SlideShare a Scribd company logo

Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDevelopment

Download as PPTX, PDF
Harikrishna Patel
Harikrishna Patel

The document discusses biometric authentication on Android devices using fingerprints or facial recognition. It provides an overview of biometric authentication, how it works, and the steps to implement it in an Android app. Biometric authentication uses unique human characteristics to verify identity. The document outlines the Android biometric architecture, permissions needed, and how to create a BiometricPrompt instance to authenticate users. It stresses the importance of securely storing biometric data and templates to prevent hacking and privacy issues.

Mobile
1 of 16
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
Mobile Authentication with Biometric (Fingerprint or Face) In Android Represent by : Softqube Technologies Pvt. Ltd.
An Introduction of Biometric Authentication Biometric is the technical term for human body measurements and calculations. It measures human characteristics. Biometrics authentication is used in computer science as a form of access control and authentication. It is also used to identify individuals in groups of people that are under surveillance. Biometric authentication and identification is unique, they are more dependable in verifying identity than token and knowledge-based methods; but, the collection of biometric identifiers raises privacy related to the ultimate use of this information. In verification or authentication mode the system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric DB in order to verify the separate is the person they claim to be. Three steps are in the verification of a person. In the first step, reference models for all the users are generated and stored in the model DB.
Continue.. Figure-1.0 Biometric System Diagram.
In the second step, some samples are matched with reference models to generate the genuine and pretender scores and calculate the threshold. The third step is the testing step. This process use a smart card, username or ID number (e.g. PIN) to indicate which template should be used for check. Positive authentication and identification is a regular use of the verification mode, where the aim is to prevent multiple people from using the identity. Continue..
The two new APIs introduced the old FingerprintManager that was used for handling fingerprint biometrics on Android devices. Particularly, The FingerprintManager class was deprecated in API level 28. The flow diagram across android versions can be seen above, the original image can be found in the Android Developer documentation here. Android Biometric Architecture
All biometric implementations must meet security specifications as per documentation and have a strong rating in order to participate in the BiometricPrompt class”. The BiometricPrompt class covers a companion Builder class that can be used to configure and create BiometricPrompt class instances, as well as defining the text that is to seem within the biometric identification and authentication dialog and the customization of the cancel button that appears in the dialog. Fingerprint is only available on devices which contain a touch sensor and on which the acceptable configuration has been taken to make secure the device and register at least one fingerprint. Biometric factors permite for secure authentication on the Android platform. The Android framework covers face and fingerprint biometric authentication. Continue..
Steps to implement BiometricPrompt Compat: Set Permission on manifest.xml file.
Set androidx.biometric dependency to app level build.gradle file: Create BiometricPrompt instance:
Create BiometricPrompt.PromptInfo instance: When we call the biometricPrompt.authenticate() method, we need to send the instance of BiometricPrompt.PromptInfo. We can create instances of BiometricPrompt.PromptInfo using BiometricPrompt.PromptInfo.Builder.
Start Authentication: In this last step, using BiometricPrompt class install you can call authenticate() method and pass BiometricPrompt.PromptInfo class instance we built in previous step: You can cancel the authentication by calling below method : As we have integrated it’s easy, As Google provided the system authentication prompt using a device’s supported biometric and as you can see, it is easy to integrate.
Biometric HAL Guidelines For Secure Biometric Data. First, we need to make sure that raw biometric data or derivatives such as templates are never accessible from outside the sensor driver or secure isolated environment such as the TEE or Secure Element. If the hardware supports it, limit hardware access to the secure separate environment and protect it with an Linux policy. Make the communication channel such as SPI and I2C accessible only to the secure single environment with an SELinux policy on all device files. Biometric acquisition, enrollment, and recognition must occur inside the secure separate environment to protect data breaches and other attacks. This requirement only applies to strong biometrics. Biometric data store only the encrypted form or derivatives on the file system.
To protect against replay attacks, sign biometric templates with a private, device- specific key. For Advanced Encryption Standard (AES), at a minimum sign a template with the absolute file-system path, group, and biometric ID such that template files are inoperable on another device or for anyone other than the user that enrolled them on the same device. such as , not allowing copying biometric data from different users on the same device or other device. When a user is removed, remove all template data also and Use the file-system path provided by the set_active_group()function, It’s recommended that biometric template files be stored as encrypted in the path provided. If this is impossible due to the storage requirements of the secure single environment, to ensure removal of the data need to add hooks when the user is removed or the device is wiped. Continue..
A strong authentication of mobile strategy should encompass a biometric factor, and it should examine implementing such a factor into a multifactor authentication process. There are some methods used in modern mobile devices to authenticate users to a locked device. Mobile authentication should provide the simplicity to use and security for organization; it’s important for the user, and biometric authentication in android devices offers this balance in a single factor. How can biometric authentication improve mobile security?
To access their device authentication method is used as a standard password for this user to enter letters, numbers and symbols.this is simple to use until users don’t forget their passcodes. But it does not provide strong protection because users use the same passcode for multiple devices or other logins. Passcodes are easy for hackers to crack, and they’re capable of shoulder surfing — it might be possible for someone determining the passcode by simply looking over the user’s shoulder. Another mobile authentication method is the action pattern. In this case, users recreate certain patterns by dragging their fingers across the screen. The action pattern is more awkward for users than passcodes; this is especially true as the patterns become more complex. Action patterns are more secure than passcodes, but the general security of this method depends on the pattern’s complexity. Shoulder surfing might be possible in action patterns, and users may leave marks on the screens from repeatedly entering the same pattern. Traditional Mobile Authentication
Biometric identification and authentication depends on unique biological attributes, such as a fingerprint, an iris, a face or even a heartbeat. These attributes are much more difficult for hackers and criminals to exploit because they’re unique to each individual. Today’s biometric identification and authentication systems cover checks to verify that the biometric elements aren’t coming from video or audio recordings as well. With biometric authentication and identification for mobile devices, users don’t have to remember passcodes or action patterns, and they don’t have to carry around security keys. It’s easy for users to authenticate to their devices at any time. Biometric authentication also has risks as like any other mobile authentication method. In Biometric authentication such as potential false positives or compromised digital image files. Once a hacker steals a biometric image, that biometric factor is compromised constantly; Biometric authentication factors
Thank you

