| - User authentication and identity propagation:
● The user authenticates with Airlock 2FA. ● The AuthTokenID is sent to the e-banking application as part of the identity propagation. ● The e-banking application stores the AuthTokenID in its session. It is used to select the appropriate Airlock 2FA token during transaction approval.
|
| - Transaction approval decision:
● The user interacts with the e-banking application and starts a transaction (e.g. enters a payment). ● The e-banking application decides that approval is necessary for the transaction and thus starts the transaction approval process.
|
| - User identifying step:
● The e-banking application calls the Airlock IAM transaction approval REST API and identifies the end-user. ● If the user is valid and not locked, Airlock IAM asks the e-banking application to provide transaction data to be verified.
|
| - Parameter Step:
● The e-banking application sends transaction data to Airlock IAM. It also sends the AuthTokenID (optional). ● If no AuthTokenID is sent, Airlock IAM will ask the e-banking application to select one of several available Airlock 2FA tokens (not shown in the diagram). ● IAM verifies the transaction data and asks the e-banking application to poll for the result.
|
| - Approval step:
● Airlock IAM formats the transaction data using the configured message provider. ● Airlock IAM sends the transaction data via the Futurae cloud to the user's smartphone (Airlock 2FA app). ● The e-banking application starts polling for the result. ● The user verifies the transaction data on the smartphone and presses the Approve button. ● Airlock IAM gets the result from the Futurae cloud and returns the OK to the e-banking application.
During step (5), the e-banking application may choose to show a QR code and accept an OTP code entered by the user (offline scenario). For simplicity, this is not shown in the diagram. |
