Keyri's mobile SDKs inlcude ECDSA methods that allow you to tie an individual account to a specific device. These methods associate a signing key pair to an account, and the private key is persistent on and non-extractable from the device on which it was generated. The private key is used to generate cryptographic signatures for a given account that can then be validated by your backend application using the key pair's public key, which is extractable from the device and can be passed to your backend applications.
Potential applications for this ECDSA functionality include:
Let's say you have a user with a username of "Jane" registering or logging into your iOS app.
To generate a persistent key pair for Jane, run func generateAssociationKey(publicUserId: "Jane"). This will create a private key that will be stored in the phone's Secure Enclave, and return its associated public key. You can pass this public key to your user database and associate it with Jane's account.
To authenticate Jane, run func getUserSignature(publicUserId: "Jane", customSignedData: "I'm trying to log in"). This will return a signature of the customSignedData with Jane's private key. Pass this signature and customSignedData to your backend either directly or through Keyri's QR API via func Session.confirm(publicUserId: "Jane", payload: signature). Validate that signature on your backend with ECDSA. If validated, then you can trust that Jane is using that specific device on that specific session.
If Jane is known to be a fraudster on your platform that you've since banned, you'd want to prevent them from creating new accounts on that same phone. To accomplish this, run func getAssociationKey(publicUserId: "Jane") at the registration stage. If that function returns a string, then you know Jane is trying to create a new account to circumvent the ban. Thus, you can block that registration. To get around this, Jane would have to purchase a new phone in order to create new accounts, which makes running their fraud operation substantially more costly, potentially disrupting the entire economics of the fraud technique so as to render it futile.