Introduction

The following document illustrates how the Keyless SDK component can be integrated in an application to enable biometric authentication. In particular, this document focuses on how all the Keyless software components interact with an environment composed of a Mobile Application and a Backend serving the application.

Integration Overview

Enrollment Flow

In order to authenticate with Keyless, a user must first enroll his biometric template. Enrollment with Keyless consists of registering the user’s biometric features on the Keyless network in a privacy-preserving manner through the Keyless SDK, which exposes a specific API for this scope.

Authentication Flow

The Keyless SDK can be used for two different scenarios:

• User requests access on a Web Application

• User requests access on a Mobile Application

While these are the two most common examples, customer use cases may fall into slightly different categories, and given the simplicity of how the Keyless SDK can be integrated, we can easily adapt the following flow to solve specific situations.

Authenticate User on WebApp

In this example the user is trying to get access to a resource / request an operation for which strong authentication is required through a Web Application. At this point, the Customer Backend sends a push notification to the customer app in order to request the user to identify himself with Keyless. After Biometric Authentication is successful, the flow goes back to the Customer Backend, which leverages the APIs exposed by the Keyless Backend to perform additional security checks.

Once the Keyless Backend confirms the authentication was successful, the User is informed.

Authenticate User on Mobile App

In this flow, no Web App is involved in the process, as the user is requiring access to a resource / trying to perform an operation directly on the Mobile App. As we can see, the interaction with the Keyless components is performed in exactly the same way.

Keyless Components

As mentioned, the package Keyless offers is composed of two main blocks:

• SDK

• Confirmation API Service

SDK

The Keyless SDK supports both Android and iOS, and exposes the APIs to interact with the Keyless Privacy-Preserving Network in order to:

• Enroll a user

• Authenticate

• De-Enroll

• Perform account recovery / restore (Backup)

The Keyless Delivery Team will provide the customer with the needed API keys. The SDK package can be downloaded as a Maven (Android) or CocoaPods artifact.

Keyless Backend

The Keyless Backend offers Cloud APIs which can be used to perform security checks through Backend-to-Backend calls. Specifically, it is possible to interrogate the Keyless Backend after the SDK returns an OK response for an Authentication attempt.

Keyless Backend is available as a SaaS service.