Scan and login

  • Published on Jul 7, 2025
  • 1 minute(s) read
Prev Next

Scan and login is an authentication process where users are presented a Cronto image, scan that image and complete authentication on their mobile device. It requires Mobile Authenticator Studio 5.

The typical scan and login authentication process is as follows:

  1. The user initiates a user logon process in the business application, e.g. a banking website, providing at least a user ID.
  2. The business application requests a secure challenge from OneSpan Authentication Server. OneSpan Authentication Server generates a challenge key and returns it to the business application.
  3. The business application generates a Cronto image based on the challenge key.

  4. The business application sends a scan and login authentication request to OneSpan Authentication Server with the user ID and the challenge key.

    OneSpan Authentication Server blocks and waits until the request is either approved or canceled by the end user, but at the most until the authentication timeout, as configured in the policy settings, expires.

  5. On the mobile device, the user scans the Cronto image.
  6. On the mobile device, the Mobile Authenticator Studio app retrieves the secure challenge (via DIGIPASS Gateway) and displays it for the user to verify.
  7. On the mobile device, the user either confirms the logon attempt or cancels it. The Mobile Authenticator Studio app calls a respective response action (via DIGIPASS Gateway).
  8. OneSpan Authentication Server resumes the initial blocking authentication transaction and returns the result to the business application.