Securing Sensitive Data On-Device with DataVault
To securely store data on the device, developers should use a data vault with device applications. Administrators then define the password policy using Management Cockpit
The data vault provides encrypted storage of occasionally used, small pieces of data. The data vault holds sensitive artifacts securely, because all data or artifacts in the data vault are encrypted with an AES-256 bit key. Content can include encryption keys, user and application login credentials, synchronization profile settings, and certificates.
The data vault requires a password to unlock and access the data from the application. Therefore, a device application must prompt the user to enter this password when the application is opened. Once unlocked, the application can retrieve any other secrets from the vault as needed, all without prompting the user.
Administrators can define a password policy using Management Cockpit that defines the requirements for an acceptable password. The client password policy is stored in the server-side settings database and the client gets those settings when it connects to SAP Mobile Platform Server as part of the settings exchange protocol.
When the client receives the password policy settings, it can populate the settings objects to the data vault. The data vault stores the settings. The client uses the DataVault API to create a vault with a default password, set the password policy, and change the password to one that is compatible with the policy. If you do not change the password after setting a password policy, the application throws an exception if you attempt to access the application or unlock the vault with an incompatible password.
- Failed logins developers can set the number of failed login attempts allowed before the data vault is deleted. Once the vault is deleted, the encrypted databases are not usable. The application needs to be reinstalled or reinitialized, including deleting the database files to recover.
- Timeouts developers can also set a timeout value so that the data vault locks itself when it is not in use. The user must reenter the vault password to resume using the application.