Learn about the interaction between Keyless components
The diagrams below show how the Keyless SDK, which runs within your mobile app on the user’s device, interacts with your application server and with the Keyless network.
To enroll, your mobile app invokes the enroll method from the Keyless SDK. With this method, the mobile device assists the user while capturing the biometric signal with the camera (Step 1). It then interacts with the Keyless network to generate a new user identifier (Keyless ID), which is then returned to your mobile app (Step 2).
Figure 1: Keyless enrollment diagram
Authentication involves your application server, your mobile app, and the Keyless network, as depicted in Figure 2.
This process starts when the user performs an action that requires authentication using your mobile app (Step 1 in Figure 2). To this end, your app provides the details of this action to your application server, which generates a challenge. The challenge is sent to the mobile app, which uses the Keyless SDK to compute the corresponding authentication token using the authenticate method (Step 2).
At this point, the Keyless SDK authenticates the user. First, it captures the user’s biometrics using the mobile device’s camera (Step 3). Then, it connects to the Keyless network, and runs a secure multi-party computation protocol that authenticates the user and generates the authentication token in response to the challenge provided in Step 2. This is shown in Figure 2 as Step 4.
The Keyless SDK returns the authentication token to the mobile app. The app sends the token to your application server, which verifies it. If the authentication token is valid, the application server completes the transaction and notifies your mobile app (Step 6).
Figure 2: Keyless authentication diagram
Account deletion is similar to authentication. First, your mobile application performs authentication steps 1-6, with which it authenticates and notifies your application server that the user wants to delete the account. Next, your mobile app invokes the deEnroll method from the Keyless SDK. This method issues a deletion request to the Keyless network (Step 7). The request removes all data associated with the user from Keyless.