Technical description

General

This article explains the technical operation of the IBI-aws MobileClient.

Prerequisites

In order to use the IBI-aws MobileClient the following prerequisites must be satisfied:

At least IBI-aws Admin 1.18
Access to the IBI-aws Webservice (https://mobileservice.ibi-aws.net)
- Must be reached by all IBI-aws MobileClient and IBI-aws Admin instances
A webserver to host the message file (expected size <100KB)
- The webserver must be able to handle the expected number of IBI-aws MobileClient users
  - It must be expected that many IBI-aws MobileClient users will access the webserver within a short time after a publication
- IBI-aws MobileClients must be able to read the message file via HTTP/S GET
- IBI-aws MobileClients must be able to read the message file via HTTP/S HEAD
- The IBI-aws Admin must be able to write the message file via WebDAV, FTP or file path on the webserver
- The webserver must provide a trustworthy certificate when using HTTPS
- The following MIME type might have to be added
  - File name extension: .ibi
  - MIME type: text/xml
A mobile device on which the IBI-aws MobileClient is or can be installed

Key data

Webservice communication (https://mobileservice.ibi-aws.net) via HTTPS (port 443)
- Encryption: TLS, AES-256
Person related data are stored encrypted on the database
HTTPS only with trustworthy certificate

Process

Create a message group for mobile clients

When a message group for mobile clients is created, the ID and the public client access path are stored on the IBI-aws Webservice. This is necessary to provide a connection between the mobile device and the message group and accordingly the message file.

Manage registration options

Domains

Domain registration

If a domain is registered, it is stored on the IBI-aws Webservice, including the region and message group ID. In addition, a verification code is sent to the provided e-mail address. This code needs to be entered in the IBI-aws Admin to confirm the registration.

Remove a domain

If a domain is removed, the IBI-aws Webservice also removes all devices that are registered on this domain. If a domain is registered on multiple message groups, only the devices that belong to the same message group as the removed domain are removed.

Codes

Code registration

If a code is created, the name, the possibly defined validity, the note and the message group ID are saved on the IBI-aws Webservice.

The code is generated by the IBI-aws Webservice and transmitted to the IBI-aws Admin, which ensures that the code is unique.

Code validity expiration

If a code expires, no new IBI-aws MobileClients can register with this code. Devices that have already been registered are not changed and remain unchanged.

Remove a code

If a code is deleted, all devices that have registered with this code are also deleted via the IBI-aws Webservice.

A deleted code is not assigned again, but blocked permanently.

Registration on the IBI-aws MobileClient

Via Domain / e-mail address

E-mail address

To register with the IBI-aws MobileClient the first step is to enter the e-mail address. This is sent to the IBI-aws Webservice with a device ID. The IBI-aws Webservice stores the transmitted information and generates a verification code, which is sent to the e-mail address.

Person related data are stored encrypted on the database

Verification code

As soon as the verfication code, which is reveiced via e-mail, is entered, it is sent to the IBI-aws Webservice, where the code is checked.

If the code is correct the list of available regions (message groups) for the e-mail's domain is loaded.

Region

When only one region is available, the IBI-aws Webservice will automatically select it. If more than one region exists, the list is submitted to the IBI-aws MobileClient, so that the user can selelect the region that fits for him.

The selected region is sent to the IBI-aws Webservice, where the registration is extended with the message group (region).

Via Code

If registration via code is selected, the user must enter the corresponding code. It will be sent to the IBI-aws Webservice including the device ID.

The IBI-aws Webservice validates and saves the transmitted information and completes the registration.

Managed configuration

In addition to manual registration via domains and codes, it is also possible to initiate registration via a managed configuration as soon as the user opens the IBI-aws MobileClient.

The following variants can be selected:

Microsoft Entra ID (formerly Azure Active Directory)

If the managed configuration for registration via Microsoft Entra ID is set up correctly, the IBI-aws MobileClient connects to Microsoft Entra ID using the information stored in the configuration. The e-mail address and the message group ID are then loaded from this and transmitted to the IBI-aws Webservice.

The IBI-aws Webservice validates the data received and completes the registration.

Domain

With the managed configuration, domain registration can only be fully automated when using Microsoft Entra ID.

If Microsoft Entra ID is not used, the user can only be relieved of entering the e-mail address by storing it in the managed configuration.

Code

Registration via code can be fully automated with a managed configuration.

If a code is stored in a managed configuration, registration via code is triggered automatically.

Subscribing to categories on the IBI-aws MobileClient

If a category is subscribed, the ID of this category is stored on the IBI-aws MobileClient. In addition, the subscription is stored in the IBI-aws Webserivce, via which the targeted devices of a push notification are determined.

Unsubscribe

If a category is unsubscribed, the ID is removed from the stored list of subscribed categories. The subscription is also removed from the IBI-aws Webservice.

Preselected categories

When the IBI-aws MobileClient is started, all new preselected categories are loaded and stored as subscribed.

Publish new messages in the IBI-aws Admin

If new messages are published in the IBI-aws Admin, the message file is updated first. Subsequently a push notification is sent.

The push notification is sent via the IBI-aws Webservice, which sends the notification only to the devices that are registered in the current message group.