Kobil AST authentication

"Kobil AST" is an authentication method (for login and transaction signing) created by German company "Kobil" (www.kobil.com). It is based on encrypted push messages to smartphone apps.

A typical login works as follows:

• The user opens the Airlock IAM login page on its web browser and enters username and password.
• If username and password are correct, a message is sent to the user's Kobil smartphone app. This is done "out-of-band", i.e. via an additional, encrypted internet connection to the phone.
• The user unlocks the Kobil app by entering a PIN.
• The login message is then displayed in the app and can be accepted or rejected by the user.
• The user's response is sent back to the server (again out-of-band).
• In case of successful "accept", the user is logged in and forwarded to the web application.

Airlock IAM supports both management functionality (similar to other authentication means) in the Adminapp, as well as user self-services, including device registration, migration from other authentication methods, and management of activated devices (locking and removing).

In addition to an Airlock IAM instance, also a Kobil "Smart Security Management Server" (SSMS) is needed which communicates with activated devices (smartphone apps) and manages them. Furthermore, custom smartphone apps are required with hard-wired server URLs and key material for secure communication has to be created. Setup and configuration of the SSMS and the smartphone app are typically performed by Kobil, from whom also a specific license agreement has to be obtained. This document only describes the configuration and flows of Airlock IAM.