CA Mobile API Gateway - Samsung SDS Nexsign Integration

Satyavati Telu, Information Engineer

Introduction | Secure all the Way

Had the chief thief in the Ali Baba and the Forty Thieves from the Arabian Nights tales knew how to protect treasure in the snug hideout with a voice recognition feature. It would have been difficult for Ali baba to gain access to the hideout by saying the secrete phrase, Open Sesame.

This also reminds of the biometrics usage in the famous science fiction series Star Trek to access files, locations, or diagnose disease. These science fictions are now reality to authenticate a user.

With a spectrum of devices and online applications in use, it is even more important to have a strong authentication mechanism to safeguard the critical information. Much of an enterprise’s success is based on the ease with which the consumers can access applications that are highly secured, and how well the confidential data is safeguard against malicious attempts. A unique mechanism is required to defend the critical data, and that is where biometrics comes to our rescue. The physical characters of a person are unique, and the application industry is betting on it as it is hard to counterfeit the retinal, fingerprint, facial or voice patterns.

The FIDO® (Fast IDentity Online) Alliance was established to tackle the issues related to remembering username and passwords.** FIDO empowers secure authentication among devices and online services by using the biometric information. FIDO is based on the public key cryptography where the biometric information about the user is saved only on the device, and not on the server. As the user credentials are not traversing over the network in FIDO, it is safe. Thus, FIDO prevents the man-in-the-middle attack. The most commonly used biometric modalities include fingerprint, face, iris, and voice scan. For more information about FIDO Alliance, see the FIDO Alliance site.

Consider you are in a busy grocery store shopping with your naughty little kid who is reading out the Personal Identification Number that you provide while transacting. OMG! Your Personal Identification Number is public!! The same scenario with biometrics can make your shopping more secure by simply scanning your finger to complete a transaction. Such a relief!

What’s New | Mobile Biometric Authentication

The Biometric Authentication Integration enables integration with Samsung SDS Nexsign, which implements the FIDO standards to leverage a user’s unique identifying characters to secure applications. The integration of Samsung SDS Nexsign (FIDO Provider) with CA Mobile API Gateway (relying party), works synergistically to carry out user login at a fast pace, and securely prompts a message to confirm a crucial transaction. We are also integrating the mobile SDK of Samsung SDS Nexsign with that of CA Mobile API Gateway to help you build the applications, and access the APIs that the CA Mobile API Gateway protects.

Architecture of the integration between CA Mobile API Gateway and Samsung SDS Nexsign

Key Benefits | CA Mobile API Gateway

The key accruing benefits of using CA Mobile API Gateway as the relying party are as follows:

  • Supports Samsung SDS Nexsign, which provide fingerprint, face, iris scan, and voice recognition modalities using the FIDO UAF protocol.
  • Enforces usage of select modalities in an enterprise.
  • Routes calls between an application (client) and Samsung SDS Nexsign server to access the protected APIs.
  • Manages users, applications, APIs, and devices.
  • Provides simple and secure way to release applications.
  • Supports the client and Samsung SDS Nexsign server interactions so that user can use the following FIDO flows with ease:
    • Registration of the user biometrics.
    • Authentication of users by validating the biometrics
    • Transaction confirmation message to ensure user confirmation
    • Deregistration to delete the saved biometric details

Usage | CA Mobile API Gateway - Samsung SDS Nexsign Integration

The following steps help you to enable biometrics on your application using the integrated solution:

  1. Install the Solution Kit on CA Mobile API Gateway. Then, configure the integration policies to enable CA Mobile API Gateway as a relying party.
  2. Install the solution kit to add integration policies to CA Mobile API Gateway.
  3. Configure the integration policies on CA Mobile API Gateway.
  4. Download the SDK from the CA Support site.
  5. Create applications on iOS or Android platforms.
  6. Access the APIs from your applications to include the FIDO functionalities enabled by the integration with Samsung SDS Nexsign..

Taste Our Wares

Download our sample applications for iOS and Android platforms. These applications provide a quick view of how to authenticate users during login using biometrics, and access the protected content.

Eager to know more about how to integrate and start the biometric authentication, read CA Mobile API Gateway - Samsung SDS Nexsign Integration. If interested to know more about the capabilities of CA Mobile API Gateway, see the documentation.

Visit our developer site to download other mobile SDK that your enterprise can use and benefit from.

Experience science fiction using our solution!!

**FIDO® is a trademark (registered in numerous countries) of FIDO Alliance, Inc. Any representations herein that products or services comply with FIDO specifications are made by CA and are not endorsed or confirmed by FIDO Alliance, Inc.

Satyavati Telu, Information Engineer, CA Technologies

Satya works as a Technical Writer in the API Management Business unit at CA Technologies where she is responsible for documenting the CA products.

What would you like to chat about?
Call us at +1-800-225-5224
Call us at +1-800-225-5224
Contact Us