Professional Documents
Culture Documents
Certificate
This is to certify that project report on
“Fingerprint Authentication”
Submitted by
BCA T.Y
As per the requirement of Swami Ramanand Teerth Marathwada University,
Nanded in partial fulfillment of degree“Bachelor of Computer
Application”
For academic year 2022-2023.
2022-2023
Seminar Report on
“Fingerprint authentication”
Submitted By
This System is Simple but a smart application used to secure notes via Finger Print
traditional way where it needed a password to enter. This System doesn’t have any
Registration but only the owner of the phone can access these notes as it searches for
the owners print. This System can be used as private notes or personal diary or
important notes; can be given multiple names but plays a similar role of recording
notes and keeping it away from everyone then the phones owner. If there is no
Biometric feature on the phone, this app can’t be used. The user can add new notes,
edit old notes as well as delete notes. The Front end used is Android Studio and the
Back end used is SQLite. Biometric Authentication is the highest level of security
any Phone can offer making it very accurate and very secure.
Gone are the days when you have to manually enter the username and password for login into
some Android application. Not only you have to enter it manually, but it is also a time-
consuming process. Also, if you forgot the password or username then you have to recover it
by going through a series of steps. But on the other end, if we are using Fingerprint for
Authentication, then there is no need to remember password. Also, no two persons can have
So, in this blog, we will learn how to use Fingerprint authentication in our Android
With the release of Android 6.0 (Android M), there has been a significant amount of changes
to the APIs, one of them is Fingerprint Authentication. Now, we can easily implement
Fingerprint Authentication in our application in the devices having the Fingerprint sensor.
The whole process of Fingerprint Authentication can be summarized into the below steps:
2. As fingerprints can only be registered on the devices which have its lock screen
protected by a PIN, pattern or password. So, we have to check if the lock screen of the
4. You have to gain access to the storage area that is used to store the cryptographic keys
on Android devices i.e. Keystore. So, create an instance of the Keystore to gain access
of the Android Keystore container. After that, generate an encryption key with the
5. With the help of the key generated and stored in the Keystore container, initialize
the instance of the Cipher class and use this instance to create a CryptoObject and
6. Call the authenticate method of the FingerprintManger class and implement methods
So, we have seen the theory of Fingerprint Authentication. Now let’s move on to the
implementation part of the same.
Create a new project in Android Studio and name it according to your choice. Also, set the
minimum API to 23 i.e. Android 6.0.
After creating the project, please ensure that your device has some kind of
authentication other than fingerprint because the Fingerprint Authentication will work in
that case only.
Add the permission of fingerprint in your androidmanifest.xml file. So, add the
USE_FINGERPRINT permission in your manifest file:
<uses-permission android:name="android.permission.USE_FINGERPRINT"/>
Before moving towards the coding part of the app, let’s write the code for the UI part. Here in
the UI, we will be having one ImageView and one TextView. So, the code for the
activity_main.xml file is:
<ImageView
android:layout_width="160dp"
android:layout_height="160dp"
app:layout_constraintEnd_toEndOf="parent"
app:layout_constraintStart_toStartOf="parent"
android:layout_marginStart="8dp"
app:layout_constraintBottom_toBottomOf="parent"
android:layout_marginTop="8dp"
app:layout_constraintTop_toTopOf="parent"
android:layout_marginBottom="8dp"
android:src="@drawable/ic_fingerprint"
android:layout_marginEnd="8dp"
android:id="@+id/fingerprint_iv"/>
<TextView
android:id="@+id/fingerprint_tv"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:layout_marginStart="8dp"
app:layout_constraintEnd_toEndOf="parent"
app:layout_constraintStart_toStartOf="parent"
android:layout_marginTop="32dp"
app:layout_constraintTop_toBottomOf="@+id/fingerprint_iv"
android:layout_marginEnd="8dp"
android:text="Touch the Fingerpeint Sensor"
android:textSize="24sp"/>
</androidx.constraintlayout.widget.ConstraintLayout>
You can replace the image of the ImageView according to your choice.
