Login
    Contenu x
    Challenge-Response Authentication (Policy)
    • 18 Oct 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    Contenu

    Challenge-Response Authentication (Policy)

    • Mis à jour le 18 Oct 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    The following is an overview of the relevant default settings of Challenge/Response authentication with Intelligent Adaptive Authentication.

    • Parent policy: Identikey Local Authentication

    Challenge-Response Authentication—Default parameter settings

    Parameter name

    Default value

    Description

    1step_cr_enabled

    Yes - Any Challenge

    1-Step Challenge/Response - Permitted

    This controls whether 1-step Challenge/Response logins will be enabled for the current policy and, if so, where the challenge should originate.

    To enable 1-step Challenge/Response, you also need to set Challenge Check Mode (see below).

    Possible values:

    • Default. Use the setting of the parent policy.

    • No. 1-step Challenge/Response may not be used.

    • Yes – Server Challenge. 1-step Challenge/Response may be used if the instance of the Authentication component verifying the response also generated the challenge.

    • Yes – Any Challenge. 1-step Challenge/Response may be used with any random challenge.

    1step_cr_length

    7

    Challenge Length

    Specifies the length of the challenge (excluding a check digit) which should be generated for 1-step Challenge/Response logins.

    chal_check_mode

    0

    Challenge Check Mode

    This setting is for advanced control over time-based Challenge/Response authentication. 1 is the default value if the setting is not specified at all.

    Possible values:

    • 0. The challenge is not checked at all. This is necessary for a 1-step Challenge/Response.

    • 1. The challenge presented for verification must be the last one that was generated specifically for that authenticator. This is the normal mode of operation in a 2-step Challenge/Response.

    • 2. The challenge presented for verification is ignored. Instead, the last one that was generated specifically for that authenticator is used.

    • 3. Only one verification is permitted per time step. This option only applies to time-based Challenge/Response procedures. This is a method of avoiding a potential replay of a captured response if the same challenge comes up again in the same time step.

    • 4. If the same challenge and response are presented for verification twice in a row during the same time step, they are rejected. This is an advanced method of avoiding a potential replay of a capture Challenge/Response.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle