Applications are more and more required to keep a proof point that a user was able to obtain certain information or has posted data to get a particular service. Payment instruction is a typical example. Transaction signing is a process which guarantees the integrity of the sensitive transaction data. For example: the amount that is transferred, the destination bank account number, the users ID and any information that is critical for the transaction. Transaction signing can also apply to data provided by the user to buy a particular service or product, like an assurance police, a real estate offering or a household object. Transaction signing will ensure that a non-repudiable proof is kept from the transaction.
Our own authentication server TrustBuilder also takes care of transaction signing services. This safeguard was built based on our experience and knowledge obtained in many projects at large organizations. With TrustBuilder transaction signing services can be placed in the infrastructure of your organization instead of in the application itself. This is a huge advantage because you don’t have to change every single application. Moreover the service can easily be re-used for different use cases.
TrustBuilder provides these services to applications through a web service. Signing validation can be handled via different mechanisms, such as CAP-EMV or digital certificates. A web service calls TrustBuilder with a validation request. After that TrustBuilder is handling all the necessary three phases of the validation: Transaction Preparation, Transaction Signing and Transaction Validation.