Device Unlock Cardholder Verification
When using CdCvmType.DEVICE_UNLOCK cardholder verification, MTP SDK uses Android Keystore system to verify authentication for transaction.
Which means that before making MeaTokenPlatform.register() request to WSP MTP SDK checks, if secure lock screen is enabled and set-up by the user. If everything is ready MTP SDK generates a secure key and imports it in Android KeyStore.
Android Keystore key is only authorized to be used if the user has been authenticated using a subset of their secure lock screen credentials (Pattern, PIN, Password, face ID or Fingerprint).
Android Secure Lock Screen Key Invalidation
Android Keystore keys become permanently invalidated once the secure lock screen is disabled (reconfigured to None, Swipe or other mode which does not authenticate the user) or forcibly reset (e.g. by a Device Administrator).
When key is permanently invalidated, MTP SDK blocks all transactions until new valid Android Keystore key is generated.
New key is generated when wallet app invokes MeaTokenPlatform.authenticateWithDeviceUnlock() method.
Automatic Unlocking
In parallel of secure lock screen user can also set his device to unlock automatically. These features depend on Android version and device manufacturer. Android Keystore does not authorize key to be used, when device is unlocked using automatic unlocking. In this case user needs to authenticate via wallet app or unlock device again using secure unlock.
- Android Smart Lock
- On-body detection
- Trusted places
- Trusted device, connected to a device like a Bluetooth watch or car speaker system
- Trusted face, face recognition
- Voice match, "Ok, Google"
- Samsung - Iris scan ...
Device Unlock Authentication Flow
