Integration of the User Input ASM
  • 03 Dec 2024
  • 9 Minutes à lire
  • Sombre
    Lumière
  • PDF

Integration of the User Input ASM

  • Sombre
    Lumière
  • PDF

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

Android iOS

Integration of the User Input ASM (PIN/password)

The User Input ASM can optionally be included in your app. This ASM authenticates the user during FIDO operations. It ASM contains two sets of authenticators to handle a local secret: one for PIN and one for password. Each of the authenticators can handle only one local secret.

The ASM requests the user to manually enter a local secret known only by the user. This local secret can be a PIN or a password. The characters of the secret the user enters are hidden. Once the local secret has been entered and confirmed, the enrollment is completed. The weakness of the local secret can be verified during the enrollment, if this option is enabled.

When several accounts are registered with these authenticators, the first account enrolls a local secret; for the other accounts the user must authenticate by entering the same local secret. This has to be repeated until all the accounts registered with a given authenticator are deregistered.

Weak password control

User Input ASM authenticator uses the weak password control mechanism, the detection rules for weak passwords are:

  • The difference between consecutive digits of the password must vary. Example: 12345 is a weak password because the difference between the consecutive digits is always +1.

  • A row of 0s (N-1 0s for a PIN of N digits) followed by a number (e.g. 00003) or a number followed by a row of 0s (e.g. 2000) are not valid. (This is the ATM mimic.)

Weak password control is used during the activation process and on password change.

Weak password control with numeric passwords

Password

Steps suite

Control result

123456

1 1 1 1 1

FAIL

111111

0 0 0 0 0

FAIL

678901

1 1 1 -9 1

SUCCESS

02468

2 2 2 2 2

FAIL

876543

-1 -1 -1 -1 -1

FAIL

123467

1 1 1 2 1

SUCCESS

415263

-3 4 -3 4-3

SUCCESS

Weak password control with alphanumeric passwords

Password

Decimal Value

Steps suite

Control result

ABCDEF

65,66,67,68,69,70

1 1 1 1 1

FAIL

tsrqpo

116, 115, 114, 113, 112, 111

-1 -1 -1 -1 -1

FAIL

Weak password control with ATM rule

Password

Control result

000005

FAIL

200000

FAIL

007000

SUCCESS

Android

Dependencies

To integrate this ASM, first add the Common ASM to your application’s module build.gradle file. See Dependencies for more information about the Common ASM Android dependencies.

Next, add the User Input ASM artifact and ConstraintLayout dependency. After adding these items, the build.gradle file should look like this:

dependencies {
   // CommonASM and its dependencies
   api files("path to library/FIDOUAFUserInputASM.aar")
   api "androidx.constraintlayout:constraintlayout:2.0.4"
   implementation "androidx.annotation:annotation:1.2.0"
   implementation "com.esotericsoftware:kryo:5.1.1"
   implementation "org.bouncycastle:bcprov-jdk15on:1.65"
    }

Permission

The following Android permission will be added automatically to your binary:

  • android.permission.VIBRATE: The phone will vibrate when the user clicks buttons on the PIN pad, or when a wrong PIN is entered.

Descriptor and metadata

According to your requirements (i.e. use PIN or Password authenticators independently or at the same time), add the following lines to the descriptorclass array in your res/raw/asmdescriptors.json file:

  • com.vasco.fido.uaf.asm.presence.PinASMDescriptor

  • com.vasco.fido.uaf.asm.presence.PasswordASMDescriptor

See Embedding of an authenticator for more details.

The ASM is delivered with the following metadata files for Android:

  • PIN

    • BD51#0005 (secure hardware protected devices with ECDSA)

    • BD51#0007 (software protected devices with ECDSA)

  • Password

    • BD51#0008 (secure hardware protected devices with ECDSA)

    • BD51#000A (software protected devices with ECDSA)

Customization

You can omit the customization of the ASM—this is an optional feature of the FIDO Authentication Solution!

PIN customization

To facilitate the customization, you can use the default resources from the package (FIDO UAF SDK /Android/User Input ASM/Values).

You can use the Android XML system to customize the ASM.

To facilitate the customization, you can use the default resources from the package (FIDO UAF SDK /Android/User Input ASM/Values).

User Input ASM—PIN Registration on Android shows the customized PIN registration screen on an Android device.

