binding/com.pingidentity.device.binding.authenticator/BiometricAuthenticator

BiometricAuthenticator

abstract class BiometricAuthenticator : CryptoKeyAware, DeviceAuthenticator

Abstract base class for biometric-based device authenticators.

This class provides the foundational implementation for authenticators that use biometric authentication methods such as fingerprint, face recognition, or iris scanning. It serves as a common base for concrete biometric authenticator implementations, handling shared cryptographic key management and providing a consistent interface for biometric authentication.

The class combines cryptographic key management (CryptoKeyAware) with device authentication capabilities (DeviceAuthenticator), ensuring that biometric authenticators can securely generate, store, and manage cryptographic keys while providing user-friendly biometric authentication experiences.

Common biometric authenticator implementations:

  • BiometricOnlyAuthenticator: Pure biometric authentication without fallback

  • BiometricDeviceCredentialAuthenticator: Biometric with device credential fallback

Security features:

  • Keys are generated and stored in hardware when available

  • Biometric template data never leaves the secure hardware

  • Private keys require biometric authentication for access

  • Automatic key invalidation when biometrics change

  • Attestation support for high-security environments

Since

1.0.0

See also

Inheritors

Constructors

Link copied to clipboard
constructor()

Properties

Link copied to clipboard
open lateinit override var cryptoKey: CryptoKey

Cryptographic key configuration used for generating and managing RSA key pairs.

Functions

Link copied to clipboard
open suspend override fun deleteKeys()

Permanently deletes all cryptographic keys and associated data for this authenticator.