new biometric framework and driver model dave bossio principal group program manager windows...
TRANSCRIPT
![Page 1: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/1.jpg)
![Page 2: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/2.jpg)
New Biometric Framework and Driver Model
Dave BossioPrincipal Group Program ManagerWindows Security
Janet SchneiderSenior Software Design EngineerWindows Security
![Page 3: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/3.jpg)
Agenda
• Introduction• Windows Biometric Framework (WBF) Core Architecture
Overview• Windows Biometric Service (WBS) Adapters• Windows Biometric Driver Interface (WBDI)
• Deep Dive: WBS Adapters• Engine Adapter
• Deep Dive: WBDI • Interface and Implementation Tips
• WBF Adoption • Wrap-up
![Page 4: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/4.jpg)
Introduction
![Page 5: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/5.jpg)
Quality, Quantity & Strategy
• Quality: Vista as an Indicator for Windows 7• Driver Quality Issues• Inconsistent User Experience (UX)• Windows 7 aims to restore eco-system health
• Fewer crashes, consistent UX, reduced support costs
• Quantity: Fingerprint Device Proliferation• 61 million devices ship in 2009 alone• 188 million ship in 2011
• Strategy: Foundation for Windows 7 and Beyond• Enable consistent end-to-end access control scenarios
![Page 6: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/6.jpg)
WBF: Long-Term View
WBF Core
User Experience
Certification
Management
Distribution
Device Logo
![Page 7: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/7.jpg)
WBF: Windows 7
WBF Core
User Experience
Certification
Management
Distribution
Device Logo
![Page 8: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/8.jpg)
Windows 7 Objectives
• Platform stability and serviceability• Framework foundations
• Windows Biometric Device Interface (WBDI)• Windows Biometric Service (WBS)
• Consistent user experience• Supported scenarios
• Local/Domain logon, User Account Control (UAC), and management• Integration points• Feature discovery and launch points
![Page 9: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/9.jpg)
WBF Overview
![Page 10: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/10.jpg)
WBF Core Architecture
Windows Biometric Service
WBF
Fingerprint Biometric Service Provider
Biometric API
Windows Biometric Driver Interface
Integration Points Logon/UAC
Fingerprint Management Application and Third Party Apps
(e.g. FUS, Enrollment,Web Single Sign On (SSO),
Time & Attendance)
Sensor Adapter
Engine Adapter
Storage Adapter
WDM DriverKMDF DriverUMDF Driver
IHV/ISV
![Page 11: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/11.jpg)
WBF Service Structure
Biometric Service Provider (BSP)
Biometric Unit
Sensor Adapter
![Page 12: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/12.jpg)
Deep Dive: WBF Service
Adapters
![Page 13: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/13.jpg)
WBF Service Adapters
• Purpose• Plug-in binary component that exposes a standard interface• Connects Biometric Unit (BU) to sensor hardware• Supplements capabilities of simple sensors
• Types and responsibilities• Sensor Adapter—data capture• Engine Adapter—processing and matching• Storage Adapter—secure template storage
![Page 14: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/14.jpg)
What Should You Write?IHV / ISV Microsoft provides
(with Windows 7)
Sensor Simple sensor – can use Microsoft adapter or can write your own.
Complex sensor – must write sensor adapter
Adapter for any simple sensor that has a WBDI driver
Engine Always written by vendor (None)
Storage Sensor without built-in storage – can use Microsoft adapter or can write your own.
Sensor with built-in storage – must write storage adapter.
