IOS8 Fingerprint Identification TouchID

Apple launched a new version of the IOS8 system at the WWDC2014 Opening ceremony on June 3, 2014, with little change in the interface between IOS8 and IOS7, but only in functional terms. The IOS8 notification Hub is more powerful, supports message direct reply operations, and supports QuickType and third-party input methods. SMS features improved significantly, support group chat. Send voice, video, share locations, and more. From the point of view of the end user. Many of the new features of IOS8 have already been found in other platforms today. IOS8 will open TouchID access to third-party software, which means being able to use the sensor to log in to the banking application.

Third-party applications are able to use the TouchID interface, which means that many applications in the future are able to use fingerprint recognition functionality. You can choose Touch ID to log in to a third-party application, you don't need to enter password, your fingerprint data is protected, and no other program is able to access it without your consent.

watermark/2/text/ahr0cdovl2jsb2cuy3nkbi5uzxqvexvqawfueglhbmc2njy=/font/5a6l5l2t/fontsize/400/fill/i0jbqkfcma== /dissolve/70/gravity/southeast "height=" 165 "width=" 275 ">

According to Apple's explanation, a single fingerprint has a random match with someone else's fingerprint with a probability of 50,000.

Apple claims that the "secure Enclave" module system can safely manage and identify the user's fingerprints and keep the user's fingerprint information separate from other systems. At the same time, it is managed by encrypting memory and a hardware random digital password generator.

Each "Secure Enclave" is set separately. You cannot access other parts of the system, have their own UID (unique ID), even Apple does not know these UID. When the device starts, the Touch ID temporarily creates a secret key that, in conjunction with the UID of Secure Enclave, encrypts the memory space of the device.

And in Apple's published documents. Apple's description of the fingerprint recognition authorization for the A7 processor is that the A7 and touch IDs communicate via a serial peripheral interface bus. The A7 processor sends the data to "Secure Enclave". However, the data content is not read correctly. Both encryption and authentication use a shared key between Touch ID and Secure Enclave.

The communication key Exchange uses a random AES key provided by both parties and randomly establishes the session key and encrypts it using the AES-CCM transport.

It is understood that the fingerprint sensor in the IPhone 5s detected the protruding lines on the epidermis.

It detects a dead skin fingerprint that is not external to the user's finger, so that the fingerprint is very easy to copy. the IPhone 5s fingerprint sensor utilizes RF signals. A "live" fingerprint of the skin beneath the surface of the user's finger is detected. If the finger is separated from the human body, then the sensor cannot detect such a fingerprint. So users do not have to worry about their fingerprints are copied or stolen, is used to unlock the device, because the sensor is unable to identify such "dead" fingerprint.

A recent study of the next iOS8 document, understanding of fingerprint recognition, and download an official demo. But

ns_class_available (10_10, 8_0)

From this sentence can be seen, to use TouchID interface, the computer's Mac system must be 10.10, the mobile phone iOS system must be 8.0, so for this demo I also did not upgrade the computer system (after all, not stable).

However, according to the code and documentation in the demo, it can be seen that the basic use of TouchID.

1. Use TouchID first. To import a dependency package first:localauthentication.framework.

2. Check if the device can use TouchID, return the check result bool type success:

Lacontext *context = [[Lacontext alloc] init];    __block  nsstring *msg;    Nserror *error;    BOOL success;        Test if we can evaluate the policy, this test would tell us if Touch ID is available and enrolled    success = [context Canevaluatepolicy:lapolicydeviceownerauthenticationwithbiometrics error:&error];    if (success) {        msg =[nsstring stringwithformat:nslocalizedstring (@ "touch_id_is_available", nil)];    } else {        msg =[nsstring stringwithformat:nslocalizedstring (@ "touch_id_is_not_available", nil)];    }

3. Assume that the device can use TouchID. The success of the recognition result bool type is returned in the code block:

Lacontext *context = [[Lacontext alloc] init];    __block  nsstring *msg;        Show the authentication UI with our reason string    [context EvaluatePolicy: Lapolicydeviceownerauthenticationwithbiometrics localizedreason:nslocalizedstring (@ "UNLOCK_ACCESS_TO_LOCKED_ Fature ", nil) Reply:     ^ (BOOL success, Nserror *authenticationerror) {         if (success) {             msg =[nsstring Stringwithformat:nslocalizedstring (@ "evaluate_policy_success", nil)];         } else {             msg = [NSString stringwithformat:nslocalizedstring (@ "Evaluate_policy_with_error", nil), Authenticationerror.localizeddescription];         }     }];

4. The two methods for checking and identifying are defined in Localauthentication.framework/headers/lacontext.h:

Determines if a particular policy can be evaluated.//////@discussion policies can has certain requirements which, WH En not satisfied, would always cause///the policy evaluation to fail. Examples can is a passcode set or a fingerprint///enrolled with Touch ID. This method allows easy checking for such conditions.//////applications should consume the returned value IMM Ediately and avoid relying on it///for an extensive period of time. At least, it's guaranteed to stay valid until the///application enters background.//////@warning does not Call this method in the reply block of EvaluatePolicy:reply:because It could///leads to a deadlock.//////@pa RAM policy policy for which the preflight check should was run.//////@param error Optional output parameter which is set T o Nil if the policy can be evaluated, or it///contains error information if policy evaluation was not POSSIBL e.//////@returnYES if the policy can be evaluated, NO otherwise.-(BOOL) Canevaluatepolicy: (lapolicy) Policy error: (Nserror * __autoreleasi ng *) error;///evaluates the specified policy.//////@discussion policy evaluation may involve prompting user for various Kinds of interaction///or authentication. Actual behavior is dependent on evaluated policy, device type,///and can being affected by installed Configurati             On profiles.//////being sure to keep a strong reference to the context while the evaluation are in progress./// Otherwise, an evaluation would was canceled when the context is being deallocated.//////the method does not block. Instead, the caller must provide a reply block to be///called asynchronously when evaluation finishes. The block is executed on a private///queue internal to the framework of an unspecified threading context. Other than that,///no guarantee are made about which queue, thread, or RUn-loop The block is executed on.//////implications of successful policy evaluation is policy specific. In general, this///operation are not idempotent. Policy evaluation may fail for various reasons, including///user Cancel, System cancel and others, see Laerro R codes.//////@param policy policy to being evaluated.//////@param reply reply block that's executed when policy evaluatio N finishes.//////@param localizedreason application reason for authentication. This string must is provided in correct///localization and should is short and clear. It'll be eventually displayed in///the authentication dialog subtitle. A name of the calling application would be///already displayed in title, so it should not be duplic                Ated here.//////@param Success Reply parameter that's YES if the policy has been evaluated successfully or NO if/// The evaluation failed.//////@param Error Reply parameter that's nil if the policy has been evaluated successfully, or it contains///error inf Ormation about the evaluation failure.//////@warning Localizedreason parameter are mandatory and the call would throw NSINV Alidargumentexception if///nil or empty string is specified.//////@see laerror//////typical error codes return Ed by this call are:///@li laerroruserfallback If user tapped the fallback button///@li Laerrorusercan Cel if user has tapped the Cancel button///@li laerrorsystemcancel If some system event interrupted the Evaluati On (e.g. Home button pressed).-(void) EvaluatePolicy: (lapolicy) Policy Localizedreason: (NSString *) Localizedreason Reply: (void (^) (BOOL success, Nserror *error)) reply;

Welcome the small partners to test the results of testing Ah!

(reproduced please specify the source, thank you!)

http://blog.csdn.net/yujianxiang666/article/details/35280025)

IOS8 Fingerprint Identification TouchID