User Input ASM—PIN Registration on Android

Functional data

The following functional data (as integer values) can be customized via the integers.xml file:

User Input ASM PIN Customization—Functional Data

Key

Default text

Description

vds_asm_pin_length

6

PIN length, from 4 to 8

Strings

The following raw string values can be customized via the strings.xml file:

User Input ASM PIN Customization—Strings

Key

Default text

Description

vds_asm_pin_text_title

PIN Authenticator

Title PIN Authenticator

vds_asm_pin_text_description

You must define a PIN to authenticate yourself during sensitive operations.

Description

vds_asm_pin_text_registration

Choose a PIN

Text for registration

vds_asm_pin_text_confirmation

Confirm your PIN

Text for confirmation

vds_asm_pin_text_authentication

Enter your PIN

Text for authentication

vds_asm_pin_error_weak

The PIN is too simple. Choose a more complex PIN.

Weak PIN error

vds_asm_pin_error_confirmation

The PIN confirmation has failed. Make sure you entered the same PIN twice.

PIN confirmation error

vds_asm_pin_text_error_failure

The authentication has failed.

Text displayed in case of authentication failure

Colors

The following colors in #argb and #rgb hex format can be customized via the colors.xml file.

User Input ASM PIN Customization—Colors

Key

Default text

Description

vds_asm_pin_text_color

#ff000000

Text color

vds_asm_pin_background_color

#ffffffff

Background color

vds_asm_pin_input_color

#ffffc107

Secure input color

vds_asm_pin_arrow_color

#ffffc107

Delete arrow color

vds_asm_pin_digit_color

#ff000000

PIN pad digits color

vds_asm_pin_text_error_color

#ffff0000

Text color in case of error

Dimensions

The following dimen-type dimensions with values like dp, px, or sp can be customized via the dimens.xml file.

User Input ASM PIN Customization—Dimensions

Key

Default text

Description

vds_asm_pin_padding

20dp

PIN dialog padding

vds_asm_pin_digit_size

60dp

PIN digit size

vds_asm_pin_digit_spacing

10dp

PIN digit spacing

vds_asm_pin_clue_size

25dp

PIN square clue size

vds_asm_pin_clue_spacing

0dp

PIN square clue spacing

vds_asm_pin_clue_margin

0dp

PIN square clue margin

vds_asm_pinpad_title_text_min_size

12sp

Minimum size of the PIN title

vds_asm_pinpad_title_text_max_size

20sp

Maximum size of the PIN title

vds_asm_pinpad_error_text_min_size

12sp

Minimum size of the PIN error text

vds_asm_pinpad_error_text_max_size

20sp

Maximum size of the PIN error text

vds_asm_pinpad_text_size_granularity

1sp

Granularity of the title and the error text

Icon

You can customize the icon that is displayed when the user has to choose between authenticators. It depends on the following resource string:

  • vds_asm_pin_icon_drawable_name

The string value (by default vds_asm_pin_icon) corresponds to the name of a drawable resource, usually located in the drawable part of the Android resources system (e.g. res/drawable/vds_asm_pin_icon.png).

PIN Icon—Example

Password customization

To facilitate the customization, you can use the default resources from the package (FIDO UAF SDK /Android/User Input ASM/Values).

You can use the Android XML system to customize the ASM.

To facilitate the customization, you can use the default resources from the package (FIDO UAF SDK /Android/User Input ASM/Values).

User Input ASM—Password Registration on Android shows the customized password registration screen on an Android device.

User Input ASM—Password Registration on Android

Functional data

The following data (as integer values) can be customized via the integers.xml file:

User Input ASM Password Customization—Functional Data

Key

Default text

Description

vds_asm_password_length_min

6

Password min length (from 4)

vds_asm_password_length_max

255

Password max length (up to 255)

Strings

The following raw string values can be customized via the strings.xml file:

User Input ASM Password Customization—Strings

Key

Default text

Description

vds_asm_password_text_title

Password Authenticator

Title

vds_asm_password_text_description

You must define a password to authenticate yourself during sensitive operations.

Description

vds_asm_password_text_registration

Choose a password

Text for registration

vds_asm_password_text_confirmation

Confirm your password

Text for confirmation

vds_asm_password_text_authentication

Enter your password

Text for authentication

vds_asm_password_error_weak

The password is too simple. Choose a more complex password.

Weak password error

vds_asm_password_error_confirmation

The password confirmation has failed. Make sure you entered the same password twice.

Password confirmation error

vds_asm_password_text_error_failure

The authentication has failed.

Text displayed in case of authentication failure

vds_asm_password_text_placeholder

Password

Placeholder

vds_asm_password_button_validation_text

OK

Text for validation button

Colors

The following colors in #argb and #rgb hex format can be customized via the colors.xml file.

User Input ASM Password Customization—Colors

Key

Default text

Description

vds_asm_password_background_color

#ffffffff

Background color

vds_asm_password_button_validation_text_color_enabled

#ff000000

Text color for validation button enabled

vds_asm_password_button_validation_text_color_disabled

#ffa6a6a6

Text color for validation button disabled

vds_asm_password_button_validation_background_color

#ffd9d9d9

Background color for validation button

vds_asm_password_text_error_color

#ffff0000

Text color in case of error

vds_asm_password_text_color

#ff000000

Password text color

Dimensions

The following dimen-type dimensions with values like dp, px, or sp can be customized via the dimens.xml file.

User Input Password ASM Customization—Dimensions

Key

Default text

Description

vds_asm_password_buttons_horizontal_margin

0dp

Left and right margin of the validation button

vds_asm_password_buttons_vertical_margin

5dp

Top and bottom margin of the validation button and the password input

vds_asm_password_screen_padding

16dp

Padding of the password dialog

vds_asm_password_dialog_spacing_vertical

16dp

Outer margin of the password dialog

vds_asm_password_title_text_size

20sp

Size of the title text

Icon

You can customize the icon that is displayed when the user has to choose between authenticators. It depends on the following resource string:

  • vds_asm_password_icon_drawable_name

The string value (by default vds_asm_password_icon) corresponds to the name of a drawable resource, usually located in the in the drawable part of the Android resources system (e.g. res/drawable/vds_asm_password_icon.png).

Password Icon—Example

You can use the Android XML system to customize the ASM. User Input ASM—Password Registration on Android shows the customized password registration screen on an Android device.

iOS

Dependencies

To integrate this ASM, add the following dependencies to your app:

  • All the Common ASM iOS dependencies as listed in Dependencies.

  • FIDOUAFUserInputASMResources.bundle (linked framework and libraries)

  • FIDOUAFUserInputASM.xcframework (linked framework and libraries)

Initialization and metadata

To integrate the PIN or password authenticator with C++

  • According to your requirements (i.e. use PIN or password authenticators independently or at the same time), add the following lines to AppDelegate in the didFinishLaunchingWithOptions: method:

    #import <FIDOUAFUserInputASM/FIDOUserInputASMInstanceCreator.hpp>
    asmcore::ASMFactory::addAuthenticator
    (FIDOUserInputASMInstanceCreator::createPinInstance());
    asmcore::ASMFactory::addAuthenticator
    (FIDOUserInputASMInstanceCreator::createPasswordInstance());

    See Embedding of an authenticator for more details.

    The ASM is delivered with the following metadata files for iOS:

    • PIN

      • BD51#000B (secure hardware protected devices with ECDSA)

    • Password

      • BD51#000D (secure hardware protected devices with ECDSA)

To integrate the PIN or password authenticator with Swift/Objective-C

  • According to your requirements (i.e. use PIN or password authenticators independently or at the same time), add the following lines to AppDelegate in the didFinishLaunchingWithOptions: method:

    import FIDOUAFUserInputASM
    // Add user input PIN authenticator to ASM
    FIDOUserInputASM.registerPinAuthenticator()
    // Add user input password to ASM
    FIDOUserInputASM.registerPasswordAuthenticator() 

    See Embedding of an authenticator for more details.

    The ASM is delivered with the following metadata files for iOS:

    • PIN

      • BD51#000B (secure hardware protected devices with ECDSA)

    • Password

      • BD51#000D (secure hardware protected devices with ECDSA)

Customization

You can omit the customization of the ASM—this is an optional feature of the FIDO Authentication Solution!

PIN customization

You can use the iOS Localizable.strings to customize the ASM. User Input ASM—PIN Registration on iOS shows the customized PIN registration screen on an iOS device.

User Input ASM—PIN Registration on iOS

Customization keys

The following keys are available for the customization of this authenticator:

User Input ASM—PIN Customization Keys

Key

Default text

Description

vds_asm_pin_length

6

PIN length, from 4 to 8

vds_asm_pin_text_title

PIN Authenticator

Title

vds_asm_pin_text_description

You must define a PIN to authenticate yourself during sensitive operations.

Description

vds_asm_pin_text_registration

Choose a PIN

Text for registration

vds_asm_pin_text_confirmation

Confirm your PIN

Text for confirmation

vds_asm_pin_text_authentication

Enter your PIN

Text for authentication

vds_asm_pin_error_weak

The PIN is too simple. Choose a more complex PIN.

