Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Digipass Plug-In for IAS Product Guide - Vasco
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>Digipass</strong> <strong>Plug</strong>-<strong>In</strong> <strong>for</strong> <strong>IAS</strong> <strong>Product</strong> <strong>Guide</strong> <strong>Digipass</strong><br />
2.2.4 <strong>Digipass</strong> Record Settings<br />
These settings are kept in the record <strong>for</strong> a <strong>Digipass</strong> Application, and affect which OTP is<br />
expected by the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong>.<br />
2.2.4.1 Time/Event-based Settings<br />
Time Based<br />
Specifies whether the algorithm <strong>for</strong> the <strong>Digipass</strong> application is time-based (see Time/Eventbased<br />
<strong>Digipass</strong> Applications <strong>for</strong> more in<strong>for</strong>mation).<br />
Time Step Used<br />
The time step used by the <strong>Digipass</strong> Application (see Time/Event-based <strong>Digipass</strong><br />
Applications <strong>for</strong> more in<strong>for</strong>mation).<br />
Last Time Shift<br />
Time Shift records any misalignments between the time recorded on the <strong>Digipass</strong> and the time<br />
recorded on the server, each time a User logs in. This ensures that if either clock drifts from<br />
the correct time, an allowance can be made by the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> and the User will still be able to<br />
log in. If the time drift goes beyond the allowable time window between User logins, the<br />
<strong>Digipass</strong> record will have to be reset (this allows <strong>for</strong> recalculation of the time drift).<br />
Example<br />
Time window may be 5 steps in either direction.<br />
This means that 11 OTPs would be considered valid – the exact OTP <strong>for</strong> that time,<br />
and the OTPs <strong>for</strong> the 5 time steps either side of the exact time. If the OTP given is<br />
<strong>for</strong> a different time step, the time shift <strong>for</strong> that <strong>Digipass</strong> will be recorded. The next<br />
time the User logs in, the expected OTP will be calculated based on that time shift.<br />
Last Event Value<br />
The current number of uses of the <strong>Digipass</strong> Application, according to the <strong>Digipass</strong>. This can<br />
get out of sync with the number of uses recorded by the <strong>IAS</strong> <strong>Plug</strong>-<strong>In</strong> when:<br />
login failures occur <strong>for</strong> other reasons than incorrect OTP<br />
the <strong>Digipass</strong> has been used without a login (eg. children have been playing with it)<br />
The <strong>Digipass</strong> is being used to log in to two separate systems<br />
The purpose of this setting is much the same as the Last Time Shift setting – it allows the <strong>IAS</strong><br />
<strong>Plug</strong>-<strong>In</strong> to track any shifts between the event count recorded by itself and the <strong>Digipass</strong>.<br />
2.2.4.2 Response Length<br />
This setting determines the length of the OTP (excluding check digit) expected by the server<br />
from the <strong>Digipass</strong> Application.<br />
© 2005 VASCO Data Security <strong>In</strong>c. 27