Using Login Screens for Data Vaults

An application that implements a login screen is considered to be secure. Mobile application developers are responsible for creating login screens for the applications they create. A login screen allows the device user to enter a passcode to unlock the data vault.

A secure application that uses a login screen:

  1. Prompts the user to enter the datavault passcode to open the application and get access to the local client database. If the wrong passcode is used, the application is rendered useless: the key that encrypts and decrypts data in the vault cannot be used to access data until this code is accurately entered.
    After a certain amount of time passes, the login in screen can be redeployed to prompt the user to re-enter the passcode.
  2. Can be locked out after a configured number of retries.
  3. Can self-destruct after a set number of incorrect passcode attempts.
    When this occurs, the device user must uninstall, reinstall, then perform an initial synchronization to recover from a destroyed data vault.
To implement a login screen you must create the login and the define the password. The screen and the password unlock the DataVault. Unlocking the vault enables access to application data off-line or on-line. In contrast, Workflow applications can require user credentials that must be checked against Unwired Server on-line before granting access to Workflow content.

The password is initially defined when you configure the property values required to enable an authenticated HTTPS connection. However, you can allow users to change this password. For information about password definition see changePassword in the Developer guide for your application type.

Parent topic: Securing Sensitive Data On-Device with Data Vault
Related concepts
Securing Sensitive Data On-Device with Data Vault