Strong Customer Authentication

This document serves as an introduction into the topic of strong customer authentication with the lemon.markets brokerage API.

Abstract

By implementing an strong customer authentication (SCA), lemon.markets increase the protection of sensitive financial information by preventing unauthorized access and mitigating fraudulent activities. Continue reading to learn how this is done.

Context

Strong Customer Authentication or SCA, involves verifying the customer's identity using at least two independent authentication factors from three categories:

  1. Knowledge: Something only the customer knows, like a password.
  2. Possession: Something only the customer possesses, like a mobile device.
  3. Inherence: Something unique to the customer, like biometric data.

By implementing SCA, lemon.markets can significantly reduce the risk of sensitive actions being performed without customer consent. Due to the nature of our business those cases may go from placing an investment order to performing a withdrawal transfer.

Usage Principles

lemon.markets requires all brokerage use cases to be secured via strong customer authentication. This approach ensures compliance with respective regulatory requirements as well as increased security, ultimately benefitting the customers.

The responsibility of implementing SCA is shared between lemon.markets and their partners.

All applicant customers must perform SCA enrollment by the end of the account opening process to finish their account provisioning.

Use Cases enforced by lemon.markets

Customers will have to respond to SCA challenges in order to confirm the action. The API will require a fresh SCA challenge for the actions like these:

  • Placing an Investment Order, e.g. the customer places a buy or sell order to the market or changes of a saving plan.
  • Payout action (withdrawal), e.g. the customer requires a money withdrawal to their reference bank account.

Use Cases outsourced to Partners

In order to ensure complete app security, partners need to protect their whole application experience starting from log-in/session opening. This will maintain all remaining customers interactions under the SCA umbrella.

  • Access to customer information, e.g.
    • Read access to customer personal information
    • Read access to customer brokerage information, including current and past investment information
    • Access to customer documents, including tax-related ones

As mentioned above, the partner contract agreement will outline this requirement.

Technical Standard

lemon.markets has decided to implement SCA following the patterns and principles outlines in the WebAuthn standard. WebAuthn is a well-known solution, strong enough to be compliant with FIDO2, while user-friendly enough to allow integration with authenticators built-in to mobile devices having the latest facial or fingerprint recognition features, e.g. FaceID and TouchID.

You can find more details on WebAuthn in the WebAuthn Guide.

Test Vectors

The following section will guide you through the registration and signing processes. We offer a way to provide a signature when registering a key, so implementors can be assured that any public key registered with lemon.markets can actually work with their implementation.

1. Registration

Given the following 2048-bit RSA private key is generated on a device (PEM, PKCS8 format):

-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDOT0DCNTiRM1+Y
EHuXOVLyD+L13mz9cVGOyA2A6UzLjpUoZmjaKGsk6dtAJVdn+MR+GNkhrWhGXoYZ
rYlUCqcJ2HOq3u8FsYb7jyohxt7fNIWIPjG9I69fltQ99psahID7/35FLpiYlJr4
xNvRYWINkcnkYOt8U5vKP9ctxjTKM+MQveQ112j9U5ion0ZrzMtbBOcqN3Urfcnd
Fkr4yb8gs2WcMGFJCCZYRGiLh6dmpsCB5RZsr/SscANCC4MlVT1SKHqAzlvqj8YM
ZWRuatYlJbX05HYzCGAyL0/JIermknMhGs1PED4ZZA63HLnzVnRoxV0LUMRJ4Nue
FL5hrWMXAgMBAAECggEAUn8CaCYb7oPab9X3darobf7IRISilF2hvTRloeyoVqU3
I6Z/uux6m5Ifp/DGmL6y47FP8dWDYtAdU1s/FKoFzTwOVH88mMw6K5E9ya/aIuq/
kpE8FmOUluabDAP2VY4yfZHWjhdp0Wlq5prhQ0JrkP2A+599yoMsQp1wj884ALoy
xBjUrhq6bXNc7pzxHfBbs/S8Y7fxzENzmAOcLR6XgE8AIWgXQwSstWIDTm0H4nif
eheM4CdISkP414TR9BNEZkc392Tt4B9ieTwgnU9DgNkco+3EucmX6NCI78BAiea8
jvgQr73BLJFGjPedbcfWsdz65KD/bHvSQp2mf6AjQQKBgQDxxveBrkdozKp8haOK
MsvnsTxuv+NelBcudwjEVg3QL//tYC5k7dgZuOQzSH3itqjcFlvZ8JPnlAZKztSI
4UjiVxbDhjA2OUs7vgFf9mFA9KbxHaxlrdudQc6CZUkI0exeSOZ10/q3DUHn43/j
A6+lNjptBFfm+Ay4HNIITpZREQKBgQDacim0u/fHX4166dFca/FhSU11dfM02lz5
9yVrHqctr5jf9H+Q/JtzHaPDFJMdLX7rIkypGMKBpBqGL11Buavz4r+sozy9hxfu
KAheU9DqgjbvOhgnRCahMZcKdiRpjWDMAvdKVX1XRmjO08lwmsStdYU+q2agMRxX
kXBDBnZxpwKBgGjnv/TQvcNHKqIlCjSonbjGOkaDlBAxiW1r0K3/+LZgXVeN6BN6
780ZYEqwJY79Wn9EZE5ICKTuoVxMKgPKXGl5CDOGQd0FNxOQ+d+9c61PejAcg/UK
XsP5DbWeZPYiv8CZOQXfGGXcpsALAi5qJwg0Y11yCQH6luo79xYLo0VBAoGALR8B
sFxXLO52ydm8Lgv52u+KOWX4q4UjSVqcdwjo3U31FOVq6CbVcSzBI81/Kbq5CZaX
ISKFIsQj2m20JJxWgVTn5J//LuLVtZK9T8aeU6I7+KQWUx4HoKoemcGXedoDEYDX
VZpc/ocDpR0n8cN2NqIcuLosw5ABW7El8CJImucCgYEAg2RuTQXxJDoSZ9d0fWAF
hrKexJbuo2LY+zmI464s6tdDj8Y5E2Gf1MeUgQa7sHtXE50f7rC3qcf3oFqKFRF6
pWq9zN/ok3MrA5rc9RF6Gho4Dt6LRaSiAuP33cV4vLruyxhTR9Kf5vjU8duOEfyE
VweeZBHx/GXH4YoAHE32Xjg=
-----END PRIVATE KEY-----

