Transaction Authentication/Electronic Signature Support
The purpose of transaction authentication is to validate that an authorized user is the one that entered the information captured by the transaction being authenticated. This functionality is also implemented to support electronic signatures in environments where audit trails are a requirement.
Transaction authentication is defined within the transaction itself and can be set as always required or conditionally required based on the Boolean return value of a rule definition. During transaction authentication on the Client the user is required to enter the user ID and password with which they logged into the device. Additional information may also be captured as a part of the authentication process where needed.
- Object definition to store authentication data on the Client
- Screen set definition to display and capture data during the authentication processing on the Client
- Step definition to process the authentication information during transmit and data synchronization
- Rule definition (optional) to determine when the user should be required to authenticate
The object definition displayed in the screen set during transaction authentication, termed the “authentication object,” should contain properties for each of the pieces of information to be captured from users during the authentication processing on the Client. This typically includes both the user ID and password values. It can also include additional information from the users as may be required for the specific environment. This data is accessible tot he step definitions of the transaction during transmit.
Authentication Screen Set
The screen set definition displaying the authentication object during transaction authentication, termed the “authentication screen set,” should be defined to display the object definition. Unlike other object screen sets, however, when displaying the authentication object the screen set is displayed as a wizard screen set. It should contain only detail screens and the fields of those screens are defined to captured the desired authentication information from the user.
As with the SDML tags, the object definition name and property definition name are substituted in the above syntax.
Rules (Conditional Authentication)
As a part of the definition of the transaction authentication processing it is possible to define a rule definition to be evaluated prior to presenting the authentication screen set. This rule is evaluated in a Boolean context. A true return will result in the user being required to authenticate; a false return will not require authentication.
Transaction Authentication Behavior
The overall behavior of the transaction authentication begins on the Client. When a transaction is instantiated for which authentication has been defined, the transaction is processed as normal on the client up to the point just before it is to be applied. At this point, if the transaction is to require authentication, the authentication screen set is displayed. The user then enters the user ID, password, and any other information required. The password is validated against the password for that user to lo into the Client. If this validation fails, the user is presented with an error message and the authentication screen set is then displayed again. Once the authentication is successful, the transaction is applied on the Client.
During the next transmit, the pending transaction is sent to the Server and includes the information captured in the authentication object. The transaction’s server data state and server update steps have access to all properties within the authentication object. The specifics of how these values are processed depends entirely on the requirements of the back end system. The step definitions that process the authentication information can be defined to perform whatever processing is required and supported by the back end.