Skip to content
/ soter Public

A secure and quick biometric authentication standard and platform in Android held by Tencent.

License

Notifications You must be signed in to change notification settings

Tencent/soter

Repository files navigation

Hello TENCENT SOTER

license WeChat Approved PRs Welcome

For English version, please click here.

2.1.8

  • 修复一些已知问题

2.0.7

  • 发布aar到jitpack,新的依赖方法看这里

2.0版本变化

  • 增加对华为设备的支持。
  • 增加对Android9.0的支持。
  • 增加人脸识别功能。
  • 后台ASK的解析有少量变动,看这里
  • 后台is_support接口传参有变更,看这里

TENCENT SOTER简介

TENCENT SOTER是腾讯于2015年开始制定的生物认证平台与标准,通过与厂商合作,目前已经在一百余款、数亿部Android设备上得到支持,并且这个数字还在快速增长。

目前,TENCENT SOTER已经在微信指纹支付、微信公众号/小程序指纹授权接口等场景使用,并得到了验证。

接入TENCENT SOTER,你可以在不获取用户指纹图案的前提下,在Android设备上实现可信的指纹认证,获得与微信指纹支付一致的安全快捷认证体验。

SoterFramework

快速接入

可以在几行代码之内快速体验TENCENT SOTER完成指纹授权接口。

在使用之前,请确保所使用的测试机在支持机型列表中。

添加gradle依赖

在项目的build.gradle中,添加TENCENT SOTER依赖

repositories {
    ...
    maven {
            url "https://jitpack.io"
    }
    ...
}

dependencies {
    ...
    implementation 'com.github.Tencent.soter:soter-wrapper:2.0.7'
    ...
}

声明权限

AndroidManifest.xml中添加使用指纹权限

    <queries>
    <package android:name="com.tencent.soter.soterserver" />
    </queries>

    <uses-permission android:name="android.permission.USE_FINGERPRINT" />
    <uses-permission android:name="android.permission.USE_BIOMETRIC" />

初始化

初始化过程整个应用声明周期内只需要进行一次,用于生成基本配置和检查设备支持情况。你可以选择在Application的onCreate()中,或者在使用TENCENT SOTER之前进行初始化。

InitializeParam param = new InitializeParam.InitializeParamBuilder()
.setScenes(0) // 场景值常量,后续使用该常量进行密钥生成或指纹认证
.build();
SoterWrapperApi.init(context, 
new SoterProcessCallback<SoterProcessNoExtResult>() {...}, 
param);

准备密钥

需要在使用指纹认证之前生成相关密钥

SoterWrapperApi.prepareAuthKey(new SoterProcessCallback<SoterProcessKeyPreparationResult>() {...},false, true, 0, null, null);

进行指纹/人脸认证

密钥生成完毕之后,可以使用封装接口调用指纹传感器进行认证。

AuthenticationParam param = new AuthenticationParam.AuthenticationParamBuilder()
                                    .setScene(0)
                                    .setContext(MainActivity.this)
    								// fingerprint
    								.setBiometricType(ConstantsSoter.FINGERPRINT_AUTH)
    								// faceid
    								//.setBiometricType(ConstantsSoter.FACEID_AUTH)
    								.setSoterBiometricCanceller(mSoterBiometricCanceller)
                                    .setPrefilledChallenge("test challenge")
                                    .setSoterBiometricStateCallback(new 			SoterBiometricStateCallback() {...}).build();
SoterWrapperApi.requestAuthorizeAndSign(new SoterProcessCallback<SoterProcessAuthenticationResult>() {...}, param);

释放

当你不再使用TENCENT SOTER时,可以选择释放所有资源,用于停止所有生成、上传任务以及支持状态等。释放之后再次使用时,需要重新进行初始化。 实际上,TENCENT SOTER本身不会占据过多资源,只需要在确认不会再次使用的前提下(如切换账户之前)释放一次即可。

SoterWrapperApi.release();

更多文档

  • 想了解TENCENT SOTER更多信息与原理?看这里

  • 想要更高的安全性,用于登录甚至支付场景中?看这里

联系我们

如有相关问题,可以在issues中提问。

为了方便大家交流,也可以加入下面的QQ群,讨论相关技术问题:

qqgroup_qrcode

贡献代码

我们欢迎开发者贡献代码丰富TENCENT SOTER应用,请参考这个文档

协议

TENCENT SOTER基于BSD协议。请参考协议文档

参与贡献

腾讯开源激励计划 鼓励开发者的参与和贡献,期待你的加入。

合规使用指南

SOTER Client SDK合规使用指南

信息公示

Changelog

  • Adding support for Huawei device
  • Adding support for Android P
  • Adding FaceId function
  • A few changes in backend parsing ASK,Check this.

