Authentication API
With AuthConfig, you can specify the options related to authenticating credentials. The most important option is authSchedules, which sets the authentication modes available to a device.
Config
message AuthConfig {
repeated AuthSchedule authSchedules;
bool useGlobalAPB;
GlobalAPBFailActionType globalAPBFailAction;
bool useGroupMatching;
bool usePrivateAuth;
FaceDetectionLevel faceDetectionLevel;
bool useServerMatching;
bool useFullAccess;
uint32 matchTimeout;
uint32 authTimeout;
repeated Operator operators;
}
- authSchedules
- Authentication modes available for the device.
- useGlobalAPB
- If true, ask the BioStar server whether to allow access to a user after successful authentication.
You need BioStar V2.x for global APB.
- globalAPBFailAction
- Specify what to do when the BioStar server is unreachable when useGlobalAPB is true.
- useGroupMatching
- If true, use group matching for face authentication. Valid only for FaceStation 2 and FaceLite. See AuthGroup
- usePrivateAuth
- If true, allow different authentication modes per each user. You can set the private authentication modes in User.UserSetting.
- faceDetectionLevel
- If it is not FACE_DETECTION_NONE, the device will try to detect a face after a user authenticates successfully. Valid only for BioStation A2.
- useServerMatching
- If true, defer the authentication to the BioStar server. When a user scans a fingerprint or a card, the device will send the information to the BioStar server and wait for the authentication result.
You need BioStar V2.x for server matching.
- useFullAccess
- If true, allow access to all registered users regardless of their access groups.
- matchTimeout
- Timeout in seconds for fingerprint or face matching.
- authTimeout
- Timeout in seconds for the whole authentication process.
- operators
- Up to 10 administrators can be assigned to a device.
message AuthSchedule {
AuthMode mode;
uint32 scheduleID;
}
You can set different authentication modes per different schedule. For example, you can allow AUTH_MODE_CARD_ONLY in working time, and set more secure AUTH_MODE_CARD_BIOMETRIC at night.
- mode
- Authentication mode
- scheduleID
- The ID of the schedule during which the mode is applied. Refer to Schedule.
enum AuthMode {
AUTH_MODE_BIOMETRIC_ONLY = 0;
AUTH_MODE_BIOMETRIC_PIN = 1;
AUTH_MODE_CARD_ONLY = 2;
AUTH_MODE_CARD_BIOMETRIC = 3;
AUTH_MODE_CARD_PIN = 4;
AUTH_MODE_CARD_BIOMETRIC_OR_PIN = 5;
AUTH_MODE_CARD_BIOMETRIC_PIN = 6;
AUTH_MODE_ID_BIOMETRIC = 7;
AUTH_MODE_ID_PIN = 8;
AUTH_MODE_ID_BIOMETRIC_OR_PIN = 9;
AUTH_MODE_ID_BIOMETRIC_PIN = 10;
// The below modes are only for FaceStation F2 and BioStation 3
AUTH_EXT_MODE_FACE_ONLY = 11;
AUTH_EXT_MODE_FACE_FINGERPRINT = 12;
AUTH_EXT_MODE_FACE_PIN = 13;
AUTH_EXT_MODE_FACE_FINGERPRINT_OR_PIN = 14;
AUTH_EXT_MODE_FACE_FINGERPRINT_PIN = 15;
AUTH_EXT_MODE_FINGERPRINT_ONLY = 16;
AUTH_EXT_MODE_FINGERPRINT_FACE = 17;
AUTH_EXT_MODE_FINGERPRINT_PIN = 18;
AUTH_EXT_MODE_FINGERPRINT_FACE_OR_PIN = 19;
AUTH_EXT_MODE_FINGERPRINT_FACE_PIN = 20;
AUTH_EXT_MODE_CARD_ONLY = 21;
AUTH_EXT_MODE_CARD_FACE = 22;
AUTH_EXT_MODE_CARD_FINGERPRINT = 23;
AUTH_EXT_MODE_CARD_PIN = 24;
AUTH_EXT_MODE_CARD_FACE_OR_FINGERPRINT = 25;
AUTH_EXT_MODE_CARD_FACE_OR_PIN = 26;
AUTH_EXT_MODE_CARD_FINGERPRINT_OR_PIN = 27;
AUTH_EXT_MODE_CARD_FACE_OR_FINGERPRINT_OR_PIN = 28;
AUTH_EXT_MODE_CARD_FACE_FINGERPRINT = 29;
