d328f3949b
Merge pull request !156 from mamingshuai/revert-merge-154-master |
||
---|---|---|
common/inc | ||
figures | ||
frameworks/face_auth | ||
interfaces/inner_api/face_auth | ||
sa_profile | ||
services | ||
test | ||
ui/Settings_FaceAuth | ||
.gitattributes | ||
.gitignore | ||
bundle.json | ||
LICENSE | ||
OAT.xml | ||
README_ZH.md | ||
README.md |
Face Authentication
Introduction
Face authentication (faceauth) supports recording, deletion, and authentication of user faces.
faceauth is a biometric authentication executor supported by OpenHarmony. It registers face authentication resource information with the collaborative authentication framework based on the resource registration interface defined by collaborative authentication, and invokes camera functions according to the scheduling of the collaborative authentication framework to record, delete, and authenticate user faces.
Figure 1 Face authentication architecture
Facial data is important biometric information of users. The following security measures are taken to protect the facial data during the authentication process:
- Permission management: High access permissions are defined for face recording and deletion APIs, which can be invoked only by setter applications.
- Secure storage and comparison of facial data: The faceauth HDI defines the adaptation interfaces for device vendors. Device vendors can implement secure facial data comparison and storage in a trusted execution environment (TEE). Note 1
Note 1: The OpenHarmony open-source framework provides stub implementation of face authentication for developers to demo the face authentication function. The stub software implementation does not include secure storage and comparison of facial data in a TEE.
Directory Structure
//base/user_iam/face_auth
├── bundle.json # Module description file
├── figures # Figures used in the README
├── sa_profile # Service ability profile
├── services # Service implementation
└── ui # User interface for face recording
Usage
- To adapt to the face authentication function, device vendors must implement the APIs defined in the face_auth_ca.h file.
- The extraction, comparison, storage, and recording of facial data must be implemented in a secure environment (TEE/secure chipset) to ensure the highest security level in the system.