Integration of orchestration with OneSpan Mobile Security Suite

The Orchestration SDK enables you to easily leverage major security features in your mobile application:

• Two-factor authentication
• Secure provisioning
• Secure Channel The Secure Channel feature encrypts the communication between device and server. It uses payload keys to protect the confidentiality and authenticity of the message's payload.
• Secure storage
• Password protection
• Fingerprint recognition
• Multi-device management

This SDK provides the ability to orchestrate the behavior of the mobile application after a risk evaluation. If a risk has arisen for a given transaction, Intelligent Adaptive Authentication can be set to dynamically request step-up authentication or transaction signing on the mobile application. To accomplish this, a given protection type (e.g. fingerprint recognition) is used.

Data exchange happens between the mobile application that integrates the Orchestration SDK and the application server that uses Intelligent Adaptive Authentication. The exchanged data is encapsulated into orchestration commands which are encoded as hexadecimal strings. These orchestration commands are protected by the Secure Channel feature to ensure the confidentiality, integrity, and non-repudiation of the exchanged data.

Find further information in the following documents:

• OneSpan Mobile Security Suite Product Guide

• Orchestration SDK Integration Guide at Mobile Security Suite > Guides > Integration Guides.

Before You Begin

The Orchestration SDK does not handle the communication layers (e.g. network, Push Notification messages, or image scanning). This part must be handled by the mobile application that integrates the Orchestration SDK.

The Orchestration SDK supports the following platforms:

• Android 5.0 and later
• iOS 12.0 and later

The Android and iOS binaries are part of the Mobile Security Suite SDKs bundle that can be retrieved from the Mobile Security Suite SDKs Download page.

Authenticator configuration

To successfully set up orchestration, the following authenticator configuration settings are mandatory:

• The authenticator must have a Secure Channel application for activation, remote authentication, and remote transaction operations.
• PIN protection must be set to optional, and the minimum PIN length must be 6 characters when a keypad is used that is provided by OneSpan.

The following authenticator configuration settings are optional:

• A Response-Only application for local authentication and PIN change.
• A Challenge/Response application for local authentication.
• A Signature application for local transactions.

Integration of the Orchestration SDK in your mobile application

For detailed instructions how to use the Orchestration SDK in your Android and iOS projects, refer to Integrating the Orchestration SDK.