Offline mode

This mode only applies to the signature validation operating mode.

A typical use case is for example if signatures are not presented to the host in the order they were generated.

Three signatures are generated with the event e=1, e=2, and e=3. Presenting the signature generated with e=1 after or before e=3 will succeed.

In this mode, the lower event window boundary is:

Lower boundary = Current event value – (window event / 2) + 1

The upper window boundary is:

Upper boundary = Current event value + (window event / 2)

Authentication Suite Server SDK will consider all signatures with an event value within these boundaries as valid. After a successful validation, the event value in the authenticator application BLOB will be updated if the authenticator application event value used to generate the signature is greater than the event value stored in the authenticator application BLOB.

In this operating mode, there is no way for Authentication Suite Server SDK to detect code replay inside the event window. It is up to the calling application to manage the code replay functionality.

With the Digipass Management Service, it is possible to retrieve both the current event value and the event value of the latest valid signature from the authenticator application BLOB.

To re-validate an event-based signature to ensure non-repudiation, the calling application has to store all the transaction data and the event value used to generate this signature.

Signatures are only validated in offline mode if the kernel parameter OnlineSG is set to 0 or 3.