Introduction

The Virtual Hardware Authenticator website provides virtual demo authenticators that leverage demo authenticator seeds. An authenticator seed is used to generate random unique one-time password (OTP) values for the different authenticator crypto applications. A crypto application is invoked when a button on the authenticator is pressed, and the OTP is generated and displayed.

The following crypto applications are supported by the virtual authenticators:

• Response-Only. This crypto application is designed to showcase one of the ways to generate an OTP. The demo authenticator crypto application generates a new OTP every 36 seconds leveraging only the time as input to the cryptographic algorithm.

  OneSpan offers many other configuration options for Response-Only crypto applications, but only the current configuration is supported by the virtual demo authenticators.

• Challenge/Response. This crypto application is designed to showcase how an authenticator can be set up to handle Challenge/Response workflows. In these workflows, a challenge is shown to the authenticator holder, who enters the challenge into the authenticator. The authenticator generates a respective response. The demo authenticator crypto application only uses the challenge entered to generate the OTP; it is not combined with other factors. This means that if you enter the same challenge multiple times, you will get the same response OTP each time.

  OneSpan offers many other configuration options for Challenge/Response crypto applications, but only the current configuration is supported by the virtual demo authenticators.

• Transaction Signature (also known as e-Signature or Message Authentication Codes). This crypto application is designed to showcase how an authenticator can be set up to electronically generate a non-repudiable signature OTP. For this crypto application, a user will be asked to enter specific values from a transaction that needs to be secured. These values should be known by both the server and the client, but should not be provided by the server during the time of the transaction. The client should understand what the values are and how they are being used (the context of the transaction).

   

  For example, the authenticator holder may be attempting to perform a banking wire transfer. The bank may ask the authenticator holder to enter the following values:

  1. Last 5 digits of the authenticator holder's account number.
  2. Last 5 digits of the transaction recipient's account number.
  3. The transaction amount.

  After entering the third value the demo authenticator crypto application generates a transaction signature response OTP. All three fields and the response code are entered into the bank's application for validation. The demo authenticator only allows three data field, where each of the three fields can have a maximum length of 8 digits. The transaction signature response OTP is based on the data values entered and is not combined with any other components (such as time or events). This means that if you enter the same data fields multiple times, you will get the same transaction signature response OTP each time.

  OneSpan offers many other configuration options for transaction signature crypto applications, but only the current configuration is supported by the virtual demo authenticators.

The website provides the following virtual authenticators:

• Digipass GO 3. This virtual authenticator only supports the demo Response-Only (RO) crypto application.
• Digipass GO 6. This virtual authenticators only supports the demo Response-Only (RO) crypto application.
• Digipass 275. This virtual authenticator supports the demo Response-Only (RO), Challenge/Response (CR), and Transaction Signature (SG) crypto applications.

The server environment needs to import a demo DIGIPASS export file (DPX) to validate the response codes generated by any of the virtual authenticators. Since all demo authenticator crypto applications are exactly the same, demo DPX files can be used interchangeably. Demo DPX files used for the Digipass GO 3 virtual authenticator can be used with the Digipass GO 6 virtual authenticator and with the Response-Only crypto application on the Digipass 275. For the Digipass 275, the demo DPX file will include Response-Only, Transaction Signature, and Challenge/Response crypto applications in this specific order (crypto application 1 is RO, application 2 is SG, application 3 is CR).

You can find download links for each demo DPX file on each Virtual Hardware Authenticator page.

Demo DPX files are not supported in OneSpan Trusted Identity platform (TID) (Intelligent Adaptive Authentication, OneSpan Cloud Authentication). Demo DPX files are supported for use with OneSpan Authentication Server and OneSpan Authentication Server Framework.