More Related Content

What's hot (19)

PDF
Case study on Usage of Biometrics (Cryptography)
Bhargav Amin
 
PPT
Bio atm with-microsoft_finger_print_sdk
Mahesh Shitole
 
PPT
Introduction To Biometrics
suniljoshi151
 
PDF
Iciea08
Hanaa Salman
 
PDF
Biometric System and Recognition Authentication and Security Issues
ijtsrd
 
PDF
IRJET- Secure Automated Teller Machine (ATM) by Image Processing
IRJET Journal
 
PPTX
Biometric authentication ppt by navin 6 feb
Navin Kumar
 
PDF
Database Security Two Way Authentication Using Graphical Password
IJERA Editor
 
DOCX
GHC-2014-Lavanya
Lavanya Lakshman
 
PPTX
Alaa elbeheri research_presentation
alaabebe
 
PDF
“Enhancing Iris Scanning Using Visual Cryptography”
iosrjce
 
PDF
Security Analysis of Mobile Authentication Using QR-Codes
csandit
 
PDF
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
IJNSA Journal
 
PDF
Biometric Authentication Based on Hash Iris Features
CSCJournals
 
PDF
Continuous User Identity Verification through Secure Login Session
IRJET Journal
 
PDF
Fingerprint Based Biometric ATM Authentication System
International Journal of Engineering Inventions www.ijeijournal.com
 
PDF
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET Journal
 
PDF
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
PDF
A WIRELESS FINGERPRINT ATTENDANCE SYSTEM
ijsptm
 