AUTH_EXT_MODE_CARD_FACE_PIN = 30;
AUTH_EXT_MODE_CARD_FINGERPRINT_FACE = 31;
AUTH_EXT_MODE_CARD_FINGERPRINT_PIN = 32;
AUTH_EXT_MODE_CARD_FACE_OR_FINGERPRINT_PIN = 33;
AUTH_EXT_MODE_CARD_FACE_FINGERPRINT_OR_PIN = 34;
AUTH_EXT_MODE_CARD_FINGERPRINT_FACE_OR_PIN = 35;
AUTH_EXT_MODE_ID_FACE = 36;
AUTH_EXT_MODE_ID_FINGERPRINT = 37;
AUTH_EXT_MODE_ID_PIN = 38;
AUTH_EXT_MODE_ID_FACE_OR_FINGERPRINT = 39;
AUTH_EXT_MODE_ID_FACE_OR_PIN = 40;
AUTH_EXT_MODE_ID_FINGERPRINT_OR_PIN = 41;
AUTH_EXT_MODE_ID_FACE_OR_FINGERPRINT_OR_PIN = 42;
AUTH_EXT_MODE_ID_FACE_FINGERPRINT = 43;
AUTH_EXT_MODE_ID_FACE_PIN = 44;
AUTH_EXT_MODE_ID_FINGERPRINT_FACE = 45;
AUTH_EXT_MODE_ID_FINGERPRINT_PIN = 46;
AUTH_EXT_MODE_ID_FACE_OR_FINGERPRINT_PIN = 47;
AUTH_EXT_MODE_ID_FACE_FINGERPRINT_OR_PIN = 48;
AUTH_EXT_MODE_ID_FINGERPRINT_FACE_OR_PIN = 49;
}
Authentication mode
- AUTH_MODE_BIOMETRIC_ONLY
- Fingerprint or Face
- AUTH_MODE_BIOMETRIC_PIN
- (Fingerprint or Face) + PIN
- AUTH_MODE_CARD_ONLY
- Card
- AUTH_MODE_CARD_BIOMETRIC
- Card + (Fingerprint or Face)
- AUTH_MODE_CARD_PIN
- Card + PIN
- AUTH_MODE_CARD_BIOMETRIC_OR_PIN
- Card + (Fingerprint or Face or PIN)
- AUTH_MODE_CARD_BIOMETRIC_PIN
- Card + (Fingerprint or Face) + PIN
- AUTH_MODE_ID_BIOMETRIC
- ID + (Fingerprint or Face)
- AUTH_MODE_ID_PIN
- ID + PIN
- AUTH_MODE_ID_BIOMETRIC_OR_PIN
- ID + (Fingerprint or Face or PIN)
- AUTH_MODE_ID_BIOMETRIC_PIN
- ID + (Fingerprint or Face) + PIN
Some authentication modes are available only for specific devices. For example, AUTH_MODE_ID_XXX modes are available only for the devices with key pads such as BioStation N2 and BioStation 2.
Authentication mode for FaceStation F2 and BioStation 3
Some models of FaceStation F2 and BioStation 3 provide both face and fingerprint authentication. To make full use of this multimodal function, a new set of authentication modes, AUTH_EXT_MODE_XXX, are adopted for FaceStation F2 and BioStation 3. Please note that there is no backward compatibility. You have to use these modes only for FaceStation F2 or BioStation 3.
- AUTH_EXT_MODE_FACE_ONLY
- Face
- AUTH_EXT_MODE_FACE_FINGERPRINT
- Face + Fingerprint
- AUTH_EXT_MODE_FACE_PIN
- Face + PIN
- AUTH_EXT_MODE_FACE_FINGERPRINT_OR_PIN
- Face + (Fingerprint or PIN)
- AUTH_EXT_MODE_FACE_FINGERPRINT_PIN
- Face + Fingerprint + PIN
- AUTH_EXT_MODE_FINGERPRINT_ONLY
- Fingerprint
- AUTH_EXT_MODE_FINGERPRINT_FACE
- Fingerprint + Face
- AUTH_EXT_MODE_FINGERPRINT_PIN
- Fingerprint + PIN
- AUTH_EXT_MODE_FINGERPRINT_FACE_OR_PIN
- Fingerprint + (Face or PIN)
- AUTH_EXT_MODE_FINGERPRINT_FACE_PIN
- Fingerprint + FACE + PIN
- AUTH_EXT_MODE_CARD_ONLY
- Card
- AUTH_EXT_MODE_CARD_FACE
- Card + Face
- AUTH_EXT_MODE_CARD_FINGERPRINT
- Card + Fingerprint
- AUTH_EXT_MODE_CARD_PIN
- Card + PIN
- AUTH_EXT_MODE_CARD_FACE_OR_FINGERPRINT
- Card + (Face or Fingerprint)
- AUTH_EXT_MODE_CARD_FACE_OR_PIN
- Card + (Face or PIN)
- AUTH_EXT_MODE_CARD_FINGERPRINT_OR_PIN
- Card + (Fingerprint or PIN)
- AUTH_EXT_MODE_CARD_FACE_OR_FINGERPRINT_OR_PIN
- Card + (Face or Fingerprint or PIN)
- AUTH_EXT_MODE_CARD_FACE_FINGERPRINT
- Card + Face + Fingerprint
- AUTH_EXT_MODE_CARD_FACE_PIN
- Card + Face + PIN
- AUTH_EXT_MODE_CARD_FINGERPRINT_FACE
- Card + Fingerprint + Face
- AUTH_EXT_MODE_CARD_FINGERPRINT_PIN
- Card + Fingerprint + PIN
- AUTH_EXT_MODE_CARD_FACE_OR_FINGERPRINT_PIN
- Card + (Face or Fingerprint) + PIN
- AUTH_EXT_MODE_CARD_FACE_FINGERPRINT_OR_PIN
