Skip to content

D
Docs

OpenHarmony / Docs
大约 1 年 前同步成功

通知 159
Star 292
Fork 28
D
Docs

体验新版 GitCode,发现更多精彩内容 >>

未验证 提交 bc7a7dc4 编写于 作者: O openharmony_ci 提交者: Gitee
浏览文件
操作

!5559 【翻译完成】#I5AXVA 

Merge pull request !5559 from Annie_wang/PR4982
上级 451541fc 3f4d2063
隐藏空白更改
内联 并排
Showing with 106 addition and 103 deletion
en/application-dev/reference/apis/js-apis-useriam-userauth.md
浏览文件 @ bc7a7dc4
......@@ -50,7 +50,7 @@ export default {
try {
console.info("auth onResult result = " + result);
console.info("auth onResult extraInfo = " + JSON.stringify(extraInfo));
if (result == 'SUCCESS') {
if (result == userIAM_userAuth.ResultCode.SUCCESS) {
// Add the logic to be executed when the authentication is successful.
} else {
// Add the logic to be executed when the authentication fails.
......@@ -97,7 +97,7 @@ export default {
}
});
let cancelCode = this.auth.cancel(contextId);
if (cancelCode == userIAM_userAuth.Result.SUCCESS) {
if (cancelCode == userIAM_userAuth.ResultCode.SUCCESS) {
console.info("cancel auth success");
} else {
console.error("cancel auth fail");
......@@ -110,7 +110,7 @@ export default {
getAuthenticator(): Authenticator
> **NOTE**<br/>
> **NOTE**<br>
> This API is not longer maintained since API version 8. You are advised to use [constructor](#constructor8).
Obtains an **Authenticator** object for user authentication.
......@@ -122,7 +122,7 @@ Obtains an **Authenticator** object for user authentication.
**Return value**
| Type | Description |
| ----------------------------------------- | ------------ |
| [Authenticator](#authenticatordeprecated) | **Authenticator** object obtained. |
| [Authenticator](#authenticatordeprecated) | **Authenticator** object obtained.|
**Example**
```js
......@@ -131,7 +131,7 @@ Obtains an **Authenticator** object for user authentication.
## Authenticator<sup>(deprecated)</sup>
> **NOTE**<br/>
> **NOTE**<br>
> This object is not longer maintained since API version 8. You are advised to use [UserAuth](#userauth8).
Provides methods to manage an **Authenticator** object.
......@@ -141,7 +141,7 @@ Provides methods to manage an **Authenticator** object.
execute(type: string, level: string, callback: AsyncCallback&lt;number&gt;): void
> **NOTE**<br/>
> **NOTE**<br>
> This API is not longer maintained since API version 8. You are advised to use [auth](#auth8).
Performs user authentication. This API uses asynchronous callback to return the result.
......@@ -154,15 +154,15 @@ Performs user authentication. This API uses asynchronous callback to return the
| Name | Type | Mandatory| Description |
| -------- | --------------------------- | ---- | ------------------------------------------------------------ |
| type | string | Yes | Authentication type. Only **FACE_ONLY** is supported.<br>**ALL** is reserved and not supported by the current version. |
| level | string | Yes | Security level of the authentication. It can be S1 (lowest), S2, S3, or S4 (highest).<br>Devices capable of 3D facial recognition support S3 and lower-level authentication.<br>Devices capable of 2D facial recognition support S2 and lower-level authentication. |
| type | string | Yes | Authentication type. Only **FACE_ONLY** is supported.<br>**ALL** is reserved and not supported by the current version.|
| level | string | Yes | Security level of the authentication. It can be S1 (lowest), S2, S3, or S4 (highest).<br>Devices capable of 3D facial recognition support S3 and lower-level authentication.<br>Devices capable of 2D facial recognition support S2 and lower-level authentication.|
| callback | AsyncCallback&lt;number&gt; | No | Callback used to return the result. |
Parameters returned in callback
| Type | Description |
| ------ | ------------------------------------------------------------ |
| number | Authentication result. For details, see [AuthenticationResult](#authenticationresultdeprecated). |
| number | Authentication result. For details, see [AuthenticationResult](#authenticationresultdeprecated).|
**Example**
```js
......@@ -180,7 +180,7 @@ Performs user authentication. This API uses asynchronous callback to return the
execute(type:string, level:string): Promise&lt;number&gt;
> **NOTE**<br/>
> **NOTE**<br>
> This API is not longer maintained since API version 8. You are advised to use [auth](#auth8).
Performs user authentication. This API uses a promise to return the result.
......@@ -192,13 +192,13 @@ Performs user authentication. This API uses a promise to return the result.
**Parameters**
| Name| Type | Mandatory| Description |
| ------ | ------ | ---- | ------------------------------------------------------------ |
| type | string | Yes | Authentication type. Only **FACE_ONLY** is supported.<br>**ALL** is reserved and not supported by the current version. |
| level | string | Yes | Security level of the authentication. It can be S1 (lowest), S2, S3, or S4 (highest).<br>Devices capable of 3D facial recognition support S3 and lower-level authentication.<br>Devices capable of 2D facial recognition support S2 and lower-level authentication. |
| type | string | Yes | Authentication type. Only **FACE_ONLY** is supported.<br>**ALL** is reserved and not supported by the current version.|
| level | string | Yes | Security level of the authentication. It can be S1 (lowest), S2, S3, or S4 (highest).<br>Devices capable of 3D facial recognition support S3 and lower-level authentication.<br>Devices capable of 2D facial recognition support S2 and lower-level authentication.|
**Return value**
| Type | Description |
| --------------------- | ------------------------------------------------------------ |
| Promise&lt;number&gt; | Promise used to return the authentication result, which is a number. For details, see [AuthenticationResult](#authenticationresultdeprecated). |
| Promise&lt;number&gt; | Promise used to return the authentication result, which is a number. For details, see [AuthenticationResult](#authenticationresultdeprecated).|
**Example**
......@@ -213,7 +213,7 @@ authenticator.execute("FACE_ONLY", "S2").then((code)=>{
## AuthenticationResult<sup>(deprecated)</sup>
> **NOTE**<br/>
> **NOTE**<br>
> This parameter is not longer maintained since API version 8. You are advised to use [ResultCode](#resultcode8).
