- 19 Oct 2024
- 1 Minute to read
- DarkLight
Push and Sign
- Updated on 19 Oct 2024
- 1 Minute to read
- DarkLight
The Push and Sign feature enables users to approve a transaction after being notified by a push notification. To send the notification to Mobile Authenticator Studio, the OneSpan Mobile Security Suite Notification SDK Server can be used. For more information, refer to the Notification SDK Integration Guide.
Each time the mobile device receives a push notification, an alert is displayed. When the user opens the notification, the Mobile Authenticator Studio app is opened and retrieves the pending data from the server implementing the Transaction Data Signing Web service.
Once the data is retrieved from the Transaction Data Signing Web service, Mobile Authenticator Studio displays two buttons: one to accept and one to decline the transaction.
To be able to receive notifications from the server, Mobile Authenticator Studio must send its notification identifier to it, after the activation of an authenticator account. It is encrypted with the Secure Channelpayload key to prevent repudiation. As the notification identifier may change during the app life cycle, the notification identifier is re-sent each time it is changed.
Push and Sign workflow
The data to sign is associated to a transaction and the following sections describe the workflow with corresponding figures.
The user is notified of the request for approval. (See New transaction notification.)
Upon tapping the notification, the user sees a splash screen with the app logo.
The user's identity is verified using the authentication method selected in the activation process.
If there are multiple transactions to approve, the user sees a list of transactions and clicks one to view the details. (See Transaction details.)
The user views the request details and scrolls down to see all details.
At the bottom of the request details screen, the user taps Approve.
The user's identity is again verified with a request to authenticate.
Optionally, the user could tap Deny to reject the transaction. The user will be asked to confirm the denial and will receive a confirmation.
The user sees a confirmation that the request was successfully approved and taps Done. (See Request approval confirmation.)
If there are multiple requests to approve, the user is returned to a list of the additional pending requests.
If at any point the user wants to cancel the approval of the pending requests, the user can tap Cancel and they will exit the approval process.
New transaction notification
Transaction details
Request approval confirmation