This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
3. API METHODS ....................................................................................................................... 11
3.1 API VERSION NUMBER ...................................................................................................... 11 3.2 BIOMETRIC DEVICE MANAGEMENT AND DISCOVERY .............................................................. 11
3.4 BIOMETRIC DEVICE VIDEO STREAMING AND SAMPLE API METHODS ....................................... 17 3.4.1 Get Frame .................................................................................................................. 18 3.4.2 Get Sample ................................................................................................................ 18
3.5 RETURN CODES ................................................................................................................ 18 3.6 DATA TYPES AND REPRESENTATION ................................................................................... 19
4.1 SUPPORTING IRIS CAMERAS.............................................................................................. 22 4.2 SUPPORTING DIFFERENT VIDEO FORMATS........................................................................... 22
4.2.1 Iris device showing video of the portion of the face ...................................................... 22 4.2.2 Iris device showing two videos of the two eyes ............................................................ 23
RC1 AADHAAR Biometric Capture Device API
1. Introduction
The Unique Identification Authority of India (UIDAI) has been created, with the
mandate of providing a unique identity to all Indian residents. The UIDAI proposes to use biometrics to eliminate duplicates and ensure uniqueness during the enrolment
process. Quality of collected biometric data is critical for the accuracy of de-duplication
and a key component for the success of the program. While the program will be using the biometric capture devices from different vendors, it is critical to maintain consistent
data collection process. This will be achieved by standardizing the biometric capture
process flow around the UID Enrolment Software.
This Biometric Capture Device API is to be used by the UID Enrolment Software to
communicate with the Biometric Capture Devices.
1.1 Objective of this document
The previous version of this document was provided for feedback from device vendors
and application developers. This document incorporates the feedback received, and is
now available for implementation. This version of the API will be used for the initial
rollout of the UID enrolment client. This is Version 1.0 of this API.
1.2 Interface Overview
The Aadhaar client interacts with the biometric devices through a two-layer structure, which is described in the following diagram.
1. DM: The vendor independent Device Manager, which orchestrates the discovery,
of the VDMs by the application, and manages connectivity to the VDM. 2. VDM: The Vendor Device Manager, provided by the device vendor, which
manages the device, and allows for biometric data capture. 3. Application: The Application that needs to use the biometric devices for capture.
The UID Enrolment Software is an example of such an application.
The API is specified as communication protocol between the Application, the DM, and
the VDM. All communication is over TCP/IP sockets. This serves two purposes. First is
isolation: the software from each vendor will be executed in a separate process. Second is platform-independence: the devices will be directly accessible from the different
platforms and environments: native, Java, .NET. The communication will be done by exchanging the XML messages. The API method
will be executed by sending the request message and waiting for the corresponding
response message. The response will be sent after the method execution is completed. Note, it is possible that the next request will be sent without waiting for the previous request
to complete, and that multiple API methods, even of the same type, could be executed in
parallel. For example the application can issue Subscribe request and immediately after
that StartCapture request, without waiting for the response to the Subscribe request.
Another example would be that the application can issue two Get Frame requests, in order
to maintain pending Get Frame request while the previous Get Frame requests is being processed and responded.
There will be two types of API methods: commands and notification events. The
command API methods are initiated by the Application, while the event API methods are
initiated by the Biometric Capture Device.
Video stream from the Biometric Capture Device will be delivered using the binary
protocol over a separate channel. The final captured biometric samples will also be delivered using the binary protocol through a separate channel. The request and
response messages for both video stream and biometric samples will be encoded using
ASN1 BER. See http://en.wikipedia.org/wiki/Asn1
1.2.1 Device Manager
The DM service will be provided by the UID. The DM responds to the following
requests:
1. Connect
2. Device Arrival 3. Device Removal
4. Ping The DM provides applications with the following events.
1. Device Arrival
2. Device Removal
The DM listens on a TCP/IP port (specified later in this document). Applications and the
VDMs must connect to this port once, and communicate over this open connection.
