Transaction data signing

With OneSpan Cloud Authentication (OCA), your users can choose to sign their transaction data with one of the following options:

• An offline one-time password (OTP)
• With Push Notification Message that is pushed from a server to a user and is displayed on an end-user device, e.g. a mobile device. Push notifications are received by a particular app. This must be registered on the corresponding server to receive notifications. Notifications can be sent at any time, the users do not have to be actively using the app at that time. messages (see Push Notification-based transaction data signing)
• Based on the OneSpan Secure Channel feature (see Secure Channel-based transaction data signing)
• With FIDO-based transaction data signing (see FIDO-based transaction data signing)

Various authenticators are supported for the different types of transaction data singing.

Overview supported authenticators

Transaction data signing type	Supported authenticators
Offline OTP	Hardware: authenticators with signature support Software: Mobile Authenticator Studio
Secure Channel-based	Hardware: authenticators with Cronto image support Software: Mobile Authenticator Studio Mobile Security Suite Orchestration SDK
Push Notification-based	Software: Mobile Authenticator Studio Mobile Security Suite Orchestration SDK
FIDO-based	Hardware: UAF authenticator
Message-based (Email/SMS/Voice)	Virtual authenticator with signature support

For more information about the integration of transaction data signing with OneSpan Cloud Authentication, see the OneSpan Cloud Authentication Integration Guide.