if (checkLockScreen()) {
//some other task
}
}
private fun checkLockScreen(): Boolean {
keyguardManager = getSystemService(Context.KEYGUARD_SERVICE)
as KeyguardManager
fingerprintManager = getSystemService(Context.FINGERPRINT_SERVICE)
as FingerprintManager
//some other task
}
}
Our next task is to check if the Lock Screen is PIN or password protected. Also, if it is
password protected then we have check if some fingerprint is already associated with the
device or not. So, we will perform these checking in the checkLockScreen() method of
MainActivity.kt file.
Toast.makeText(this,
"Lock screen security not enabled",
Toast.LENGTH_LONG).show()
return false
}
if (ActivityCompat.checkSelfPermission(this,
Manifest.permission.USE_FINGERPRINT) !=
PackageManager.PERMISSION_GRANTED) {
Toast.makeText(this,
"Permission not enabled (Fingerprint)",
Toast.LENGTH_LONG).show()
return false
}
if (fingerprintManager.hasEnrolledFingerprints() == false) {
Toast.makeText(this,
"No fingerprint registered, please register",
Toast.LENGTH_LONG).show()
return false
}
return true
}
Now, we have to generate an encryption key which will be stored in the Android Keystore
System. So, we have to gain access of the Keystore and then generate the encryption key with
the help of generateKey() method.
secure our app as much as we can. In this article, we will take a look at the
fingerprint and a login button. After clicking on the login button we will apply our
fingerprint. And if that same fingerprint is added into the Security setting then we will
get login success. A sample video is given below to get an idea about what we are
going to do in this article. Note that we are going to implement this project using
The release of an iPhone without a fingerprint sensor has brought along some talk
about using fingerprints for authentication and how securely the data is stored. That's
awesome. Even if you're not concerned about how it's done, you need a lot of other
people to be concerned so that it's done in a way you don't have to worry about!
For starters, Apple uses a similar solution and if you have an older model with a
fingerprint sensor you're just as safe using it as you were before. The same goes for
older Samsung phones that launched pre-Marshmallow and used Samsung's own
methods.
The way Google stores your fingerprint data is the most secure way possible with
current tech. It's also fascinating how simple the overview of the whole thing is once
you have a look at it. Simple and secure is always a winning combo.
Storage is, by its nature, not very secure. It's the same thing as writing something on a
post-it note and putting it in a file cabinet. It's there because it needs to be there, and
the best thing you can do is control who has access to it. For a file cabinet, you use a
lock, and for your phone, you use encryption. For your fingerprint data, things go one
step further: a Trusted Execution Environment (TEE).
A TEE is a separate and isolated area in the phone's hardware. A TEE might use its
own processor and memory or it can use a virtualized instance on the main CPU. In
both cases, the TEE is fully isolated and insulated using hardware-backed memory
and input/output protection. The only way you will be getting in is if the TEE lets you
in, and it never will. Even if the phone is rooted or the bootloader unlocked, the TEE
is separate and still intact.
Other manufacturers can use Trusty OS or then can use a different system. As long as all the
criteria are met (listed below) and the TEE is isolated and insulated it will meet the security
When you register a fingerprint on your Android phone, the sensor grabs the data from the
scan. Trusty OS analyzes this data inside the TEE, then creates two things: a set of validation
data and an encrypted fingerprint template. This appears to be junk data to everything except
the TEE who also has the key to decipher that junk data. This encrypted fingerprint template
is stored in an encrypted container either on the TEE or on your phone's encrypted storage.
Three encryption layers mean it's nearly impossible to get the data, and even if you could it's
he validation data is stored inside the TEE. When you place your finger on the scanner to try
and do something, the scanner builds a profile of data. Through the Trusty API, the
associated application asks the kernel to ask the TEE if it's right. The TEE checks against the
stored validation data using its separate processor and memory, and if enough of the data