1.2.2 Vendor Device Manager
The VDM must manage the state of the device, including the maintenance of state within
the DM. In addition, it must perform the actions requested by the application. The VDM must support the following commands:
The following notifications are provided by the VDM to the application
1. Capture Complete
2. Detection 3. User Actionable Feedback
Certain operations are not provided in this API, instead the separate configuration
utility application provided by the vendor is expected to provide a graphical user
interface for users to manage the device if required. The UI must facilitate the following operations:
1. Configuration, including port number override
2. Device Self Test
3. Device Reset / Reinitialization
4. Device Calibration
5. Device Startup
6. Device Shutdown
If the device does not support any of these operations, the feature is not required in the UI. For instance, a device that does not support a soft-shutdown would not provide
such an option in the UI.
The vendor must provide installer (and uninstaller) for the VDM and configuration
utility (if any). The vendor may chose to complete configuration at installation time.
The VDM must maintain an open socket for accepting commands from the Application.
The application is expected to connect to this socket, and exchange commands, and events over this connection. A separate socket is to be provided for Video streams, and
Biometric Samples. This connection must be maintained only for the duration of capture, and transmission of the Biometric Sample.
1.2.3 Application
The Application must connect to the DM to discover the biometric devices. Once
discovered, the application must connect to the required devices. These connections
are maintained for the life of the application, and the application must expect to receive
notifications and events about the device arrivals and removals during this time.
1.3 Security Considerations
We would like to ensure that the UIDAI is able to validate that the data transmitted by
the client is indeed the same data captured by the device. At this time, this is not
mandatory, but we expect to make this mandatory in the near future.
A packet containing the biometric sample, the capture time stamp, and the device id should be signed on the device itself. The UIDAI should be able to validate this
This section discusses how this API could be used by an application to connect with, and
capture biometric samples from biometric devices. These workflows are indicative, and provided for a better understanding of the use case of this API. Other uses may be made
of the API, and the vendors should not assume only these workflows.
2.1 Discovery and Startup
The DM orchestrates the discovery of the devices by the application. On initialization,
the DM listens to a port that is either specified in a configuration file, or that lies within
a well-known range of port addresses. Similarly, on initialization, the VDM, and
applications must follow the same sequence to connect to the DM on this port.
On connection, the VDM (or applications) register with the DM by sending a message
that contains their details. The DM responds with similar details, completing the connection. The following sections contain more details for each of these programs.
2.1.1 DM Startup
On initialization, the DM goes through
the following steps:
1. Check configuration file for port
number.
2. If present, attempt to listen on
this port.
3. If not present, scan the well
known list of ports, and attempt to listen to each port in turn.
On initialization, the VDM goes through the following steps:
1. Check configuration file for port number.
2. If present, attempt to connect to
DM on this port.
3. If not present, scan the well known
list of ports, and attempt to connect
to each port in turn.
4. On connection, send a CONNECT
message to the DM. The DM must respond with an OK. If the OK is
not received, connect to the next
port.
5. If a connection cannot be
established wait for a little while,
and then, repeat the procedure.
Start
1. Is port specified
2. Connect to specified port
Success?N
3. Connect to
each port in range
Send Connect, Wait for response
Y
N
Success
Y
Success?
Send Connect, Wait for response
All Ports Tested?
Y
5. Wait and start again
N
2.1.3 Application Startup
Application startup is like the VDM startup, except that the strategy on failure to
connect could be different.
2.2 Device Management
The DM is responsible for managing the list of all connected applications, VDMs, and
devices. Whenever a device arrives, it must register with the DM, and continue to send
a heartbeat event at regular intervals. Failure to send the heartbeat is treated as a
removal event! The DM sends a list of all connected devices to the application after the
initial connection, by forwarding stored Arrival events.
2.2.1 Device Arrival
When the VDM senses that a device under it’s control is connected to the system, it
creates a Device Arrival event and sends it to the DM. The arrival event contains information about the device, and it’s capabilities. This allows the application to choose
the appropriate sample size for display and capture. The DM must acknowledge the
receipt of this event, forward it to all applications, and maintain a copy of this event (for
all applications that may connect in the future).
The following steps are envisioned, after initial startup and connection to the DM:
1. VDM detects a device connected to it.
2. VDM sends an Arrival event to the DM.
3. DM forwards the Arrival event to all the applications currently connected. The following diagram indicates a possible sequence of events.
