"Kobil AST" is an authentication method (for login and transaction signing) created by German company "Kobil" (www.kobil.com). It is based on encrypted push messages to smartphone apps.
A typical login works as follows:
- The user opens the Airlock IAM login page on its web browser and enters username and password.
- If username and password are correct, a message is sent to the user's Kobil smartphone app. This is done "out-of-band", i.e. via an additional, encrypted internet connection to the phone.
- The user unlocks the Kobil app by entering a PIN.
- The login message is then displayed in the app and can be accepted or rejected by the user.
- The user's response is sent back to the server (again out-of-band).
- In case of successful "accept", the user is logged in and forwarded to the web application.