Академический Документы
Профессиональный Документы
Культура Документы
BehavioMobile
Document version 2.4.0
Android SDK version 1.5.0
iOS SDK version 1.3
Legal Notice
Copyright (C) 2011-2013 Behaviometrics AB
NOTICE: All information contained herein is, and remains the property of Behaviometrics AB.
Android BehavioMobile SDK uses edit text fields that are extensions of Android EditText fields.
While the iOS (iPhone / iPad) SDK utilizes listeners that can be hooked onto any textfield.
The fields can either gather the timings as they are or anonymously. Anonymous timings do not
store any key character information, which makes them suitable for password fields. However
anonymous timings give a slightly lower confidence due to less entropy used to analyze at a
BehavioWeb server.
The SDK does not send, analyze or score the behavior. BehavioWeb or a Behavio SDK, which
includes BehavioSecs machine learning algorithms, carries out this function.
Complete code examples for both the iOS and Android system can be found in section 4, as well
as the libraries (Android and iOS SDKs).
1.2 Example System overview
SDK
Gather timings
HTTP /
POST Timings/ID
Timings BehavioWeb
Customer
JSON
RISK
Engine
Score/Report
Figure 1
Figure 1 shows how the SDK gathers data, note that the app using the BehavioMobile SDK needs
to send the timings received by the SDK as HTTP / POST to a risk engine server (see code
sample, chapter 4.2), which can contact the BehavioWeb web service interface to get a
score/report back. One can also by a direct call to the web service get a report from the
transaction, more info in chapter 4.6.
2.1 XML
<?xml version="1.0" encoding="utf-8"?>
<LinearLayout xmlns:android="http://schemas.android.com/apk/res/android"
android:orientation="vertical" android:layout_width="fill_parent"
android:layout_height="fill_parent">
<com.behaviosec.mobilesdk.BehavioEditText
android:layout_width="fill_parent" android:id="@+id/editTextUsername"
android:inputType="text" android:layout_marginLeft="10dp"
android:layout_height="wrap_content" android:layout_marginTop="20dp"
android:hint="Username" android:layout_marginRight="10dp" />
<com.behaviosec.mobilesdk.BehavioEditText
android:layout_width="fill_parent" android:id="@+id/editTextEmail"
android:inputType="textEmailAddress" android:layout_marginLeft="10dp"
android:layout_height="wrap_content" android:layout_marginTop="20dp"
android:hint="Email" android:layout_marginRight="10dp" />
<com.behaviosec.mobilesdk.BehavioAnonymousEditText
android:layout_width="fill_parent" android:id="@+id/editTextPassword"
android:inputType="textPassword" android:layout_marginLeft="10dp"
android:layout_height="wrap_content" android:layout_marginTop="20dp"
android:hint="Password" android:layout_marginRight="10dp" />
</LinearLayout>
The Behavio Edit Text fields extend Android EditText and share the same XML tags. This
example utilizes three edit fields: username, email and password. The password field is a
BehavioAnonomyousEditText field, and it is anonymized, it is best used for password fields and
needs to be static, i.e. no free text, (same every time).
IMPORTANT: The class needs permission for an OVERLAY WINDOW that can catch down events
on the android soft keyboard:
The abstract class has one abstract method that needs to be implemented, initActivity(). This
methods should contain the initiation of any Behavio Edit Text fields.
2.3 Init of fieldnames
Each field needs a unique ID that is associated with the field, this should be set as soon as the
fields are created. Note that the fields are created and initiated inside the initActivity() method.
Not inside the onCreate() of the activity. Also note that setContentView(R.layout.main); is called
from the initActivity() method, (otherwise are the edit text fields null, and the result is a null
pointer exception).
// The field name also acts as ID for that particular field, used to
// identify what field to analyze on Behavio server
editTextUsername.setFieldName("text#username");
editTextEmail.setFieldName("text#email");
editTextPassword.setFieldName("password#password");
}
This should be retrieved and sent to the server when the fields are completely filled by the user.
For example after user has inputted username and password and pressed submit.
2.5 Clear fields and timings data
It is not sufficient to only erase the text fields by setting the text to "". The timings data also
needs to be cleared for new input. Use either .clearText method on each Behavio edit field or the
BehavioTimings.clearALL(), to clear all Behavio fields. Used when user submits or hits a clear
button.
BehavioTimings.clearAll();
If buttons are used as inputs without any behavior edit text to capture timings, it is still possible
to gather behavior, if the buttons are timed.
Example: An application has ten touch buttons 0-9. The buttons are used to enter a five-digit
number. To get timings from this application one would add a 'touch' listener to get down
timings and a 'clicked' listener to get up timings. A general JSONArray would store each down
and up timing.
A timing object holding one event looks like this: [type, key, time]. More info on JSON objects can
be found in the 'BehavioWeb Integration Guide.pdf' (see chapter 4.6). Code example below
shows how a custom behavior app could function.
// Global variables
JSONArray fiveDigitTimings = new JSONArray();
long startTime = System.currentTimeMillis();
...
return false;
}
});
BehavioTimings.addCustomJSONArrayTiming(
BehavioTimings.FIELD_TYPE_TEXT_ALPHANUM, "fiveDigitFieldName",
fiveDigitTimings); // Set field type, name and data
#import <Foundation/Foundation.h>
#import <UIKit/UITextField.h>
+(BehavioSec*) sharedInstance;
@end
// Clear(reset) timings
-(void)clear {
[ [ BehavioSec sharedInstance ] resetTimes ];
self.codeField.text = @"";
}
One can also register custom buttons, when the built in soft-keyboard is not used.
It is also possible to add custom fields, for storing information regarding for example location
(GPS info) etc.
BehavioSec_Mobile_SDK_Android_1.5.0.zip
Behavio_SDK_Demonstration.3.0.zip
BehavioSec_Mobile_SDK_iOS_1.2.zip
BehavioSec_iOS_DemoPIN_1.2.zip
And below an iOS code example featuring native keyboard/pinpad can be downloaded.
BehavioSec_iOS_DemoNative_1.2.zip
4.5 BehavioWeb - POST Server
A test web server provided by BehavioSec may be used to test your implementation of any
software utilizing the BehavioMobile SDK.
http://demo.behaviosec.com/BehavioWebDemo/getReport.jsf
URL = "http://demo.behaviosec.com/BehavioWebDemo/getReport.jsf";
webviewResult.setWebChromeClient(new WebChromeClient());
webviewResult.setWebViewClient(new WebViewClient());
webviewResult.getSettings().setJavaScriptEnabled(true);
Android example code to send user timings (data) and user ID (id) to the BehavioWeb Demo
server.
http://demo.behaviosec.com/BehavioWebService/BehavioWeb?wsdl
A full documentation on possible calls and usage of the web service can found here:
http://demo.behaviosec.com:8080/BehavioWebDashboard/overview.jsf
5 Support
To get support regarding this product, write a mail to support@behaviosec.com with the subject
"Behavio Android Support" or "Behavio iOS Support".
5.1 Limitations
5.2.1 Document
Document 2.4.0
Rewritten parts about Android SDK, old chapter 2.2 and 2.4
Document 2.3.6
Document 2.3.5
Document 2.3.4
Added versioning
5.2.2 Android
Android 1.5.0
Added abstract class that handles life-cycle management as well as the key down listener
initiation.
Android 1.4.4
Added lifecycle management
Android 1.4.3
Added fix that removes empty fields from final JSON if no input was recorded
Invisible text view will be added if only one (focusable) field is configured
Updated links
5.2.3 iOS
iOS 1.2
iOS 1.3