The Data Vault is the reusable component for storing sensitive data securely on-device. Each instance of the Data Vault is protected with an application passcode.

The Logon Plugin uses MAF Logon Core for registration. MAF Logon Core requires credentials and configuration to execute the registration process. After successful registration, the Logon Core stores the credentials and configuration in its private Data Vault.

The Data Vault is protected with an application passcode that is set by the consumer of the mobile application. This passcode has to satisfy the passcode policy defined for the application. To prevent unauthorized use of the app, an appropriate passcode policy can be set on the SAP Mobile Platform server to force the use of a strong passcode on the app.

The information stored in the Data Vault by the Logon Core is securely encrypted and is only provided to the application if the Data Vault is unlocked with the right passcode. Once the registration is deleted, the Data Vault and its content is deleted.