Weak PIN error

vds_asm_pin_error_confirmation

The PIN confirmation has failed. Make sure you entered the same PIN twice.

PIN confirmation error

vds_asm_pin_text_error_failure

The authentication has failed.

Text displayed in case of authentication failure

vds_asm_pin_text_color

#ff000000

Text color

vds_asm_pin_background_color

#ffffffff

Background color

vds_asm_pin_input_color

#ffffc107

Secure input color

vds_asm_pin_arrow_color

#ffffc107

Delete arrow color

vds_asm_pin_digit_color

#ff000000

PIN pad digits color

vds_asm_pin_text_error_color

#ffff0000

Text color in case of error

Icon

You can customize the icon that is displayed when the user has to choose between authenticators. It depends on the following resource string:

  • vds_asm_pin_icon

The string value (by default user_input_pin) corresponds to the name of a drawable resource, usually located in the drawable part of the iOS resources system (e.g. userinput_pin.png).

PIN Icon—Example

Dark mode support

The Tutorial App is delivered with a storyboard called FIDO_UAF_UserInputPinASM.storyboard (see Tutorial App—User Input ASM PIN Storyboard).

By modifying it, it is possible to customize fonts and colors. The Dark mode is managed by declaring named colors in the Assets catalog Images.xcassets. This feature requires iOS 11 or later.  The storyboard takes over the string customization of colors as soon as it is added in the integrating project.

FIDO_UAF_UserInputPinASM.storyboard in XCode

Tutorial App—User Input ASM PIN Storyboard

This storyboard contains several links to outlets that are defined inside the FIDOUAFUserInputASM.xcframework. These links cannot be restored if they are removed.

The error in the storyboard (see Tutorial App User Input ASM PIN Storyboard—Error Message) is displayed by default and does not indicate that the compilation has failed.

Tutorial App User Input ASM PIN Storyboard—Error Message

Password customization

You can use the iOS Localizable.strings to customize the ASM. User Input ASM—Password Registration on iOS shows the customized password registration screen on an iOS device.

User Input ASM—Password Registration on iOS

Customization keys

The following keys are available for the customization of this authenticator:

User Input ASM—Password Customization Keys

Key

Default text

Description

vds_asm_password_length_min

6

Password min length (from 4)

vds_asm_password_length_max

255

Password max length (up to 255)

vds_asm_password_text_title

Password Authenticator

Title

vds_asm_password_text_description

You must define a password to authenticate yourself during sensitive operations.

Description

vds_asm_password_text_registration

Choose a password

Text for registration

vds_asm_password_text_confirmation

Confirm your password

Text for confirmation

vds_asm_password_text_authentication

Enter your password

Text for authentication

vds_asm_password_error_weak

The password is too simple. Choose a more complex password.

Weak password error

vds_asm_password_error_confirmation

The password confirmation has failed. Make sure you entered the same password twice.

Password confirmation error

vds_asm_password_text_error_failure

The authentication has failed.

Text displayed in case of authentication failure

vds_asm_password_text_placeholder

Password

Placeholder

vds_asm_password_button_validation_text

OK

Text for validation button

vds_asm_password_text_color

#ff000000

Text color

vds_asm_password_background_color

#ffffffff

Background color

vds_asm_password_button_validation_text_color_enabled

#ff000000

Text color for validation button enabled

vds_asm_password_button_validation_text_color_disabled

#ffa6a6a6

Text color for validation button disabled

vds_asm_password_button_validation_background_color

#ffd9d9d9

Background color for validation button

Icon

You can customize the icon that is displayed when the user has to choose between authenticators. It depends on the following resource string:

  • vds_asm_password_icon

The string value (by default userinput_password) corresponds to the name of a drawable resource, usually located in the iOS resources system (e.g. vds_asm_password_icon).

Password Icon—Example

Dark mode support

The Tutorial App is delivered with a storyboard called FIDO_UAF_UserInputPasswordASM.storyboard (see Tutorial App—User Input ASM Password Storyboard).

Modify this storyboard to customize fonts and colors. To manage the Dark mode, declare named colors in the Assets catalog Images.xcassets.  The storyboard takes over the string customization of colors as soon as it is added in the integrating project.

This feature requires iOS 11 or later.

FIDO_UAF_UserInputPinASM.storyboard in XCode

Tutorial App—User Input ASM Password Storyboard

This storyboard contains several links to outlets that are defined inside the FIDOUAFUserInputASM.xcframework. These links cannot be restored if they are removed.


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle