Transaction Data Signing
  • 23 Oct 2024
  • 1 Minute to read
  • Dark
    Light

Transaction Data Signing

  • Dark
    Light

Article summary

Transaction Data Signing consists in signing data which is stored on a server using the Mobile Authenticator Studio application.

The data signing process starts outside the Mobile Authenticator Studio application. For example, the user enters a set of data in an online form and wants to sign it. The form must contain the data itself, as well as an identifier specific to this set of data. Once the form is submitted, the data is stored on the server.

Transaction Data Signing - request to server

After this, the user can sign the data with Mobile Authenticator Studio. By selecting the Transaction Data Signing shortcut, the user initiates a request from the application to the server that hosts the data. The purpose of this request is to check if the stored transaction data is pending and waiting to be signed. To identify the user on the server and authorize the pending transaction delivery, the request sent by the application contains a one-time password (OTP).

Transaction Data Signing - application request

Transaction Data Signing - application response

The response to this request contains a list of pending transaction identifiers that the user can select from, and the transaction fields that need to be signed.

Transaction Data Signing - pending transaction list

The user selects the transaction identifier, and the corresponding transaction content is displayed.

Transaction Data Signing - select transaction

Once the transaction data has been selected from the list, its fields are used by the cryptographic engine of Mobile Authenticator Studio to generate an e-signature.

Transaction Data Signing - generate e-signature

The generated e-signature is sent to the server for validation. The URL is defined in the Mobile Authenticator Studioconfiguration file.

Transaction Data Signing - validate signature

Mobile Authenticator Studio can be configured to offer the end user the possibility to either always or never check the existence of a pending notification when the application starts. This choice is only available if the application contains a single authenticator instance.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, our interactive help assistant