1# Face Authentication
2
3## Introduction
4
5Face authentication (faceauth) supports enrollment, deletion, and authentication of user faces.
6
7faceauth is a biometric authentication executor supported by OpenHarmony. It registers face authentication resource information with the collaborative authentication framework through the interface defined by collaborative authentication. The collaborative authentication framework calls faceauth HDI interfaces to enroll or delete facial credentials and perform face authentication.
8
9**Figure 1** Face authentication architecture
10
11![](figures/faceauth_architecture.png)
12
13Facial data is important biometric information of users. The following security measures are taken to protect the facial data during the authentication process:
14
151. Permission management: High-level permissions are defined for face enrollment and deletion APIs, which can be called only by system applications.
161. Secure storage and comparison of facial data: The faceauth HDI provides adaptation interfaces for device vendors. Device vendors can implement secure facial data comparison and storage in a trusted execution environment (TEE).
17
18> **NOTE**
19>
20>  The OpenHarmony open-source framework provides stub implementation for face authentication, but does not include secure storage and comparison of face data in a TEE.
21
22# Directory Structure
23
24```
25//base/useriam/face_auth
26├── bundle.json            # Module description file
27├── common                 # Common files
28├── figures                # Figures used in the README
29├── frameworks             # Framework code
30├── interfaces             # External APIs
31│   └── inner_api          # Header file exposed to internal subsystems for system services
32├── sa_profile             # Service ability profile
33├── services               # Service ability implementation
34└── ui                     # User interface for face enrollment
35```
36
37## Usage
38
39Device vendors need to implement the APIs defined in the IDL file **//drivers/interface/faceauth**. This IDL file provides stub implementation of APIs. The extraction, comparison, storage, and enrollment of facial data must be implemented in a secure environment (TEE or secure chipset) to ensure the highest security level in the system.
40
41## Repositories Involved
42
43[useriam_user_auth_framework](https://gitee.com/openharmony/useriam_user_auth_framework)
44
45[useriam_pin_auth](https://gitee.com/openharmony/useriam_pin_auth)
46
47**[useriam_face_auth](https://gitee.com/openharmony/useriam_face_auth)**
48
49[drivers_interface](https://gitee.com/openharmony/drivers_interface)
50
51[drivers_peripheral](https://gitee.com/openharmony/drivers_peripheral)
52