Login
    Contents x
    Integration of Secure Channel-Based Transaction Data Signing
    • 21 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    Contents

    Integration of Secure Channel-Based Transaction Data Signing

    • Updated on 21 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    Article summary

    Secure Channel-based transaction data signing (TDS) is a type of transaction data signing that supports the secure exchange of signing data. Secure Channel-based TDS is typically used in combination with Cronto images or QR codes to exchange the Secure Channel messages. This type of transaction data signing requires the use of authenticator licenses that are activated in the multi-device licensing (MDL) mode.

    With this feature, you enable your users to sign a transaction, represented by a number of signature data fields, on their mobile device. This operation happens via a Secure Channel, in combination with a Cronto image or QR code.

    Supported devices:

    • Hardware authenticators with Cronto image support (e.g. the Digipass 7xx-series)

    • OneSpan Mobile Authenticator Studio 4.18 and later

    • Mobile Security Suite

    Sequence of a Secure Channel-based transaction data signing operation

    1. The user initiates the adaptive authentication transaction operation and with this triggers the client application to send a transaction validation request to the OneSpan Trusted Identity platform API by calling the POST /users/{userID@domain}/transactions/validate.

      The default timeout value for Secure Channel-based transaction data signing is set to 180 seconds. Contact OneSpan if you need to change this timeout configuration.

    2. The web service triggers a Risk Management component event request for the transaction.

    3. The Risk Management component responds with a Cronto challenge (value = 11).

    4. The web service triggers a secure-challenge to the Authentication component to generate a secure message.

    5. The web service returns the Risk Management component challenge together with the secure message to the client application.

    6. The client application uses the Visual Codes service to generate the Cronto image.

    7. The user captures the Cronto image with their authenticator which generates a signature.

    8. The signature is inserted into a new transaction request to Intelligent Adaptive Authentication for validation. The transactions/validate service uses the request identifier provided in the generate-transaction-validation-request response.

    9. The web service validates the signature received from Intelligent Adaptive Authentication.

    10. Intelligent Adaptive Authentication returns the validation result of the signature.

    To integrate Secure Channel-based transaction data signing

    1. Issue a generate transaction validation request with the POST /users/{userID@domain}/transactions/validate endpoint.

    2. Issue a generate Cronto image request with the POST /visualcodes/render endpoint:

    3. Issue a transaction request with the POST /users/{userid@domain}/transactions/validate endpoint:

      • Payload:

        • objectType: “AdaptiveTransactionValidationInput”

        • data.secureChannel.requestID

          Request ID received from the first transaction validation request.

        • data.secureChannel.signature

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant