TID Signature Validation with Secure Channel (Policy)

The following is an overview of the relevant default settings of signature validation via Secure Channel with Intelligent Adaptive Authentication.

TID Signature Validation with Secure Channel—Default parameter settings
Parameter name Default value Description
appl_names SC ONLINE

Application Names

This controls which authenticator applications may be used. If the list is empty, there is no restriction. If there are one or more entries, they will indicate the application names that are permitted.

custom_request_body yes

Allow Custom Request Body

If true, all Secure Channel policy settings can be overwritten by providing a valid request body attribute in the request.

initial_window 1 hour

Initial Time Window

This controls the maximum allowed time variation between an authenticator and the host system, the first time that the authenticator is used. The time is specified in hours.

This Initial Time Window is also used directly after a Reset Application operation, which can be used if it appears that the internal clock in the authenticator has drifted too much since the last successful login. This only applies to time-based authenticators when verifying an OTP.

In either case, after the first successful login, the initial time window is no longer active.

event_window

10 events

Event Window

This controls the maximum allowed number of event variations between an authenticator application and the host system during login. This only applies to event-based authenticator applications and always applies for OTP verification. For signature validation, it depends on the online signature level setting whether the event window is used or not.