Login
    Contents x
    One-time password and e-signature generation
    • 19 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    Contents

    One-time password and e-signature generation

    • Updated on 19 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    Article summary

    As part of the OneSpan authentication product lines, Mobile Authenticator Studio can be used to generate one-time passwords (OTPs) and e-signatures.

    Cryptographic application

    Mobile Authenticator Studio supports up to eight cryptographic applications for OTP or e-signature generation. A cryptographic application is a set of parameters that defines how authenticator responses are generated. The following parameters determine the setup of a cryptographic application:

    • Operating mode

    • OTP time step

    • Secret type

    • Cryptographic algorithm

    • Response format

    • Response length

    • Response check digit

    • Host confirmation code

    The supported character set for the signature data is:

    0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ%&'()*+,-./:;<=>?_

    SPACE (0x20) is included.

    Lowercase characters are automatically converted into uppercase before the signature is processed.

    ABcdEF, abcdef, and ABCDEF will produce the same response if used as a data field.

    Cryptographic algorithm

    The algorithm for OTP or e-signature generation may be either of the following:

    • Time-based

      A time seed provided by the device running the app is used to generate OTPs. Time-based authenticators may have a time step of 8*2n, where n can be between 0 and 15 (e.g. from 8 seconds to 3 days).

    • Event-based

      A counter is used to generate OTPs. The counter is created by the app and stored on the device.

    • Time- and event–based

      A time seed and a counter are used to generate OTPs.

    To generate an OTP, the algorithm processes the seed which is encrypted by a cryptographic algorithm based on a secret called authenticator key. Each cryptographic authenticator application can share the same authenticator key, or use its own key.

    The following cryptographic algorithms are supported:

    • Triple DES

    • AES

    • OATH

    Check digit and host confirmation code

    The generated OTP or e-signature can have between 4 and 16 decimal or hexadecimal characters. A check digit may be added, which increases the OTP length by 1 character.

    Mobile Authenticator Studio may sign up to 8 data fields of up to 16 digits each. The supported minimum and maximum data field length is specified in the cryptographic application’s parameter set, which is part of the authenticator's static vector.

    In addition to OTP or e-signature generation, Mobile Authenticator Studio also supports host confirmation code (HCC) generation. It is a string of up to 10 decimal or hexadecimal characters which identifies the authentication server. After validating an OTP, the server generates and returns the HCC, which the user can compare with the code displayed on the mobile device. Thus, the user can be sure that the OTP was validated by the correct authentication server.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant