Workflow: Transaction data signing via push (Push and sign)

The workflow sequence depends on the deployment and involved components (see Topology and deployment scenarios). In a typical cloud/on-prem deployment where transaction data signing with push notification is enabled, the components of the push notification solution interact in the sequence as illustrated in Figure: Transaction data signing using push notifications (Workflow, Cloud and on-prem).

The process for the user to sign transaction data via push and sign is as follows:

1. The user initiates a transaction data signing request towards the application server, e.g. via a banking application site.
2. After receiving the corresponding request from the application server, OneSpan Authentication Server generates the required push notification message. The push notification message is relayed to the Message Delivery Component (MDC) service.
3. MDC sends the push notification request to the OneSpan Notification Gateway.
4. The gateway sends a push notification to the client mobile application via notification services for the respective end device. If a user has multiple devices assigned and registered, a push notification is sent to all applicable devices (MDL instances).
5. The mobile authenticator app retrieves the signature transaction message from the on-prem DIGIPASS Gateway instance. It then requests the user to confirm the signing of the transaction data.
6. If the user confirms, the mobile authenticator app authenticates the user against OneSpan Authentication Server via DIGIPASS Gateway.
7. OneSpan Authentication Server processes this request and, if applicable, returns success to the application server.
8. The application server informs the user that the transaction data has been signed successfully.