Push Notification

Mobile Authenticator Studio push notifications are used in the context of out-of-band login (Push and Login) and out-of-band Transaction Data Signing (Push and Sign).

With this feature, you can send a notification to the Mobile Authenticator Studio app when data is pending for validation on the server. To send the notification to Mobile Authenticator Studio, either the OneSpan Mobile Security Suite Notification SDK Server or DIGIPASS Gateway can be used.

Push and Login

The Push and Login feature enables users to login after being notified by a push notification. This type of login is an out-of-band authentication initiated on a website. The authentication request is transmitted via push notification and validated with the Mobile Authenticator Studio app.

Push and Login with DIGIPASS Gateway

The user must initiate the push and login process by using the website of an application server that communicates with the back end, e.g., OneSpan Authentication Server. A push notification is then sent to the Mobile Authenticator Studio app, which must retrieve the details of the login request with DIGIPASS Gateway. The app displays the login details, and the user either approves or rejects the login request. Next, the app calls dedicated web services according to the user’s choice (i.e. approve or reject). Finally, the user will be notified of the final status on the website.

Push and Sign

Push and sign allows data signing using a separate and unconnected channel (out-of-band signing). This enables users to approve a transaction after being notified by a push notification. For the handling of the communication between the back end and Mobile Authenticator Studio, the integration with the following solutions is supported:

DIGIPASS Gateway:

• Transaction details can be retrieved without authentication operation

• The Mobile Authentication Studio app displays each pending transaction individually to the user

Mobile Security Suite: Notification SDK (Server):

• Every transaction detail is secured with an authentication operation

• The Mobile Authentication Studio app displays a list of pending transactions to the user

Push and Sign with DIGIPASS Gateway

The data signing transaction is initiated by a web application and validated by the mobile application. The signature request information is transmitted via a push notification. The user accepts the push notification received, and verifies and confirms the signature request. The mobile application generates a signature and completes the signature request.

Push and Sign workflow with DIGIPASS Gateway

1. The user initiates a data signing transaction in the web application, e.g., a banking website.

2. Upon tapping the notification, the user sees a splash screen with the app logo.

3. The user sees the pending transaction details.

4. At the bottom of the request details screen, the user taps Approve.

5. The user accepts the push notification with the signature request received by the mobile application.

6. The user either confirms the signature request and completes it, or cancels it.

7. The mobile application displays a status message.

Push and Sign with Mobile Security Suite

To send the notification to Mobile Authenticator Studio, the OneSpan Mobile Security Suite Notification SDK Server can be used.

Each time the mobile device receives a push notification, an alert is displayed. When the user opens the notification, the Mobile Authenticator Studio app is opened and retrieves the pending data from the server implementing the Transaction Data Signing Web service.

Once the data is retrieved from the Transaction Data Signing Web service, Mobile Authenticator Studio displays two buttons: one to accept and one to decline the transaction.

To be able to receive notifications from the server, Mobile Authenticator Studio must send its notification identifier to it, after the activation of an authenticator account. It is encrypted with the Secure Channel payload key to prevent repudiation. As the notification identifier may change during the app life cycle, the notification identifier is re-sent each time it is changed.

Push and Sign workflow with Mobile Security Suite

The data to sign is associated to a transaction and the following sections describe the workflow with corresponding figures.

1. The user is notified of the request for approval. (See New transaction notification.)

2. Upon tapping the notification, the user sees a splash screen with the app logo.

3. The user's identity is verified using the authentication method selected in the activation process.

4. If there are multiple transactions to approve, the user sees a list of transactions and clicks one to view the details.

5. The user views the request details and scrolls down to see all details.

6. At the bottom of the request details screen, the user taps Approve.

7. The user's identity is again verified with a request to authenticate.

8. Optionally, the user could tap Deny to reject the transaction. The user will be asked to confirm the denial and will receive a confirmation.

9. The user sees a confirmation that the request was successfully approved and taps Done. (See Request approval confirmation.)

10. If there are multiple requests to approve, the user is returned to a list of the additional pending requests.

11. If at any point the user wants to cancel the approval of the pending requests, the user can tap Cancel and they will exit the approval process.

New transaction notification

Request approval confirmation

Further references

For more information about the integration of DIGIPASS Gateway, see the latest version of the Integration Guide in DIGIPASS Gateway.

For more information about the integration of the Notification SDK, see the latest version of the Integration Guide in Notification SDK.