Have you ever marveled at the impressive technology in sci-fi movies, such as the floating touchscreen in Iron Man and the fingerprint and iris authentication in Mission: Impossible?
Such cutting-edge technology has already entered our day-to-day lives, with fingerprint and facial authentication being widely used.
Users are paying more and more attention to individual privacy protection and thus have higher requirements about app security, which can be guaranteed with the help of authentication based on the unique nature of fingerprints and facial data.
Fingerprint and facial authentication effectively reduces the risk of account theft and information leakage when used for unlocking devices, making payments, and accessing files.
Such an authentication mode can be realized with HUAWEI FIDO: it arms your app with FIDO2 client capabilities based on the WebAuthn standard, as well as the fingerprint and facial authentication capabilities of BioAuthn.
FIDO ensures that the authentication result is secure and reliable by checking the system integrity and using cryptographic key verification. It allows password-free authentication during sign-in, a general solution that can be easily integrated with the existing account infrastructure.
Let's see how to integrate the fingerprint and facial authentication capabilities in FIDO.
Perform the steps below:
- Configure app information in AppGallery Connect.
- Integrate the HMS Core SDK.
- Integrate the BioAuthn-AndroidX SDK.
Click the hyperlinks of step 1 and 2 to learn more about them.
Note that in step 2 there are two SDKs:
Bioauthn-AndroidX: implementation 'com.huawei.hms:fido-bioauthn-androidx:5.2.0.301'
BioAuthn: implementation 'com.huawei.hms:fido-bioauthn:5.2.0.301'
They're slightly different from each other:
The BioAuthn-AndroidX SDK provides a unified UI for fingerprint authentication. You do not need to design a fingerprint authentication UI for your app, whereas the BioAuthn SDK requires you to design a fingerprint authentication UI for your app.
Below is the detailed description of the difference in the FAQs section of this kit:
This article gives an introduction about how to integrate the BioAuthn-AndroidX SDK. You can download its demo here.
Integrating the BioAuthn-AndroidX SDK
Notes:
The fingerprint and facial authentication capabilities cannot be used on a rooted device.
Before testing, make sure that you've enrolled facial data and a fingerprint in the testing device. Otherwise, an error code will be reported.
Go to Settings > Biometrics & password on the device to enroll facial data and a fingerprint.
Fingerprint Authentication
To use the fingerprint authentication capability, perform the following steps:
- Initialize the BioAuthnPrompt object:
BioAuthnPrompt bioAuthnPrompt = new BioAuthnPrompt(this, ContextCompat.getMainExecutor(this), new BioAuthnCallback() {
@Override
public void onAuthError(int errMsgId, CharSequence errString) {
showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString);
}
@Override
public void onAuthSucceeded(BioAuthnResult result) {
showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject());
}
@Override
public void onAuthFailed() {
showResult("Authentication failed.");
}
});
2.Configure prompt information and perform authentication.
// Customize the prompt information.
BioAuthnPrompt.PromptInfo.Builder builder =
new BioAuthnPrompt.PromptInfo.Builder().setTitle("This is the title.")
.setSubtitle("This is the subtitle.")
.setDescription("This is the description.");
// The user is allowed to authenticate with methods other than biometrics.
builder.setDeviceCredentialAllowed(true);
BioAuthnPrompt.PromptInfo info = builder.build();
// Perform authentication.
bioAuthnPrompt.auth(info);
After the configuration is complete, fingerprint authentication can be performed on a screen similar to the following image:
Facial Authentication
There are many restrictions on using the facial authentication capability. For details, please refer to the corresponding FAQs.
- Check whether the camera permission has been granted to your app. (Note that this permission is not needed on devices running EMUI 10.1 or later.)
int permissionCheck =
ContextCompat.checkSelfPermission(MainActivity.this,
Manifest.permission.CAMERA);
if (permissionCheck != PackageManager.PERMISSION_GRANTED) {
showResult("Grant the camera permission first.");
ActivityCompat.requestPermissions(MainActivity.this, new
String[] {Manifest.permission.CAMERA}, 1);
return;
}
- Check whether the device supports facial authentication.
FaceManager faceManager = new FaceManager(this);
int errorCode = faceManager.canAuth();
if (errorCode != 0) {
resultTextView.setText("");
showResult("The device does not support facial authentication. errorCode=" + errorCode);
return;
}
- Perform facial authentication.
int flags = 0;
Handler handler = null;
CryptoObject crypto = null;
faceManager.auth(crypto, cancellationSignal, flags, new BioAuthnCallback() {
@Override
public void onAuthError(int errMsgId, CharSequence errString) {
showResult("Authentication error. errorCode=" + errMsgId + ",errorMessage=" + errString
+ (errMsgId == 1012 ? " The camera permission has not been granted." : ""));
}
@Override
public void onAuthHelp(int helpMsgId, CharSequence helpString) {
showResult("This is the prompt information during authentication. helpMsgId=" + helpMsgId + ",helpString=" + helpString + "\n");
}
@Override
public void onAuthSucceeded(BioAuthnResult result) {
showResult("Authentication succeeded. CryptoObject=" + result.getCryptoObject());
}
@Override
public void onAuthFailed() {
showResult("Authentication failed.");
}
}, handler);
This is all the code for facial authentication. You can call it to perform this capability.
Note that there is no default UI for this capability. You need to design a UI as needed.
Application Scenarios
Fingerprint Authentication
Fingerprint authentication is commonly used before payments by users for security authentication.
It can also be integrated into file protection apps to allow only users passing fingerprint authentication to access relevant files.
Facial Authentication
This capability works well in scenarios where fingerprint authentication can be used. For file protection apps, facial authentication has a better performance than fingerprint authentication.
This is because such apps share a common flaw: they make it clear that a file is very important or sensitive.
Therefore, a hacker can access this file once they figure out a way to obtain the fingerprint authentication of the app, which can be done despite the difficulty in doing so.
To avoid this, in addition to fingerprint authentication, a file protection app can adopt facial authentication "secretly" — this capability does not require a UI. The app displays the real file after a user obtains both fingerprint and facial authentication, otherwise it will display a fake file.
In this way, it can improve the protection of user privacy.
The following is the sample code for developing such a function:
faceManager.auth(crypto, cancellationSignal, flags, new BioAuthnCallback() {
@Override
public void onAuthError(int errMsgId, CharSequence errString) {
if(isFingerprintSuccess){// Fingerprint authentication succeeded but facial authentication failed.
// Display a fake file.
showFakeFile();
}
}
@Override
public void onAuthHelp(int helpMsgId, CharSequence helpString) {
}
@Override
public void onAuthSucceeded(BioAuthnResult result) {
if(isFingerprintSuccess){// Fingerprint authentication succeeded.
// Display the real file.
showRealFile();
}else {// Fingerprint authentication failed.
// Display a fake file.
showFakeFile();
}
}
@Override
public void onAuthFailed() {
if(isFingerprintSuccess){// Fingerprint authentication succeeded but facial authentication failed.
// Display a fake file.
showFakeFile();
}
}
}, handler);
To learn more, please visit:
HUAWEI Developers official website
Redditto join developer discussions
GitHub or Gitee to download the demo and sample code
Stack Overflow to solve integration problems
Top comments (0)