Login
    Contents x
    Secure-Channel-Based Authentication
    • 14 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Contents

    Secure-Channel-Based Authentication

    • Updated on 14 Oct 2024
    • 1 Minute to read
    • Dark
      Light
    • PDF
    Article summary

    Secure Channel-based authentication is a type of authentication which supports the secure exchange of authentication data. It is used in combination with Cronto images or QR codes to exchange the Secure Channel messages. This type of authentication requires the use of authenticator licenses that are activated in the multi-device licensing (MDL) mode.

    Secure Channel-based authentication is different from adaptive Secure Channel-based authentication.

    Supported devices:

    • Hardware authenticators with Cronto image support (e.g. the Digipass 7xx-series)

    • OneSpan Mobile Authenticator Studio 4.18 and later

    • Mobile Security Suite Orchestration SDK

    Prerequisites

    To ensure a successful Secure Channel-based authentication, the following prerequisites must be met:

    Authentication via Secure Channel

    For Secure Channel-based user authentication operations, the sequences differ slightly, depending whether the authenticator used has internet connectivity or not.

    Secure Channel-based authentication overview — authenticators with internet connectivity overview

    Sequence of a Secure Channel-based user authentication operation with authenticators with internet connectivity

    1. The client application requests a Secure Channel challenge from the OneSpan Trusted Identity platform.

    2. The OneSpan Trusted Identity platform generates a secure challenge.

    3. The client issues a request to generate a Cronto image from the returned Secure Channel message.

    4. The authenticator captures the Cronto image and creates a one-time password (OTP) for this challenge.

    5. The authenticator sends the OTP to the OneSpan Trusted Identity platform for validation.

    6. The OneSpan Trusted Identity platform validates the OTP.

    7. The client application collects the result of the validation.

    8. If the OTP is successfully validated, the authentication is successful.

    Secure Channel-based authentication overview — authenticators without internet connectivity overview

    Sequence of a Secure Channel-based user authentication operation with authenticators without internet connectivity

    1. The client application requests a Secure Channel challenge from the OneSpan Trusted Identity platform.

    2. The OneSpan Trusted Identity platform generates a secure challenge.

    3. The client issues a request to generate a Cronto image from the returned Secure Channel message.

    4. The authenticator captures the Cronto image and creates a one-time password (OTP) for this challenge.

    5. The authenticator displays OTP to the user.

    6. The user enters the OTP into the client application.

    7. The client application sends the OTP to the OneSpan Trusted Identity platform for validation.

    8. The OneSpan Trusted Identity platform validates the OTP.

    9. The client application collects the result of the validation.

    10. If the OTP is successfully validated, the authentication is successful.

    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, our interactive help assistant