The associated public key will be the following:

-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzk9AwjU4kTNfmBB7lzlS
8g/i9d5s/XFRjsgNgOlMy46VKGZo2ihrJOnbQCVXZ/jEfhjZIa1oRl6GGa2JVAqn
Cdhzqt7vBbGG+48qIcbe3zSFiD4xvSOvX5bUPfabGoSA+/9+RS6YmJSa+MTb0WFi
DZHJ5GDrfFObyj/XLcY0yjPjEL3kNddo/VOYqJ9Ga8zLWwTnKjd1K33J3RZK+Mm/
ILNlnDBhSQgmWERoi4enZqbAgeUWbK/0rHADQguDJVU9Uih6gM5b6o/GDGVkbmrW
JSW19OR2MwhgMi9PySHq5pJzIRrNTxA+GWQOtxy581Z0aMVdC1DESeDbnhS+Ya1j
FwIDAQAB
-----END PUBLIC KEY-----

When decided to use the signature algorithm PKCS1 v1.5 with SHA256 the COSE representation for the key is:

{
  1: 3, // Key Type: RSA
  3: -257, // Signing Algorithm: RS256 (RSASSA-PKCS1-v1_5 using SHA-256)
  -1: <RSA public key numbers N, max. 256 bytes big endian format>,
  -2: <RSA public key numbers E, max. 256 bytes big endian format>
}

For details on the encoding, see the section “References” at the bottom of this document.

The final base64-url encoded representation is this:

pAEDAzkBACFZAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQABIFkBAM5PQMI1OJEzX5gQe5c5UvIP
4vXebP1xUY7IDYDpTMuOlShmaNooayTp20AlV2f4xH4Y2SGtaEZehhmtiVQKpwnY
c6re7wWxhvuPKiHG3t80hYg-Mb0jr1-W1D32mxqEgPv_fkUumJiUmvjE29FhYg2R
yeRg63xTm8o_1y3GNMoz4xC95DXXaP1TmKifRmvMy1sE5yo3dSt9yd0WSvjJvyCz
ZZwwYUkIJlhEaIuHp2amwIHlFmyv9KxwA0ILgyVVPVIoeoDOW-qPxgxlZG5q1iUl
tfTkdjMIYDIvT8kh6uaScyEazU8QPhlkDrccufNWdGjFXQtQxEng254UvmGtYxc=

(Line breaks added for legibility.)

2. Signing

Given the key pair from above and the following challenge:

raw: b"test"
base64url: dGVzdA==

The resulting valid base64 url signature would be:

YgRpMIpOo3IFSGOrWPB0sxkVZmKduhoAmBH3R7YBFjm_V96AOCA8P-q9BOC_OnP8
jNocT2u8J_i8ZIE10LMTEhRtzBi2ve9bgfD0CZCn7R6UWznz67KQs-DqRn0_4IcT
S3MnYNQ_AEzUW5eDAp2P4hb3cVZ2go1PIHSC990rbmkUGjPp-4NE7aHJ-P4F7gEw
HVYimYoH4jAV3vCaiGiYdr-46wfdxuok3i4IasCo3CfVFuJQzl8pr6E_0NfKFO2D
dDk88_jt7vKTqFCAsNN1x1S0H8uMao8ccX1QRktXeJ0DfjQwne7NSgQCGa3tKX54
NrtCizzmwtGkX8BLNKQDtA==

(Line breaks added for legibility.)

3. Bringing it All Together

Now we can create the payload to register the key and ask the backend to verify our signature. As you can see, you are free to omit the base64-url padding character = at the end of the payloads:

{
  "client_credential_id": "<local identifier>",
  // public key truncated for clarity
  "public_key": "pAEDA[…]GtYxc",
  "verifier": {
    "nonce": "dGVzdA",
    // signature truncated for clarity
    "signature": "YgRpM[…]KQDtA"
  }
}

You can now POST this payload (with all the other authorization and data-privacy headers) to /v1/accounts/{account_id}/authenticators.

Outlook: Elliptic Curve Cryptography (ECC) Considerations

Attached, you'll find the COSE representation of an EC public key:

{
  1: 2, // key type EC,
  3: -7, // key algorithm used for signing: ECDSA SHA256
  -1: 1, // curve used for the key pair 1 = secp256r1
  -2: <EC public key numbers X, 32 bytes big endian format>,
  -3: <EC public key numbers Y, 32 bytes big endian format>
}

References