diff options
author | Unsuk Jung <unsuk@google.com> | 2015-10-07 03:02:13 +0000 |
---|---|---|
committer | Android (Google) Code Review <android-gerrit@google.com> | 2015-10-07 03:02:13 +0000 |
commit | 67d45782c60e58d58c145595e551308c4f168d87 (patch) | |
tree | 5b77251136165773d0673aaf80a4a86677009c72 | |
parent | 66ef8479f4229d2f77499673735783d48c862516 (diff) | |
parent | 5b08df26d4b07a424fefe2682f85a5759a209572 (diff) | |
download | source.android.com-67d45782c60e58d58c145595e551308c4f168d87.tar.gz |
Merge "CDD: Add requirements related to the new fingerprint API" into mnc-dev
-rw-r--r-- | src/compatibility/android-cdd.html | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/src/compatibility/android-cdd.html b/src/compatibility/android-cdd.html index f5a95ea3..3fa1868a 100644 --- a/src/compatibility/android-cdd.html +++ b/src/compatibility/android-cdd.html @@ -227,6 +227,8 @@ <p class="toc_h3"><a href="#7_3_9_hifi_sensors">7.3.9. High Fidelity Sensors</a></p> +<p class="toc_h3"><a href="#7_3_10_fingerprint">7.3.10. Fingerprint Sensor</a></p> + <p class="toc_h2"><a href="#7_4_data_connectivity">7.4. Data Connectivity</a></p> <p class="toc_h3"><a href="#7_4_1_telephony">7.4.1. Telephony</a></p> @@ -3682,6 +3684,43 @@ sensor types meeting the quality requirements as below:</p> <li>SENSOR_TYPE_PROXIMITY: 100 sensor events</li> </ul> +<h3 id="7_3_10_fingeprint">7.3.10. Fingerprint Sensor</h3> + +<p>Device implementations with a secure lock screen SHOULD include a fingerprint sensor. +If a device implementation includes a fingerprint sensor and has a corresponding API for +third-party developers, it:</p> + +<ul> + <li>MUST declare support for the android.hardware.fingerprint feature.</li> + <li>MUST fully implement the corresponding API as described in the Android SDK documentation +[<a href="https://developer.android.com/reference/android/hardware/fingerprint/package-summary.html">Resources, XX</a>]. + </li> + <li>MUST have a false acceptance rate not higher than 0.002%.</li> + <li>Is STRONGLY RECOMMENDED to have a false rejection rate not higher than 10%, and a + latency from when the fingerprint sensor is touched until the screen is unlocked below + 1 second, for 1 enrolled finger.</li> + <li>MUST rate limit attempts for at least 30 seconds after 5 false trials for fingerprint + verification.</li> + <li>MUST have a hardware-backed keystore implementation, and perform the fingerprint matching + in a Trusted Execution Environment (TEE) or on a chip with a secure channel to the TEE. + </li> + <li>MUST have all identifiable fingerprint data encrypted and cryptographically + authenticated such that they cannot be acquired, read or altered outside of the + Trusted Execution Environment (TEE) as documented in the implementation guidelines + on the Android Open Source Project site + [<a href="https://source.android.com/devices/tech/security/authentication/fingerprint-hal.html">Resources, XX</a>]. + </li> + <li>MUST prevent adding a fingerprint without first establishing a chain of trust by + having the user confirm existing or add a new device credential (PIN/pattern/password) + using the TEE as implemented in the Android Open Source project.</li> + <li>MUST NOT enable 3rd-party applications to distinguish between individual fingerprints. + </li> + <li>MUST honor the DevicePolicyManager.KEYGUARD_DISABLE_FINGERPRINT flag.</li> + <li>MUST, when upgraded from a version earlier than Android 6.0, have the fingerprint + data securely migrated to meet the above requirements or removed.</li> + <li>SHOULD use the Android Fingerprint icon provided in the Android Open Source Project.</li> +</ul> + <h2 id="7_4_data_connectivity">7.4. Data Connectivity</h2> |