DOCUMENTATION ON ACPL FM220 RD APPLICATION. Contents

Transcription

1 DOCUMENTATION ON ACPL FM220 RD APPLICATION Contents 1 Device Registration Install Test Application Device connection Registration for Device Testing for Registered Devices Scanner Testing Device Settings Option Re-register Option PID Data XML Intent Create Create Intent for Device Info Create Intent Capture Call Intent Call Activity Result... 9 Page 1

2 1. Device Registration: This Application facilitates registration of FM220U fingerprint device with ACPL Management Server and generates digitally signed certificate for UIDAI. After registration of device, this application generates the digitally signed certificate and sends this certificate to different vendor applications for communication with UIDAI Server. RD Service detects a good capture, it does necessary processing / extraction, creates the digitally signed certificate, forms the encrypted PID block, and gives the encrypted PID block back to application along with other details including Device Information. 1.1 Install Test Applications Install ACPL FM220 RD application and ACPL-Aadhaar Auth Demo application from Google Play store in Android phone. First open ACPL FM220 RD application and connect device to mobile. 1.2 Device Connection: After connecting device to mobile it will display pop-up message to allow the application to access device. Give Permission for Device access. Page 2

3 This message will be display if only your device was already registered. Page 3

4 1.3 Registration for Device: If device is not registered yet, then application it will show Pls Register message. To register device, Click on REGISTER DEVICE Button or go to Registered Device (RD) form link in application it will show Pls Register message. To register device, Click on REGISTER DEVICE Button or go to Registered Device (RD) form link Fill the all entries in Device Entry form and click on Submit Button. Enter Device Serial number in Device No Entry. Page 4

5 After registration, open application ACPL FM220 RD. Connect device to mobile and wait for approx five minutes. Application will connect to server to check if registration was successful or not. If device registration was successful, then it will display messages as Registration Success and FM220 Ready. Page 5

6 2. Testing of Registered Device: 2.1 Scanner Testing: After registering device, open ACPL FM220 RD application and connect device to mobile. If device was successfully registered, then it will display FM220 Ready message. Now start taking fingerprint by clicking on Scanner Test Button. Page 6

7 2.2 Device Settings Option: Device settings option is for only developer to change certificate option in application. You have to click 9 times on access computech logo to get Select Certificate option. Note: Any type of change in settings may cause an error. Change only when you are sure about this. Use Production as a default. 2.3 Re-Register Option: Page 7

8 This option is use to Re-register device after changing the device certificate setting. 3. PID Data XML: String capture (String pidoptions); <!--main capture call which takes PidOptions XML data as input and returns PidData XML as output--> String getdeviceinfo (); <!-- utility method to obtain DeviceInfo XML from the RD Service--> <PidOptions ver=""> <!--PidOptions: ver: Version of the PidOtopns spec. currently, it is 1.0. This is necessary to allow applications to gracefully upgrade even when RD service may be been upgraded. RD Service must support current version and one previous version to allow apps to upgrade at different points in time--> <Opts fcount="" ftype="" icount="" itype="" pcount="" ptype="" format="" pidver="" timeout="" otp="" wadh="" posh="" env=""/> <Demo></Demo> <!-- Element allows demographic data to be passed to form PID block as per authentication specification--> <CustOpts> <!-- no application should hard code these and should be configured on app or AUA servers. These parameters can be used for any custom application authentication or for other configuration parameters. Device providers can differentiate their service in the market by enabling advanced algorithms that applications can take advantage of. --> <Param name="" value="" /> </CustOpts> Page 8

9 <!-- Allows vendor specific options to be passed. Param element may repeat--> </PidOptions> /* Opts: Int fcount (optional) number of finger records to be captured (0 to 10) Int ftype (optional) ISO format (0 for FMR or 1 for FIR), 0 (FMR) is default Int icount (optional) number of iris records to be captured (0 to 2) Int itype (optional) ISO format (0 for IIR), 0 (IIR) is default Int pcount (optional) number of face photo records to be captured (0 to 1). Currently face matching is not supported. Int ptype (optional) face format. Currently face matching is not supported. Int format (mandatory) 0 for XML, 1 for Protobuf String pidver (mandatory) PID version Int timeout capture timeout in milliseconds String env (optional) default value being "P"(prod), other valid values are "PP"(preProd) and "S"(Staging). String otp (optional) OTP value captured from user in case of 2-factor auth String wadh (optional) If passed, RD Service should use this within PID block root element as-is. String posh (optional) if specific positions need to be captured, applications can pass a comma delimited position attributes. See posh attribute definition in Authentication Specification for valid values. RD Service (if showing preview) can indicate the finger using this. If passed, this should be passed back within PID block. Default is UNKNOWN, meaning any finger/iris can be captured. */ <PidData> <Resp errcode="" errinfo="" fcount="" ftype="" icount="" itype="" pcount="" ptype="" nmpoints="" qscore=""/> <DeviceInfo /> <Skey ci="">encrypted and encoded session key</skey> <Hmac>SHA-256 Hash of Pid block, encrypted and then encoded</hmac> <Data type="x P"> base-64 encoded encrypted pid block </pid> </PidData> /* Resp: Int errcode (mandatory) 0 if no error, else standard error codes String errinfo (optional) additional info message in case of error/warning Int fcount (mandatory for FP) number of finger records actually captured Int ftype (mandatory for FP) actual format type 0 (FMR) or 1 (FIR) Int icount (mandatory for Iris) number of iris records actually captured Int itype (mandatory for Iris) actual Iris format (0 for IIR) Int pcount (mandatory for Photo) number of face photo records actually captured. Currently face matching is not supported Int ptype (mandatory for Photo) face format. Currently face matching is not supported. Int nmpoints (mandatory for FMR capture) Number of minutiae points when FMR is captured. Applications may use this for accepting or retrying the capture. If multiple fingers are captured, send comma delimited numbers. Int qscore (optional) if quality check is done, send a normalized score that is between 0 and 100. Device providers may allow configuration within RD service to use specific quality check Page 9

10 algorithms to be enabled. Either it can be configured within RD service or applications can pass those under PidOptionsCustOptsParam. Skey: String skey (mandatory) encrypted session key as per auth spec String ci (mandatory) UIDAI public key identifier as per auth spec Hmac: String hmac (mandatory) hmac value as per auth spec */ <DeviceInfo dpid="" rdsid="" rdsver="" dc="" mi="" mc="" /> /* dpid (mandatory) Unique code assigned to registered device provider. rdsid (mandatory) Unique ID of the certified registered device service. rdsver (mandatory) registered devices service version. dc (mandatory) Unique Registered device code. mi (mandatory) Registered device model ID. mc (mandatory) this attribute holds registered device public key certificate. This is signed with device provider key. */ 4. Intent Create: 4.1 Create Intent for Device Info: intentinfo = new Intent("in.gov.uidai.rdservice.fp.INFO"); PackageManager packagemanager = getpackagemanager(); List activities = packagemanager.queryintentactivities(intentinfo,packagemanager.match_default_only ); boolean isintentsafe = activities.size() > 0; if (!isintentsafe) { //"No Finger Scanner Support available" btnauthenticate.setenabled(false); btncapture.setenabled(false); 4.2 Create Intent for Capture Call: intentcapture = new Intent("in.gov.uidai.rdservice.fp.CAPTURE"); Page 10

