How much do you know about mobile biometric authentication?

Part 01: Mainstream biometric authentication methods and their advantages and disadvantages  

The biometric authentication methods introduced in this issue include: fingerprint recognition and facial recognition.

➢ Fingerprint recognition: Identify an individual by analyzing and comparing the details and textures on a person's finger. Because each person's fingerprint is unique and easy to extract, fingerprint recognition solutions are widely used. Currently, fingerprint recognition systems use optical or capacitive sensors to capture fingerprint images and use algorithms to extract and compare fingerprint features.

➢ Face recognition: Identify individual identities by analyzing and comparing human facial features. Face recognition can use a camera or image sensor to capture facial images, and use algorithms to extract and compare facial features. Common face recognition is divided into 3D face recognition and 2D face recognition. Currently, except for the iPhone, which is widely equipped with 3D structured light, few manufacturers use face recognition solutions. Due to the advanced technology, 3D structured light has high security under this solution. However, due to the high technical difficulty and high hardware cost, most hardware manufacturers have abandoned 3D structured light face recognition and instead provide 2D face recognition solutions. As an application developer, you can use the camera of the hardware device to continuously collect faces from different angles to build a 3D face model to indirectly implement the 3D face recognition solution.

Both recognition technologies have their advantages and limitations. Fingerprint recognition is highly accurate and stable, suitable for large-scale applications, but it may be affected by fingerprint quality and damage. Face recognition is non-contact and convenient, but it is easily affected by factors such as light, angle and occlusion in the collection environment.

Selecting a suitable biometric authentication method according to the application scenario or combining multiple biometric authentication methods can overcome the inherent defects of a single biometric authentication method and make biometric authentication more adaptable.

Part 02: Biometric authentication on mobile devices

Currently, mainstream mobile devices use Android OS and IOS. Due to the hardware restrictions of device manufacturers, biometric authentication applications usually use fingerprint recognition on Android OS and face recognition on IOS. There are already a large number of applications on the market that have used the biometric authentication hardware built into mobile devices to implement various levels of biometric authentication functions, including biometric authentication login with lower security requirements and biometric authentication payment functions with higher security requirements.

Figure 1 Fingerprint login on Android device

Figure 2 IOS device face recognition registration

Currently, Android OS and IOS provide financial-grade fingerprint and face recognition solutions respectively, which are very simple to use. You only need to register the user's fingerprint and face features in the OS settings. When you need to use user biometric recognition, you only need to call the relevant interface provided by the OS. Take Android OS as an example:

• At the application layer, the App calls the AOSP interface, performs operations and data transmission with the fingerprint service of the Binder and Framework layers through the interface, and finally obtains the relevant data required by the App;
• The Framework layer plays a connecting role and interacts with the application layer and the HAL layer respectively;
• HAL layer: This layer reflects the algorithm logic and result feedback of each mobile phone manufacturer, and its results come from the results of hardware abstraction.
• Driver layer: driven by HAL layer request and directly controls fingerprint hardware.

After obtaining the fingerprint authentication result at the application layer, the next step can be performed. However, the added fingerprint is stored on the mobile phone, and the fingerprint recognition result only returns true and false. Once the mobile device is rooted by the user, the fingerprint verification result can be hijacked. Therefore, there is a certain risk in using the local fingerprint recognition result as the basis for authentication. If fingerprint recognition is used for payment, a higher level of processing is required. For identity recognition of general applications, encryption can be used to enhance the security of fingerprint recognition.

Part 03: Implement a simple biometric authentication login system

The client uniformly adopts the biometric authentication manager, which encapsulates the details of the underlying API and is transparent to the upper-level applications. The core functions include judging the device hardware support, requesting authentication, and processing authentication results (including judging and removing expired authentication credentials).

In order to ensure that the user login process is strictly executed in order and prevent individual bypasses, the server uses a universal encryption method to generate a random footprint code, and combines it with the device's unique UUID string for MD5 encryption to generate a business credential, so that each step of the operation has a credential verification and cannot be bypassed or tampered with. Ensure that the entire biometric authentication process is complete and safe.

The server adopts distributed deployment to achieve load balancing, and can provide stable services even during business peak periods (such as participating in activities, forced re-login, etc.).

During later maintenance, if the account is logged in or the identity is modified on other devices, the server will clear the current credentials, causing other devices other than the device to automatically log out, and expired credentials cannot be used for business interaction, ensuring later security.

Part 04: Summary

The use of biometric authentication on mobile devices is already very mature, and it is not too difficult to create a simple and easy-to-use biometric authentication system. Integrating biometric authentication into our App can simplify the user's login operation and greatly help improve user satisfaction.