Secure Channel-based authentication

Secure Channel-based authentication is a type of authentication which supports the secure exchange of authentication data. It is used in combination with Cronto images or QR codes to exchange the Secure Channel messages. This type of authentication requires the use of Digipass licenses activated using multi-device licensing (MDL).

Secure Channel-based authentication is different from adaptive Secure Channel-based authentication.

Supported devices:

  • Hardware Digipass authenticators with Cronto image support (Digipass 7xx-series)
  • OneSpan Mobile Authenticator Studio 4.18 and later
  • Mobile Security Suite Orchestration SDK


To ensure a successful Secure Channel-based authentication, the following prerequisites must be met:

Authenticating via Secure Channel

Secure Channel-based authentication - overview

Sequence of a Secure Channel-based user authentication operation

  1. The client application requests a Secure Channel challenge from OneSpan Trusted Identity platform.
  2. OneSpan Trusted Identity platform generates a secure challenge.
  3. The client issues a request to generate a Cronto image from the returned Secure Channel message.
  4. The authenticator captures the Cronto image and creates a one-time password (OTP) for this challenge.
  5. The authenticator sends the OTP to OneSpan Trusted Identity platform for validation.
  6. The client application collects this OTP and requests OneSpan Trusted Identity platform to validate the OTP.
  7. If the OTP is successfully validated, the authentication is successful.