11 packagemanager = getpackagemanager(); activities = packagemanager.queryintentactivities(intentcapture,packagemanager.match_default_o NLY); isintentsafe = activities.size() > 0; if (!isintentsafe) { //"No Finger Scanner Support available" btnauthenticate.setenabled(false); btncapture.setenabled(false); 5. Intent Call: The integer argument is a request code that identifies your request. When you receive the result Intent, the call back provides the same request code so that application can properly identify the result and determine how to handle it. (For result of this call, refer Activity Result code.) int resultcode = 1; startactivityforresult(intentinfo, resultcode); piddataxml = ""; int resultcode = 13; startactivityforresult(intentcalim, resultcode); int resultcode = 14; startactivityforresult(intentrelease, resultcode); 6. Activity Result: Activity Result is depends as per value passed in intent call. You can change values as per your requirement. <!-- The System calls activity s onactivityresult() method when user will be done with subsequent activity and returns. The onactivityresult() method includes three arguments: 1. The request code passed to startactivityforresult(). 2. A result code specified by the second activity. This is RESULT_OK if the operation was successful. 3. An Intent that carries the result data. --> Page 11

12 protected void onactivityresult(int requestcode, int resultcode, Intent data) { //...USER CODE super.onactivityresult(requestcode, resultcode, data); if (resultcode == Activity.RESULT_OK) { if (requestcode == 1) { String regis_info = data.getstringextra("rdservice"); if (regis_info!= null && regis_info.contains("notready")) { //"YOUR DEVICE IS NOT CONNECTED.or Other error Display"); else{ String deviceinfoxml = data.getstringextra("rdservice"); DeviceInfoXml = data.getstringextra("device_info"); if (DeviceInfoXml!= null) { if (deviceinfoxml == null deviceinfoxml.equals("") deviceinfoxml.isempty()) { //"Error occurred in DEVICE DRIVER INFO XML" else { //as per your requirements else if (requestcode == 2) { piddataxml = data.getstringextra("pid_data"); if (piddataxml!= null) { Page 12

13 //"PID DATA XML :- \n" + piddataxml if (piddataxml.equals("") piddataxml.isempty()) { //"Error occurred in PID DATA XML" return; if (piddataxml.startswith("error:-")) { //piddataxml return; DocumentBuilderFactory db = DocumentBuilderFactory.newInstance(); Document inputdocument = db.newdocumentbuilder().parse(new InputSource(new StringReader(pidDataXML))); NodeList nodes = inputdocument.getelementsbytagname("piddata"); if (nodes!= null) { Element element = (Element) nodes.item(0); NodeList respnode = inputdocument.getelementsbytagname("resp"); if (respnode!= null) {... if (piddataxml!= null) { //deviceinfoxml!= null && //"Scan success" else { //"Scan Failure" else if (requestcode == 3) { //request for application settings else if (requestcode ==13) { String value = data.getstringextra("claim"); //usb connect /disconnect else if (requestcode ==14) { String value = data.getstringextra("release"); //usb release 13

14 else { Following is the XML data format for authentication API: Page <Auth uid="" rc="" tid="" ac="" sa="" ver="" txn="" lk=""> <Uses pi="" pa="" pfa="" bio="" bt="" pin="" otp=""/> <Meta udc="" rdsid="" rdsver="" dpid="" dc="" mi="" mc="" /> <Skey ci="">encrypted and encoded session key</skey> <Hmac>SHA-256 Hash of Pid block, encrypted and then encoded</hmac> <Data type="x P">encrypted PID block</data> <Signature>Digital signature of AUA</Signature> </Auth> The PIDdata received form RDserviec as below <PidData> <Resp errcode="" errinfo="" fcount="" ftype="" icount="" itype="" pcount="" ptype="" nmpoints="" qscore=""/> <DeviceInfo /> <Skey ci="">encrypted and encoded session key</skey> <Hmac>SHA-256 Hash of Pid block, encrypted and then encoded</hmac> <Data type="x P"> base-64 encoded encrypted pid block </pid> </PidData> Data, Skey and HMac elements from Piddata to Auth are to be used as it is. Deviceinfo in Piddata will provide other elements required for Meta. UDC is as per your choice. It should be present but it is not checked. Auth XML is to be signed using UIDAI private key as it was signed in version