Digipass Dynamic Authentication Service

Description

Several steps are necessary for a Digipass user authentication through the Digipass Dynamic Authentication Service. The authentication process depends on the authentication mode that has been programmed for a particular authenticator application. The authentication modes used with dynamic authentication are RO, CR, and MM. For a description of the authentication modes, refer to Authenticator application authentication mode

Functionalities

For a successful user authentication, Digipass Dynamic Authentication Service provides two functionalities:

• Password validation
• Challenge generation

Workflows

Response-Only authentication workflow

Authenticating a user in Response-Only mode involves the following steps (see Figure: Response-Only authentication workflow):

1. Retrieving the BLOB assigned to the user in the database using the user ID.
2. Submitting the BLOB and the OTP to Authentication Suite Server SDK.
3. Writing the BLOB updated by Authentication Suite Server SDK back to the database.
4. Interpreting the code returned by Authentication Suite Server SDK.

Figure:  Response-Only authentication workflow

Challenge/Response authentication workflow

Authenticating a user in Challenge/Response mode involves the following steps (see Figure: Challenge/Response authentication workflow):

1. Retrieving the BLOB assigned to the user in the database using the user ID.
2. Submitting the BLOB to Authentication Suite Server SDK to generate a challenge.
3. Writing the BLOB updated by Authentication Suite Server SDK back to the database.
4. Submitting the challenge to the user so they can generate the OTP.
5. Retrieving the BLOB assigned to the user in the database using the user ID.
6. Submitting the BLOB, the OTP and (optionally) the challenge to Authentication Suite Server SDK.
7. Writing the BLOB updated by Authentication Suite Server SDK.
8. Interpreting the code returned by Authentication Suite Server SDK.

Figure:  Challenge/Response authentication workflow