- Card + Face + (Fingerprint or PIN)
- AUTH_EXT_MODE_CARD_FINGERPRINT_FACE_OR_PIN
- Card + Fingerprint + (Face or PIN)
- AUTH_EXT_MODE_ID_FACE
- ID + Face
- AUTH_EXT_MODE_ID_FINGERPRINT
- ID + Fingerprint
- AUTH_EXT_MODE_ID_PIN
- ID + PIN
- AUTH_EXT_MODE_ID_FACE_OR_FINGERPRINT
- ID + (Face or Fingerprint)
- AUTH_EXT_MODE_ID_FACE_OR_PIN
- ID + (Face or PIN)
- AUTH_EXT_MODE_ID_FINGERPRINT_OR_PIN
- ID + (Fingerprint or PIN)
- AUTH_EXT_MODE_ID_FACE_OR_FINGERPRINT_OR_PIN
- ID + (Face or Fingerprint or PIN)
- AUTH_EXT_MODE_ID_FACE_FINGERPRINT
- ID + Face + Fingerprint
- AUTH_EXT_MODE_ID_FACE_PIN
- ID + Face + PIN
- AUTH_EXT_MODE_ID_FINGERPRINT_FACE
- ID + Fingerprint + Face
- AUTH_EXT_MODE_ID_FINGERPRINT_PIN
- ID + Fingerprint + PIN
- AUTH_EXT_MODE_ID_FACE_OR_FINGERPRINT_PIN
- ID + (Face or Fingerprint) + PIN
- AUTH_EXT_MODE_ID_FACE_FINGERPRINT_OR_PIN
- ID + Face + (Fingerprint or PIN)
- AUTH_EXT_MODE_ID_FINGERPRINT_FACE_OR_PIN
- ID + Fingerprint + (Face or PIN)
enum FaceDetectionLevel {
FACE_DETECTION_NONE = 0;
FACE_DETECTION_NORMAL = 1;
FACE_DETECTION_STRICT = 2;
}
- FACE_DETECTION_NONE
- Face detection is not used.
- FACE_DETECTION_NORMAL
- Normal detection level is used.
- FACE_DETECTION_STRICT
- Strict detection level is used.
Note that face detection is not face authentication. This option applies only to BioStation A2. Neither FaceStation 2 nor FaceLite uses this option.
enum GlobalAPBFailActionType {
GLOBAL_APB_FAIL_ACTION_NONE = 0;
GLOBAL_APB_FAIL_ACTION_SOFT = 1;
GLOBAL_APB_FAIL_ACTION_HARD = 2;
}
Global APB needs a BioStar server to determine whether the user is allowed to enter the door. If the device cannot connect to the server, it will decide by itself according to this parameter.
- GLOBAL_APB_FAIL_ACTION_NONE
- Allow access.
- GLOBAL_APB_FAIL_ACTION_SOFT
- Allow access, but write a log record denoting the APB violation.
- GLOBAL_APB_FAIL_ACTION_HARD
- Disallow access and write a log record denoting the APB violation.
enum OperatorLevel {
OPERATOR_LEVEL_NONE = 0;
OPERATOR_LEVEL_ADMIN = 1;
OPERATOR_LEVEL_CONFIG = 2;
OPERATOR_LEVEL_USER = 3;
}
You can assign administrators for managing devices. Each administrator has one of three operator levels, which has different privileges.
- OPERATOR_LEVEL_ADMIN
- Can do all administrative tasks on a device.
- OPERATOR_LEVEL_CONFIG
- Can change the configurations of a device.
- OPERATOR_LEVEL_USER
- Can enroll/delete users on a device.
message Operator {
string userID;
OperatorLevel level;
}
GetConfig
Get the configuration of a device.
| Request |
| Parameter | Type | Description |
|---|---|---|
| deviceID | uint32 | The ID of the device |
| Response |
| Parameter | Type | Description |
|---|---|---|
| config | AuthConfig | The authentication configuration of the device |
SetConfig
Set the configuration of a device.
| Request |
| Parameter | Type | Description |
|---|---|---|
| deviceID | uint32 | The ID of the device |
| config | AuthConfig | The authentication configuration to be set to the device |
SetConfigMulti
Set the configurations of multiple devices.
Since FaceStation F2 and BioStation 3 has its own authentication modes, you can not mix them with other models.
| Request |
| Parameter | Type | Description |
|---|---|---|
| deviceIDs | uint32[] | The IDs of the devices |
| config | AuthConfig | The authentication configuration to be set to the devices |