Components and Considerations

The Collection Agent

The AuthenticAction™ SDK includes a process known as the “collector agent” which, when instantiated, provides a simple means of integrating AuthenticAction™ monitoring of user identity and interaction into your application without requiring extensive programming on your part.

The collector agent is typically started when you start your Application class (as described in the subsequent sections of this document). The collector agent is responsible for various data collection and serves as the primary entry point for your application coding to control various aspects of the data transmitted. Through various callbacks, contextual tagging related to the application lifecycle (app pause, resume, stop) can be updated to the collector to be captured and associated with the data being collected. Further, session and user identification provide an efficient means for your back-end application to reference the activities of your mobile users during their interaction with your app.

Session Identification (CSID)

You will want to be able to identify each unique app session between your user and your application so that subsequent back-end API calls can make targeted queries to the AuthenticAction™ service (e.g., to find out if the session appears to have been compromised in any way).

The collector agent utilizes a string parameter “CSID” which stands for “Customer Session ID”. It should be a unique identifier across all your AuthenticAction™ sessions past, current, and future so that it uniquely identifies the session.

Note: Of course, your application likely already has its own session management already (or has one planned). It is possible to utilize your applications session identifier as the session identifier for AuthenticAction™ as well; in fact, this makes your eventually back-end coding much simpler, negating the need to extend your back-end data model to track and manage both an app session identifier as well as an AuthenticAction™ data collector session identifier.

User Identification (UID)

The collector agent also can apply user identification tagging, so that each unique session is also associated with a specific user. As such, user identification tagging creates a simplified means for the back-end API and audit dashboard to make queries across several sessions for a particular user or users based upon the user identifier.

The collector agent utilizes a string parameter “UserID”. It should be a unique identifier across all your application users so that it uniquely identifies the user interacting with your app. The identifier can be the same as your user’s login identifier (if you have one), a customer identifier, or another unique user identifier that your app manages.

Note: Alternatively, a hashed representation your user might be leveraged. Bear in mind when utilizing a hashed representation, simple identification of the user becomes more complicated, bearing in mind that to make queries through the dashboard or REST API, your operator or back-end code will need to be able to recreate the hash of a particular user prior to making the inquiry to the AuthenticAction™ service.

Context Identification

The collector agent provides a means of tagging context during various activities. When your user engages with your app, it will naturally enter different application states (startup, pause, resume, close, etc.). Additionally, your app will present various views and features (e.g., login, filling in forms, etc.). using context tagging, your application will supply the AuthenticAction™ service with valuable contextual information about the application state that can be used in combination with the features of the collector during queries, decisioning, and investigations.

For example, consider the simple code snippet below, where the collector is provided the context that the activity has been started and the application name is provided:

c.setEventDataCollector(activity)

c.eventsCollectorStartListening()

c.sendContext("enter_" + activity.javaClass.simpleName)

Note: The AuthenticAction™ service can be leveraged across multiple channels and modality types. If your users access your services through multiple platforms (iPhone, android, PC Browser, etc.) then adding contextual information, including app specific details, can assist in creating targeted queries to the AuthenticAction™ service.