Adapter for disk-file based cryptographically secure storage
![Page 15: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/15.jpg)
WBF Engine Adapter
• Receives sample data from Sensor Adapter• Performs biometric processing:
• Data cleanup and feature extraction• Template generation – enrollment• Template matching – verify and identify• Template index generation (“binning”)
• Calls Storage Adapter to store/retrieve templates
![Page 16: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/16.jpg)
Writing WBF Adapter Plug-Ins
• Start with the sample adapters• Adapter methods
• Implement all methods for adapter type• Follow documentation exactly for error codes and return values
• Threading issues• Adapter shared among multiple threads• No global variables• Store per-BU state in adapter context block
![Page 17: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/17.jpg)
Deep Dive: Windows Biometric Driver
Interface
![Page 18: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/18.jpg)
Windows Biometric Service
WBF
Fingerprint Biometric Service Provider
Biometric API
Windows Biometric Driver Interface
Integration Points Logon/UAC
Fingerprint Management Application and Third Party Apps
(e.g. FUS, Enrolment, Web SSO, Time & Attendance)
Engine Adapter
WDM DriverKMDF DriverUMDF Driver
IHV/ISV
WinBio Sensor Adapter
WinBio Storage Adapter
![Page 19: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/19.jpg)
WUDF Host Process
Windows Biometric Driver Interface
UMDF Driver DLL
WBF
IHV/ISV
UMDF WBDI Driver
WDF
WUDFr
WinUsb
![Page 20: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/20.jpg)
UMDF Benefits
• User-mode driver won’t cause BSOD• Simplified PnP and power management – well-defined
callbacks• WinUSB I/O target
• System Wake and Device Idle support built in• Some devices may need to keep multiple read requests
pending to capture all scan data
![Page 21: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/21.jpg)
WBDI Requirements
• Expose the WBDI driver interface GUID• Implement mandatory IOCTLs• Handle multiple requests
• UMDF – use parallel I/O queue• Support cancellation
• UMDF – request objects support cancellation callback
![Page 22: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/22.jpg)
WBDI IOCTLs
• Mandatory IOCTLs:• IOCTL_BIOMETRIC_GET_ATTRIBUTES • IOCTL_BIOMETRIC_GET_SENSOR_STATUS• IOCTL_BIOMETRIC_RESET• IOCTL_BIOMETRIC_CALIBRATE• IOCTL_BIOMETRIC_CAPTURE_DATA
• Optional IOCTLs (Advanced Features):• IOCTL_BIOMETRIC_GET_SUPPORTED_ALGORITHMS• IOCTL_BIOMETRIC_UPDATE_FIRMWARE• IOCTL_BIOMETRIC_GET_INDICATOR• IOCTL_BIOMETRIC_SET_INDICATOR
• Vendor IOCTLs
![Page 23: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/23.jpg)
WBF Sensor Adapter Calling Sequence
• Sensor Start-up:• IOCTL_BIOMETRIC_GET_ATTRIBUTES
• Called by both the service and the sensor adapter
• Capture Sequence:• IOCTL_BIOMETRIC_GET_SENSOR_STATUS• IOCTL_BIOMETRIC_CALIBRATE
• Called only when sensor status indicates calibration is needed
• IOCTL_BIOMETRIC_CAPTURE_DATA• Initial call determines buffer size needed for typical capture• Only one capture can be pending at any time
• CancelIoEx • Can be called at any time, followed by another capture
sequence
![Page 24: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/24.jpg)
Recommendations
• Follow DEVFUN-0010 guidelines for terminal services re-direction in the Windows Hardware Logo Program Device Requirements. See the Windows Logo Program Web site for details:• http://go.microsoft.com/fwlink/?LinkID=40629 • http://download.microsoft.com/download/d/e/1/de1e0c8f-a222-
47bc-b78b-1656d4cf3cf7/WLP-Reqs-DEVICE_03-21-08.pdf
• Use WDF technology. UMDF is preferred.
![Page 25: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/25.jpg)
WBDI Driver Testing Resources
• Static tools• PREfast for Drivers
• Runtime tools• WDF Verifier • Application Verifier
• Potential WDK tools• WBDI driver verification test suite• Engine Adapter test suite
![Page 26: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/26.jpg)
WBDI Driver Installation
• Set the Biometric Reader class GUID in the INF• Configure a Biometric Unit in the INF, including adapter
and database settings• Install adapter DLLs• Set device icon• WBF Service opens the device with exclusive access
• The “Exclusive” bit MUST be set
• The Feature Score differentiates WBDI and legacy drivers• See “Feature Score” in the WDK for details
http://msdn2.microsoft.com/en-us/library/aa477006.aspx
![Page 27: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/27.jpg)
WBDI Driver Maintenance
• Post drivers on Windows Update for easy deployment!
![Page 28: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/28.jpg)
Resources
• We’re working on finalizing WDK content for Beta. It could include:• WBF documentation, including WBDI, adapter interfaces
and WinBio API.• UMDF WBDI shell code sample• WBDI driver test suite• Engine Adapter code sample• Engine Adapter test suite
![Page 29: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/29.jpg)
WBF Adoption
![Page 30: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/30.jpg)
WBF IHV AdoptionWBF Components
Company Driver Plug-ins Apps
AuthenTec P P PDigital Persona P PUPEK P P PValidity P
![Page 31: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/31.jpg)
Partner Feedback
• Ease of implementation/adoption• Driver development is straightforward and can be easily ported
from existing drivers to WBF
• Complexity• Understandable and workable but may require some
clarification and assistance from Microsoft
• Improvements• Testing framework still under development • WBF needs a method to inject known swipes at the start of the
pipeline to facilitate false acceptance testing
![Page 32: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/32.jpg)
Call to Action
• Write UMDF drivers• Work with OEMs on WBF adoption• Distribute drivers through Windows Update
![Page 33: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/33.jpg)
Demo time!
![Page 34: New Biometric Framework and Driver Model Dave Bossio Principal Group Program Manager Windows Security Janet Schneider Senior Software Design Engineer](https://reader036.vdocument.in/reader036/viewer/2022062515/56649cff5503460f949d0c1c/html5/thumbnails/34.jpg)
Questions?