Android - 存储在设备中的指纹信息的安全位置和安全性
[英]Android - Where and how securely is fingerprint information stored in a device
问题描述
I have been reading quite a bit about fingerprint sensors and their growing presence in smart phones. 
我一直在阅读有关指纹传感器以及它们在智能手机中不断增长的存在。 I understand that at the basic level, there is a digital image that gets registered and it serves as a template for authentication. 据我所知,在基本级别,有一个数字图像可以注册,它可以作为身份验证的模板。 I understand that fingerprint related processing takes place in a Trusted Execution Environment. 我知道指纹相关处理发生在可信执行环境中。 However, I would like to know where the "template" gets saved and in what format? 但是,我想知道“模板”的保存位置和格式是什么?
1 个解决方案
解决方案1
8 已采纳 2017-01-13 10:23:46
Trusted Execution Environment (TEE)
Google has made a noteworthy step in the right direction by moving all print data manipulation to the Trusted Execution Environment (TEE) and providing strict guidelines for fingerprint data storage that manufacturers must follow. 通过将所有打印数据操作移至可信执行环境(TEE)并为制造商必须遵循的指纹数据存储提供严格的指导,Google已朝着正确的方向迈出了值得注意的一步。
All fingerprint data manipulation is performed within TEE
所有指纹数据操作都在TEE内执行 All fingerprint data must be secured within sensor hardware or trusted memory so that images of your fingerprint are inaccessible
必须在传感器硬件或可信存储器中保护所有指纹数据,以便无法访问指纹图像 Fingerprint data can be stored on the file system only in encrypted form,
指纹数据只能以加密形式存储在文件系统中,
regardless of whether the file system itself is encrypted or not无论文件系统本身是否加密 Removal of the user must result in removal of the user's existing fingerprint data
删除用户必须导致删除用户现有的指纹数据 Root access must not compromise fingerprint data
Root访问权限不得损害指纹数据
Data Source infinum.co 数据源infinum.co
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.