builder.setDeviceCredentialAllowed(true);

BioAuthnPrompt.PromptInfo info = builder.build();

// Perform authentication.
bioAuthnPrompt.auth(info);
Enter fullscreen mode Exit fullscreen mode

After the configuration is complete, fingerprint authentication can be performed on a screen similar to the following image:

image

Facial Authentication
There are many restrictions on using the facial authentication capability. For details, please refer to the corresponding FAQs.

image

  1. Check whether the camera permission has been granted to your app. (Note that this permission is not needed on devices running EMUI 10.1 or later.)
    int permissionCheck = 
    ContextCompat.checkSelfPermission(MainActivity.this, 
    Manifest.permission.CAMERA);
    if (permissionCheck != PackageManager.PERMISSION_GRANTED) {
        showResult("Grant the camera permission first.");

        ActivityCompat.requestPermissions(MainActivity.this, new 
    String[] {Manifest.permission.CAMERA}, 1);
        return;
    }
Enter fullscreen mode Exit fullscreen mode
  1. Check whether the device supports facial authentication.
FaceManager faceManager = new FaceManager(this);

int errorCode = faceManager.canAuth();
if (errorCode != 0) {
    resultTextView.setText("");
    showResult("The device does not support facial authentication. errorCode=" + errorCode);
    return;
}
Enter fullscreen mode Exit fullscreen mode
  1. Perform facial authentication.
int flags = 0;
Handler handler = null;
CryptoObject crypto = null;

faceManager.auth(crypto, cancellationSignal, flags, new BioAuthnCallback() {
    @Override
    public void onAuthError(int errMsgId, CharSequence errString) {
        showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString
                + (errMsgId == 1012 ? " The camera permission has not been granted." : ""));
    }

    @Override
    public void onAuthHelp(int helpMsgId, CharSequence helpString) {
        showResult("This is the prompt information during authentication. helpMsgId=" + helpMsgId + ",helpString=" + helpString + "\n");
    }

    @Override
    public void onAuthSucceeded(BioAuthnResult result) {
        showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject());
    }

    @Override
    public void onAuthFailed() {
        showResult("Authentication failed.");
    }
}, handler);
Enter fullscreen mode Exit fullscreen mode

This is all the code for facial authentication. You can call it to perform this capability.
Note that there is no default UI for this capability. You need to design a UI as needed.

Application Scenarios
Fingerprint Authentication

Fingerprint authentication is commonly used before payments by users for security authentication.
It can also be integrated into file protection apps to allow only users passing fingerprint authentication to access relevant files.

Facial Authentication

This capability works well in scenarios where fingerprint authentication can be used. For file protection apps, facial authentication has a better performance than fingerprint authentication.

This is because such apps share a common flaw: they make it clear that a file is very important or sensitive.
Therefore, a hacker can access this file once they figure out a way to obtain the fingerprint authentication of the app, which can be done despite the difficulty in doing so.

To avoid this, in addition to fingerprint authentication, a file protection app can adopt facial authentication "secretly" — this capability does not require a UI. The app displays the real file after a user obtains both fingerprint and facial authentication, otherwise it will display a fake file.

In this way, it can improve the protection of user privacy.
The following is the sample code for developing such a function:

faceManager.auth(crypto, cancellationSignal, flags, new BioAuthnCallback() {
    @Override
    public void onAuthError(int errMsgId, CharSequence errString) {
        if(isFingerprintSuccess){// Fingerprint authentication succeeded but facial authentication failed.
            // Display a fake file.
            showFakeFile();
        }
    }

    @Override
    public void onAuthHelp(int helpMsgId, CharSequence helpString) {
    }

    @Override
    public void onAuthSucceeded(BioAuthnResult result) {
        if(isFingerprintSuccess){// Fingerprint authentication succeeded.
            // Display the real file.
            showRealFile();
        }else {// Fingerprint authentication failed.
            // Display a fake file.
            showFakeFile();
        }

    }

    @Override
    public void onAuthFailed() {
        if(isFingerprintSuccess){// Fingerprint authentication succeeded but facial authentication failed.
            // Display a fake file.
            showFakeFile();
        }

    }
}, handler);
Enter fullscreen mode Exit fullscreen mode

To learn more, please visit:

HUAWEI Developers official website

Development Guide

Redditto join developer discussions

GitHub or Gitee to download the demo and sample code

Stack Overflow to solve integration problems

Top comments (0)