No-code transcations

What if solution requires more than pure authentication? In that case an integrator can use AAA Reverse Proxy transaction system. Transactions are user confirmed decisions like payments. They are secure, authenticated and validated using personal factor. Tiny coding effort is required like providing confirmation text and evaluating the operation. When user confirmation is required (i.e. user clicks on “pay” button) following workflow is processed. Service provider actions are in bold. Two main methods are supported:

This scenario is available for smart phones only. User must be logged in AAA Reverse Proxy.

  1. Call AAA Reverse Proxy push transaction method (standard http request) providing confirmation text and verification level (personal factor, bio factor, no second factor)
    • Then AAA Reverse Proxy creates a request and sends it via push notification to user’s smart phone
    • Request is processed via PEIG.
    • User confirms it and provides personal factor
    • AAA Reverse Proxy evaluates request and sends a response back to service provider applications
  2. Read response (JSON) and parse it
  3. Evaluate success / failure: OK, User rejected, Wrong personal factor, etc.

User experience:

  1. User clicks on payment button.
  2. A confirmation message is displayed on his smart phone (PEIG application)
  3. If user agrees, personal factor is required (or bio factor)
  4. Done

This scenario has no limitations and can be used even for non-authenticated users (every ADUCID operation is also authentication).

  1. Prepare confirmation text (e.g. “Pay $99 from account 123456789 to account 987654321”).
  2. Generate transaction ID (internal unique ID of transaction)
  3. Call AAA Reverse Proxy transaction method (standard http request) providing confirmation text, return URL and verification level (personal factor, bio factor, no second factor)
  4. Redirect to AAA Reverse Proxy transaction (must be in the same https context)

Now ADUCID integration code call PEIG or display a QR

  • Request is processed via PEIG (directly or QR scan)
  • User confirms it and provides personal factor
  • User is redirected back to application (return URL)
  • AAA Reverse Proxy writes transaction status to http header
  1. Now service provider has to read transaction status from http header i.e. evaluate success / failure: OK, User rejected, Wrong personal factor, etc.

User experience:

  1. User clicks on payment button.
  2. Optionally QR code is displayed – user scans it using his / her PEIG
  3. A confirmation message is displayed on his smart phone (PEIG application)
  4. If user agrees, personal factor is required (or bio factor)
  5. Done
  • integration/transactions-new.txt
  • Last modified: 2018/05/18 11:04
  • by 10.144.24.34