How to integrate Touch ID in iOS 8

How to integrate Touch ID in iOS 8

In September 2013, Apple provided a series of hardware upgrade solutions for the latest iPhone. Among the iPhone 5s, the most innovative mechanism is undoubtedly the ultra-thin metal ring designed around the Home button, also known as the Touch ID fingerprint sensor. Developers subsequently began to take their APIs as a breakthrough, hoping to introduce this latest feature into their own applications. A year has passed, and the new framework provided by iOS 8 allows developers to use this fingerprint sensor device more easily.

This Local Authentication framework allows you to easily implement user Authentication. You can use it to log on to an application or use it to protect sensitive data in the application. In today's tutorial, we will learn how to apply the entire set of options to our own design results, what data we can get from the device, and step by step guide you to build a sample application.

To complete this tutorial, you need to install Xcode 6 to create a new project. In addition, you need a device with a Touch ID to test the example application you have created.

1. Touch ID

Touch ID refers to the fingerprint sensing device installed in the iPhone 5S Home button. It aims to help users more easily complete the identity recognition process and encourage users to use as many protection mechanisms as possible. You can configure up to five fingerprint identification information on each device. So far, Touch ID has been used to unlock the device and complete the purchase operations in iTunes Store, App Store, and iBooks Store. Before further exploring how to introduce the sensor into your own applications, we need to first understand the sensor itself.

The Touch ID sensor can scan user fingerprints at a resolution of 500 pixels per inch and classify the fingerprints into three types: arch, scroll, and ring. This sensor is designed to fully consider the need for convenience. You can scan your fingers from any angle, and the current scan results can match the original fingerprint records in any direction.

Apple claims that the probability of a recognition error for any given fingerprint pattern or Touch ID is only one in 50 thousand, this protection is significantly better than the original four-digit PIN mechanism-after all, its content can only provide 0001 combinations of possibilities between 9999 and 10 thousand. However, Apple did not clearly point out that in some cases, we may not be able to use our fingerprints to successfully unlock the system, for example, when the finger texture folds change after swimming.

If you plan to use Touch ID, the most important thing is to consider the scenarios where users may not be able to use their fingers for verification. Because Apple no longer allows us to use the built-in PIN verification mechanism in the device, if Touch ID cannot work properly, we 'd better establish an additional password matching scheme in the application.

2. security considerations

The biggest problem caused by command sensors is that users' privacy is fundamentally compromised. If the password content is disclosed, you can save it by modifying it in time, and malicious users cannot continue to use it to access users' sensitive data. However, if your fingerprint information or Apple's fingerprint content algorithm is leaked, we obviously cannot change it quickly.

The Local Authentication framework is responsible for all user Authentication tasks. When combined with Touch ID, the most important thing is to ensure that the framework does not disclose any user-related details and that no data is transmitted from the device. However, developers can use this framework to check whether a specific user is allowed to use the corresponding application.

If you are familiar with the OAuth specification, you will find that the two verification methods are quite similar. We require a third party to review the user's identity. If we fully trust the third party, we can provide the user with authentication creden。 based on their feedback.

3. LAContext

The core of the Local Authentication framework is the LAContext class. Developers can use the LAContext instance to evaluate security policies. As of press time, this is the only management policy that can be used. It uses the Touch ID sensor to check whether the user's identity is the device owner. Other security management policies may be released in the future. For example, Apple may introduce a type of unauthorized roles that only allow them to access specific resources.

If this framework cannot be verified, an error message is provided. The reasons for device failure to complete verification may include:

• The LAErrorTouchIDNotAvailable device does not have a fingerprint sensing device.
• The LAErrorPasscodeNotSet device does not have password settings, that is, the Touch ID function is disabled.
• LAErrorTouchIDNotEnrolled has set a password mechanism, but no fingerprint content has been saved in the device configuration.

If you encounter an error message containing the above error code, you need to use other methods to complete user authentication. In this case, you can no longer rely solely on Touch ID for protection.

Let's create a sample application to learn how to use the Local Authentication framework.

4. Step 1 of Project Settings

Open Xcode and select New> Project… In the File menu .... Next, select Single View Application in the iOS Application Template list) and click Next.

Step 2

Enter a name for our project. I name my application Auth. Next, enter the Organization Name, company ID, and class prefix. Select the iPhone in the Devices list, click Next, and select a file storage location for the project.

