20.1.4. Approval steps

The approval step is the one that actually asks the user for approval. How this is done depends entirely on the configured approval step.

  • All approval steps have the following in common:
  • Present transaction details to the user using a separate channel (e.g. SMS, push message, QR code).
  • Get the user's approval (e.g. enter OTP code, press a button on the phone, scan a QR code.)

Airlock IAM 7.6 supports the following approval steps. Custom approval steps may be added.

Airlock 2FA approval step

  • The Airlock 2FA approval step works as follows:
  • 1.
    Send push messages with transaction information to the Airlock 2FA app.
  • 2.
    Transaction details are displayed and the user presses the Approve button.
  • Alternative flow if the smartphone is offline:
  • 1.
    When waiting for user approval, the REST client (e.g. e-banking) may display a QR code containing transaction information.
  • 2.
    The user scans the QR code with the Airlock 2FA app and enters the displayed code to approve the transaction.
  • Alternative flow for mobile-only (single device) cases:
  • If the business app (e.g. mobile banking app) and the Airlock 2FA factor reside on one and the same smartphone, the mobile-only transaction approval scheme is used.

  • 1.
    The business app requests a challenge from the IAM REST API and passes it either to the Airlock 2FA app (app-to-app communication) or to Futurae's app SDK.
  • 2.
    The user is asked to confirm the transaction. This will call the Airlock 2FA app (or the SDK) to confirm the transaction with the Futurae cloud.
  • 3.
    The business apps then poll for the decision using the IAM REST API and proceed according to the result.

Cronto Push approval step

  • The Cronto Push transaction approval step works as follows:
  • 1.
    Send push messages with transaction information to the Cronto app.
  • 2.
    Transaction details are displayed and the user confirms the transaction on the Cronto app.
  • Alternative flow if the smartphone is offline:
  • 1.
    When waiting for user approval, the REST client (e.g. e-banking) may display a Cronto cryptogram containing transaction information.
  • 2.
    The user scans the cryptogram with the Cronto app and enters the displayed code to approve the transaction.

mTAN approval step

  • The mTAN transaction approval step works as follows:
  • 1.
    Send transaction information and an OTP code via SMS to the user.
  • 2.
    The user enters the OTP code to approve the transaction.

Matrix card approval step

  • The approval steps with matrix cards work as follows:
  • 1.
    Display matrix challenge to the user.
  • 2.
    The user enters code according to the matrix challenge to approve the transaction.
  • No transaction information is part of this approval step. There is no way for the user to verify transaction information when approving the transaction. This approval is merely a "re-authentication" step.

Kobil TMS approval step

  • The Kobil TMS transaction approval step works as follows:
  • 1.
    Send push message with transaction information to mobile app
  • 2.
    Transaction details are displayed and the user confirms the transaction on the mobile app.

Further information and links