Transaction Signing

View this page for | |

Once the keys are provisioned, the device is ready to perform a Transaction Signing operation (that is, to approve or decline a transaction based on details sent by the HID authentication platform). How the application is notified that a transaction is to be signed depends on its deployment. One option is to get a push notification from the server.

Transaction Signing Workflow

The mobile application signs a transaction as follows:

Create an instance of the HIDDevice (HIDDeviceFactory.newInstance).
Retrieve the transaction identifier (transactionId) for the transaction that will be processed. This identifier can be retrieved from the:
- Push notification payload received by the application. This is the tds member of the payload
- List of pending transactions for a specific container retrieved from the server (Container.retrieveTransactionsIds)
Get public information (HIDTransactionInfo) from the transaction identifier (transactionId)(Device.retrieveTransactionInfo).

There is no communication with the server at this point.

The returned HIDTransactionInfo instance provides the:
- HIDTransactionInfo.getContainer - the container associated with this transaction
- HIDTransactionInfo.getUniqueIdentifier - the transaction Unique Identifier
  This unique identifier corresponds to the server challenge identifier (cid) and can be used to correlate transactions between the client and server.
- HIDTransactionInfo.getTransactionProtectionKey - the session transport key, which can be used to determine the corresponding key protection policy (such as if the password is required)
Check if the Session Transport Key is protected by a password and prompt the user as required.
Get transaction details from the server (TransactionInfo.getTransaction).
Get the Transaction details (Transaction.toString) and the list of allowed statuses (Transaction.getAllowedStatuses) that will be displayed to the end user so that they can decide which action to take (“approve” or “decline” the Transaction).
Display the transaction to the end user and retrieve the end user’s selection among the available statuses.
Then request the end user to provide their Transaction Signing Protecting password and send the final status to the HID authentication platform (Transaction.setStatus).

Sample Transaction Signing on iOS (Objective-C)

Copy

NSError* error;
        HIDConnectionConfiguration* connectionConfig = [[HIDConnectionConfiguration alloc] init];
id<HIDDevice> pDevice = [[HIDDeviceFactory alloc] newInstance:connectionConfig error:&error];
// Get public information from the transaction identifier
id<HIDTransactionInfo> pTransactionInfo = [pDevice retrieveTransactionInfo:transactionId error:&error];
// Here we can check whether the transaction protection key is protected by a password
id<HIDKey> pKey = [pTransactionInfo getTransactionProtectionKey:&error];
id<ProtectionPolicy> policy = [pKey getProtectionPolicy:&error];
if ([policy policyType] == HIDPolicyTypePassword)
{
// Prompt the end-user for the transaction protection key password
...
}
...
// Get the Transaction details
id<HIDTransaction> pTransaction = [pTransactionInfo getTransaction:sessionPassword withParams:nil error:&error];
// Display the transaction details to the end user and get the end user’s selection among the available statuses
// [pTransaction toString]
// [pTransaction getAllowedStatuses]
...
// Here we can check whether the signing key is protected by a password
id<HIDKey> pSigningKey = [pTransaction getSigningKey:&error];
id<ProtectionPolicy> signingKeyPolicy = [pKey pSigningKey:&error];
if ([signingKeyPolicy policyType] == HIDPolicyTypePassword)
{
// Prompt the end-user for the signing key password
...
}

// Sign the transaction
BOOL isSigned = [pTransaction setStatus:status withSigningPassword:signingKeyPassword withSessionPassword:sessionPassword withParams:nil error:&error];