What problems do you need to deal with when designing an app for multiple banks? How do you solve a security of such apps? And how about a user interface design and application structure? What technologies are under the hood? And what does Zingly bring to you?
24. PowerAuth 2.0
Server
Zingly API
Server
Zingly Multi-Banking Hub
Bank A
Internet
banking
BanksUsersZingly
Core
Services
Custom API
Bank B
Custom Security
and Core Services
SOAP SOAP
REST
REST + WebSockets
54. // we need keys for three authentication factors ...
let possessionKey = session.generateSignatureUnlockKey()
let biometryKey = session.generateSignatureUnlockKey()
let unlockKeys = PA2SignatureUnlockKeys()
unlockKeys.biometryUnlockKey = biometryKey
unlockKeys.possessionUnlockKey = possessionKey
unlockKeys.userPassword = PA2Password(string: "1234")
session.completeActivation(unlockKeys)
let sessionState = session.serializedState()
60. // Initialize session after app launch
let sessionState = keychain[data: "PA_SESSION_STATE"]
if (sessionState != nil) {
self.session.deserializeState(sessionState!)
}
PA2SignatureUnlockKeys keys;
keys.possessionUnlockKey = keychain[data: "PA_KEY_POSSESSION"]
// ... ask for PIN code
keys.userPassword = cc7::MakeRange("1234")
// ... or use TouchID instead of PIN like so
// keys.biometryUnlockKey = keychain[data: "PA_KEY_BIOMETRY"];
61. // send data on server with the correct HTTP header
let paHeaderName = session.httpAuthHeaderName
let paHeaderValue = session.httpAuthHeaderValueForBody(
data,
httpMethod: "POST",
uri: "/account/payment/commit",
keys: keys,
factor: PA2SignatureFactor_Possession_Knowledge
)
69. Secure Storage
• Data encrypted with remote key
• Authentication needed
• Enables secure mobile multi-banking
70. PowerAuth 2.0
Server
Zingly API
Server
Zingly Multi-Banking Hub
Bank A
Internet
banking
BanksUsersZingly
Core
Services
SOAP SOAP
REST
REST + WebSockets
PowerAuth 2.0
Server
Zingly API
Server
Bank B
Internet
banking
Core
Services
SOAP SOAP
REST
71. PowerAuth 2.0
Server
Zingly API
Server
Zingly Multi-Banking Hub
Bank A
Internet
banking
BanksUsersZingly
Core
Services
SOAP SOAP
REST
REST + WebSockets
PowerAuth 2.0
Server
Zingly API
Server
Bank B
Internet
banking
Core
Services
SOAP SOAP
REST
PowerAuth 2.0
Server
72. PowerAuth 2.0
Server
Zingly API
Server
Zingly Multi-Banking Hub
Bank A
Internet
banking
BanksUsersZingly
Core
Services
SOAP SOAP
REST
REST + WebSockets
PowerAuth 2.0
Server
Zingly API
Server
Bank B
Internet
banking
Core
Services
SOAP SOAP
REST
PowerAuth 2.0
Server
PowerAuth 2.0 Client
activation id
PIN(x)
activation id
PIN(x)
knowledge knowledge
73. PowerAuth 2.0
Server
Zingly API
Server
Zingly Multi-Banking Hub
Bank A
Internet
banking
BanksUsersZingly
Core
Services
SOAP SOAP
REST
REST + WebSockets
PowerAuth 2.0
Server
Zingly API
Server
Bank B
Internet
banking
Core
Services
SOAP SOAP
REST
PowerAuth 2.0
Server
PowerAuth 2.0 Client
knowledge
activation id
PIN(x)
activation id
PIN(x)
activation id
PIN(x)
knowledge knowledge
74. PowerAuth 2.0
Server
Zingly API
Server
Zingly Multi-Banking Hub
Bank A
Internet
banking
BanksUsersZingly
Core
Services
SOAP SOAP
REST
REST + WebSockets
PowerAuth 2.0
Server
Zingly API
Server
Bank B
Internet
banking
Core
Services
SOAP SOAP
REST
PowerAuth 2.0
Server
PowerAuth 2.0 Client SECURE VAULT
knowledge
activation id
PIN(x)
activation id
PIN(x)
activation id
PIN(x)
knowledge knowledge
77. • Build secure apps with PowerAuth 2.0
• Mobile e-commerce with Zingly payments
• Use banking API to access banking services
• Steal code, contribute, comment, live! !