Scenarios
OATH
Advanced
Mobile Guides
Integration
References
Abbreviations and terminology
Mobile Protector SDK
REST API
REST API scenarios

Concepts

Before we look at an initial scenario (in band authentication), here are some concepts to provide you with some background information.

IdCloud Authentication

This is the Thales service that does much of the interaction between the bankโ€™s backend server and the userโ€™s mobile phone. In particular it performs the following:

  • one-time password (OTP) management
  • challenge-responses
  • transaction data signing
  • data protection
  • out-of-band (OOB) communication. It uses the userโ€™s mobile device as the security platform.

OTP

An OTP is a one-time password. As its name implies it is valid for one use only. The OTP is a major part of the authentication process.

In band versus out of band

In band means a single communications channel, whereas out of band means more than one communications channel. In-band authentication, for example, means that the authentication is performed on a single channel - the user receives a registration code to his or her mobile device and enters this code on the device. In out of band authentication, information is transferred via two or more channels, for example a user may generate a one-time password (OTP) using a mobile device, but enter this OTP over the internet using the TLS protocol.

Offline

Offline is a different user experience to In Band - Offline means that the OTP is displayed on the mobile phone but the user must enter it manually. However the two cases are integrated in the same way.