Login
    Contenu x
    Question/Answer Service
    • 23 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Question/Answer Service

    • Mis à jour le 23 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Description

    Through the Question/Answer Service, Authentication Suite Server SDK offers the possibility to authenticate users through their answers to a list of questions.

    This service provides a secure way to:

    • encrypt user answers to a list of questions within a data structure, the so-called question/answer BLOB
    • extract pseudo-randomly a list of questions and the list of hashes of matching answers
    • generate a key based on the list of questions and the hashes of matching answers

    This authentication method is divided into two steps:

    1. The user provides answers to a list of questions, which are stored in a database.
    2. When the user wants to authenticate, some questions of the list are provided and the answers are checked against the stored answers.

    When a user first answers a list of questions for future authentication, Authentication Suite Server SDK creates a structure to facilitate the storage of the data, i.e. the so-called question/answer BLOB or QABlob. A QABlob is a string resulting from the concatenation of the following elements:

    • User identifier
    • Version number
    • Number of answers provided by the user
    • The couple constituted by an index into the list of questions and the hash of the user’s answer
    • Checksum

    Each hash of the answer is based on a SHA-1 algorithm on 28 characters with a checksum on two characters.

    If the Question/Answer Service is implemented in a standalone mode, the QABlob will be generated directly from the answers. If the Question/Answer Service is implemented behind a Digipass for Web architecture, Authentication Suite Server SDK will receive the QABlob encrypted by a user’s OTP. In this case, Authentication Suite Server SDK decrypts the encrypted QABlob with an OTP generated by Digipass for Web.

    To authenticate a user, Authentication Suite Server SDK can extract a certain number of questions from a QABlob, each represented by an index and the hash of the matching answer. This number is called the security level. The user authentication will be successful if the hash of the new answers provided by the user and those stored in the QABlob match.

    Functionalities

    The Question/Answer Service relies on the Question/Answer authentication functionalities.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle