InCruento | Posts: 5

3rd party authentication in an in-person scenario

0 votes
Our customer wants to deploy an App in a tablet for having their patients signing a consent form authorizing some medical procedures. It would be an in-person signing scenario. Since it is a sensitive process, they need to identify that patient using biometrics (using an existing 3rd party service already integrated in the tablet) and to record that information embedded into the document using OneSpan Sign. Is it possible using the mobile SDK?

Approved Answer
Duo_Liang | Posts: 3776

Reply to: 3rd party authentication in an in-person scenario

0 votes
Hi there, For 1#, yes you can trigger a sms sending to the target phone, but the issues is, for current, you can't integrate this when switching the signer as there's no front-end notifier or back-end callback notifier for this event. If you still want this, the better way is to build the in-person and switch function with your own application. Because as long as you embed the signing ceremony into an iFrame, the audit trail will still shows the signer is using your application's IP which is same as the in-person signing. For 2#, let the signer confirm the document first, get their fingerprints and then change the document is really not the workflow we suggest to use. The authentication should be done before the transaction is created and all documents shouldn't be modified after creation. You can embed these biometrics directly into the document just before creating the package. Talking to write something into the audit trail, you can use our session fields feature. Duo

Duo_Liang | Posts: 3776

Reply to: 3rd party authentication in an in-person scenario

0 votes
Hi there, With OneSpan Sign, you are able to integrate your own authentication method into the workflow. The following is the workflow I understand and suggest to use in your scenario: 0. Turn off the automatically email notification sent to signers by contacting our support team([email protected]). 1. Using your 3rd party service to get the biometrics for signers. 2. Once you get the metrics, you can use Package Attributes Feature to put these information in the package JSON and create the package. 3. Instead of sending the email, you can use Authentication Tokens for signers (guidance here) to manually generate the signing link and embed this link into an iFrame. 4. Patients sign the document. 5. If you want these info, you can use GET /api/packages/{packageId}to retrieve them. If I misunderstand anything, please let me know. And hope this could help you! Duo

InCruento | Posts: 5

Reply to: 3rd party authentication in an in-person scenario

0 votes
Hi Duo, Thanks indeed for your answer, it is very useful for us. I just have a couple of doubts about what you suggest since there are two moments for the user that needs to be recorded when interacting with a document in an in-person scenario: 1. The first one is when the document is to be presented to the signer. In the sandbox preset workflow, it only prompts the users to be switched with no additional validation. Currently the sms authentication seems to be unavailable for this scenario. Could we enable it somehow by using an approach similar to what you suggested (using the Iframe)? 2. The second moment is when the signer accepts the document, after he had read it, and wants to sign it. The idea is to use biometrics at this point as a way to reinforce legal compliance. which would be the suggested procedure to achieve that? Thanks in advance for your help.

InCruento | Posts: 5

Reply to: 3rd party authentication in an in-person scenario

0 votes
Hello, is there any update?

Duo_Liang | Posts: 3776

Reply to: 3rd party authentication in an in-person scenario

0 votes
Hi there, Sorry for the late reply! It just took me some time. And talking about your two concerns. For 1#, can I know why you'd use in-person signing? Because from my knowledge, there's no way to force using authentication methods(SMS, Q&A, etc.) But if you just want to switch between signers more easily, you can build this capability at your own side by invoking signing session for the specific signers and applying your own front end logic. I've got some sample code in Java and HTML pages for you. As long as it's not a in-person signing, the authentication methods are available. For 2#, I still a little bit confused about how you are gonna use your biometrics, you want to embed these values into the audit trail? Or you want to embed these values directly into the document? Or you want to show these messages when signer confirm their transaction? Duo

InCruento | Posts: 5

Reply to: 3rd party authentication in an in-person scenario

0 votes
Hi Duo, Thanks for the answer. Regarding your comments: #1. Yes, we know that currently OneSpan Sign does not support authentication for an in-person scenario and that is precisely why we are looking for a workaround. The customer needs the signing process to be both in-person and authenticated and that all of the authentication information be embedded into the audit trail. So, according to your previous answer, I was wondering if we could manually "trigger" an sms from the platform to validate the switching of the signers. #2. Regarding the biometrics, what we want is to ask the user for the fingerprint when he confirms the transaction and to embed the image into the document and the minutiae digital data into the audit trail. Hope I was clear. Thanks

InCruento | Posts: 5

Reply to: 3rd party authentication in an in-person scenario

0 votes
Ok, it is clear, Thanks Duo for your help, just the last question, could you provide me with a link to how can I embed an image in a document? I have not found something like that in the SDKs documentation, although I was told it is possible. We would like to embed the fingerprint image into the document yet. Thanks a lot

Duo_Liang | Posts: 3776

Reply to: 3rd party authentication in an in-person scenario

0 votes
Hi there, There's no direct way to embed image into the document. The only way I know to embed image into a document is, use a captured signature, and upload your image as a signature. The attachment is an example document I created for you in this way. I am not pretty sure the image resolution is good enough for you because when uploading, the image is converted into some kind of vector image first(to simulate signature) and then encrypted into base64 string and stored in your package metadata. So the image itself could not be an evidence. But you can still embed the base64 string(or other kind of string) encrypted by the original image into the Session Attribute. The process converting image to base64 string which fits in OneSpan Sign is done by our signature import tool(currently we have Java, C#, php version of this tool, would take some time to develop for a specific language if you are an IOS developer) The base64 string used in OSS is different from the one encrypted directly from your image, so that's why you'd need this tool if you want to follow this path. Otherwise, you'd use other 3rd PDF processing libs to do so and store the fingerprint in Session Attribute in a base64 string format. Hope this could help you! Duo

Duo_Liang | Posts: 3776

Reply to: 3rd party authentication in an in-person scenario

0 votes
+attachment

Attachments
8-24-1.pdf238.52 KB

Hello! Looks like you're enjoying the discussion, but haven't signed up for an account.

When you create an account, we remember exactly what you've read, so you always come right back where you left off