- 23 Oct 2024
- 1 Minute to read
- DarkLight
Standard encryption protocol
- Updated on 23 Oct 2024
- 1 Minute to read
- DarkLight
The standard encryption protocol is supported by Mobile Authenticator Studio from version 4.0 for backward compatibility. OneSpan strongly recommends using the advanced provisioning protocol, which ensures stronger encryption of the activation data.
To further increase security, a nonce (alea) can be used. This is a string of random characters generated by the device. The nonce is different for each activation request. Combining the nonce on the server with the activation password to encrypt the activation data ensures the uniqueness of the activation code provided in each server response.
Online activation with standard encryption
The activation data is generated and encrypted by Authentication Server Framework. The encryption key is derived from the activation password and the nonce using SHA-1.