Case study on Usage of Biometrics (Cryptography)
Bhargav Amin
 
Bio atm with-microsoft_finger_print_sdk
Mahesh Shitole
 
Introduction To Biometrics
suniljoshi151
 
Iciea08
Hanaa Salman
 
Biometric System and Recognition Authentication and Security Issues
ijtsrd
 
IRJET- Secure Automated Teller Machine (ATM) by Image Processing
IRJET Journal
 
Biometric authentication ppt by navin 6 feb
Navin Kumar
 
Database Security Two Way Authentication Using Graphical Password
IJERA Editor
 
GHC-2014-Lavanya
Lavanya Lakshman
 
Alaa elbeheri research_presentation
alaabebe
 
“Enhancing Iris Scanning Using Visual Cryptography”
iosrjce
 
Security Analysis of Mobile Authentication Using QR-Codes
csandit
 
ENHANCED AUTHENTICATION FOR WEB-BASED SECURITY USING KEYSTROKE DYNAMICS
IJNSA Journal
 
Biometric Authentication Based on Hash Iris Features
CSCJournals
 
Continuous User Identity Verification through Secure Login Session
IRJET Journal
 
Fingerprint Based Biometric ATM Authentication System
International Journal of Engineering Inventions www.ijeijournal.com
 
IRJET - Secure Electronic Transaction using Strengthened Graphical OTP Authen...
IRJET Journal
 
IJERD (www.ijerd.com) International Journal of Engineering Research and Devel...
IJERD Editor
 
A WIRELESS FINGERPRINT ATTENDANCE SYSTEM
ijsptm
 

Similar to Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDevelopment (20)

PDF
Brafton White Paper Example
Kayla Perry
 
PDF
Biometrics Authentication_ Revolutionizing UX Design for Enhanced Security.pdf
Delimp Technology
 
PDF
Biometrics system penetration in mobile devices
Swapnil Jagtap
 
PDF
How to Test Biometric Authentication on Mobile Apps.pdf
kalichargn70th171
 
PPT
Bio Metrics
nayakslideshare
 
PPTX
Bio-metric Safety engineering in mobile devices
Adesh Singh
 
PPTX
Authentication Simple as a Selfie - How Biometrics are Reducing Customer Fric...
Easy Solutions Inc
 
PDF
Hazards of Biometric Authentication in Practice
ITIIIndustries
 
PPTX
The How of Biometrics
Peachy Essay
 
PDF
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
International Center for Biometric Research
 
PPTX
Biometric_Authentication_Presentation (1).pptx
allinmovie32
 
PPTX
Biometric security system
Mithun Paul
 
PPTX
Biometric-Authentication-A-Comprehensive-Guide[1].pptx
allinmovie32
 
PPTX
BIOMETRIC (TO PRERVE OUR IDENTY)
mounika117
 
PPTX
Ai
SouhailaMesseria1
 
PPTX
Bio-Metrics through finger print
University Of Education Lahore D.G Khan Campus
 
PDF
Biometrics & Finger print Technology
Mewar University
 
PPSX
presentation on Biometric authentication.ppsx
sagarskp108
 
PPTX
Biometric security using cryptography
Sampat Patnaik
 
PPTX
Biometric authentication
mahtabrasheed195
 
Brafton White Paper Example
Kayla Perry
 
Biometrics Authentication_ Revolutionizing UX Design for Enhanced Security.pdf
Delimp Technology
 
Biometrics system penetration in mobile devices
Swapnil Jagtap
 
How to Test Biometric Authentication on Mobile Apps.pdf
kalichargn70th171
 
Bio Metrics
nayakslideshare
 
Bio-metric Safety engineering in mobile devices
Adesh Singh
 
Authentication Simple as a Selfie - How Biometrics are Reducing Customer Fric...
Easy Solutions Inc
 
Hazards of Biometric Authentication in Practice
ITIIIndustries
 
The How of Biometrics
Peachy Essay
 
(2007) Privacy Preserving Multi-Factor Authentication with Biometrics
International Center for Biometric Research
 