An application connects to the DM / VDM combination to provide biometric capture
capabilities to the user. This can be done in one of 2 ways – auto capture, and forced capture. While the scenarios described here provide a continuous video stream for user
feedback, it is not a requirement that the application consume this stream.
2.3.1 Auto Capture
The Application subscribes to various events from the device, which allow it to provide
a useful interface to the user. The application then sends a StartCapture event to the
device, which provides a video stream, and subscribes the application to the
CaptureComplete event.
The application is expected (not required) to consume the video stream one frame at a time by sending GetFrame requests. Multiple GetFrame requests can be queued, and
the device will respond to each request with a frame. Once capture is completed, the device sends a capture complete message to the application. The application must then
use a GetSample request to get the biometric sample.
2.3.2 Forced Capture
If the device supports forced capture, the application may send a ForceCapture event to
the device. The device must respond with a CaptureComplete event. Following this, the
application must get the sample through a GetSample request.
2.4 Fingerprint Capture
Based on the API, here is an expected series of interactions for the capture of a fingerprint sample.
deviceURI is URI, where the device listens to connection from the application. It is also
used to uniquely identify the device object in the system.
modality is the biometric modality, for example: “Fingerprint” for single-finger devices,
“Fingerprint Slap” for the slap devices, “Iris”, “Face”.
deviceMake is the manufacturer or brand of the device.
serialNumber is the serial number of the device. The combination of deviceMake,
deviceModel and serialNumber should globally uniquely identify the specific device. This is important, for example to identify all biometric samples that originated from the
specific device, for example in the case of device malfunction.
Capabilities
- detection tells whether the device can automatically detect the presence of the
biometric sample, i.e. if the fingerprint reader can detect if the finger is placed on
the platen, even if the device is not capturing the data.
- video tells if the device can produce a video stream during capture, useful for the
operator.
- autoCapture tells whether the device can capture the biometric sample
automatically.
- disableAutoCapture tells whether the automatic capture can be disabled. - userFeedback tells if the device can provide the actionable user feedback,
compliant with this specification. - graphicalFeedback tells if the device can provide the additional graphical
feedback for the operator in the video.
The Device Arrival event should be sent after the device component starts listening for
the connections on the socket addressed by the deviceURI.
3.2.3 Device Removal
The event notifies the device manager, and the application about a device removal. The
VDM originates this event, and sends it to the DM, which in turn forwards it to the
The device component of the removed device should be listening on the deviceURI until
the response is received. After the response is received it can close all sockets of this device that not closed already by the application.
3.2.4 Ping
This is used as a heartbeat event, to notify the DM that a VDM, is still alive. <DeviceManagerEventRequest requestId=””>
<Ping vdmName=””/>
</DeviceManagerEventRequest>
<DeviceManagerEventResponse requestId=””>
<Return value=”” failureReason=””/>
</DeviceManagerEventResponse>
The only failure condition is if the device was previously removed, or never registered.
3.2.5 VDM Events
The VDM establishes a connection with the DM on startup. The VDM sends device arrival and removal events to the DM on this connection, and expects responses on the
same connection. At startup, the VDM will send the device arrival event for each device already present in the system. Every time the PNP device is connected the VDM will
send device arrival event, and every time the PNP device is disconnected the VDM will
send device removal event.
3.3 Biometric Device Command API Methods and Notifications
When the application needs to work with the device, it opens the socket to the location
pointed by the deviceURI in the Arrival event from the Device Manager. Opening the
socket effectively opens the device. Only one application can open the device. The
device should reject the connections on the deviceURI, until the socket is closed.
3.3.1 Subscribe
Change the subscription to the device events: uses by the application to subscribe or
unsubscribe to the specific categories of the device events. Some events will be fired only when capture is in progress. <DeviceCommandRequest requestId=””>
<Subscribe>
<Event eventCategory=”Detection”/>
<Event eventCategory=”UserFeedback”/>
</Subscribe>
</DeviceCommandRequest>
<DeviceCommandResponse requestId=””>
<Return value=”1” failureReason=”0”/>
<State detected=”False”/>
</DeviceCommandResponse>
Expected behaviour: change the list of subscribed events to the list in this command
request. The events to which the device was previously subscribed can be sent by the
device until the response is sent. Any new events can only be fired after the response is
sent. If the command is subscribing for the notification to the change of state the response should include the corresponding state at a time of response.
