You are here: Home > net banking, token > Understanding How it Works Token net Banking (4)

Understanding How it Works Token net Banking (4)

Posted in net banking, token | September 30th, 2011

Self Generated in OTP mode (Response Only)

I will make a case for starting from OTP generation in self-generated or response mode solely. Previously, of course, the server and also the token must agree on a secret initial price (init-secret). The initial price is stored (planted) in the token and stored additionally in the table on the server.

When at an exact time required generating OTP token code while not challenge, that’s what the token:

1. Taking this time in EPOCH seconds format (number of seconds since January one, 1970), sometimes during a granularity of ten seconds, that the EPOCH price divided by ten.

2. Combining init-secret with this time from step one.

3. Calculate the hash price of init-secret combination and timing of step a pair of.

Hash price from step three is at the OTP. however OTP is typically taken from a number of the characters / digits at the beginning of the hash.

How to perform server authentication? The trick is similar to that done token, ie by calculating the hash price of init-secret combined with this time and take some digits at the beginning of the OTP. If the OTP is distributed with a similar user OTP server obtained from the calculation of the hash, then the authentication is successful.

But there are few records that has got to be considered due to the time. To tolerate the time distinction between the token and also the server, and additionally the lag time from the time the server asks for a password until the user requests the token generating tokens, then the server must give time tolerance.

There are three events to notice the time, namely:

1. Seconds when the server asks for a password (OTP) of the user

2. Second when generating OTP tokens

3. Seconds when the server receives from the user’s OTP

Consider the example below:

If one assumes the precise same time on the server by the time the token (the token’s internal clock), then we have a tendency to must note that there would be a lag between the occurrence of one, 2 and 3. When the second to-0 server asks for a password from the user, due to the slow web access, may be a replacement on-30 seconds to appear at the browser user that he must enter the OTP from the token. Later in the 60 seconds to get OTP token. in the second of the sixty five user submits the OTP price to the new server and arrives at the server in seconds into the ninetieth.

Due to the time-dependent generation of OTP OTP when raised, then the ensuing OTP token, is that the second OTP to-60. whereas the server asks for a password from the user since the second to-0. the way to perform server authentication? The trick is to check all potential OTP in the timeframe that’s deemed adequate, say 180 seconds.

When the system using a granularity of ten seconds then the server must calculate the worth of seconds since the OTP to-0, 10, 20, 30, 40, s / d to 180 in multiples of ten seconds. take into account the example in the figure below. during this system it’s assumed OTP is half-dozen characters starting from MD5 combined. In doing authentication, the server must compare all the values ??from the second to the OTP-0 (in this example EPOCH/10 = 124 868 042) until the time of most tolerance.

Suppose that the tolerance is three minutes, then the server must give tolerance three minutes to the front and 3 minutes to the rear relative to the time when the server receives from the user and OTP authentication. Remember, when tolerance is relative to the time server authentication. so if the server performs the authentication on EPOCH/10 = 600, then the server must calculate the worth of OTP since until EPOCH/10 EPOCH/10 = 420 = 780.

Remember my rationalization of the previous salt. when put next with the OTP, the then-secret init price is similar to plain-text passwords of users, whereas the salt or enhancements is that the time (EPOCH/10).

Age OTP

Earlier i mentioned that the character of the OTP is to possess a limited lifespan. Age was associated with a given tolerance time server for X seconds forward and backwards X seconds relative to this server authentication. If the tolerance is three minutes (180 seconds), then the age of an OTP is three minutes, in the sense that if the server will the authentication is not more than three minutes since the OTP token is generated, the OTP are going to be considered valid by the server.

OTP in Fashion Challenge / Response

Generation and OTP authentication in mode C / R is truly almost like the mode of self-generated. When the additional mode of self-generated (salts) from init-secret is that the time (EPOCH/10), in mode C / R is salt / more enhancements. Init-secret not solely in addition to time, however additionally in addition to the challenge.

In mode C / R there are further fields that has got to be incorporated before the calculated price hashnya, that challenge. the worth of this challenge is thought by the server and additionally by the token (when users type the challenge into the token), in order that each the token and also the server are going to be able to calculate a similar OTP authentication in order that the method can happen.

Tags: , ,

  • Digg
  • Del.icio.us
  • StumbleUpon
  • Reddit
  • Twitter
  • RSS

Comments are closed.