IDConfirm 1000 (SA Server)
The rules for Time-Based devices and the verification of their OTPs is defined in the Time-Based policies.
To access the policies from the ID Confirm administration portal choose Manage Policies>View all Time Based Policies.
Click on the policy that is assigned to your devices (the policy is chosen during the devices provisioning).
The main fields that you may have to modify are the Authentication Window and the Manual Sync Window.
The number of OTPs computed on the server side to compare with the one given from the device during an authentication.
If the Authentication Window is set to 5 (recommended value) the drift between the server and device clock can reach up to 5 x 30 seconds without any authentication error.
First Authentication Window
The number of OTPs computed on the server side to compare with the one given from the device during the first authentication.
For the first authentication the server has not yet defined the token drift so the window needs to be much larger.
Manual Sync Window
The number of OTPs computed on the server side to compare with the one given from the device during a resynchronization with two consecutive OTPs.
This window needs to be bigger than the Authentication Window so that the device can be resynchronized if the authentication fails.
Consecutive OTP Window
This value is used when doing a resynchronization.
By default (value = 1) the server checks two consecutive OTPs (OTP1 and OTP2).
If you increase this value the following OTPs can be checked as well.
For example if you set this value to 3 and the Manual Sync Window to 2 the server will check:
(OTP 1 / OTP 2) (OTP 1 / OTP 3) (OTP 1 / OTP 4)
(OTP 2 / OTP 3) (OTP 2 / OTP 4) (OTP 2 / OTP 5)
Auto Sync Enabled and Auto Sync Window
If you enable auto sync, a fourth window is available.
This window replaces the authentication window after a certain number of wrong OTPs.
This number is the Auto Sync Threshold.
The Auto Sync Threshold should be smaller than the Max OTP Lock. The Auto Sync Window should be bigger than the Authentication Window and smaller than the Manual Sync Window.
Defines the protocol used by the server to compute the OTP from the secret key (whether Random or Master key).
The length of the OTP given by your device
Checks if the device is still valid. It is different from the device state which needs to be Activated for the OTP to be verified.
The user password can be required for OTP verification
Max OTP Lock
The number of consecutive wrong OTPs that needs to be reached to lock the device.
The time window for authenticating with your device. By default the OTP changes every 30 seconds on Gemalto ID Prove 100 tokens.