Secure Channel (multi-device licensing)
  • 25 Apr 2025
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Secure Channel (multi-device licensing)

  • Dark
    Light
  • PDF

Article summary

The Secure Channel feature uses a randomly generated symmetric key to encrypt the communication between the server and the authenticator account. This symmetric key is the payload key. It is provisioned with the authenticator key during the activation process.

The payload key can only be provisioned in the authenticator account if this has been activated following the two-step activation process.

The secure channel is a one-way channel. Mobile Authenticator Studio only receives transaction messages encrypted by Authentication Server Framework.

To use the Secure Channel feature with Mobile Authenticator Studio, at least one secure channel cryptographic application must be selected in the Mobile Authenticator Studio Parameter Sheet.

The transaction message contains the information about the serial number of the authenticator. Mobile Authenticator Studio uses the serial number to select the authenticator account to use and decrypt the transaction message with the payload key to get the transaction message body. If the authenticator's serial number in the message does not match a serial number loaded in Mobile Authenticator Studio, a message indicating that the transaction message is not dedicated to this authenticator is displayed.

The transaction message body contains the following information:

  • The index of the authenticator's cryptographic application to sign the message.

  • The transaction information to be displayed, formatted as a free text or a list of key-value pairs with the corresponding title. The display format of the transaction information is chosen during the message generation on the server.

The result of the transaction message signature is displayed to the user.

The body of the transaction message is generated by the OneSpan Secure Messaging SDK integrated on the server. For more information on the Secure Messaging SDK integration, refer to the Mobile Authenticator Studio Integration Guide.

To use the secure channel between Authentication Server Framework and Mobile Authenticator Studio, either a Secure Channel action is enabled in the configuration file or the Secure Channel message is sent to Mobile Authenticator Studio by a third-party application.

Secure Channel action

With the Secure Channel action, the user can scan Cronto images containing transaction messages. The transaction messages are encrypted by the payload key provisioned during the activation of the authenticator and shared between Mobile Authenticator Studio and the server. The images carrying the transaction messages are generated by the Image Generator SDK integrated on the server. For more information on the Image Generator SDK integration, refer to the Mobile Authenticator Studio Integration Guide.

In addition to transaction messages, the Secure Channel action can be configured to support activation messages as well. In this case, the Secure Channel action can be used to replace an activated authenticator account without having to delete it first.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant