未验证 提交 b7fc5fd3 编写于 作者: O openharmony_ci 提交者: Gitee

!1899 useriam英文文档修复

Merge pull request !1899 from zengyawen/master
# User Authentication Development<a name="EN-US_TOPIC_0000001234020089"></a> # User Authentication Development
>**NOTE:** ## When to Use
>This document applies to JS.
## When to Use<a name="section1410661605517"></a> OpenHarmony supports 2D and 3D facial recognition that can be used for identity authentication during device unlocking, application login, and payment.
HarmonyOS supports 2D and 3D facial recognition that can be used for identity authentication during device unlocking, application login, and payment. ## Available APIs
## Available APIs<a name="section187921265614"></a>
The **userIAM\_userAuth** module provides methods for checking the support for biometric authentication, and performing and canceling authentication. You can perform authentication based on biometric features such as facial characteristics. Before performing biometric authentication, check whether your device supports this capability, including the authentication type, security level, and whether local authentication is used. If biometric authentication is not supported, consider using another authentication type. The following table lists methods in the APIs available for biometric authentication. The **userIAM\_userAuth** module provides methods for checking the support for biometric authentication, and performing and canceling authentication. You can perform authentication based on biometric features such as facial characteristics. Before performing biometric authentication, check whether your device supports this capability, including the authentication type, security level, and whether local authentication is used. If biometric authentication is not supported, consider using another authentication type. The following table lists methods in the APIs available for biometric authentication.
**Table 1** Methods available for biometric authentication **Table 1** Methods available for biometric authentication
<a name="table1261657203"></a> | Method | Description |
<table><thead align="left"><tr id="row76161273014"><th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.1"><p id="p96161471303"><a name="p96161471303"></a><a name="p96161471303"></a>Method</p> | ------------------------------------------------------------ | ------------------------------------------------------------ |
</th> | getAuthenticator(): Authenticator | Obtains an **Authenticator** object for user authentication. <sup>6+</sup><br>Obtains an **Authenticator** object to check the device's capability of user authentication, perform or cancel user authentication, and obtain the tips generated in the authentication process. <sup>7+</sup> |
<th class="cellrowborder" valign="top" width="50%" id="mcps1.2.3.1.2"><p id="p13616107301"><a name="p13616107301"></a><a name="p13616107301"></a>Description</p> | checkAvailability(type: AuthType, level: SecureLevel): number | Checks whether the device supports the specified authentication type and security level. |
</th> | execute(type: AuthType, level: SecureLevel, callback: AsyncCallback\<number>): void | Performs user authentication and returns the authentication result using an asynchronous callback. |
</tr> | execute(type: AuthType, level: SecureLevel): Promise\<number> | Performs user authentication and returns the authentication result using a promise. |
</thead> | cancel(): void | Cancels the current authentication. |
<tbody><tr id="row14616874017"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p182909135717"><a name="p182909135717"></a><a name="p182909135717"></a>getAuthenticator(): Authenticator</p> | on(type: "tip", callback: Callback\<Tip>): void | Subscribes to the events of the specified type. |
</td> | off(type: "tip", callback?: Callback\<Tip>): void | Unsubscribes from the events of the specified type. |
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p052435213251"><a name="p052435213251"></a><a name="p052435213251"></a>Obtains an <strong id="b7528121952513"><a name="b7528121952513"></a><a name="b7528121952513"></a>Authenticator</strong> object for user authentication. <sup id="sup580316168261"><a name="sup580316168261"></a><a name="sup580316168261"></a>6+</sup></p>
<p id="p18224123611319"><a name="p18224123611319"></a><a name="p18224123611319"></a>Obtains an <strong id="b16234636102517"><a name="b16234636102517"></a><a name="b16234636102517"></a>Authenticator</strong> object to check the device's capability of user authentication, perform or cancel user authentication, and obtain the tips generated in the authentication process. <sup id="sup1832921092616"><a name="sup1832921092616"></a><a name="sup1832921092616"></a>7+</sup></p>
</td> ## How to Develop
</tr>
<tr id="row106165720013"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p116992514713"><a name="p116992514713"></a><a name="p116992514713"></a>checkAvailability(type: AuthType, level: SecureLevel): number</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p695651014402"><a name="p695651014402"></a><a name="p695651014402"></a>Checks whether the device supports the specified authentication type and security level.</p>
</td>
</tr>
<tr id="row116161776012"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p6854332710"><a name="p6854332710"></a><a name="p6854332710"></a>execute(type: AuthType, level: SecureLevel, callback: AsyncCallback&lt;number&gt;): void</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p144141341165617"><a name="p144141341165617"></a><a name="p144141341165617"></a>Performs user authentication and returns the authentication result using an asynchronous callback.</p>
</td>
</tr>
<tr id="row17616370011"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p0175638178"><a name="p0175638178"></a><a name="p0175638178"></a>execute(type: AuthType, level: SecureLevel): Promise&lt;number&gt;</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p8257141716153"><a name="p8257141716153"></a><a name="p8257141716153"></a>Performs user authentication and returns the authentication result using a promise.</p>
</td>
</tr>
<tr id="row9616871002"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p944814481776"><a name="p944814481776"></a><a name="p944814481776"></a>cancel(): void</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p175161740144013"><a name="p175161740144013"></a><a name="p175161740144013"></a>Cancels the current authentication.</p>
</td>
</tr>
<tr id="row1445813511477"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p1679911511814"><a name="p1679911511814"></a><a name="p1679911511814"></a>on(type: "tip", callback: Callback&lt;Tip&gt;): void</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p44583514715"><a name="p44583514715"></a><a name="p44583514715"></a>Subscribes to the events of the specified type.</p>
</td>
</tr>
<tr id="row193552551676"><td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.1 "><p id="p11019121988"><a name="p11019121988"></a><a name="p11019121988"></a>off(type: "tip", callback?: Callback&lt;Tip&gt;): void</p>
</td>
<td class="cellrowborder" valign="top" width="50%" headers="mcps1.2.3.1.2 "><p id="p435610551774"><a name="p435610551774"></a><a name="p435610551774"></a>Unsubscribes from the events of the specified type.</p>
</td>
</tr>
</tbody>
</table>
## How to Develop<a name="section13636175015153"></a>
Before starting the development, make the following preparations: Before starting the development, make the following preparations:
...@@ -88,7 +50,7 @@ The development procedure is as follows: ...@@ -88,7 +50,7 @@ The development procedure is as follows:
} }
``` ```
3. <a name="li109311114115111"></a>\(Optional\) Subscribe to tip information. The sample code is as follows: 3. \(Optional\) Subscribe to tip information. The sample code is as follows:
``` ```
let authenticator = userIAM_userAuth.getAuthenticator(); let authenticator = userIAM_userAuth.getAuthenticator();
...@@ -112,7 +74,7 @@ The development procedure is as follows: ...@@ -112,7 +74,7 @@ The development procedure is as follows:
}); });
``` ```
5. \(Optional\) Unsubscribe from tip information if [you have subscribed to tip information](#li109311114115111)you have subscribed to tip information. 5. \(Optional\) Unsubscribe from tip information if you have subscribed to tip information you have subscribed to tip information.