Enumerates the authentication results.
......@@ -222,7 +222,7 @@ Enumerates the authentication results.
| Name | Default Value| Description |
| ------------------ | ------ | -------------------------- |
| NO_SUPPORT | -1 | The device does not support the current authentication mode. |
| NO_SUPPORT | -1 | The device does not support the current authentication mode.|
| SUCCESS | 0 | The authentication is successful. |
| COMPARE_FAILURE | 1 | The feature comparison failed. |
| CANCELED | 2 | The authentication was canceled by the user. |
......@@ -230,7 +230,7 @@ Enumerates the authentication results.
| CAMERA_FAIL | 4 | The camera failed to start. |
| BUSY | 5 | The authentication service is not available. Try again later. |
| INVALID_PARAMETERS | 6 | The authentication parameters are invalid. |
| LOCKED | 7 | The user account is locked because the number of authentication failures has reached the threshold. |
| LOCKED | 7 | The user account is locked because the number of authentication failures has reached the threshold.|
| NOT_ENROLLED | 8 | No authentication credential is registered. |
| GENERAL_ERROR | 100 | Other errors. |
......@@ -252,7 +252,7 @@ A constructor used to create an **authenticator** object.
| Type | Description |
| ---------------------- | -------------------- |
| [UserAuth](#userauth8) | **Authenticator** object obtained. |
| [UserAuth](#userauth8) | **Authenticator** object obtained.|
**Example**
......@@ -276,7 +276,7 @@ Obtains the authentication executor version.
| Type | Description |
| ------ | ---------------------- |
| number | Authentication executor version obtained. |
| number | Authenticator version obtained.|
**Example**
......@@ -302,14 +302,14 @@ Checks whether the authentication capability of the specified trust level is ava
| Name | Type | Mandatory| Description |
| -------------- | ---------------------------------- | ---- | -------------------------- |
| authType | [UserAuthType](#userauthtype8) | Yes | Authentication type. Only **FACE** is supported. |
| authType | [UserAuthType](#userauthtype8) | Yes | Authentication type. Only **FACE** is supported.|
| authTrustLevel | [AuthTrustLevel](#authtrustlevel8) | Yes | Trust level of the authentication result. |
**Return value**
| Type | Description |
| ------ | ------------------------------------------------------------ |
| number | Whether the authentication capability of the specified trust level is available. For details, see [ResultCode](#resultcode8). |
| number | Whether the authentication capability of the specified trust level is available. For details, see [ResultCode](#resultcode8).|
**Example**
......@@ -342,7 +342,7 @@ Performs user authentication. This API uses a callback to return the result.
| Name | Type | Mandatory| Description |
| -------------- | ---------------------------------------- | ---- | ------------------------ |
| challenge | Uint8Array | Yes | Challenge value, which can be null. |
| authType | [UserAuthType](#userauthtype8) | Yes | Authentication type. Only **FACE** is supported. |
| authType | [UserAuthType](#userauthtype8) | Yes | Authentication type. Only **FACE** is supported.|
| authTrustLevel | [AuthTrustLevel](#authtrustlevel8) | Yes | Trust level. |
| callback | [IUserAuthCallback](#iuserauthcallback8) | Yes | Callback used to return the result. |
......@@ -350,7 +350,7 @@ Performs user authentication. This API uses a callback to return the result.
| Type | Description |
| ---------- | ------------------------------------------------------------ |
| Uint8Array | ContextId, which is used as the input parameter of [cancelAuth](#cancelauth8). |
| Uint8Array | ContextId, which is used as the input parameter of [cancelAuth](#cancelauth8).|
**Example**
......@@ -389,13 +389,13 @@ Cancels an authentication.
| Name | Type | Mandatory| Description |
| --------- | ---------- | ---- | ------------------------------------------ |
| contextID | Uint8Array | Yes | Context ID, which is obtained using [auth](#auth8). |
| contextID | Uint8Array | Yes | Context ID, which is obtained using [auth](#auth8).|
**Return value**
| Type | Description |
| ------ | ------------------------ |
| number | Whether the authentication is canceled. |
| number | Whether the authentication is canceled.|
**Example**
......@@ -429,7 +429,7 @@ Obtains the authentication result.
| Name | Type | Mandatory| Description |
| --------- | -------------------------- | ---- | ------------------------------------------------------------ |
| result | number | Yes | Authentication result obtained. For details, see [ResultCode](#resultcode8). |
| extraInfo | [AuthResult](#authresult8) | Yes | Extended information, which varies depending on the authentication result.<br>If the authentication is successful, the user authentication token will be returned in **extraInfo**.<br>If the authentication fails, the remaining number of authentication times will be returned in **extraInfo**.<br>If the authentication executor is locked, the freeze time will be returned in **extraInfo**. |
| extraInfo | [AuthResult](#authresult8) | Yes | Extended information, which varies depending on the authentication result.<br>If the authentication is successful, the user authentication token will be returned in **extraInfo**.<br>If the authentication fails, the remaining number of authentication times will be returned in **extraInfo**.<br>If the authentication executor is locked, the freeze time will be returned in **extraInfo**.|
**Example**
......@@ -443,7 +443,7 @@ Obtains the authentication result.
try {
console.info("auth onResult result = " + result);
console.info("auth onResult extraInfo = " + JSON.stringify(extraInfo));
if (result == SUCCESS) {
if (result == userIAM_userAuth.ResultCode.SUCCESS) {
// Add the logic to be executed when the authentication is successful.
} else {
// Add the logic to be executed when the authentication fails.
......@@ -478,7 +478,7 @@ Obtains the tip code information during authentication. This function is optiona
| Name | Type | Mandatory| Description |
| --------- | ------ | ---- | ------------------------------ |
| module | number | Yes | Type of the authentication executor. |
| acquire | number | Yes | Interaction information of the authentication executor during the authentication process. |
| acquire | number | Yes | Interaction information of the authentication executor during the authentication process.|
| extraInfo | any | Yes | Reserved field. |
**Example**
......@@ -492,7 +492,7 @@ Obtains the tip code information during authentication. This function is optiona
try {
console.info("auth onResult result = " + result);
console.info("auth onResult extraInfo = " + JSON.stringify(extraInfo));
if (result == SUCCESS) {
if (result == userIAM_userAuth.ResultCode.SUCCESS) {
// Add the logic to be executed when the authentication is successful.
} else {
// Add the logic to be executed when the authentication fails.
......@@ -523,8 +523,8 @@ Represents the authentication result object.
| Name | Type | Mandatory| Description |
| ------------ | ---------- | ---- | -------------------- |
| token | Uint8Array | No | Identity authentication token. |
| remainTimes | number | No | Number of remaining authentication operations. |
| freezingTime | number | No | Time for which the authentication operation is frozen. |
| remainTimes | number | No | Number of remaining authentication operations.|
| freezingTime | number | No | Time for which the authentication operation is frozen.|
## ResultCode<sup>8+</sup>
......@@ -544,7 +544,7 @@ Enumerates the operation results.
| BUSY | 7 | Indicates the busy state. |
| INVALID_PARAMETERS | 8 | Invalid parameters are detected. |
| LOCKED | 9 | The authentication executor is locked. |
| NOT_ENROLLED | 10 | The user has not entered the authentication information. |
| NOT_ENROLLED | 10 | The user has not entered the authentication information.|
## FaceTips<sup>8+</sup>
......@@ -563,7 +563,7 @@ Enumerates the tip codes used during the facial authentication process.
| FACE_AUTH_TIP_TOO_LOW | 6 | Only the lower part of the face is captured because the device is angled too low. |
| FACE_AUTH_TIP_TOO_RIGHT | 7 | Only the right part of the face is captured because the device is deviated to the right. |
| FACE_AUTH_TIP_TOO_LEFT | 8 | Only the left part of the face is captured because the device is deviated to the left. |
| FACE_AUTH_TIP_TOO_MUCH_MOTION | 9 | The face moves too fast during facial information collection. |
| FACE_AUTH_TIP_TOO_MUCH_MOTION | 9 | The face moves too fast during facial information collection.|
| FACE_AUTH_TIP_POOR_GAZE | 10 | The face is not facing the camera. |
| FACE_AUTH_TIP_NOT_DETECTED | 11 | No face is detected. |
......@@ -577,7 +577,7 @@ Enumerates the tip codes used during the fingerprint authentication process.
| Name | Default Value| Description |
| --------------------------------- | ------ | -------------------------------------------------- |
| FINGERPRINT_AUTH_TIP_GOOD | 0 | The obtained fingerprint image is in good condition. |
| FINGERPRINT_AUTH_TIP_DIRTY | 1 | Large fingerprint image noise is detected due to suspicious or detected dirt on the sensor. |
| FINGERPRINT_AUTH_TIP_DIRTY | 1 | Large fingerprint image noise is detected due to suspicious or detected dirt on the sensor.|
| FINGERPRINT_AUTH_TIP_INSUFFICIENT | 2 | The noise of the fingerprint image is too large to be processed. |
| FINGERPRINT_AUTH_TIP_PARTIAL | 3 | Incomplete fingerprint image is detected. |
| FINGERPRINT_AUTH_TIP_TOO_FAST | 4 | The fingerprint image is incomplete due to fast movement. |
......@@ -592,8 +592,8 @@ Enumerates the identity authentication types.
| Name | Default Value| Description |
| ----------- | ------ | ---------- |
| FACE | 2 | Facial authentication. |
| FINGERPRINT | 4 | Fingerprint authentication. |
| FACE | 2 | Facial authentication.|
| FINGERPRINT | 4 | Fingerprint authentication.|
## AuthTrustLevel<sup>8+</sup>
......@@ -603,7 +603,7 @@ Enumerates the trust levels of the authentication result.
| Name| Default Value| Description |
| ---- | ------ | ------------------------- |
| ATL1 | 10000 | Trust level 1. |
| ATL2 | 20000 | Trust level 2. |
| ATL3 | 30000 | Trust level 3. |
| ATL4 | 40000 | Trust level 4. |
| ATL1 | 10000 | Trust level 1.|
| ATL2 | 20000 | Trust level 2.|
| ATL3 | 30000 | Trust level 3.|
| ATL4 | 40000 | Trust level 4.|
en/application-dev/security/accesstoken-overview.md
浏览文件 @ bc7a7dc4
......@@ -101,7 +101,7 @@ The permissions open to apps vary with the permission level. The permission leve
As described above, permission levels and app APLs are in one-to-one correspondence. In principle, **an app with a lower APL cannot apply for higher permissions by default**.
The Access Control List (ACL) makes low-level apps to have high-level permissions.
The Access Control List (ACL) makes low-level apps have high-level permissions.
**Example**
......
en/application-dev/security/userauth-guidelines.md
浏览文件 @ bc7a7dc4
# User Authentication Development
> ![icon-note.gif](../public_sys-resources/icon-note.gif) **NOTE**<br/>
> ![icon-note.gif](../public_sys-resources/icon-note.gif) **NOTE**<br>
> This development guide applies to the SDK of API Version 8 or later.
## When to Use
......@@ -68,7 +68,7 @@ The development procedure is as follows:
try {
console.info("auth onResult result = " + result);
console.info("auth onResult extraInfo = " + JSON.stringify(extraInfo));
if (result == 'SUCCESS') {
if (result == userIAM_userAuth.ResultCode.SUCCESS) {
// Add the logic to be executed when the authentication is successful.
} else {
// Add the logic to be executed when the authentication fails.
......
en/device-dev/driver/Readme-EN.md
浏览文件 @ bc7a7dc4
......@@ -45,14 +45,14 @@
- Peripheral Driver Usage
- [Audio](driver-peripherals-audio-des.md)
- [Camera](driver-peripherals-camera-des.md)
- [Face_auth](driver-peripherals-face_auth-des.md)
- [Facial Authentication](driver-peripherals-face_auth-des.md)
- [LCD](driver-peripherals-lcd-des.md)
- [Light](driver-peripherals-light-des.md)
- [Pin_auth](driver-peripherals-pinauth-des.md)
- [PIN Authentication](driver-peripherals-pinauth-des.md)
- [Sensor](driver-peripherals-sensor-des.md)
- [Touchscreen](driver-peripherals-touch-des.md)
- [USB](driver-peripherals-usb-des.md)
- [User_auth](driver-peripherals-user-auth-des.md)
- [User Authentication](driver-peripherals-user-auth-des.md)
- [Vibrator](driver-peripherals-vibrator-des.md)
- [WLAN](driver-peripherals-external-des.md)
en/device-dev/driver/driver-peripherals-face_auth-des.md
浏览文件 @ bc7a7dc4
# Face_auth
# Facial Authentication
## Overview
### Function
Facial authentication provides user authentication capabilities in identity authentication scenarios, such as device unlocking, payment, and app logins. It uses biometric recognition technologies to identify individuals based on facial characteristics. A camera is used to collect images or video streams that contain human faces, and automatically detect, track, and recognize human faces. Facial authentication is also called facial recognition or face recognition. The figure below shows the architecture of facial authentication.
Facial authentication provides user authentication capabilities in identity authentication scenarios, such as device unlocking, payment, and app logins. It uses biometric recognition technologies to identify individuals based on facial characteristics. A camera is used to collect images or video streams that contain human faces, and automatically detect, track, and recognize human faces. Facial authentication is also called facial recognition. The figure below shows the architecture of facial authentication.
The face authentication driver (Face_auth) driver is developed based on the Hardware Driver Foundation (HDF) driver framework. It shields hardware differences and provides stable facial authentication capabilities for the user authentication framework (User_auth) and Face_auth service. The facial authentication capabilities include obtaining facial recognition executor list, executor information, and template information by template ID, comparing face image template information of the executor and that of User_auth, enrolling or deleting face templates, and performing facial authentication.
The face authentication (Face_auth) driver is developed based on the Hardware Driver Foundation (HDF). It shields hardware differences and provides stable facial authentication capabilities for the user authentication framework (User_auth) and Face_auth service. The facial authentication capabilities include obtaining facial recognition executor list, executor information, and template information by template ID, comparing face image template information of the executor and that of User_auth, enrolling or deleting face image templates, and performing facial authentication.
**Figure 1** Facial authentication architecture
......@@ -14,14 +14,14 @@ The face authentication driver (Face_auth) driver is developed based on the Hard
### Basic Concepts
The identity authentication consists of User_auth and basic authentication services (including PIN authentication and facial authentication). It supports basic functions such as setting and deleting user credentials and performing authentication. The system supports user identity authentication and provides data collection, processing, storage, and comparison capabilities.
The identity authentication consists of User_auth and basic authentication services (including PIN authentication and facial authentication). It supports basic functions such as setting and deleting user credentials and performing authentication. The system supports user identity authentication and data collection, processing, storage, and comparison.
- Executor
The executor collects, processes, stores, and compares data for authentication. Each authentication service provides the executor capabilities, which are scheduled by User_auth to implement basic capabilities.
- Executor security level
Certain security level is required for the execution environment of an executor. For example, the executor security level is low for an operation performed without access control and high for an operation performed in a Trusted Execution Environment (TEE).
Security level required for the execution environment of an executor.
- Executor role
......@@ -39,11 +39,11 @@ The identity authentication consists of User_auth and basic authentication servi
To ensure user data security and authentication result accuracy, measures must be taken to protect the integrity of the key information exchanged between User_auth and basic authentication services. Public keys must be exchanged when the executor provided by a basic authentication service interworks with User_auth.
The executor uses the User_auth public key to verify scheduling instructions. For example, if a face image template is locked, the related facial authentication capability cannot be used. The instruction for unlocking the face image template must be verified before being executed.
The executor uses the User_auth public key to verify scheduling instructions.
User_auth uses the executor public key to verify the authentication result accuracy and the integrity of the information exchanged with the executor.
- Facial authentication credential template
- Authentication credential template
Authentication credentials are generated and stored by the authentication service when users set authentication credentials. Each template has an ID to index a set of template information files. The template information needs to be compared with the authentication data generated during authentication to complete identity authentication.
......@@ -53,7 +53,7 @@ The identity authentication consists of User_auth and basic authentication servi
### Working Principles
The Face_auth driver provides basic facial authentication capabilities for the User_auth framework and Face_auth service to ensure successful facial authentication.
The Face_auth driver provides basic facial authentication capabilities for the User_auth and Face_auth service to ensure successful facial authentication.
You can develop drivers to call Hardware Device Interface (HDI) APIs based on the HDF and the chip you use.
**Figure 2** Face_auth service and Face_auth driver interaction
......@@ -62,15 +62,15 @@ You can develop drivers to call Hardware Device Interface (HDI) APIs based on th
### Constraints
- To implement facial authentication, the device must have a camera with a face image pixel greater than 100x100.
- TEE must be available, and facial feature information must be encrypted and stored in a TEE.
- To implement facial authentication, the device must have a camera and the face image must be greater than 100 x 100 pixels.
- A Trusted Execution Environment (TEE) must be available, and facial feature information must be encrypted and stored in a TEE.
- The face matching accuracy varies with people with similar looks and children whose facial features keep changing. If you are concerned about this, consider using other authentication modes.
## Development Guidelines
### When to Use
The Face_auth driver provides basic facial authentication capabilities for the User_auth framework and Face_auth service to ensure successful facial authentication.
The Face_auth driver provides basic facial authentication capabilities for the User_auth and Face_auth service to ensure successful facial authentication.
### Available APIs
......@@ -79,12 +79,12 @@ The Face_auth driver provides basic facial authentication capabilities for the U
| API | Description |
| ------------------------------------------------------------ | ------------------------------------------------------------ |
| GetExecutorList(std::vector<sptr<IExecutor>>& executorList) | Obtains the executor list. |
| GetExecutorInfo(ExecutorInfo& info) | Obtain the executor information, including the executor type, executor role, authentication type, security level, and executor public key.|
| GetExecutorInfo(ExecutorInfo& info) | Obtains the executor information, including the executor type, executor role, authentication type, security level, and executor public key.|
| GetTemplateInfo(uint64_t templateId, TemplateInfo& info) | Obtains information about a face image template based on the specified template ID. |
| OnRegisterFinish(const std::vector<uint64_t>& templateIdList,<br> const std::vector<uint8_t>& frameworkPublicKey, const std::vector<uint8_t>& extraInfo) | Obtains the public key and template ID list from User_auth after the executor is registered successfully.|
| Enroll(uint64_t scheduleId, const std::vector<uint8_t>& extraInfo,<br> const sptr<IExecutorCallback>& callbackObj) | Enrolls a face image template. |
| Authenticate(uint64_t scheduleId, const std::vector<uint64_t>& templateIdList,<br> const std::vector<uint8_t>& extraInfo, const sptr<IExecutorCallback>& callbackObj) | Performs facial authentication. |
| Identify(uint64_t scheduleId, const std::vector<uint8_t>& extraInfo,<br> const sptr<IExecutorCallback>& callbackObj) | Performs face identification. |
| Identify(uint64_t scheduleId, const std::vector<uint8_t>& extraInfo,<br> const sptr<IExecutorCallback>& callbackObj) | Performs facial identification. |
| Delete(const std::vector<uint64_t>& templateIdList) | Deletes a face image template. |
| Cancel(uint64_t scheduleId) | Cancels a face enrolling, authentication, or identification operation based on the **scheduleId**. |
| SendCommand(int32_t commandId, const std::vector<uint8_t>& extraInfo,<br> const sptr<IExecutorCallback>& callbackObj) | Sends commands to the Face_auth service. |
......@@ -98,7 +98,7 @@ The Face_auth driver provides basic facial authentication capabilities for the U
### How to Develop
The following uses the Hi3516DV300 platform as an example to demonstrate how to develop the Face_auth driver. <br/>The directory structure is as follows:
The following uses the Hi3516D V300 development board as an example to demonstrate how to develop the Face_auth driver. <br/>The directory structure is as follows:
```undefined
// drivers/peripheral/face_auth
......@@ -118,7 +118,7 @@ The development procedure is as follows:
1. Develop the Face_auth driver based on the HDF. The **Bind()**, **Init()**, **Release()**, and **Dispatch()** functions are used. For details about the code, see [face_auth_interface_driver.cpp](https://gitee.com/openharmony/drivers_peripheral/blob/master/face_auth/hdi_service/src/face_auth_interface_driver.cpp).
```c++
// Create the IRemoteObject object by using the custom HdfFaceAuthInterfaceHost object, which consists of the IoService object and HDI service.
// Create an IRemoteObject object by using the custom HdfFaceAuthInterfaceHost object, which consists of the IoService object and HDI service.
struct HdfFaceAuthInterfaceHost {
struct IDeviceIoService ioService;
OHOS::sptr<OHOS::IRemoteObject> stub;
......@@ -152,6 +152,10 @@ The development procedure is as follows:
int HdfFaceAuthInterfaceDriverInit(struct HdfDeviceObject *deviceObject)
{
IAM_LOGI("start");
if (!HdfDeviceSetClass(deviceObject, DEVICE_CLASS_USERAUTH)) {
IAM_LOGE("set face auth hdf class failed");
return HDF_FAILURE;
}
return HDF_SUCCESS;
}
......@@ -161,7 +165,7 @@ The development procedure is as follows:
IAM_LOGI("start");
auto *hdfFaceAuthInterfaceHost = new (std::nothrow) HdfFaceAuthInterfaceHost;
if (hdfFaceAuthInterfaceHost == nullptr) {
IAM_LOGE("%{public}s: failed to create create HdfFaceAuthInterfaceHost object", __func__);
IAM_LOGE("%{public}s: Failed to create HdfFaceAuthInterfaceHost object", __func__);
return HDF_FAILURE;
}
......@@ -171,7 +175,7 @@ The development procedure is as follows:
auto serviceImpl = IFaceAuthInterface::Get(true);
if (serviceImpl == nullptr) {
IAM_LOGE("%{public}s: Failed to implement the service", __func__);
IAM_LOGE("%{public}s: Failed to implement service", __func__);
return HDF_FAILURE;
}
......@@ -271,7 +275,7 @@ The development procedure is as follows:
{
IAM_LOGI("interface mock start");
info = executorInfo_;
IAM_LOGI("get executor information success");
IAM_LOGI("Executor information got successfully");
return HDF_SUCCESS;
}
......@@ -281,7 +285,7 @@ The development procedure is as follows:
IAM_LOGI("interface mock start");
static_cast<void>(templateId);
info = {0};
IAM_LOGI("get template information success");
IAM_LOGI("Template information got successfully");
return HDF_SUCCESS;
}
......@@ -293,11 +297,11 @@ The development procedure is as follows:
static_cast<void>(templateIdList);
static_cast<void>(extraInfo);
static_cast<void>(frameworkPublicKey);
IAM_LOGI("register finish");
IAM_LOGI("Registration finished");
return HDF_SUCCESS;
}
// Enroll face image.
// Enroll a face image.
int32_t Enroll(uint64_t scheduleId, const std::vector<uint8_t>& extraInfo,
const sptr<IExecutorCallback>& callbackObj)
{
......@@ -330,7 +334,7 @@ The development procedure is as follows:
return HDF_SUCCESS;
}
// Perform face recognition.
// Perform facial recognition.
int32_t Identify(uint64_t scheduleId, const std::vector<uint8_t>& extraInfo,
const sptr<IExecutorCallback>& callbackObj)
{
......@@ -364,7 +368,7 @@ The development procedure is as follows:
return HDF_SUCCESS;
}
// Send template freezing or unlocking command from the Face_auth service to the Face_auth driver.
// Send template locking or unlocking command from the Face_auth service to the Face_auth driver.
int32_t SendCommand(int32_t commandId, const std::vector<uint8_t>& extraInfo,
const sptr<IExecutorCallback>& callbackObj)
{
......@@ -417,7 +421,7 @@ The development procedure is as follows:
### Verification
Use the [User Authentication APIs](../../application-dev/reference/apis/js-apis-useriam-userauth.md) to develop a JavaScript application and verify the application on the Hi3516DV300 platform. The sample code for verifying the authentication and authentication cancellation is as follows:
Use the [User Authentication APIs](../../application-dev/reference/apis/js-apis-useriam-userauth.md) to develop a JavaScript application and verify the application on the Hi3516D V300 development board. The sample code for verifying and canceling the authentication is as follows:
```js
// API version 8
......@@ -426,7 +430,7 @@ let auth = new userIAM_userAuth.UserAuth();
export default {
getVersion() {
console.info("start get version");
console.info("start to get version");
let version = this.auth.getVersion();
console.info("auth version = " + version);
},
......@@ -438,7 +442,7 @@ export default {
try {
console.info("auth onResult result = " + result);
console.info("auth onResult extraInfo = " + JSON.stringify(extraInfo));
if (result == 'SUCCESS') {
if (result == userIAM_userAuth.ResultCode.SUCCESS) {
// Add the logic to be executed when the authentication is successful.
} else {
// Add the logic to be executed when the authentication fails.
......@@ -473,10 +477,10 @@ export default {
}
});
let cancelCode = this.auth.cancel(contextId);
if (cancelCode == userIAM_userAuth.Result.SUCCESS) {
console.info("cancel auth success");
if (cancelCode == userIAM_userAuth.ResultCode.SUCCESS) {
console.info("Authentication canceled successfully");
} else {
console.error("cancel auth fail");
console.error("failed to cancel authentication");
}
}
}
......
en/device-dev/driver/driver-peripherals-pinauth-des.md
浏览文件 @ bc7a7dc4
# Pin_auth
# PIN Authentication
## Overview
### Function
Personal Identification Number (PIN) authentication provides user authentication capabilities in identity authentication scenarios, such as device unlocking, payment, and app logins. After a user registers a PIN, the PIN authentication (Pin_auth) module unlocks the device only when a correct PIN is entered. The figure below shows the architecture of PIN authentication.
Personal Identification Number (PIN) authentication provides user authentication capabilities in identity authentication scenarios, such as device unlocking, payment, and app logins. After a user registers a PIN, the PIN authentication (Pin_auth) module unlocks the device only when the correct PIN is entered. The figure below shows the architecture of PIN authentication.
The Pin_auth driver is developed based on the Hardware Driver Foundation (HDF). The Pin_auth driver model shields hardware differences and provides stable PIN authentication capabilities for the user User_auth framework (User_auth) and PIN authentication system ability (SA). The PIN authentication capabilities include obtaining the PIN authentication executor list, executor information, and anti-brute force information of the specified template, comparing the template ID list of the executor and that of User_auth, enrolling or deleting PINs, and performing PIN authentication.
......@@ -21,7 +21,7 @@ The identity authentication consists of User_auth and basic authentication servi
- Executor security level
Certain security level is required for the execution environment of an executor. For example, the executor security level is low for an operation performed without access control and high for an operation performed in a Trusted Execution Environment (TEE).
Security level required for the execution environment of an executor.
- Executor role
......@@ -58,10 +58,10 @@ The Pin_auth driver provides basic PIN authentication capabilities for the upper
**Figure 2** Pin_auth service and pin_auth driver APIs
![image](figures/pin_auth_service_and_driver_interaction.png "interaction between the Pin_auth service and driver")
![image](figures/pin_auth_service_and_driver_interaction.png "interaction between the pin_auth service and driver")
### Constraints
PIN authentication must be implemented in a TEE, and the confidential information, such as PINs and credentials, must be stored in a TEE.
PIN authentication must be implemented in a Trusted Execution Environment (TEE), and the confidential information, such as PINs and credentials, must be stored in a TEE.
## Development Guidelines
### When to Use
......@@ -526,8 +526,7 @@ The development procedure is as follows:
### Verification
Verify whether PIN authentication can be successfully performed on the RK3568 platform as follows:
1. Set a PIN.
1. Set a PIN.<br/>
Touch **Settings** > **Biometrics & passwords** > **Password**, and enter your password.
2. Verify PIN authentication.
......
en/device-dev/driver/driver-peripherals-user-auth-des.md
浏览文件 @ bc7a7dc4
# User_auth
# User Authentication
## Overview
......@@ -6,7 +6,7 @@
User authentication is indispensable in identity authentication scenarios, such as device unlocking, payment, and app logins. The user authentication framework (User_auth) manages the mappings between user identities and authentication credential templates in a unified manner. It schedules executors implemented by basic authentication services (including PIN authentication and facial recognition) to register user authentication credentials, delete credentials, obtain related information, and complete authentication. The figure below shows the architecture of user authentication.
The User_auth driver is developed based on the Hardware Driver Foundation (HDF). It shields hardware differences and provides stable user authentication capabilities for apps and account management system ability (SA). It supports user credential management, authentication information enrollment, authentication scheme generation, and authentication executor information management.
The User_auth driver is developed based on the Hardware Driver Foundation (HDF). It shields hardware differences and provides stable user authentication capabilities for apps and account management system ability (SA). It supports user credential management, authentication information enrollment, authentication scheme generation, and executor information management.
**Figure 1** User authentication architecture
......@@ -41,7 +41,7 @@ The identity authentication consists of the User_auth framework and basic authen
- Executor security level
Certain security level is required for the execution environment of an executor. For example, the executor security level is low for an operation performed without access control and high for an operation performed in a Trusted Execution Environment (TEE).
Security level required for the execution environment of an executor.
- User_auth public key & executor public key
......@@ -66,11 +66,11 @@ The identity authentication consists of the User_auth framework and basic authen
- SA
SAs are loaded by the System Ability Manager service to provide basic system capabilities for the OpenHarmony system.
SAs are loaded by the System Ability Manager to provide basic system capabilities for OpenHarmony devices.
- Kit
The kit provides basic application programming interfaces (APIs) for third-party applications.
The kit provides basic APIs for third-party applications.
- Inner API
......@@ -78,22 +78,22 @@ The identity authentication consists of the User_auth framework and basic authen
### Working Principles
The User_auth driver shields the differences of security devices and environments. It provides unified interface for the User_auth service to implement management of authentication executors and credentials as well as authentication scheme generation.
The User_auth driver shields the differences of security devices and environments. It provides unified interfaces for the User_auth service to implement management of executors and credentials as well as authentication scheme generation.
You can develop drivers to call Hardware Device Interface (HDI) APIs based on the HDF and the chip you use.
**Figure 2** User_auth service and User_auth driver APIs
![image](figures/user_auth_service_and_driver_api.png "interaction between the uin_auth service and driver")
![image](figures/user_auth_service_and_driver_api.png "interaction between the user_auth service and driver")
### Constraints
The User_auth driver must be implemented in a TEE to ensure secure storage of user credential information and trustworthiness of user authentication results.
The User_auth driver must be implemented in a Trusted Execution Environment (TEE) to ensure secure storage of user credentials and trustworthiness of user authentication results.
## Development Guidelines
### When to Use
The User_auth driver provides stable user credential management, authentication session management, and executor information management capabilities for the User_auth service to ensure successful PIN authentication and biometric recognition on devices.
The User_auth driver provides stable user credential management, authentication session management, and executor information management for the User_auth service to ensure successful PIN authentication and biometric recognition on devices.
### Available APIs
......@@ -106,7 +106,7 @@ The User_auth driver provides stable user credential management, authentication
| DeleteExecutor(uint64_t index) | Deletes an executor. |
| OpenSession(int32_t userId, std::vector<uint8_t>& challenge) | Opens a session for authentication credential management. |
| CloseSession(int32_t userId) | Closes a session for authentication credential management. |
| BeginEnrollment(int32_t userId, const std::vector<uint8_t>& authToken, const EnrollParam& param,<br> ScheduleInfo& info) | Enrolls the user authentication credential. If a user has enrolled a PIN, the new PIN enrolled will replace the old PIN.|
| BeginEnrollment(int32_t userId, const std::vector<uint8_t>& authToken, const EnrollParam& param,<br> ScheduleInfo& info) | Enrolls the user authentication credential. If a user has enrolled a PIN, the old PIN will be overwritten.|
| UpdateEnrollmentResult(int32_t userId, const std::vector<uint8_t>& scheduleResult, uint64_t& credentialId,<br> CredentialInfo& oldInfo) | Updates the data to complete this enrollment. |
| CancelEnrollment(int32_t userId) | Cancels an enrollment operation. |
| DeleteCredential(int32_t userId, uint64_t credentialId, const std::vector<uint8_t>& authToken,<br> CredentialInfo& info) | Deletes credential information based on the specified **credentialId**. |
......@@ -119,13 +119,13 @@ The User_auth driver provides stable user credential management, authentication
| CancelAuthentication(uint64_t contextId) | Cancels an authentication. |
| BeginIdentification(uint64_t contextId, AuthType authType, const std::vector<int8_t>& challenge,<br> uint32_t executorId, ScheduleInfo& scheduleInfo) | Starts an identification to generate the identification scheme and scheduling information. |
| UpdateIdentificationResult(uint64_t contextId, const std::vector<uint8_t>& scheduleResult,<br> IdentifyResultInfo& info) | Updates the identification result to evaluate the identification scheme. |
| CancelIdentification(uint64_t contextId) | Cancel an identification. |
| CancelIdentification(uint64_t contextId) | Cancels an identification. |
| GetAuthTrustLevel(int32_t userId, AuthType authType, uint32_t& authTrustLevel) | Obtains the authentication trust level of the specified authentication type. |
| GetValidSolution(int32_t userId, const std::vector<AuthType>& authTypes, uint32_t authTrustLevel,<br> std::vector<AuthType>& validTypes) | Obtains the valid authentication scheme based on the authentication trust level for a user. |
### How to Develop
The following uses the Hi3516DV300 platform as an example to demonstrate how to develop the User_auth driver. <br/>The directory structure is as follows:
The following uses the Hi3516D V300 development board as an example to demonstrate how to develop the User_auth driver. <br/>The directory structure is as follows:
```undefined
// drivers/peripheral/user_auth
......@@ -144,7 +144,7 @@ The development procedure is as follows:
1. Develop the User_auth driver based on the HDF. The **Bind()**, **Init()**, **Release()**, and **Dispatch()** functions are used. For details about the code, see [user_auth_interface_driver.cpp](https://gitee.com/openharmony/drivers_peripheral/blob/master/user_auth/hdi_service/service/user_auth_interface_driver.cpp).
```c++
// Create the IRemoteObject object by using the custom HdfUserAuthInterfaceHost object, which consists of the IoService object and HDI service.
// Create an IRemoteObject object by using the custom HdfUserAuthInterfaceHost object, which consists of the IoService object and HDI service.
struct HdfUserAuthInterfaceHost {
struct IDeviceIoService ioService;
OHOS::sptr<OHOS::IRemoteObject> stub;
......@@ -197,7 +197,7 @@ The development procedure is as follows:
auto serviceImpl = IUserAuthInterface::Get(true);
if (serviceImpl == nullptr) {
HDF_LOGE("%{public}s: failed to get of implement service", __func__);
HDF_LOGE("%{public}s: Failed to obtain service", __func__);
return HDF_FAILURE;
}
......@@ -310,18 +310,18 @@ The development procedure is as follows:
CoAuthSchedule scheduleInfo;
int32_t ret = CheckEnrollPermission(checkParam, &scheduleInfo.scheduleId);
if (ret != RESULT_SUCCESS) {
IAM_LOGE("check permission failed");
IAM_LOGE("Permission check failed");
GlobalUnLock();
return ret;
}
ret = GetCoAuthSchedule(&scheduleInfo);
if (ret != RESULT_SUCCESS) {
IAM_LOGE("get schedule info failed");
IAM_LOGE("Failed to get schedule info");
GlobalUnLock();
return ret;
}
if (!CopyScheduleInfo(&scheduleInfo, &info)) {
IAM_LOGE("copy schedule info failed");
IAM_LOGE("Failed to copy schedule info");
ret = RESULT_BAD_COPY;
}
GlobalUnLock();
......@@ -456,7 +456,7 @@ The development procedure is as follows:
UserAuthTokenHal authTokenHal;
info.result = RequestAuthResultFunc(contextId, scheduleResultBuffer, &authTokenHal);
if (info.result != RESULT_SUCCESS) {
IAM_LOGE("execute func failed");
IAM_LOGE("Failed to execute the function");
DestoryBuffer(scheduleResultBuffer);
GlobalUnLock();
return info.result;
......@@ -481,7 +481,7 @@ The development procedure is as follows:
uint32_t scheduleIdNum = 0;
int32_t ret = CancelContextFunc(contextId, nullptr, &scheduleIdNum);
if (ret != RESULT_SUCCESS) {
IAM_LOGE("execute func failed");
IAM_LOGE("Failed to execute the function");
GlobalUnLock();
return ret;
}
......@@ -492,7 +492,7 @@ The development procedure is as follows:
### Verification
Use the [User Authentication APIs](../../application-dev/reference/apis/js-apis-useriam-userauth.md) to develop a JavaScript application and verify the application on the Hi3516DV300 platform. The sample code for verifying the authentication and authentication cancellation is as follows:
Use the [User Authentication APIs](../../application-dev/reference/apis/js-apis-useriam-userauth.md) to develop a JavaScript application and verify the application on the Hi3516D V300 development board. The sample code for verifying and canceling the authentication is as follows:
```js
// API version 8
......@@ -549,9 +549,9 @@ export default {
});
let cancelCode = this.auth.cancel(contextId);
if (cancelCode == userIAM_userAuth.Result.SUCCESS) {
console.info("cancel auth success");
console.info("Authentication canceled successfully");
} else {
console.error("cancel auth fail");
console.error("Failed to cancel authentication");
}
}
}
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册