One-time password generation

Once the Digipass authenticator is activated, the Digipass SDK can generate one-time passwordsClosed A password that is valid for only one authentication process. OTPs can be used only once, and each authentication process requires a new OTP. that are compliant with the OneSpan OTP verification components:

Each Digipass instanceClosed The association of a unique Digipass key, serial number, sequence number, a static vector, and a Digipass secret. using a static vectorClosed The Digipass parameter set, i.e. customer-specific binary configuration data. It contains the Digipass serial number prefix, the customer master key and the parameter settings of the cryptographic application(s). It can be provided independently in clear text format, or as part of the FAD. See also Customer master key; FAD. version 8 supports up to eight cryptographic applications that can be used to generate OTPs. These can be generated based on the following methods:

  • Response-Only (RO): No user or server input is necessary to generate the OTP.
  • Challenge/Response(CR): A challenge generated by the server is used to generate the OTP.

With static vectors prior to version 8, only two cryptographic applications were supported.

Supported signature application settings
Operating mode Seeding Crypto-graphic algorithm Response length Response format Check digit Return host code
RO Time 3DESClosed Symmetric key-block cipher. Uses the Data Encryption Standard (DES) cipher three times to encrypt its data. 6 to 16

DECIMAL /

HEXADECIMAL

Y/N 0 to 10
RO Time AESClosed Symmetric key encryption algorithm. A block cipher with a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits. 6 to 16

DECIMAL /

HEXADECIMAL

Y/N 0 to 10
RO Time SM3Closed Cryptographic hash algorithm. Used in the Chinese National Standard. 6 to 10 DECIMAL Y/N NA
RO Event 3DES 6 to 16

DECIMAL /

HEXADECIMAL

Y/N 0 to 10
RO Event AES 6 to 16

DECIMAL /

HEXADECIMAL

Y/N 0 to 10
RO Event SM3 6 to 10 DECIMAL Y/N NA
RO Time + event 3DES 6 to 16 DECIMAL Y/N 0 to 10
RO Time + event AES 6 to 16 DECIMAL Y/N 0 to 10
RO Time + event SM3 6 to 10 DECIMAL Y/N NA
CR Time 3DES 6 to 16

DECIMAL /

HEXADECIMAL

Y/N 0 to 10
CR Time AES 6 to 16

DECIMAL /

HEXADECIMAL

Y/N 0 to 10
CR Time SM3 6 to 10 DECIMAL Y/N NA
CR Event 3DES 6 to 16

DECIMAL /

HEXADECIMAL

Y/N 0 to 10
CR Event AES 6 to 16

DECIMAL /

HEXADECIMAL

Y/N 0 to 10
CR Event SM3 6 to 10 DECIMAL Y/N NA
CR Time + event 3DES 6 to 16 DECIMAL Y/N 0 to 10
CR Time + event AES 6 to 16 DECIMAL Y/N 0 to 10
CR Time + event SM3 6 to 10 DECIMAL Y/N NA
RO Time OATHClosed Open reference architecture for strong authentication. TOTPClosed Time-based one-time password. 6 to 10 DECIMAL Y/N NA
RO Event OATH TOTP 6 to 10 DECIMAL Y/N NA
CR No seeding

OCRAClosed OATH Challenge-Response Algorithm, a multi-factor authentication algorithm for Challenge/Response authentication. Numeric input

6 to 10 DECIMAL Y/N NA
CR No seeding OCRA Alphanummeric input 6 to 10 DECIMAL Y/N NA
CR Event OATH OCRA Nummeric input 4 to 10 DECIMAL Y/N NA
CR Event OATH OCRA Alphanummeric 4 to 10 DECIMAL Y/N NA
CR Time OATH OCRA Numeric input 4 to 10 DECIMAL Y/N NA
CR Time OATH OCRA Alphanumeric input 4 to 10 DECIMAL Y/N NA
CR Time + event OATH OCRA Numeric input 4 to 10 DECIMAL Y/N NA
CR Time + event OATH OCRA Alphanumeric input 4 to 10 DECIMAL Y/N NA