Page 24 - Implementation of Secure Authentication Technologies for Digital Financial Services

P. 24

Figure 9 shows a flowchart of Mobile Connect used within an eIDAS deployment.

MC
Service Provider Connector (Receiving MS) Proxy (Sending MS) MC Discovery Service MC Provider
Authenticator
Authenticate
Validate
Request (Authenticate and identity)
SAML
Validate
Disco ver MC Provider (MNO)
Discovery API

MC Provider Endpoints
Authenticate
OpenID Connect
Validate

Authenticate
Authenticate Response
Authenticate Response
Authenticat Respose + Data
(Minimum mandatory Set)
Response

MC
Service Provider Connector (Receiving MS) Proxy (Sending MS) MC Discovery Service MC Provider
Authenticator

6.3.2 Mobile Connect for PSD2
In relation to PSD2, the Mobile Connect framework in addition to providing dynamic linking to be fully
uses out-of-band Authentication, such that the PSD2 compliant. Mobile Connect can support SCA in
Authentication channel is separated from the service both decoupled and OAuth modes.
request channel and utilises the SIM-enabled Mobile The following figures illustrate the use cases,
Device along with support from the mobile network architecture and flows related to PSD2.

22 Implementation of Secure Authentication Technologies for Digital Financial Services

19 20 21 22 23 24 25 26 27 28 29