Previous Topic: ArcotID OTP (ArcotID OTP-OATH) SynchronizationNext Topic: EMV OTP (ArcotID OTP-EMV) Synchronization

CA AuthMinder Web Services GuideAuthenticating UsersEMV OTP (ArcotID OTP-EMV) Authentication

EMV OTP (ArcotID OTP-EMV) Authentication

The following topics for performing EMV OTP authentication are covered in this section:

Preparing the Request Message

The VerifyEMVRequestMessage is used to verify the EMV OTP provided by the users. The following table lists the elements of this message.

Element

Mandatory

Description

clientTxnId

No

Specifies the unique transaction identifier that the calling application can include. This identifier helps in tracking the related transactions.

userName

Yes

The unique identifier of the user.

orgName

No

The organization name to which the user belongs to.

otp

Yes

The EMV OTP provided by the user.

tokenType

No

The type of authentication token that is expected from AuthMinder Server after successful authentication. See "Verifying the Authentication Tokens" for more information.

additionalInput/pairs

No

AuthMinder’s additionalInput element enables you to set additional inputs if you want to augment AuthMinder’s authentication capability by specifying additional information. In such cases, you need to set the extra information in name-value pairs.

  • name (The name with which you want to create the key pair.)
  • value (The corresponding value for name.)

    Note: You can add more than one of these elements.

Some of the pre-defined additional input parameters include:

  • AR_WF_LOCALE_ID
    Specifies the locale that AuthMinder will use while returning the messages back to your calling application.
  • AR_WF_CALLER_ID
    This is useful in tracking transactions. You can use session ID or client transaction ID (clientTxnId) for specifying this information.

Invoking the Web Service

To authenticate the EMV OTPs:

  1. Implement the logic to collect the EMV OTP from the user.
  2. (Optional) Include the authentication and authorization details in the SOAP header or in the additionalInput element of the VerifyEMV operation. See chapter, "Managing Web Services Security" for more information on these details.
  3. (Optional) If you are implementing a plug-in, then invoke the additionalInput element type to fill the additional input.
  4. Use VerifyEMVRequestMessage and construct the input message.
  5. Invoke the VerifyEMV operation of the ArcotWebFortAuthSvc service verify the EMV OTP of the user. Optionally, you can also specify the token type that must be returned to the user after successful authentication by using the tokenType element.

    This operation returns VerifyEMVResponseMessage, which provides the transaction details, credential details, and token information.

Interpreting the Response Message

For successful transactions, the response message, VerifyEMVResponseMessage returns the elements explained in Verify Signed Challenge Response Message in Step 2: ArcotID PKI Authentication. These elements are included in the SOAP body. If there are any errors, then the Fault response is included in the SOAP body. See appendix, "Error Codes" for more information on the SOAP error messages.