我有android应用程序,后端是.NET站点。
我已经使用Hampster Fingkey扫描仪为我的用户注册了FingerPrints,并将他们的指纹存储在服务器中。
有没有办法使用我可以获得FingerPrint并将数据发送到服务器并在我的SQL数据库中与Android匹配?
这可能吗?
答案 0 :(得分:0)
I don't think you can access the actual fingerprint. If you could, any malicious app with access to the fingerprint scanner could steal a very private piece of information (which could potentially be used for identity theft, let alone frame you for a crime you did not commit).
I know that this is Android and not iOS, but I still think it's relevant to read and think about what Apple has to say about security and privacy for its Touch ID technology:
Touch ID doesn't store any images of your fingerprint. It stores only a mathematical representation of your fingerprint. It isn't possible for someone to reverse engineer your actual fingerprint image from this mathematical representation. The chip in your device also includes an advanced security architecture called the Secure Enclave which was developed to protect passcode and fingerprint data. Fingerprint data is encrypted and protected with a key available only to the Secure Enclave. Fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. The Secure Enclave is walled off from the rest of the chip and the rest of iOS. Therefore, iOS and other apps never access your fingerprint data, it's never stored on Apple servers, and it's never backed up to iCloud or anywhere else. Only Touch ID uses it, and it can't be used to match against other fingerprint databases.
Do you really need to compare actual fingerprints? Wouldn't it be sufficient to compare a set of secrets guarded by the fingerprint scanners? If you can indeed just compare secrets guarded by the fingerprint scanners, this SO answer will probably guide you towards a solution.