Reactivation of a standard license
  • 23 Oct 2024
  • 3 Minutes à lire
  • Sombre
    Lumière

Reactivation of a standard license

  • Sombre
    Lumière

The content is currently unavailable in French. You are viewing the default English version.
Résumé de l’article

During the Mobile Authenticator Studio life cycle, users may have to reactivate the app for various reasons. Reactivation may be necessary in the following scenarios:

  • A user has lost their local password. Because the authenticator key cannot be used without the local password, the app can no longer generate valid OTPs or e-signatures.

    The user can reactivate the app through the Re-activate menu in the app settings.

  • A user has lost the device, and the app on the new device should have the same configuration and secret.

    The user needs to reinstall the app and activate it with the parameters provided by the server.

Similar to activation, reactivation can take place online or offline, manually, with a QR code, or a Cronto image. It consists in re-pushing the authenticator secret and, with event-based apps, the event of the last validated OTP from the authentication server to the Mobile Authenticator Studio app.

All events with a value lower than the current event of the Mobile Authenticator Studio application will be ignored to prevent code replay.

Reactivation is enabled in the settings section of the Mobile Authenticator Studio configuration file.

In previous Mobile Authenticator Studio versions, it was possible to configure a reactivation counter to limit the number of online reactivations on the client. Because this counter could be bypassed by re-installing the application, the reactivation counter has been removed from Mobile Authenticator Studio as of version 4.0. The number of possible reactivations must be controlled on the server-side by checking the serial number of the authenticator.

Online reactivation

From a user’s point of view, the online reactivation process is the same as the online activation. The data exchange between the Mobile Authenticator Studio application and the server is, however, slightly different. In addition to the configuration data and the authenticator secret, the counter used to validate the last OTP is exchanged. This happens through a parameter called encrypted event reactivation counter (XERC). As with other sensitive values, this counter is encrypted with the secret shared between the server and the user.

  • Online activation:

    activation data = static vector + authenticator serial number + activation code

  • Online reactivation:

    activation data = static vector + authenticator serial number + activation code + XERC

As with activation, and depending on the selected Mobile Authenticator Studio app, the server may receive an OTP confirming the successful reactivation. Device binding ensures that the Mobile Authenticator Studio app can be reactivated on one device only. If the app is reactivated on a new device, e.g. because the first device has been lost, the binding needs to be repeated. Binding a new device unbinds the first device.

Offline reactivation

Offline reactivation involves user experience that differs from online activation user experience. In addition to the authenticator serial number, the activation code, and the local password, users need to enter the event reactivation counter (ERC). This parameter contains the event counter that will be used by the app. The event is only formatted, not encrypted. Similar to other parameters used for offline activation or reactivation, the ERC must be securely exchanged with the server prior to the operation.

Offline reactivation

As with activation, and depending on the selected Mobile Authenticator Studio app, the server may receive an OTP confirming the successful reactivation. Device binding ensures that the Mobile Authenticator Studio app can be reactivated on one device only. If the app is reactivated on a new device, e.g. because the first device has been lost, the binding needs to be repeated. Binding a new device unbinds the first device.

QR code reactivation

From a user’s point of view, QR code reactivation is the same as QR code activation. The data in the QR code is, however, different. In addition to the configuration data and the authenticator secret, the counter used to validate the last OTP is exchanged. This happens in a parameter called event reactivation counter (ERC).

  • QR code activation:

    <QRCode>
         <SN>SERIAL_NUMBER</SN>
         <AC>ACTIVATION_CODE</AC>
    </QRCode>

  • QR code reactivation:

    <QRCode>
         <SN>SERIAL_NUMBER</SN>
         <AC>ACTIVATION_CODE</AC>
         <ERC>EVENT_REACTIVATION_COUNTER</ERC>
    </QRCode>

As with activation, and depending on the selected Mobile Authenticator Studio app, the server may receive an OTP confirming the successful reactivation. Device binding ensures that the Mobile Authenticator Studio app can be reactivated on one device only. If the app is reactivated on a new device, e.g. because the first device has been lost, the binding needs to be repeated. Binding a new device unbinds the first device.


Cet article vous a-t-il été utile ?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.
ESC

Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle