Lines Matching full:fingerprint
1 page.title=Fingerprint HAL
30 <p>If a device has a fingerprint sensor, a user can enroll one or more
34 <p>Android uses the Fingerprint Hardware Abstraction Layer (HAL) to connect to a
35 vendor-specific library and fingerprint hardware, e.g. a fingerprint sensor.</p>
37 <p>To implement the Fingerprint HAL, you must implement
39 in <code>fingerprint.h</code> (<code>/hardware/libhardware/include/hardware/fingerprint.h</code>)
41 the <a href="https://android.googlesource.com/platform/hardware/libhardware/+/master/include/hardware/fingerprint.h"><code>fingerprint.h</code></a> file.</p>
43 <h3 id=fingerprint_matching_flow>Fingerprint matching flow</h3>
45 <p>The following is a high-level flow for fingerprint matching. This flow assumes
46 that a fingerprint already has been enrolled on the device, i.e. the
47 vendor-specific library already has enrolled a template for the fingerprint.
50 <p>The fingerprint sensor of a device generally is idle. But in response to a call
51 to the <code>authenticate</code> or <code>enroll</code> function, the fingerprint
53 wakes up when a user touches the fingerprint sensor).</p>
56 <li>The user places a finger on the fingerprint sensor, and the vendor-specific
59 <li>The result of step 1 is passed to the Fingerprint HAL, which notifies
60 <code>fingerprintd</code> (the Fingerprint daemon) of a fingerprint authentication.
68 <p>The <strong>Fingerprint HAL</strong> interacts with the following components:</p>
79 <li><strong>fingerprintd (Fingerprint daemon)</strong>. A C/C++ implementation of the
81 <code>fingerprintd</code> daemon operates in its own process and wraps the Fingerprint HAL
83 <li><strong>Fingerprint HAL vendor-specific library</strong>. A hardware vendor's
84 implementation of the Fingerprint HAL. The
94 <img src="../images/fingerprint-data-flow.png" alt="Data flow for fingerprint authentication" id="figure1" />
96 <p class="img-caption"><strong>Figure 1.</strong> High-level data flow for fingerprint authentication</p>
98 <p>Thus, raw images and processed fingerprint features must not be passed in
106 Fingerprint HAL to the vendor-specific library to enroll fingerprints and
109 <img src="../images/fingerprint-daemon.png" alt="Interaction with fingerprintd" id="figure2" />
111 fingerprint daemon (<code>fingerprintd</code>) with the fingerprint vendor-specific library</p>
113 <h2 id=fingerprint_implementation_guidelines>Fingerprint implementation guidelines</h2>
118 <li>Fingerprint data is not leaked
119 <li>Fingerprint data is removed when a user is removed from a device
125 <li>Raw fingerprint data or derivatives (e.g. templates) must never be accessible
131 <li>Fingerprint acquisition, enrollment and recognition must occur inside the TEE.
132 <li>Only the encrypted form of the fingerprint data can be stored on the file
134 <li>Fingerprint templates must be signed with a private, device-specific key, for
138 the fingerprint data from a different user on the same device, or from another
142 is removed. It is strongly recommended that fingerprint template files
148 <h2 id=major_functions_in_the_fingerprint_hal>Major functions in the Fingerprint HAL</h2>
150 <p>Below are the major functions in the <code>/hardware/libhardware/include/hardware/fingerprint.h</code> file; see the detailed descriptions in that
155 fingerprint template. As soon as enrollment is complete, or after a timeout,
157 <li><strong>pre_enroll.</strong> Generates a unique token to indicate the start of a fingerprint enrollment.
162 <li><strong>get_authenticator_id.</strong> Returns a token associated with the current fingerprint set.
165 <li><strong>enumerate.</strong> Synchronous call for enumerating all known fingerprint templates.
166 <li><strong>remove.</strong> Deletes a fingerprint template.
169 <li><strong>authenticate.</strong> Authenticates a fingerprint-related operation (identified by an operation ID).
