-1

I am using newly launched sirikit with payment domain app to use SendMoney intent. Is it possible to extract speech out of siri to do Speech recognition as part of authentication or can we launch camera for face recognition.

Any leads would be highly appreciated. Thanks

chitranjan deo
  • 174
  • 11
  • Have you ever played that game with your friends where you lower/raise your voice an octave so Siri mistakes your voice for theirs, and responds to your question? That's how easy it is to spoof. It would be a ridiculously insecure manner of authentication, and while it's a good intellectual exercise, I can't guarantee that it would be in any way useful without causing significant security problems. – calyxofheld Aug 15 '16 at 01:34
  • Actually TouchId is possible but we need more authentication before doing money movement as there can be more than 1 toughId registration. Also, since sirikit doesn't allow OTP as it requires authentication; we are looking for some biometric authentication or some way to authenticate before doing money movement. – chitranjan deo Aug 16 '16 at 16:23

1 Answers1

0

SiriKit handles user authentication for you. You can't, and shouldn't, customise the default behaviour.

When sending a payment, Siri automatically asks the user to unlock the device if it is currently locked. You do not need to ask for the device to be unlocked explicitly. In addition, Siri always prompts the user to confirm the payment before asking your Intents extension to handle the transaction.

https://developer.apple.com/reference/intents/insendpaymentintent

Jordan Smith
  • 10,310
  • 7
  • 68
  • 114
  • Actually TouchId is possible but we need more authentication before doing money movement as there can be more than 1 toughId registration. Also, since sirikit doesn't allow OTP as it requires authentication; we are looking for some biometric authentication or some way to authenticate before doing money movement. – chitranjan deo Aug 16 '16 at 16:22
  • @chitranjandeo if someone has touchID access to your device, they can unlock it and send a payment anyway... heck, they could open a banking app and empty all your accounts. So I don't think your point is valid sorry. Apple has thought through payment security, and provided a default implementation for every developer that uses SiriKit. – Jordan Smith Aug 16 '16 at 21:19
  • I have read thru the documentation. Just to double check, what is the default security implementation suggested by Apple? How can you authenticate a user before actual money movement during Siri life cycle. Thanks – chitranjan deo Aug 17 '16 at 00:59
  • @chitranjandeo as stated in the answer above, which is directly from the documentation. They don't suggest implementing any security at all, they implement it for you. "automatically asks the user to unlock the device" - once the device is unlocked, an unwelcome user could do much worse than send a payment, and there are far worse problems than the security of your SiriKit intent. You don't need to worry about security, Apple has provided the implementation for you. – Jordan Smith Aug 17 '16 at 02:41