A Quick Look at TENCENT SOTER

TENCENT SOTER is a biometric standard as well as a platform held by Tencent.

There are more than 100 models, hundreds of millions Android devices supporting TENCENT SOTER, and the number is still increasing fast.

TENCENT SOTER has been already used in scenarios like WeChat fingerprint payment, fingerprint authentication in Official Account Webpages and Mini Programs.

You can get a consistent experience in fingerprint authenticating in your application, like what it is like in WeChat Payment, by getting access to TENCENT SOTER.

SoterFramework

Quick Start

You can get access to TENCENT SOTER in few lines of code to quick experience.

You should make sure your device for testing is in support list.

Add Gradle Dependency

Add TENCENT SOTER dependency in your project's build.gradle

repositories {
    ...
    maven {
            url "https://dl.bintray.com/tencent-soter/maven/"
    }
    ...
}

dependencies {
    ...
    compile 'com.tencent.soter:soter-wrapper:2.0.0'
    ...
}

Declare Permission

Add fingerprint permission declaration in AndroidManifest.xml

    <queries>
    <package android:name="com.tencent.soter.soterserver" />
    </queries>

    <uses-permission android:name="android.permission.USE_FINGERPRINT" />
    <uses-permission android:name="android.permission.USE_BIOMETRIC" />

Initialize

You need to initialize only once in application's lifecycle. You can either do it in Application's onCreate(), or anywhere before you need to use TENCENT SOTER.

InitializeParam param = new InitializeParam.InitializeParamBuilder()
.setScenes(0) // The senary constant for business index
.build();
SoterWrapperApi.init(context, 
new SoterProcessCallback<SoterProcessNoExtResult>() {...}, 
param);

Prepare Keys

You need to prepare keys before authentication process.

SoterWrapperApi.prepareAuthKey(new SoterProcessCallback<SoterProcessKeyPreparationResult>() {...},false, true, 0, null, null);

Authenticate With Fingerprint

You can use wrapped interface to authenticate when fingerprint.

AuthenticationParam param = new AuthenticationParam.AuthenticationParamBuilder()
                                    .setScene(0)
                                    .setContext(MainActivity.this)
    								// fingerprint
    								.setBiometricType(ConstantsSoter.FINGERPRINT_AUTH)
    								// faceid
    								//.setBiometricType(ConstantsSoter.FACEID_AUTH)
    								.setSoterBiometricCanceller(mSoterBiometricCanceller)
                                    .setPrefilledChallenge("test challenge")
                                    .setSoterBiometricStateCallback(new 			SoterBiometricStateCallback() {...}).build();
SoterWrapperApi.requestAuthorizeAndSign(new SoterProcessCallback<SoterProcessAuthenticationResult>() {...}, param);

Release

You can release all the resource when you do not use TENCENT SOTER again by calling release. It will abort on-going tasks and remove support status. TENCENT SOTER will not occupy too much room actually. You can only do it when you confirm that you did not need to use it, like switch an account.

SoterWrapperApi.release();

More Document

  • Want to know more about TENCENT SOTER's mechanism? Check this.
  • Want to use TENCENT SOTER in more sensitive business scenarios like login, or even payment? Check this.

Contact Us

You can add your comments in issues if you have any question.

You can also join in the following QQ Group for more convenient discussing:

qqgroup_qrcode

Contributing

For more information about contributing issues or pull requests, check our CONTRIBUTING document.

Compliance usage guide

SOTER Client SDK compliance usage guide

Information Publication

  • Name:SOTER Client SDK
  • Version Number:2.1.8
  • Developer:Shenzhen Tencent Computer Systems Company Limited
  • The Main Function:TENCENT SOTER is a safe, universal and complete fingerprint authentication solution. By geting access to SOTER, developers can quickly implement secure fingerprint authentication.
  • Operation Instruction
  • SOTER Client SDK Personal Information Protection Rules

License

TENCENT SOTER is based on BSD license. Please check our LICENSE document.

Encouraging

Tencent Open Source Contribution Plan encourages your contributing, and looks forward to your attending。