diff options
author | Karthik Ramakrishnan <karthikmr@google.com> | 2019-10-31 19:02:05 -0700 |
---|---|---|
committer | Vikas Marwaha <vikasmarwaha@google.com> | 2019-12-20 21:32:10 +0000 |
commit | debd0994d09ffd162d916b710d0ad9c5311a2f03 (patch) | |
tree | 2dfe43716f86256ec21efd0a65807c3f9facc2fb | |
parent | 5a2e0181d7a2a300ee45e61f0504a23c51d91c47 (diff) | |
download | cdd-debd0994d09ffd162d916b710d0ad9c5311a2f03.tar.gz |
CDD: TrustAgent and Biometric Carve-out
7.3.10: Relaxing C-1-8 biometrics requirement for upgrading devices.
9.11.1: Relaxing C-7-8 trustagent requirement for Automotive, considering
driver distraction could be of concern.
Bug: 141269831
Test: NA
Change-Id: I922d92300ad6565d99adff732877052e02f14850
-rw-r--r-- | 7_hardware-compatibility/7_3_sensors.md | 3 | ||||
-rw-r--r-- | 9_security-model/9_11_keys-and-credentials.md | 6 |
2 files changed, 7 insertions, 2 deletions
diff --git a/7_hardware-compatibility/7_3_sensors.md b/7_hardware-compatibility/7_3_sensors.md index 0409b6f..a86c31a 100644 --- a/7_hardware-compatibility/7_3_sensors.md +++ b/7_hardware-compatibility/7_3_sensors.md @@ -573,6 +573,9 @@ they: * 3 failed biometric authentication attempts. * The idle timeout period and the failed authentication count is reset after any successful confirmation of the device credentials. + + Upgrading devices from an earlier Android version can be exempted from + C-1-8. * [C-SR] Are STRONGLY RECOMMENDED to have a false rejection rate of less than 10%, as measured on the device. * [C-SR] Are STRONGLY RECOMMENDED to have a latency below 1 second, measured diff --git a/9_security-model/9_11_keys-and-credentials.md b/9_security-model/9_11_keys-and-credentials.md index fe42b8f..d4e6077 100644 --- a/9_security-model/9_11_keys-and-credentials.md +++ b/9_security-model/9_11_keys-and-credentials.md @@ -193,10 +193,12 @@ trust agent, which implements the `TrustAgentService` System API, they: primary authentication methods. * [C-7-8] The user MUST be challenged for one of the recommended primary authentication (eg: PIN, pattern, password) methods at least once every 72 - hours or less. + hours or less unless the safety of the user (e.g. driver distraction) + is of concern. * [C-7-9] The user MUST be challenged for one of the recommended primary authentication (eg: PIN, pattern, password) methods after any 4-hour idle - timeout period. The idle timeout period is reset after any successful + timeout period unless the safety of the user (e.g. driver distraction) is + of concern.. The idle timeout period is reset after any successful confirmation of the device credentials. * [C-7-10] MUST NOT be treated as a secure lock screen and MUST follow the constraints listed in C-8 below. |