Secure Biometric Interface (SBI)
Version | Status | Date |
|---|---|---|
0.9.5 | Released | June-2020 |
Secure Biometric Interface (SBI), previously called MOSIP Device Service (MDS) specification establishes standards/protocols that are necessary for a biometric device to be used in MOSIP. The SBI specification is primarly intented for biometric device manufactures, developers and designers to build MOSIP compliant devices. All devices that collect biometric data should operate within the specification of this document.
SBI service is a software module running on a host that exposes the SBI interface to the host application like a registration client or authentication app. The service must run on any of the ports in the range 4501-4600. The host system could be any operating system - Windows, Android or IOS.
The following communication interfaces are defined:
- 1.Device Discovery
- 2.Device Info
- 3.Auth Capture
- 4.Registration Capture
- 5.Stream
Important terms referred in the SBI are given below.
- The biometric capture, processing and signing is done at the host machine level (for example laptop/mobile).
SBI CL 1.0 and SBI CL 2.0 were previously referred to as L0 and L1 respectively.
An identification mark that shows MOSIP compliance and a readable unique device serial number (minimum of 12 digits), make and model. The same information has to be available over a 2D QR Code or Barcode. This is to help field support and validation.
deviceSubType:- For
Finger:Slap,SingleorTouchless - For
Iris:SingleorDouble - For
Face:Full face
For registered devices The Digital ID is signed with DKL0 in SBI CL 1.0 devices and DKL1 in SBI CL 2.0 devices. The signature is represented as JSON Web Signature RFC 7515:
"digitalId": "base64urlencoded(header).base64urlencoded(payload).base64urlencoded(signature)"
Just base64 encoded:
"digitalId": "base64urlencoded(payload)"
The
bioSubType have following values:- For Finger:
- Left IndexFinger
- Left MiddleFinger
- Left RingFinger
- Left LittleFinger
- Left Thumb
- Right IndexFinger
- Right MiddleFinger
- Right RingFinger
- Right LittleFinger
- Right Thumb
- UNKNOWN
- For Iris
- Left
- Right
- UNKNOWN
- For Face: No subtype
deviceSubId is used to enable a specific sensor in the device. It can have following values:- 0: Unknown device
- 1: Left iris/slap
- 2: Right iris/slap
- 3: Two thumbs/irises
- 4(onwards): Any other sensors
- Before start
"Content-Type: multipart/x-mixed-replace; "
"boundary=--BoundaryString\r\n\r\n";
- On start of stream
"--BoundaryString\r\n" +
"Access-Control-Allow-Origin:*\r\n" +
"Content-Type:image/jpeg\r\n" +
"Content-Length:" + length + "\r\n\r\n"; // there are always 2 new line character before the actual data
<Each frame of JPEG>
- Second Frame
"--BoundaryString\r\n" +
"Access-Control-Allow-Origin:*\r\n" +
"Content-Type:image/jpeg\r\n" +
"Content-Length:" + length + "\r\n\r\n"; // there are always 2 new line character before the actual data
Each Frame of JPEG
Code | Message |
|---|---|
0 | Success |
100 | Device not registered |
101 | Unable to detect a biometric object |
102 | Technical error during extraction |
103 | Device tamper detected |
104 | Unable to connect to management server |
105 | Image orientation error |
106 | Device not found |
107 | Device public key expired |
108 | Domain public key missing |
109 | Requested number of biometric (Finger/IRIS) not supported |
202 | No device connected |
5xx |
Last modified 9mo ago