Push notification connection security
All products and components of the OneSpan push notification solution communicate via different network protocols (see Figure: Push notification communication protocols (Generic deployment)). The used components and services vary depending on the deployment topology, but generally all communication is secured using encryption.
When setting up push notification environments, there are two types of connections:
-
Connections secured by OneSpan or third-party providers. These connections are created and secured by either OneSpan or third-party providers, e.g. for notification services.
The connections are usually secured by using HTTPS. Messages that are sent via third-party notification services, are additionally secured by encapsulating the actual message content within an encrypted Secure Channel message.
For more information about the connection security implemented by APNs and Google FCM, see:
-
Connections secured by the customer. These connections are set up by the customer when installing the respective products in the customer network. By default, encryption is already enabled, but the customer is responsible to secure the connections.
For more information about configuring encrypted communication for OneSpan Authentication Server, refer to the OneSpan Authentication Server Administrator Guide, Section "Encrypted Communication".
For more information about protecting OneSpan Authentication Server environments and network communication in general, refer to the OneSpan Authentication Server Security Best Practices Guide.