Page 26 - Implementation of Secure Authentication Technologies for Digital Financial Services
P. 26
Figure 12 – Mobile Connect Strong Customer Authentication - Server Initiated
Mobile Connect ID MNO Authentication Mobile
ASPSP APIX Gateway System Authenticator
Discovery Call (MSISDN)
Discovery Response (OIDC
endpoints, clients credentials)
Server Initiated Authorization call (payment_context:
amount, currency, MSISDN as user id)
Acknowledgement Authentication Challenge
(amount, currency) Authentication Challenge
(amount, currency)
Authentication Authentication response
response
Generate sca_token as a function of MSISDN,
payment_context, nonce
Include the sca_token in ID Token, sign the ID Token with
MNO key
Return Tokens (Access Token, ID Token)
to the registered notification_endpoint
Mobile Connect ID MNO Authentication Mobile
ASPSP APIX Gateway System Authenticator
Figure 13 – Mobile Connect Strong Customer Authentication - Device Initiated
ASPSP APIX Mobile Connect ID Gateway MNO Authentication System Mobile Authenticator
Discovery Call (MSISDN)
Discovery Response (OIDC
endpoints, clients credentials)
Server Initiated Authorization call (payment_context: amount, currency, MSISDN as user id)
Acknowledgement Authentication Challenge (amount,
Authentication Challenge
(am ount, currency) currency)
Authentication
Authentication response
response
Generate
authorization_code
Return authorization_code via redirect at the registered redirect_uri
Token call (authorisation_code)
Generate sca_token as a function of MSISDN,
payment_context, nonce
Include the sca_token in ID Token, sign the ID Token with
MNO key
Return Tokens (Access Token, ID Token) to
the registered notification_endpoint
ASPSP APIX Mobile Connect ID Gateway MNO Authentication System Mobile Authenticator
Additional details to assist in deployment of Mobile Connect can be found in Annex C of this report.
6�4 IFAA Specifications
IFAA (Internet Finance Authentication Alliance) was Passwordless Technical Specification (T/IFAA 0001-
established in June 2015, where around 200 interna- 2016), which requires strict protection of user data
tional company and institute members collaborate to in the trusted execution environment. To date, this
innovate authentication scenarios, develop biomet- specification has been supported by more than 1.2
rics-based standards, and deliver financial-grade billion mobile devices and 360 device models. In
interoperable authentication solutions. July 2018, an updated version IFAA Local Password-
IFAA has been applying continuous focus to less Technical Specification (T/IFAA 0002-2018)
address authentication challenges by improving the was published to describe the optional security-en-
efficiency while reducing the cost of device adap- hanced solution which uses a SE (Secure Element) to
tation. The main IFAA specification is IFAA Local protect sensitive applications, keys and data.
24 Implementation of Secure Authentication Technologies for Digital Financial Services
