Electronic signature application types

OneSpan Authentication Server supports various types of signature applications.

Time-based signatures

With a time-based signature application the authenticator will generate different signatures for the same input data at different times.

The signature validation process relies on the authenticator time and the OneSpan Authentication Server time being synchronized to each other within an acceptable tolerance. Each time a one-time password (OTP) or a signature is generated, OneSpan Authentication Server records the time difference between itself and the authenticator.

The time-based signature validation process also uses time steps to verify signatures. A time step is a setting that specifies the number of seconds between two generations of a new OTP on an authenticator. OneSpan Authentication Server uses the time step and the known time difference between itself and the authenticator to verify signatures.

You can use the Signature Time Window policy setting to set the tolerance allowable for signature verification.

Time-based signatures can be processed deferred or in realtime. If deferred time-based signatures are used, they may be re-verified at a later date by comparing the input details against the signature generated by the authenticator, as long as the time the transaction was performed is known.

Event-based signatures

An event-based signature application contains a numeric counter that increases every time a signature is generated.

The signature process relies on an event counter to enable each signature to be unique. The authenticator and OneSpan Authentication Server need to have synchronized event counters.

You can use the Event Window policy setting to set the tolerance for the difference between the event counters.

During real-time signature validation the event counter on OneSpan Authentication Server is updated with the value used by the authenticator to keep the two event counter values synchronized.

During deferred signature validation the event counters for transactions generated on the authenticator may get out of step with the event counter kept by OneSpan Authentication Server. The Event Window policy setting can enable signed transactions to be processed in any order without causing a verification error.

Static signatures

Static signatures are generated without time windows or event counters. Hence, they will always generate the same signature for the same input. There is no difference between real-time and deferred time with these signatures.