One-time password generation
Once the Digipass authenticator is activated, the Digipass SDK can generate one-time passwords
A password that is valid for only one authentication process. OTPs can be used only once, and each authentication process requires a new OTP. that are compliant with the OneSpan OTP verification components:
- OneSpan Authentication Server Framework API-based authentication platform that serves as back-end for Digipass strong authentication and e-signatures.
- OneSpan Authentication Server A centralized authentication solution that offers strong authentication and validation of transaction signatures. It verifies authentication requests from individuals trying to access the corporate network or business applications.
Each Digipass instance The association of a unique Digipass key, serial number, sequence number, a static vector, and a Digipass secret. using a static vector The Digipass parameter set, i.e. customer-specific binary configuration data. It contains the Digipass serial number prefix, the customer master key and the parameter settings of the cryptographic application(s). It can be provided independently in clear text format, or as part of the FAD.
See also Customer master key; FAD. version 8 supports up to eight cryptographic applications that can be used to generate OTPs. These can be generated based on the following methods:
- Response-Only (RO): No user or server input is necessary to generate the OTP.
- Challenge/Response(CR): A challenge generated by the server is used to generate the OTP.
With static vectors prior to version 8, only two cryptographic applications were supported.
| Operating mode | Seeding | Crypto-graphic algorithm | Response length | Response format | Check digit | Return host code |
|---|---|---|---|---|---|---|
| RO | Time | 3DES Symmetric key-block cipher. Uses the Data Encryption Standard (DES) cipher three times to encrypt its data.
|
6 to 16 |
DECIMAL / HEXADECIMAL |
Y/N | 0 to 10 |
| RO | Time | AES Symmetric key encryption algorithm. A block cipher with a fixed block size of 128 bits, and a key size of 128, 192, or 256 bits.
|
6 to 16 |
DECIMAL / HEXADECIMAL |
Y/N | 0 to 10 |
| RO | Time | SM3 Cryptographic hash algorithm. Used in the Chinese National Standard.
|
6 to 10 | DECIMAL | Y/N | NA |
| RO | Event | 3DES | 6 to 16 |
DECIMAL / HEXADECIMAL |
Y/N | 0 to 10 |
| RO | Event | AES | 6 to 16 |
DECIMAL / HEXADECIMAL |
Y/N | 0 to 10 |
| RO | Event | SM3 | 6 to 10 | DECIMAL | Y/N | NA |
| RO | Time + event | 3DES | 6 to 16 | DECIMAL | Y/N | 0 to 10 |
| RO | Time + event | AES | 6 to 16 | DECIMAL | Y/N | 0 to 10 |
| RO | Time + event | SM3 | 6 to 10 | DECIMAL | Y/N | NA |
| CR | Time | 3DES | 6 to 16 |
DECIMAL / HEXADECIMAL |
Y/N | 0 to 10 |
| CR | Time | AES | 6 to 16 |
DECIMAL / HEXADECIMAL |
Y/N | 0 to 10 |
| CR | Time | SM3 | 6 to 10 | DECIMAL | Y/N | NA |
| CR | Event | 3DES | 6 to 16 |
DECIMAL / HEXADECIMAL |
Y/N | 0 to 10 |
| CR | Event | AES | 6 to 16 |
DECIMAL / HEXADECIMAL |
Y/N | 0 to 10 |
| CR | Event | SM3 | 6 to 10 | DECIMAL | Y/N | NA |
| CR | Time + event | 3DES | 6 to 16 | DECIMAL | Y/N | 0 to 10 |
| CR | Time + event | AES | 6 to 16 | DECIMAL | Y/N | 0 to 10 |
| CR | Time + event | SM3 | 6 to 10 | DECIMAL | Y/N | NA |
| RO | Time | OATH Open reference architecture for strong authentication. TOTP Time-based one-time password. |
6 to 10 | DECIMAL | Y/N | NA |
| RO | Event | OATH TOTP | 6 to 10 | DECIMAL | Y/N | NA |
| CR | No seeding |
OCRA |
6 to 10 | DECIMAL | Y/N | NA |
| CR | No seeding | OCRA Alphanummeric input | 6 to 10 | DECIMAL | Y/N | NA |
| CR | Event | OATH OCRA Nummeric input | 4 to 10 | DECIMAL | Y/N | NA |
| CR | Event | OATH OCRA Alphanummeric | 4 to 10 | DECIMAL | Y/N | NA |
| CR | Time | OATH OCRA Numeric input | 4 to 10 | DECIMAL | Y/N | NA |
| CR | Time | OATH OCRA Alphanumeric input | 4 to 10 | DECIMAL | Y/N | NA |
| CR | Time + event | OATH OCRA Numeric input | 4 to 10 | DECIMAL | Y/N | NA |
| CR | Time + event | OATH OCRA Alphanumeric input | 4 to 10 | DECIMAL | Y/N | NA |