Orchestration SDKs

Introducing Device Binding

PingOne Advanced Identity Cloud PingAM Android iOS

The Device Binding module provides secure device registration and authentication capabilities for mobile applications.

It enables applications to bind cryptographic keys to a device and restrict access to those keys, using biometrics, a PIN, and other authentication methods.

The Device Binding module provides two main operations:

Device Binding

Registers a new device by creating cryptographic keys and proving device possession through signed JSON Web Tokens (JWTs).

Device Signing Verification

Proves device possession using existing keys by signing server challenges for step-up authentication.

Features

Multiple Authentication Types

Restrict access to a bound key with different authentication types, including biometric, biometric with fallback to device credential, application PIN.

You can also opt to create a hardware-backed key, but not require any additional authentication to unlock it, by selecting NONE as the authentication type.

Hardware Security

Securely stores keys in the Android KeyStore or iOS Secure Enclave.

JWT-based Proof

Leverages industry-standard JSON Web Tokens (JWT) for device verification.

Flexible Configuration

Extensive customization options.

Journey Integration

Seamless integration with authentication flows

Get Started

Android

Bind keys on an Android device.
iOS

Bind keys on an iOS device.