The following EventCategories are supported.
eventCategory Events Expected Notes
Detection Detection
UserFeedback UserFeedback
3.3.2 Start Capture
Starts the capture process, also subscribes to Capture Complete and optionally User
Expected behaviour: starts the capture process. Any capture related event can be sent
only after the response to the start capture event. MissingBiometrics is optional. Attribute sampleFormatId is indicating the requested output sample format. Optional
attribute videoFormatId is indicating that the video stream is requested, and the desired video format referred by videoFormatId in the Device Arrival VDM event in
“Capabilities/videoFormats/videoFormat”.
3.3.3 Force Capture
Forces manual capture. Should not be issued when the capture is not started. <DeviceCommandRequest requestId=””>
<ForceCapture/>
</DeviceCommandRequest>
<DeviceCommandResponse requestId=””>
<Return value=”1” failureReason=”0”/>
</DeviceCommandResponse>
Expected behaviour: force manual capture, whether the automatic capture is on or off.
The capture complete event is sent right after the response to this event. If the capture
complete event comes before the response, it means the event resulted from the
automatic capture.
3.3.4 Stop Capture
Stops (cancels) current capture <DeviceCommandRequest requestId=””>
<StopCapture/>
</DeviceCommandRequest>
<DeviceCommandResponse requestId=””>
<Return value=”1” failureReason=”0”/>
</DeviceCommandResponse>
Expected behaviour: stops capture process. No capture complete event should come
after the response to Stop Capture.
3.3.5 Capture Complete
<DeviceEventRequest requestId=””>
<CaptureComplete sampleURI=””/>
</DeviceCommandRequest>
<DeviceEventResponse requestId=””>
<Return value=”” failureReason=””/>
</DeviceCommandResponse>
Expected behaviour: the event should be sent upon successful completion of the
capture. The biometric sample should be available until the response is received: as a
result the device may have to maintain multiple samples and make them available at the
different URIs.
Samples must be provided in the format indicated by sampleFormatId in the Start
Capture request.
3.3.6 Detection
<DeviceEventRequest requestId=””>
<Detection detected=”True”/>
</DeviceCommandRequest>
<DeviceEventResponse requestId=””>
<Return value=”” failureReason=””/>
</DeviceCommandResponse>
Expected behaviour: notifies of the change of the state whether the biometric is
detected by the device (for example if the finger is placed or removed from the reader).
Usage example: the application needs to capture one finger, followed by the other. The
application issues capture request, which completes. The now application needs to wait for the finger removed event before issuing the next capture request, to make sure that
the same finger is not captured again immediately.
<!-- biometricPosition and description are optional -->
</UserFeedback>
</DeviceCommandRequest>
<DeviceEventResponse requestId=””>
<Return value=”” failureReason=””/>
</DeviceCommandResponse>
Expected behaviour: provide the actionable feedback.
3.4 Biometric Device Video Streaming and Sample API Methods
The Video Stream will be retrieved using the binary protocol for sending video frames (with the actual image data represented in ISO 19794-x) over the socket referenced by
videoURI using the pull model. The application will maintain pending Get Frame
requests for all the time that it can keep-up with the visualization.
The sample will be retrieved over the socket referenced by sampleURI, with the actual
image data represented in ISO 19794-x. The requests and the responses are represented in ASN1 BER encoding. The rationale
in choosing BER encoding is to transfer the binary data in the self-descriptive extensible
Example: two-eye Iris camera can show video of either portion of the face with two eyes
in it or the two eyes separately. In the second case the frame header describes which
eye is shown in this frame. The application needs to distinguish between the two types of the devices before
opening the device, to choose which device to open and to show the appropriate UI. This information is provided in the Device Arrival event from the VDM.
4.2.1 Iris device showing video of the portion of the face
The Device Arrival event: <DeviceManagerEventRequest requestId=”999”>