Integration Tips for Online Service Providers

If you are an online service provider, you can integrate your service with SecurPAP and to take advantage of strong OTP-based authentication technology provided by SecurPAP.

There are two approaches for this integration:

Integration using OpenID Standards


Allow users to sign in to your service using OpenID. Depending on your choice of underlying content Management System, blogging platform or web development framework, this allows you to authenticate your users through any compatible OpenID provider, not just SecurPAP.

  1. User submits SecurPAP OpenID Identifier http://openid.securpap.com/ on your site’s OpenID login page
  2. Your site (the Relying Party) normalizes SecurPAP OpenID Identifier
  3. Your site makes an OpenID association request to SecurPAP service. This association establishes a shared secret between your site and SecurPAP to verify subsequent messages between the two
  4. SecurPAP returns an OpenID association handle to your site
  5. Your site returns a redirect URL which tells the user’s browser to visit SecurPAP’s login page
  6. On SecurPAP login page, user authenticates using One Time Password from SecurPAP token
  7. SecurPAP returns an authentication response to your site
  8. If the response is positive, your site verifies the response to ensure it has not been tampered with
  9. If the response is verified, your site considers the user authenticated

You may find the useful resources for the OpenID integration from the below links:
Getting Started with OpenID OpenID Wiki: Libraries Google’s Internet Identity Research

 

Integration using SecurPAP Web Service

For qualified partners, SecurPAP provides a set of web service for integration with their designated online systems. Through this integration approach, these qualified partner systems can retain full control over the user experience during the logon and authentication processes. Moreover, there is no need for OpenID association as described above.

These qualified partners can integrate with the SecurPAP SOAP-based web service using a Java-baed SDK. Online service providers interested in this integration approach are welcome to email us and apply for becoming a qualified SecurPAP partner.

  1. On login page on your site, user submits his user id and One-time Password from SecurPAP token
  2. Your site retrieve the associated SecurPAP-ID for user
  3. Your site prepare a authentication message with the normalized SecurPAP-ID and the One-time password and encrypt it using your site private key. (The private key is generated during your site registration to SecurPAP)
  4. Your site send the encrypted authentication message along with the API key to SecurPAP through WS SOAP protocol
  5. SecurPAP verify the API key and decrypt the authentication message using the public key
  6. SecurPAP verifies that the One Time Password is correct. If it is, SecurPAP returns the positive authentication response to your site
  7. Your site considers the user authenticated