Comments (6)
mamckee
commented on May 17, 2024
1
The timeout is not due to the SDCP. Enrollment for secure biometrics times out after 5 minutes from entering PIN. The timeout is to help ensure only the authorized user is enrolling their biometrics.
from securedeviceconnectionprotocol.
mamckee
commented on May 17, 2024
1
Yes, in the secure bio case, the timeout guarantees that biometrics were enrolled within a reasonable time from entering PIN. In the normal bio case, this guarantee cannot be made. The secure biometric enrollments are cryptographically tied to the user's PIN, while normal biometrics are not. Even though the settings flow requires the user's PIN, enrollments can still be added to the template database without PIN. The user's PIN is only required to enable biometrics as a sign in option when they enroll the first time.
from securedeviceconnectionprotocol.
mamckee
commented on May 17, 2024
1
I'm not aware of any documentation with this behavior yet, but this should be documented. Thanks for helping surface this!
from securedeviceconnectionprotocol.
FengJungle
commented on May 17, 2024
The timeout is not due to the SDCP. Enrollment for secure biometrics times out after 5 minutes from entering PIN. The timeout is to help ensure only the authorized user is enrolling their biometrics.
Hi, thanks for your kindly reply.
But when I disable VBS, during enrollment, I pause for over 5 minutes, even 8min, but I can finish enrollment successfully. This is different from the behaviors in VBS.
from securedeviceconnectionprotocol.
FengJungle
commented on May 17, 2024
Yes, in the secure bio case, the timeout guarantees that biometrics were enrolled within a reasonable time from entering PIN. In the normal bio case, this guarantee cannot be made. The secure biometric enrollments are cryptographically tied to the user's PIN, while normal biometrics are not. Even though the settings flow requires the user's PIN, enrollments can still be added to the template database without PIN. The user's PIN is only required to enable biometrics as a sign in option when they enroll the first time.
Hi mamckee, got it! Thanks for your timely reply and detailed explanation.
And one more question, I wonder is there a document or website describing this mechanism?
Thanks a lot!
from securedeviceconnectionprotocol.
FengJungle
commented on May 17, 2024
I'm not aware of any documentation with this behavior yet, but this should be documented. Thanks for helping surface this!
Received.
Thank you!
from securedeviceconnectionprotocol.
Related Issues (20)
- Missing of "0x00" in KDF, compared to NIST SP800-108(Revised, OCT 2009) HOT 1
- [Question] Expected output for IOCTL_BIOMETRIC_CONNECT_SECURE HOT 2
- [Question] Default sensor/storage adapters for secure device HOT 3
- [Question] removed
- [question] Clarification about `EngineAdapterIdentifyFeatureSetAuthenticated()` return values HOT 4
- Questions about SDCP HOT 9
- sdcp.sln HOT 1
- secure connect failure HOT 6
- The size of ECDH shared secret z may not must be 32 bytes long, netiher the EC private key size
- [Questio] HLK and device certification process for SecureBio
- [Question] Process of SensorAdapterConnectSecure with IOCTL_BIOMETRIC_CONNECT_SECURE
- Inquiring about SecureBIO's Test Vector Certificate HOT 22
- Creating Secure Bio Certificates from Test Vectors
- [Question] EngineAdapterIdntifyFeatureSetAuthenticated during start enrollment
- This repo is missing important files HOT 1
- Missing sdcp.sln file when finish all the compile steps on Windows HOT 3
- [question] Securing templates and Enroll()/Identify() implementation with match-on-host sensor HOT 3
- [Question] Host validate the certification HOT 8
- [Question] Reconnect processing at sample code HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from securedeviceconnectionprotocol.