- 14 Oct 2024
- 1 Minute to read
- DarkLight
- PDF
Secure-Channel-Based Authentication
- Updated on 14 Oct 2024
- 1 Minute to read
- DarkLight
- PDF
Secure Channel-based authentication is a type of authentication which supports the secure exchange of authentication data. It is used in combination with Cronto images or QR codes to exchange the Secure Channel messages. This type of authentication requires the use of authenticator licenses that are activated in the multi-device licensing (MDL) mode.
Secure Channel-based authentication is different from adaptive Secure Channel-based authentication.
Supported devices:
Hardware authenticators with Cronto image support (e.g. the Digipass 7xx-series)
OneSpan Mobile Authenticator Studio 4.18 and later
Mobile Security Suite Orchestration SDK
Prerequisites
To ensure a successful Secure Channel-based authentication, the following prerequisites must be met:
The device used for the authentication has been successfully activated. For more information, see Activate a Cronto image device offline.
Authentication via Secure Channel
For Secure Channel-based user authentication operations, the sequences differ slightly, depending whether the authenticator used has internet connectivity or not.
Secure Channel-based authentication overview — authenticators with internet connectivity overview
Sequence of a Secure Channel-based user authentication operation with authenticators with internet connectivity
The client application requests a Secure Channel challenge from the OneSpan Trusted Identity platform.
The OneSpan Trusted Identity platform generates a secure challenge.
The client issues a request to generate a Cronto image from the returned Secure Channel message.
The authenticator captures the Cronto image and creates a one-time password (OTP) for this challenge.
The authenticator sends the OTP to the OneSpan Trusted Identity platform for validation.
The OneSpan Trusted Identity platform validates the OTP.
The client application collects the result of the validation.
If the OTP is successfully validated, the authentication is successful.
Secure Channel-based authentication overview — authenticators without internet connectivity overview
Sequence of a Secure Channel-based user authentication operation with authenticators without internet connectivity
The client application requests a Secure Channel challenge from the OneSpan Trusted Identity platform.
The OneSpan Trusted Identity platform generates a secure challenge.
The client issues a request to generate a Cronto image from the returned Secure Channel message.
The authenticator captures the Cronto image and creates a one-time password (OTP) for this challenge.
The authenticator displays OTP to the user.
The user enters the OTP into the client application.
The client application sends the OTP to the OneSpan Trusted Identity platform for validation.
The OneSpan Trusted Identity platform validates the OTP.
The client application collects the result of the validation.
If the OTP is successfully validated, the authentication is successful.