SPoC App Deployment, Provisioning and Baseline COTS Configuration
The security of a SPoC solution relies on the decoupling of account data and PIN. App developers should set up policy to check the authenticity of the SDK and whether it is the most current version before using it.
#Sdk integration guide android
Both the aar and framework supports developer siginature verification of the released package, such that the App developers can make use of Android Studio and Xcode to verify the authenticity of the SDK. The SDK is released as a self-contained package, i.e. Mandatory Policies Release and Signing of SDK
#Sdk integration guide full
The SPoC App component of BBPOS SPoC solution made use of this sdk and had been evaluated and listed in PCISSC.īy grouping the SPoC required features into an SDK with clear boundaries and code obfuscation, the sensitive and non-sensitive code segments are isolated, so the changes of code which do not have impacts to solution security can be reported to PCISSC in an annual interim audit instead of going through a delta or full evaluation. Transaction > SPoC > Application Integration SecurityīBPOS SPoC solution provides a SPoC SDK (Software Development Kit) with all the SPoC required features built-in, such as the software PINPad, the attestation module, the secure session management module and the cryptographic functions and key management module.
#Sdk integration guide how to
In this section, we'll quickly do a run down of how to create a credential object from a typescript application. Building the credential Step 1: Generating the credential details.Ī credential object is a digital proof of access given to identity owners. The following is the direct code examples of how developers can programmatically integrate systems for credential verifiers, issuers and identity owners on SiriusID using the Software Development Kit. There are multiple integration points that can be achieved.