Rate this Content

 
 
 
 
 
 
 
Rate
 
 
 
 
 
 
1 Rates
40 %
1
5
2
 

What is the meaning of the fields in the Time-Based policy?

Applies to

IDConfirm 1000 (SA Server) 

Content

The rules for Time-Based devices and the verification of their OTPs is defined in the Time-Based policies.

To access the policies from the ID Confirm administration portal choose Manage Policies>View all Time Based Policies.

 

Click on the policy that is assigned to your devices (the policy is chosen during the devices provisioning).

The main fields that you may have to modify are the Authentication Window and the Manual Sync Window.

 

Authentication Window

The number of OTPs computed on the server side to compare with the one given from the device during an authentication.

If the Authentication Window is set to 5 (recommended value) the drift between the server and device clock can reach up to 5 x 30 seconds without any authentication error.

 

First Authentication Window

The number of OTPs computed on the server side to compare with the one given from the device during the first authentication.

For the first authentication the server has not yet defined the token drift so the window needs to be much larger.

 

Manual Sync Window

The number of OTPs computed on the server side to compare with the one given from the device during a resynchronization with two consecutive OTPs.

This window needs to be bigger than the Authentication Window so that the device can be resynchronized if the authentication fails.

 

Consecutive OTP Window

This value is used when doing a resynchronization.

By default (value = 1) the server checks two consecutive OTPs (OTP1 and OTP2).

If you increase this value the following OTPs can be checked as well.

For example if you set this value to 3 and the Manual Sync Window to 2 the server will check:

(OTP 1 / OTP 2)         (OTP 1 / OTP 3)      (OTP 1 / OTP 4)

(OTP 2 / OTP 3)         (OTP 2 / OTP 4)      (OTP 2 / OTP 5)

 

Auto Sync Enabled and Auto Sync Window

If you enable auto sync, a fourth window is available.

This window replaces the authentication window after a certain number of wrong OTPs.

This number is the Auto Sync Threshold.

The Auto Sync Threshold should be smaller than the Max OTP Lock. The Auto Sync Window should be bigger than the Authentication Window and smaller than the Manual Sync Window.

 

Key Mode

Defines the protocol used by the server to compute the OTP from the secret key (whether Random or Master key).

 

OTP Length

The length of the OTP given by your device

 

Check dates

Checks if the device is still valid. It is different from the device state which needs to be Activated for the OTP to be verified.

 

User Password

The user password can be required for OTP verification

 

Max OTP Lock

The number of consecutive wrong OTPs that needs to be reached to lock the device.

 

Time Step

The time window for authenticating with your device. By default the OTP changes every 30 seconds on Gemalto ID Prove 100 tokens.

No comments
Add comment

* - required field

*




CAPTCHA image for SPAM prevention If you can't read the word, click here.

*
*

Latest updated pages