Biometric_Authentication_Presentation (1).pptx
allinmovie32
 
Biometric security system
Mithun Paul
 
Biometric-Authentication-A-Comprehensive-Guide[1].pptx
allinmovie32
 
BIOMETRIC (TO PRERVE OUR IDENTY)
mounika117
 
Ai
SouhailaMesseria1
 
Bio-Metrics through finger print
University Of Education Lahore D.G Khan Campus
 
Biometrics & Finger print Technology
Mewar University
 
presentation on Biometric authentication.ppsx
sagarskp108
 
Biometric security using cryptography
Sampat Patnaik
 
Biometric authentication
mahtabrasheed195
 
Ad

More from Harikrishna Patel (8)

PDF
Online Shopping Experience Can Enhance Your Business Sales Productivity
Harikrishna Patel
 
PPTX
Roses Delivery Management System
Harikrishna Patel
 
PDF
When to post on social media???
Harikrishna Patel
 
PDF
What to post on social media?
Harikrishna Patel
 
PPTX
iRich - Shop Earn and Share
Harikrishna Patel
 
PPTX
WMS - Manage Your Invetory Trackable
Harikrishna Patel
 
PPTX
Tab A Ride - Any Time Any Way
Harikrishna Patel
 
PPT
Innovation and Design Excellance Suite - IDES (By: IVAPS (P) LTD)
Harikrishna Patel
 
Online Shopping Experience Can Enhance Your Business Sales Productivity
Harikrishna Patel
 
Roses Delivery Management System
Harikrishna Patel
 
When to post on social media???
Harikrishna Patel
 
What to post on social media?
Harikrishna Patel
 
iRich - Shop Earn and Share
Harikrishna Patel
 
WMS - Manage Your Invetory Trackable
Harikrishna Patel
 
Tab A Ride - Any Time Any Way
Harikrishna Patel
 
Innovation and Design Excellance Suite - IDES (By: IVAPS (P) LTD)
Harikrishna Patel
 
Ad

Mobile Authentication with biometric (fingerprint or face) in #AndroidAppDevelopment

