- 23 Oct 2024
- 2 Minutes to read
- DarkLight
- PDF
Integrate Secure Channel communication
- Updated on 23 Oct 2024
- 2 Minutes to read
- DarkLight
- PDF
The Secure Channel feature can only be integrated in the context of an integration of a two-step activation model.
The Secure Channel communication consists of:
Generating an encrypted Secure Channel message from raw data.
Sending the Secure Channel message to the Mobile Authenticator Studio app via an image.
Signing the Secure Channel message in the Mobile Authenticator Studio app.
Validating the Mobile Authenticator Studio message signature to acknowledge the transfer.
The integration of Secure Channel communication mandatorily requires the integration of OneSpan Authentication Server Framework 3.13.1.2 or later and of the Secure Messaging SDK 4.3.5 or later.
The usage of Cronto images to deliver the activation message requires the integration of the Image Generator SDK 4.3.5.
Secure Channel communication (overview)
The generation of a Secure Channel message body from raw data relies on the transaction message body version 2 generation functionality of the Secure Messaging SDK 4.3.5. The content of the message can be formatted in three different formats:
A list of keys and values to display transaction content.
A challenge for a Challenge/Response operation.
Free text.
Each format is associated with a dedicated API method to facilitate integration:
generateSignatureTransactionMessageBodyV2()
generateChallengeTransactionMessageBodyV2()
generateFreeTextMessageBodyV2()
generateChallengeTransactionMessageBodyV2() generates a challenge transaction message. The title defined inside the message will not be displayed on the screen. To display the title on the screen, the generateFreeTextMessageBodyV2() method must be used.
The output of this API call must be used as the input for the OneSpan Authentication Server Framework API method AAL2GenMessageRequest().
The output from OneSpan Authentication Server Framework can then be converted into a message using the Image Generator SDK to be scanned by Mobile Authenticator Studio.
The length of the Secure Channel message must be limited to 200 hexadecimal characters for it to be converted into a Cronto image.
The signature of the transaction message generated by Mobile Authenticator Studio can be validated using the OneSpan Authentication Server Framework API method AAL2VerifyMessageSignature().
The flags defined in the Secure Messaging SDK to generate a Secure Channel message have the following effects on a Mobile Authenticator Studio application:
showMAC: If true, the Mobile Authenticator Studio application will compute a MAC to sign the transaction.
askPIN: This flag is ignored. PIN management is triggered directly by the Mobile Authenticator Studio application.
showData: If true, the Mobile Authenticator Studio application will display the content of the transaction message.
askApproval: If true, the Mobile Authenticator Studio application will prompt the user to confirm the transaction data before the MAC is generated.
showWarning: If true, the Mobile Authenticator Studio application will display a predefined warning message to the user.