Synchronization time window

When a dynamic password (or a signature) is submitted for the very first time, Authentication Suite Server SDK does not know the (eventual) time drift for this Digipass authenticator.

This time difference may be caused by factors such as:

• Bad host GMT time
• The Digipass authenticator has not been used for a very long time.
• The Digipass authenticator has been stored in a hostile environment (extreme humidity, heat, cold) before the first use.

After an import or a reset, the authenticator application BLOB is in initial synchronization time window mode. This implies that the following authentication will use the SyncWindow kernel parameter (expressed in hours or minutes) as a reference for the time window.

The default value for the SyncWindow is six hours (i.e. accept a drift of +/- three hours for the first authentication).

If this first authentication succeeds, the authenticator application BLOB changes to production time window mode: This production time window can be either static by default (see Static time window or dynamic (see Dynamic time window).

A time-based Digipass authenticator is assumed to have a maximum time drift of +/- two seconds per day (+/- 730 seconds per year). A SyncWindow value of six hours supports a drift of +/- three hours (+/- 10,800 seconds). The initial synchronization will be possible even after 14 years, which is sufficient considering the lifetime of a Digipass authenticator.