  • 1. Mobile Authentication with Biometric (Fingerprint or Face) In Android Represent by : Softqube Technologies Pvt. Ltd.
  • 2. An Introduction of Biometric Authentication Biometric is the technical term for human body measurements and calculations. It measures human characteristics. Biometrics authentication is used in computer science as a form of access control and authentication. It is also used to identify individuals in groups of people that are under surveillance. Biometric authentication and identification is unique, they are more dependable in verifying identity than token and knowledge-based methods; but, the collection of biometric identifiers raises privacy related to the ultimate use of this information. In verification or authentication mode the system performs a one-to-one comparison of a captured biometric with a specific template stored in a biometric DB in order to verify the separate is the person they claim to be. Three steps are in the verification of a person. In the first step, reference models for all the users are generated and stored in the model DB.
  • 4. In the second step, some samples are matched with reference models to generate the genuine and pretender scores and calculate the threshold. The third step is the testing step. This process use a smart card, username or ID number (e.g. PIN) to indicate which template should be used for check. Positive authentication and identification is a regular use of the verification mode, where the aim is to prevent multiple people from using the identity. Continue..
  • 5. The two new APIs introduced the old FingerprintManager that was used for handling fingerprint biometrics on Android devices. Particularly, The FingerprintManager class was deprecated in API level 28. The flow diagram across android versions can be seen above, the original image can be found in the Android Developer documentation here. Android Biometric Architecture
  • 6. All biometric implementations must meet security specifications as per documentation and have a strong rating in order to participate in the BiometricPrompt class”. The BiometricPrompt class covers a companion Builder class that can be used to configure and create BiometricPrompt class instances, as well as defining the text that is to seem within the biometric identification and authentication dialog and the customization of the cancel button that appears in the dialog. Fingerprint is only available on devices which contain a touch sensor and on which the acceptable configuration has been taken to make secure the device and register at least one fingerprint. Biometric factors permite for secure authentication on the Android platform. The Android framework covers face and fingerprint biometric authentication. Continue..
  • 7. Steps to implement BiometricPrompt Compat: Set Permission on manifest.xml file.
  • 8. Set androidx.biometric dependency to app level build.gradle file: Create BiometricPrompt instance:
  • 9. Create BiometricPrompt.PromptInfo instance: When we call the biometricPrompt.authenticate() method, we need to send the instance of BiometricPrompt.PromptInfo. We can create instances of BiometricPrompt.PromptInfo using BiometricPrompt.PromptInfo.Builder.
  • 10. Start Authentication: In this last step, using BiometricPrompt class install you can call authenticate() method and pass BiometricPrompt.PromptInfo class instance we built in previous step: You can cancel the authentication by calling below method : As we have integrated it’s easy, As Google provided the system authentication prompt using a device’s supported biometric and as you can see, it is easy to integrate.
  • 11. Biometric HAL Guidelines For Secure Biometric Data. First, we need to make sure that raw biometric data or derivatives such as templates are never accessible from outside the sensor driver or secure isolated environment such as the TEE or Secure Element. If the hardware supports it, limit hardware access to the secure separate environment and protect it with an Linux policy. Make the communication channel such as SPI and I2C accessible only to the secure single environment with an SELinux policy on all device files. Biometric acquisition, enrollment, and recognition must occur inside the secure separate environment to protect data breaches and other attacks. This requirement only applies to strong biometrics. Biometric data store only the encrypted form or derivatives on the file system.
  • 12. To protect against replay attacks, sign biometric templates with a private, device- specific key. For Advanced Encryption Standard (AES), at a minimum sign a template with the absolute file-system path, group, and biometric ID such that template files are inoperable on another device or for anyone other than the user that enrolled them on the same device. such as , not allowing copying biometric data from different users on the same device or other device. When a user is removed, remove all template data also and Use the file-system path provided by the set_active_group()function, It’s recommended that biometric template files be stored as encrypted in the path provided. If this is impossible due to the storage requirements of the secure single environment, to ensure removal of the data need to add hooks when the user is removed or the device is wiped. Continue..
  • 13. A strong authentication of mobile strategy should encompass a biometric factor, and it should examine implementing such a factor into a multifactor authentication process. There are some methods used in modern mobile devices to authenticate users to a locked device. Mobile authentication should provide the simplicity to use and security for organization; it’s important for the user, and biometric authentication in android devices offers this balance in a single factor. How can biometric authentication improve mobile security?
  • 14. To access their device authentication method is used as a standard password for this user to enter letters, numbers and symbols.this is simple to use until users don’t forget their passcodes. But it does not provide strong protection because users use the same passcode for multiple devices or other logins. Passcodes are easy for hackers to crack, and they’re capable of shoulder surfing — it might be possible for someone determining the passcode by simply looking over the user’s shoulder. Another mobile authentication method is the action pattern. In this case, users recreate certain patterns by dragging their fingers across the screen. The action pattern is more awkward for users than passcodes; this is especially true as the patterns become more complex. Action patterns are more secure than passcodes, but the general security of this method depends on the pattern’s complexity. Shoulder surfing might be possible in action patterns, and users may leave marks on the screens from repeatedly entering the same pattern. Traditional Mobile Authentication
  • 15. Biometric identification and authentication depends on unique biological attributes, such as a fingerprint, an iris, a face or even a heartbeat. These attributes are much more difficult for hackers and criminals to exploit because they’re unique to each individual. Today’s biometric identification and authentication systems cover checks to verify that the biometric elements aren’t coming from video or audio recordings as well. With biometric authentication and identification for mobile devices, users don’t have to remember passcodes or action patterns, and they don’t have to carry around security keys. It’s easy for users to authenticate to their devices at any time. Biometric authentication also has risks as like any other mobile authentication method. In Biometric authentication such as potential false positives or compromised digital image files. Once a hacker steals a biometric image, that biometric factor is compromised constantly; Biometric authentication factors