Transaction approval

User authentication and identity propagation:

• The user authenticates with Airlock 2FA.
• The AuthTokenID is sent to the e-banking application as part of the identity propagation.
• The e-banking application stores the AuthTokenID in its session. It is used to select the appropriate Airlock 2FA token during transaction approval.

Transaction approval decision:

• The user interacts with the e-banking application and starts a transaction (e.g. enters a payment).
• The e-banking application decides that approval is necessary for the transaction and thus starts the transaction approval process.

Selection of transaction approval flow

• The e-banking application decides which IAM transaction approval flow to use.

User identifying step:

• The e-banking application calls the Airlock IAM transaction approval REST API and identifies the end-user.
• If the user is valid and not locked, Airlock IAM asks the e-banking application to provide transaction data to be verified.

Parameter Step:

• The e-banking application sends transaction data to Airlock IAM. It also sends the AuthTokenID (optional).
• If Enable Push-to-All is enabled, IAM will send the transaction approval request to all devices simultaneously.
• If Enable Push-to-All is disabled and no AuthTokenID is sent, Airlock IAM will ask the e-banking application to select one of several available Airlock 2FA tokens (not shown in the diagram).
• IAM verifies the transaction data and asks the e-banking application to poll for the result.

Approval step:

• Airlock IAM formats the transaction data using the configured message provider.
• Airlock IAM sends the transaction data via the Futurae cloud to the user's smartphone (Airlock 2FA app).
• The e-banking application starts polling for the result.
• The user verifies the transaction data on the smartphone and presses the Approve button.
• Airlock IAM gets the result from the Futurae cloud and returns the OK to the e-banking application.