Overview of the OneSpan authentication solution

OneSpan authenticators provide the client component of the OneSpan authentication solution. They are issued by the application service provider (ASP) to end users (the authenticator holders) to support:

• One-time passwords (OTP) to authenticate end users to the ASP and to protect access to services and resources.
• Host codes to authenticate the ASP to end users.
• Electronic signatures to protect the integrity and authenticity of financial transactions or other security-critical communication (currently not available with OneSpan Authentication Server Appliance).

Authenticators use a variety of cryptographic algorithms to calculate OTP values, host codes, and electronic signatures using unique secret values. Most authenticators are pre-programmed with this unique secret value (making each OTP/signature unique to each authenticator), while other authenticators—specifically, smart card readers—use a secret value from another valid source, i.e. a smart card.

OneSpan Authentication Server Framework is the server-side component of the OneSpan authentication solution and is integrated in OneSpan Authentication Server. It verifies electronic signatures and OTP values generated by the authenticators.

Application service providers assign authenticators to users, based on the serial number of the authenticator and the holder’s ID. Each authenticator is delivered in a controlled way to the authenticator holder, together with a manual and (optionally) the PIN. To use the authenticator the authenticator holder needs to possess the authenticator, to know the authenticator PIN, and to have a connection to the authentication server.