Your suggested change has been received. Thank you.

close

Suggest A Change

https://thales.na.market.dpondemand.io/docs/dpod/services/kmo….

Thales Logo

All

  • All
back

Integration guidelines

Integrate the BehavioSec SDK at the host application

search

Please Note:

Integrate the BehavioSec SDK at the host application

The BehavioSec SDK is a layer in the security process for authenticating users based on their behaviors. It uses sophisticated data collection without interrupting the user experience. It enables passive verification and makes it more difficult for bad actors to mimic or compromise the security of the interaction.

The BehavioSec SDK is part of a multilayered risk analysis system. It adds dynamic behavior parameters to provide better decision intelligence and continuous protection for customers and their users. It does this by gathering and analyzing static contextual parameters and generates a risk score based on how similar the user’s behavior is to the stored profile.

The BehavioSec signal group in the Risk Management SDK uses the BehavioSec SDK internally to get the behavior signals. It enables the collection of timing summary signals that are generated from users’ behavior. This is one of the important signals along with all other signals collected in the Risk Management SDK for risk assessment by the Risk Engine back end.

Integration

There are some mandatory steps to perform to enable the BehavioSec signal group signal collection in the Risk Management SDK using the BehavioSec SDK.

Refer to the BehavioSec websites for detailed step-by-step integration at the application:

On Android

For BehavioSec signal group signals on Android, refer to https://developer.behaviosec.com/dw/android_sdk.

The Risk Management SDK on Android uses Integration API V1.10.0.

Since Risk Management SDK V2.7.0, application build.gradle and ProGuard rules might be updated to include more signals.

The BehavioSec SDK embedded in the Risk Management SDK works even if certain (or all) dependencies are not included in your app.

build.gradle

//Play Services for Activity Recognition
implementation 'com.google.android.gms:play-services-location:18.0.0'

//SafetyNet for list of harmful apps
implementation 'com.google.android.gms:play-services-safetynet:17.0.0'

//RootBeer lib for root detection
implementation 'com.scottyab:rootbeer-lib:0.0.8'

proguard-project.txt

-keep public class com.scottytab.** { *; }
-keep public class com.google.android.gms.** { *; }

On iOS

For BehavioSec signal group signals on iOS, refer to https://developer.behaviosec.com/dw/ios_sdk.

The Risk Management SDK on iOS still uses integration API V2.1.1.

Integrating hybrid apps in a WebView

When the application lives inside a WebView (an instance of a browser webkit object), the best results are accomplished by passing data between the native layer and the WebView. There are many ways to do this, but the principle is the same. Set up a callback to the native layer from within the WebView application.

For more information, refer to https://developer.behaviosec.com/dw/sdk_integration#hybrid_apps_for_android_and_ios.

For a complex transaction where the size of user input data through the keypad is significantly large, you can increase the data size of timing to collect signal in the BehavioSec Signal group that exceeds 70KB. As a result, the Risk Management SDK might get a 403 - Forbidden error from the Risk Engine back-end server due to size limitations.

Note

  • In general, it is not recommended to send very large transaction data, to avoid latency at the Risk Engine server. The BehavioSec SDK is capable of training the system to use fewer fields in any transaction screen.

  • All the links mentioned in this section require valid login credentials for the BehavioSec website. Contact Thales for more information about the credentials. Because the BehavioSec SDK is added to the Risk Management SDK, the host does not have to add this as a dependency at the application.

On this page