``` ```
let authenticator = userIAM_userAuth.getAuthenticator(); let authenticator = userIAM_userAuth.getAuthenticator();
...@@ -138,4 +100,3 @@ The development procedure is as follows: ...@@ -138,4 +100,3 @@ The development procedure is as follows:
} }
``` ```
# User Authentication Overview<a name="EN-US_TOPIC_0000001050991067"></a> # User Authentication Overview
OpenHarmony provides biometric recognition that can be used for identity authentication in device unlocking, application login, and payment. OpenHarmony provides biometric recognition that can be used for identity authentication in device unlocking, application login, and payment.
OpenHarmony provides both 2D and 3D facial recognition. You can provide either or both of them on your device based on the hardware and technology applied on the device. 3D facial recognition is superior to 2D facial recognition in terms of recognition rate and anti-counterfeiting capability. However, you can use 3D facial recognition only if your device supports capabilities such as 3D structured light and 3D Time of Flight \(TOF\). OpenHarmony provides both 2D and 3D facial recognition. You can provide either or both of them on your device based on the hardware and technology applied on the device. 3D facial recognition is superior to 2D facial recognition in terms of recognition rate and anti-counterfeiting capability. However, you can use 3D facial recognition only if your device supports capabilities such as 3D structured light and 3D Time of Flight \(TOF\).
## Basic Concepts<a name="section95562369310"></a> ## Basic Concepts
Biometric recognition \(also known as biometric authentication\) uses optical, acoustical, and biological sensors, as well as the biological statistics mechanism to identify individuals. Biometric recognition \(also known as biometric authentication\) uses optical, acoustical, and biological sensors, as well as the biological statistics mechanism to identify individuals.
Facial recognition is a biometric recognition technology that identifies individuals based on facial characteristics. A camera is used to collect images or video streams that contain human faces, and automatically detect, track, and recognize the human faces. Facial recognition is a biometric recognition technology that identifies individuals based on facial characteristics. A camera is used to collect images or video streams that contain human faces, and automatically detect, track, and recognize the human faces.
## Working Principles<a name="section87441753103115"></a> ## Working Principles
Facial recognition establishes a secure channel between a camera and a trusted execution environment \(TEE\). Through this channel, face image data is transmitted to the TEE. This protects against any attack from the rich execution environment \(REE\) as the face image data cannot be obtained from the REE. The face image collection, characteristic extraction, alive human body detection, and characteristic comparison are all completed in the TEE. The TEE implements security isolation based on the trust zone. The external face framework only initiates face authentication and processes authentication results. It does not process the human face data. Facial recognition establishes a secure channel between a camera and a trusted execution environment \(TEE\). Through this channel, face image data is transmitted to the TEE. This protects against any attack from the rich execution environment \(REE\) as the face image data cannot be obtained from the REE. The face image collection, characteristic extraction, alive human body detection, and characteristic comparison are all completed in the TEE. The TEE implements security isolation based on the trust zone. The external face framework only initiates face authentication and processes authentication results. It does not process the human face data.
Facial characteristics are stored in the TEE, which uses strong cryptographic algorithms to encrypt and protect the integrity of facial characteristics. The collected and stored facial characteristics will not be transferred out of the TEE without user authorization. This ensures that system or third-party applications cannot obtain facial characteristics, or send or back them up to any external storage medium. Facial characteristics are stored in the TEE, which uses strong cryptographic algorithms to encrypt and protect the integrity of facial characteristics. The collected and stored facial characteristics will not be transferred out of the TEE without user authorization. This ensures that system or third-party applications cannot obtain facial characteristics, or send or back them up to any external storage medium.
## Limitations and Constraints<a name="section6226193317475"></a> ## Limitations and Constraints
- OpenHarmony only supports facial recognition and local authentication, and does not support an authentication UI. - OpenHarmony only supports facial recognition and local authentication, and does not support an authentication UI.
- To use biometric recognition, a device must have a camera with a face image pixel greater than 100x100. - To use biometric recognition, a device must have a camera with a face image pixel greater than 100x100.
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册