Push and sign
Transaction data signing using push notification (push and sign) allows data signing using a separate and unconnected channel (out-of-band signing). The data signing transaction is initiated by a web application and validated by the mobile application. The signature request information is transmitted via a push notification.
The transaction data signing using push notification workflow overview:
- The user initiates a data signing transaction in the web application, e.g. a banking site.
- The web application sends a respective request to the connected OneSpan Authentication Server instance via SOAP (authSignatureRequest).
- The OneSpan Authentication Server instance prepares the signature request uniquely identified by a request key. The signature request is stored in the signature cache of OneSpan Authentication Server. The request key is transmitted to all applicable Digipass authenticator instances via push notifications (see Push notification message content).
- The user accepts the push notification received by the mobile application (Digipass authenticator). The mobile application retrieves the actual signature request via DIGIPASS Gateway (using getPreparedSignatureRequest) and presents it to the user accordingly (see Signature request content).
-
The user does one of the following:
- The user confirms the signature request. The mobile application generates a signature and completes the signature request via DIGIPASS Gateway (using authSignature). The signature request is successfully processed and removed from the signature cache.
- The user cancels the signature request. The mobile application cancels the signature request via DIGIPASS Gateway (using cancelAuthSignatureRequest). The signature request is removed from the signature cache without being completed.
- The mobile application displays a status message.
Push and sign workflow (Overview) provides a high-level overview of the integration of OneSpan Mobile Security Suite in the mobile application, and does not show all required calls to the OneSpan SDKs. Furthermore, it does not display the call by DIGIPASS Gateway to OneSpan Authentication Server.
For more information, refer to the OneSpan Mobile Security Suite documentation.
Push notification message content
The content of the push notification is protected in a Secure Channel message, which must be decrypted with the Digipass SDK. Once decrypted, the content of the push notification is encoded as a plain text string with each parameter separated by a semicolon (see Push notification content parameters).
"01;05;0123456789"
Signature request content
The signature request retrieved using getPreparedSignatureRequest (identified by the request key) is contained in a Secure Channel message, which must be decrypted using the Digipass SDK to obtain the signature request data.
The signature request data and how to handle it depends on the signature data type used in the authSignatureRequest SOAP command (OneSpan Authentication Server) initiating the push and sign workflow:
- Separate key/value signature data fields (signatureFields). The signature request data is binary data generated with the Secure Messaging SDK (using generateSignatureTransactionMessageBodyV2). It also needs to be parsed as such using the respective client function of the Secure Messaging SDK Client.
- Binary data signature body (signatureBody). The signature request data is some hexadecimal raw data and needs to be handled accordingly.
If the user approves the signature request, the request must be signed with the Digipass SDK based on the Secure Channel message received from DIGIPASS Gateway that contains the signature details.
If the user rejects the signature request, the request key must be encrypted in a Secure Channel message with the Digipass SDK.
Additional references
For more information about handling Secure Channel messages, refer to the Secure Messaging SDK Client Integration Guide.
For more information about the OneSpan Authentication Server SOAP commands, refer to the OneSpan Authentication Server SDK SOAP Reference.