Dayanand College of Commerce Latur

Department of Computer Application

Certificate
This is to certify that project report on

“Fingerprint Authentication”
Submitted by

Sr. no Name Exam Seat No.

1. Jadhav Harshada Kashinath ZI 11378

BCA T.Y
As per the requirement of Swami Ramanand Teerth Marathwada University,
Nanded in partial fulfillment of degree“Bachelor of Computer
Application”
For academic year 2022-2023.

Seminar Guide Internal Examiner External Examiner HOD

Prof.Shendge L.S. Prof. S.V. Swami
Swami Ramanand Teerth Marathwada University, Nanded

Dayanand College of Commerce, Latur

Department of Computer Application

2022-2023

Seminar Report on

“Fingerprint authentication”

Submitted By

Jadhav Harshada Kashinath (Roll No ZI 11378)

Fingerprint Authentication Abstract:

This System is Simple but a smart application used to secure notes via Finger Print

Authentication. This System can also be referred as Keyless Authentication unlike

traditional way where it needed a password to enter. This System doesn’t have any

Registration but only the owner of the phone can access these notes as it searches for

the owners print. This System can be used as private notes or personal diary or

important notes; can be given multiple names but plays a similar role of recording

notes and keeping it away from everyone then the phones owner. If there is no

Biometric feature on the phone, this app can’t be used. The user can add new notes,

edit old notes as well as delete notes. The Front end used is Android Studio and the

Back end used is SQLite. Biometric Authentication is the highest level of security

any Phone can offer making it very accurate and very secure.

Gone are the days when you have to manually enter the username and password for login into

some Android application. Not only you have to enter it manually, but it is also a time-

consuming process. Also, if you forgot the password or username then you have to recover it

by going through a series of steps. But on the other end, if we are using Fingerprint for

Authentication, then there is no need to remember password. Also, no two persons can have

the same Fingerprint, so, we need not worry about authenticity.

So, in this blog, we will learn how to use Fingerprint authentication in our Android

applications. So, let’s get started.

Fingerprint Authentication overview

With the release of Android 6.0 (Android M), there has been a significant amount of changes
to the APIs, one of them is Fingerprint Authentication. Now, we can easily implement
Fingerprint Authentication in our application in the devices having the Fingerprint sensor.
The whole process of Fingerprint Authentication can be summarized into the below steps:

1. Requesting Fingerprint Authentication permission within the project’s manifest file.

2. As fingerprints can only be registered on the devices which have its lock screen

protected by a PIN, pattern or password. So, we have to check if the lock screen of the

device is protected by a PIN, pattern or password.

3. Then, create an instance of the FingerprintManager class.

4. You have to gain access to the storage area that is used to store the cryptographic keys

on Android devices i.e. Keystore. So, create an instance of the Keystore to gain access

of the Android Keystore container. After that, generate an encryption key with the

help of keyGenerator class and store it in the Keystore container.

5. With the help of the key generated and stored in the Keystore container, initialize

the instance of the Cipher class and use this instance to create a CryptoObject and

assign it to FringerprintManager instance that you have created earlier.

6. Call the authenticate method of the FingerprintManger class and implement methods

to handle the callbacks.

Fingerprint Authentication Implementation

So, we have seen the theory of Fingerprint Authentication. Now let’s move on to the
implementation part of the same.

Create a new project in Android Studio and name it according to your choice. Also, set the
minimum API to 23 i.e. Android 6.0.

After creating the project, please ensure that your device has some kind of
authentication other than fingerprint because the Fingerprint Authentication will work in
that case only.

Add the permission of fingerprint in your androidmanifest.xml file. So, add the
USE_FINGERPRINT permission in your manifest file:

<uses-permission android:name="android.permission.USE_FINGERPRINT"/>

Before moving towards the coding part of the app, let’s write the code for the UI part. Here in
the UI, we will be having one ImageView and one TextView. So, the code for the
activity_main.xml file is:

<?xml version="1.0" encoding="utf-8"?>

<androidx.constraintlayout.widget.ConstraintLayout
xmlns:android="http://schemas.android.com/apk/res/android"
xmlns:tools="http://schemas.android.com/tools"
xmlns:app="http://schemas.android.com/apk/res-auto"
android:layout_width="match_parent"
android:layout_height="match_parent"
tools:context=".MainActivity">

<ImageView
android:layout_width="160dp"
android:layout_height="160dp"
app:layout_constraintEnd_toEndOf="parent"
app:layout_constraintStart_toStartOf="parent"
android:layout_marginStart="8dp"
app:layout_constraintBottom_toBottomOf="parent"
android:layout_marginTop="8dp"
app:layout_constraintTop_toTopOf="parent"
android:layout_marginBottom="8dp"
android:src="@drawable/ic_fingerprint"
android:layout_marginEnd="8dp"
android:id="@+id/fingerprint_iv"/>

<TextView
android:id="@+id/fingerprint_tv"
android:layout_width="wrap_content"
android:layout_height="wrap_content"
android:layout_marginStart="8dp"
app:layout_constraintEnd_toEndOf="parent"
app:layout_constraintStart_toStartOf="parent"
android:layout_marginTop="32dp"
app:layout_constraintTop_toBottomOf="@+id/fingerprint_iv"
android:layout_marginEnd="8dp"
android:text="Touch the Fingerpeint Sensor"
android:textSize="24sp"/>

</androidx.constraintlayout.widget.ConstraintLayout>
You can replace the image of the ImageView according to your choice.

Fingerprint Authentication makes use of KeyguardManager and the FingerprintManager. So,

in the onCreate() function, you need to obtain these two services:

class MainActivity : AppCompatActivity() {

private lateinit var fingerprintManager: FingerprintManager

private lateinit var keyguardManager: KeyguardManager

override fun onCreate(savedInstanceState: Bundle) {

super.onCreate(savedInstanceState)
setContentView(R.layout.activity_main)

if (checkLockScreen()) {
//some other task
}
}
private fun checkLockScreen(): Boolean {
keyguardManager = getSystemService(Context.KEYGUARD_SERVICE)
as KeyguardManager
fingerprintManager = getSystemService(Context.FINGERPRINT_SERVICE)
as FingerprintManager
//some other task
}
}

Our next task is to check if the Lock Screen is PIN or password protected. Also, if it is
password protected then we have check if some fingerprint is already associated with the
device or not. So, we will perform these checking in the checkLockScreen() method of
MainActivity.kt file.

private fun checkLockScreen(): Boolean {

keyguardManager = getSystemService(Context.KEYGUARD_SERVICE)
as KeyguardManager
fingerprintManager = getSystemService(Context.FINGERPRINT_SERVICE)
as FingerprintManager
if (keyguardManager.isKeyguardSecure == false) {

Toast.makeText(this,
"Lock screen security not enabled",
Toast.LENGTH_LONG).show()
return false
}

if (ActivityCompat.checkSelfPermission(this,
Manifest.permission.USE_FINGERPRINT) !=
PackageManager.PERMISSION_GRANTED) {
Toast.makeText(this,
"Permission not enabled (Fingerprint)",
Toast.LENGTH_LONG).show()

return false
}

if (fingerprintManager.hasEnrolledFingerprints() == false) {
Toast.makeText(this,
"No fingerprint registered, please register",
Toast.LENGTH_LONG).show()
 return false
}
return true
}

Now, we have to generate an encryption key which will be stored in the Android Keystore
System. So, we have to gain access of the Keystore and then generate the encryption key with
the help of generateKey() method.

How to Add Fingerprint Authentication in Your Android App?

now a day, we have seen that most of our Android phone contains fingerprint

authentication. And we can implement that fingerprint authentication in our app so to

secure our app as much as we can. In this article, we will take a look at the

implementation of fingerprint authentication.

We will be building a simple application in which we will be displaying an image of a

fingerprint and a login button. After clicking on the login button we will apply our

fingerprint. And if that same fingerprint is added into the Security setting then we will

get login success. A sample video is given below to get an idea about what we are

going to do in this article. Note that we are going to implement this project using

the Java language.

How does Android save your fingerprints?

The release of an iPhone without a fingerprint sensor has brought along some talk
about using fingerprints for authentication and how securely the data is stored. That's
awesome. Even if you're not concerned about how it's done, you need a lot of other
people to be concerned so that it's done in a way you don't have to worry about!

For starters, Apple uses a similar solution and if you have an older model with a
fingerprint sensor you're just as safe using it as you were before. The same goes for
older Samsung phones that launched pre-Marshmallow and used Samsung's own
methods.
The way Google stores your fingerprint data is the most secure way possible with
current tech. It's also fascinating how simple the overview of the whole thing is once
you have a look at it. Simple and secure is always a winning combo.

Storage is, by its nature, not very secure. It's the same thing as writing something on a
post-it note and putting it in a file cabinet. It's there because it needs to be there, and
the best thing you can do is control who has access to it. For a file cabinet, you use a
lock, and for your phone, you use encryption. For your fingerprint data, things go one
step further: a Trusted Execution Environment (TEE).

A TEE is a separate and isolated area in the phone's hardware. A TEE might use its
own processor and memory or it can use a virtualized instance on the main CPU. In
both cases, the TEE is fully isolated and insulated using hardware-backed memory
and input/output protection. The only way you will be getting in is if the TEE lets you
in, and it never will. Even if the phone is rooted or the bootloader unlocked, the TEE
is separate and still intact.
Other manufacturers can use Trusty OS or then can use a different system. As long as all the

criteria are met (listed below) and the TEE is isolated and insulated it will meet the security

standards needed to use Pixel Imprint (formerly Nexus Imprint).

When you register a fingerprint on your Android phone, the sensor grabs the data from the

scan. Trusty OS analyzes this data inside the TEE, then creates two things: a set of validation

data and an encrypted fingerprint template. This appears to be junk data to everything except

the TEE who also has the key to decipher that junk data. This encrypted fingerprint template

is stored in an encrypted container either on the TEE or on your phone's encrypted storage.

Three encryption layers mean it's nearly impossible to get the data, and even if you could it's

useless without a way to decipher it.

he validation data is stored inside the TEE. When you place your finger on the scanner to try

and do something, the scanner builds a profile of data. Through the Trusty API, the

associated application asks the kernel to ask the TEE if it's right. The TEE checks against the

stored validation data using its separate processor and memory, and if enough of the data