Signature validation

OneSpan Authentication Server Appliance allows you to sign transaction data using electronic signatures generated via two methods:

• Using an authenticator that is set up to generate electronic signatures.
• Using OneSpan Authentication Server Appliance itself (i.e. virtual signature generation).

An electronic signature is based on transaction details entered into the authenticator. The authenticator uses the transaction details and an embedded secret to generate and display an electronic signature. With virtual signature generation, the user supplies the transaction details directly to OneSpan Authentication Server Appliance, which will then generate the electronic signature, i.e. the virtual signature. Virtual signatures are delivered to the user via the Message Delivery Component (MDC).

Once a user receives the electronic signature, the user can then use it to sign a transaction, typically through a confirmation page, e.g. to finalize a transaction. This signature is validated by OneSpan Authentication Server Appliance. If the signature is incorrect or invalid, then the transaction will not be permitted to proceed.