Overview
Abstract
The goal of the BlockID Mobile SDK documentation is to provide any developer (with Android or iOS experience) the knowledge and understanding required to integrate the BlockID Mobile SDK and access the core features provided.
Get Started Immediately
Please request access to our SDK and demo applications by sending us an email at developers@1kosmos.com
Introduction
The BlockID Mobile SDK is a dependency available for Android and iOS platforms. It is easily incorporated into native Android applications using Gradle as the dependency management tool, and into iOS applications using CocoaPods for dependency management.
The table below provides an overview of the BlockID Mobile SDK's version and the prescribed dependency management tools for each platform, serving as the recommended means of integrating dependencies:
| Platform | Version | Dependency Management |
|---|---|---|
| Android | 1.20.50 | Gradle |
| iOS | 1.20.50 | CocoaPods |
Features
The features and capabilities below are accessible to application developers through the BlockID Mobile SDK. Developers can setup authentication method in the apps, onboard users, provide users a capability to scan, enroll and verify their identity and miscellaneous documents.
Authentication
Insufficient authentication controls allow an attacker to circumvent intended authentication-based security mechanisms and gain access to an application illegitimately. The application developers must implement an authentication mechanism in the app. The BlockID Mobile SDK provides below authentication methods which application developers can implement in their apps very easily.
- PIN Authentication
- Biometrics Authentication
- LiveID Authentication - Identity verification for mobile app
The application must register for above authentication mechanisms (using Document Enrollment features) before using either of them.
User Onboarding
The BlockID Mobile SDK provides developers an option to add (link), remove (unlink) and authenticate user account(s).
Document Scanning
The BlockID Mobile SDK provides developers a quick way to integrate document scanning feature in their application. The BlockID Mobile SDK's document scanner supports following documents:
- Driver's License
- Passport
- National ID
Document Registration
The BlockID Mobile SDK provides developers an option to add, remove and restore the document(s) to or from the BlockID platform. The following is a list of entities which can be added, removed and restored to or from BlockID platform using document registration service:
- PIN
- LiveID
- Identity Documents
- Driver's License
- Passport
- National ID
- Miscellaneous Documents
LiveID registration is required to register an identity documents
Document Verification
BlockID Mobile SDK provides the functionality to verify data that the user has presented through our partners. The BlockID Mobile SDK supports the below document verification services:
- Driver's License Verification
- Social Security Number (SSN) Verification
- Document Liveness Verification
- Face Liveness Verification
- Face Comparison
Security
SDK’s are usually considered to be deployed horizontally in the application ecosystem, whereas apps are considered to be deployed vertically. This means that is a single SDK deployed across multiple apps could compromise the security of all apps associated with that particular SDK.
SDK’s are usually deployed by 3rd parties in most cases, so hypothetically if an app faced certain SDK security issues, it would be much harder to be able to resolve and secure that particular issue because it is not entirely in the control of the app owner.
Because SDK Attack surface is wider than that of an app, the BlockID SDK has implemented locking mechanism to prevent any kind of unauthorised access. Below are additional points
The BlockID Mobile SDK will always be in the locked state. To unlock the BlockID Mobile SDK, one has to successfully login/register in any of the Authentication mode. If the BlockID Mobile SDK is locked and someone tries to access the API, it will show the message as “Unauthorized access”.