Windows指纹管理程序开发指南.docx

Windows指纹管理程序开发指南.docx

《Windows指纹管理程序开发指南.docx》由会员分享，可在线阅读，更多相关《Windows指纹管理程序开发指南.docx（22页珍藏版）》请在冰豆网上搜索。

Windows指纹管理程序开发指南

DesigningWindowsBiometricFramework（WBF）FingerprintManagementApplications

June30,2009

Abstract

Thispaperprovidesdesignguidancetodevelopersoffingerprintmanagementapplications（FMAs）thatarecompatiblewiththeWindows®BiometricFramework（WBF）.

Thispaperisfor:

∙DevelopersandproductmanagerswhoareplanningorimplementingFMAsbuiltontheWBF.

∙FingerprintsensorvendorswhoshipbundledsoftwaretorunonWindows 7withtheirsensors.

∙Independentsoftwarevendors（ISVs）whoimplementsensor-independentenrollmentexperiences.

∙Independenthardwarevendors（IHVs）whocanbenefitfromabetterunderstandingofhowFMAdeveloperswouldinteractwiththeirsensors.

ThispaperassumesthatthereaderhasabasicunderstandingoftheWindowsBiometricFramework（WBF）,theWindowsBiometricDriverInterface（WBDI）,Windows 7userexperienceguidelines,andgeneralfingerprintmanagementconcepts.

Thisinformationappliestothefollowingoperatingsystems:

WindowsServer® 2008R2

Windows 7

Referencesandresourcesdiscussedherearelistedattheendofthispaper.

ThecurrentversionofthispaperismaintainedontheWebat:

TheinformationcontainedinthisdocumentrepresentsthecurrentviewofMicrosoftCorporationontheissuesdiscussedasofthedateofpublication.BecauseMicrosoftmustrespondtochangingmarketconditions,itshouldnotbeinterpretedtobeacommitmentonthepartofMicrosoft,andMicrosoftcannotguaranteetheaccuracyofanyinformationpresentedafterthedateofpublication.

ThisWhitePaperisforinformationalpurposesonly.MICROSOFTMAKESNOWARRANTIES,EXPRESS,IMPLIEDORSTATUTORY,ASTOTHEINFORMATIONINTHISDOCUMENT.

Complyingwithallapplicablecopyrightlawsistheresponsibilityoftheuser.Withoutlimitingtherightsundercopyright,nopartofthisdocumentmaybereproduced,storedinorintroducedintoaretrievalsystem,ortransmittedinanyformorbyanymeans（electronic,mechanical,photocopying,recording,orotherwise）,orforanypurpose,withouttheexpresswrittenpermissionofMicrosoftCorporation.

Microsoftmayhavepatents,patentapplications,trademarks,copyrights,orotherintellectualpropertyrightscoveringsubjectmatterinthisdocument.ExceptasexpresslyprovidedinanywrittenlicenseagreementfromMicrosoft,thefurnishingofthisdocumentdoesnotgiveyouanylicensetothesepatents,trademarks,copyrights,orotherintellectualproperty.

Unlessotherwisenoted,theexamplecompanies,organizations,products,domainnames,e-mailaddresses,logos,people,placesandeventsdepictedhereinarefictitious,andnoassociationwithanyrealcompany,organization,product,domainname,emailaddress,logo,person,placeoreventisintendedorshouldbeinferred.

©2009MicrosoftCorporation.Allrightsreserved.

Microsoft,Win32,Windows,andWindowsServerareeitherregisteredtrademarksortrademarksofMicrosoftCorporationintheUnitedStatesand/orothercountries.

Thenamesofactualcompaniesandproductsmentionedhereinmaybethetrademarksoftheirrespectiveowners.

DocumentHistory

Date

Change

June30,2009

Firstpublication

Contents

Introduction

Thisdocumentprovidesguidelinesforfingerprintmanagementapplications（FMAs）thatarebuiltontheWindows®BiometricFramework（WBF）.Afterreadingthisdocument,readerswillbebetterequippedtodesignFMAsthatworkefficientlyontopoftheWBF.Theinformationinthisdocument:

∙Assistsindependentsoftwarevendors（ISVs）,independenthardwarevendors（IHVs）,andoriginalequipmentmanufacturers（OEMs）indesigningFMAsthatworkseamlesslywithsupportedfingerprintsensorsonWindows 7.

∙Helpstoensureaconsistentend-userexperience.

∙Enablesbiometricdevicesandsoftwaresolutionstointeractsmoothly.

Byconformingtotheguidelinespresentedinthiswhitepaper,FMAdeveloperswillbeabletomakethemostoutofthebiometricsupportavailableinWindows 7.SomeoftheadvantagesofferedbytheWBFinclude:

∙Lowersupportcosts.

IntegratingwiththeWBFlowersthesupportcostsofbiometricsolutionsbyprovidingaconsistentcoreexperienceanddiagnosticinfrastructure.

∙Noneedforcustomintegrationwithspecificdevices.

TheWBFenablesmultiplebiometricdevicesandsoftwaresolutionstocoexistonasinglemachinewithouttheneedforcustomintegration.

∙Biometricsfeaturediscovery.

TheWBFpromotesbiometricsasatechnologybyintegratingitwithcoreWindowsuserexperiences.TheWBFpublishesdiscoverypointsthroughDeviceManager,DevicesandPrinters,ControlPanel,SearchableTasks,andothermechanisms.

∙Simplifiedadoption.

TheWBFsimplifiestheincorporationofbiometriccapabilitiesintonewapplicationsbyprovidingaplatformapplicationprogramminginterface（API）thatworksacrossalldevices.

GlossaryofTerms

Biometricunit（BU）

AcommonrepresentationofabiometricdevicethatisprovidedbytheWindowsBiometricService（WBS）.

Completeunenrollment

Theactofremovingallofauser’sfingerprint-matchingtemplatesfromallavailablestorageadaptersandremovingtheuser’sauthenticationinformationfromtheWindowsBiometricCredentialManager.

Enrollment

Inthecontextofbiometrics,enrollmentistheprocessofsupplyingreferencesamplesofabiometricforlatermatching.Infingerprintenrollment,theuserneedstoprovideasampleonthesensor（swipeortouch）tomakeamatchingtemplate.

Fingerprintassociation

Auser-friendlytermforeither:

∙AfingerprintrecordintheWindowsFingerprintStore.

∙Theenrollmentstepstocreateafingerprintrecord.

Afingerprintrecordislinkedtothesensorthatwasusedtoenrollthefingerprint.Auser’sfingercouldhaveafingerprintassociationwithmultiplesensors,andthushavearecordforeachsensor.

Fingerprintmanagementapplication（FMA）

Athird-partyapplicationthatextendsWBFbyprovidingmanagementcapabilitiesandenablesadditionalscenarios,includingenrollmentexperiences,Websingle-sign-on,andmanagementofproprietaryattributesofafingerprintbiometricdevice.

Personallyidentifiableinformation（PII）

DatathatisconsideredPIIisprivacy-sensitiveandmustbetreatedwithspecialcare.Fingerprintsandbiometricsfallintothiscategory.

Registration

Anothertermforenrollment.

Unenrollment

Toremoveoneormorefingerprinttemplatesfromoneormorestorageadapters.Itispossibletounenrollsomefingerprintsforauserandleaveotherfingerprintsenrolled.Completeunenrollmentreferstoremovingallfingerprintdataforagivenuser.

WindowsBiometricFrameworkOverview

TheWindows 7operatingsystemprovidesnativesupportforfingerprintbiometricdevicesthroughtheWindowsBiometricFramework（WBF）.Thisframeworkprovides:

∙Amoreconsistentuserexperience.

∙Acommonplatformandasetofinterfacesforsoftwaredevelopers.

∙ImprovedmanageabilityandserviceabilityoffingerprintbiometricdevicesinWindows.

TheWBFcomponentsthatdeliverthesefeaturesincludethefollowing:

∙Coreplatformcomponents,includingadriverinterfacedefinition,apluggableexpansionplatform,andaclientAPI.

∙User-experiencecomponentsthatprovideaconsistentuserexperienceintheWindowsoperatingsystem.Thiscomponentincludessupportforthecorescenariosoflogonanduseraccountcontrol（UAC）.

∙Managementcomponentsthatletusersandadministratorsconfigurebiometricsandbiometricdevices.ThesecomponentssupportbiometricconfigurationeitherlocallyonasinglecomputersystemorgloballyforadomainthroughGroupPolicy.

∙AWBFcomponent-distributionmechanismthatletsbiometricdriversandothercomponentsbedistributedthroughWindowUpdateandActionCenter.

FingerprintManagementApplicationOverview

Youcanbuildarangeofhigh-valueapplicationsusingtheWBFAPI.Suchanapplicationmightbeeither:

∙Asimpleenrollmentapplication.

∙Acomplexsuiteofapplicationsandmanagementcapabilities.

Applicationsinthesecondcategoryarecommonlyreferredtoasfingerprintmanagementapplications（FMAs）.Inadditiontoprovidinganenrollmentcapability,anFMAmightperformoneormoreofthefollowingtasks:

∙Provideadditionalmechanismsformanaginguserdata,suchasenrollingordeletingfingerprinttemplates.

∙Providemechanismsformanagingandconfiguringdevices,suchasperformingfirmwareupgrades.

∙Exposeproprietarycapabilitiesofadevice.

∙Serveasaconfigurationpointforthird-partyWBF-enabledapplicationssuchasWebsingle-sign-on（WebSSO）andfastuserswitching（FUS）.

FormoreinformationontheWBFAPI,see“Resources”laterinthispaper.

FMADesignGuidelines

Toensureaconsistent,high-qualitybiometricexperienceforendusersinWindows 7,werecommendthatyoufollowtheguidelinespresentedinthissectionwhenyouwriteanFMA.

FMAFlow

TheFMAshouldguidetheuserthroughthemostlikelytasksbasedonthecurrentstateofthespecifiedbiometricunit（BU）andthecurrentusercontext.

Figure1providesanoverviewofthetasksinanFMA.

Figure1.SuggestedFMAflow

ThefirstthingthattheFMAshoulddoischeckwhetherbiometricsisinstalledandenabled.IfBiometricsisnotinstalledandenabled,theFMAshoulddirecttheusertoinstallit.Next,theFMAshouldcheckwhethertheuserhasanyenrolledtemplatesthatarecompatiblewiththespecifiedbiometricunit.Ifnotemplatesexist,theFMAshouldguidetheuserthroughtheenrollmentprocess.

Iftheuserhascompatibletemplatesenrolled,thentheFMAshouldallowtheusertochoosebetweenthefollowingtasks:

∙Addorremovetemplates.

∙Configurefingerprint-enabledapplications.

∙Perform