Step 3

Click ViewController. h and define a new operation, authenticateButtonTapped, which triggers the entire verification process. The appearance of the ViewController class interface should be as follows:

 
 

  
  
#import <UIKit/UIKit.h> 
  
  
@interface ViewController : UIViewController 
  
  
- (IBAction)authenticateButtonTapped:(id)sender; 
  
  
@end 
 
 

Step 4

Open Main. storyboard and drag a Button to the Controller view. Change the tag of the button to read it as Authneticate.

Step 5

Right-click the button to display Connections Inspector. Click the plus sign on the left side of the Touch Up Inside Event and select the View Controller to hold the button. A new menu is displayed on the screen. You need to select the previously set operation here.

5. Step 1 of user Identity Authentication

Enable ViewController. m to activate the authenticateButtonTapped method. Add the following import statements for the Local Authentication framework at the beginning of the file.

 
 

  
  
#import <LocalAuthentication/LocalAuthentication.h> 
 
 

Step 2

In the authenticateButtonTapped method, we create a set of background information and check whether the background can evaluate the LAPolicyDeviceOwnerAuthenticationWithBiometrics policy. If they are different, an error message is displayed.

 
 

  
  
- (IBAction)authenticateButtonTapped:(id)sender { 
  
  
    LAContext *context = [[LAContext alloc] init]; 
  
  
 
  
  
    NSError *error = nil; 
  
  
 
  
  
    if ([context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error]) { 
  
  
 
  
  
        // Authenticate User 
  
  
 
  
  
    } else { 
  
  
 
  
  
        UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Error" 
  
  
                                                        message:@"Your device cannot authenticate using TouchID." 
  
  
delegate:nil 
  
  
cancelButtonTitle:@"Ok" 
  
  
otherButtonTitles:nil]; 
  
  
        [alert show]; 
  
  
    } 
  
  
} 
 
 

Step 3

If the LAContext object can use Touch ID for identity authentication, we can review the user identity. If no error message is displayed, we can determine whether the current user belongs to the device owner. Finally, use the following code to implement the authenticateButtonTapped method.

 
 

  
  
- (void)authenicateButtonTapped:(id)sender { 
  
  
   LAContext *context = [[LAContext alloc] init]; 
  
  
   NSError *error = nil; 
  
  
   if ([context canEvaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics error:&error]) { 
  
  
       [context evaluatePolicy:LAPolicyDeviceOwnerAuthenticationWithBiometrics 
  
  
               localizedReason:@"Are you the device owner?" 
  
  
                         reply:^(BOOL success, NSError *error) { 
  
  
           if (error) { 
  
  
               UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Error" 
  
  
message:@"There was a problem verifying your identity." 
  
  
delegate:nil 
  
  
                                                     cancelButtonTitle:@"Ok" 
  
  
                                                     otherButtonTitles:nil]; 
  
  
               [alert show]; 
  
  
               return; 
  
  
           } 
  
  
           if (success) { 
  
  
               UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Success" 
  
  
                                                               message:@"You are the device owner!" 
  
  
delegate:nil 
  
  
cancelButtonTitle:@"Ok" 
  
  
otherButtonTitles:nil]; 
  
  
               [alert show]; 
  
  
           } else { 
  
  
               UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Error" 
  
  
message:@"You are not the device owner." 
  
  
delegate:nil
  
  
cancelButtonTitle:@"Ok" 
  
  
otherButtonTitles:nil]; 
  
  
               [alert show]; 
  
  
           } 
  
  
       }]; 
  
  
   } else { 
  
  
       UIAlertView *alert = [[UIAlertView alloc] initWithTitle:@"Error" 
  
  
                                                       message:@"Your device cannot authenticate using TouchID." 
  
  
                                                      delegate:nil 
  
  
                                             cancelButtonTitle:@"Ok" 
  
  
                                             otherButtonTitles:nil]; 
  
  
       [alert show]; 
  
  
   } 
  
  
} 

 
 

6. build and run

Next we need to build and run this application on a physical device with fingerprint sensors, and perform authentication by clicking the Home button. As long as your device supports the Touch ID function, the verification mechanism in the application should be able to pass correctly. When you put your finger on a sensor, the application can correctly identify whether the user belongs to the legal holder of the device.

Summary

In today's tutorial, we learned that iOS 8 has recently joined the Local Authentication framework. By checking user identities, the LAContext class allows users to complete identification without directly providing any sensitive data to the application itself.

IOS 8: Integrating Touch ID

Nuclear cola Translation