aXsGUARD Identifier 3.0.2.0 Product Guide v1.5
DIGIPASS
PIN Change
allows a User to change their PIN as desired.
The
PIN Length
can be set for a DIGIPASS device.
DIGIPASS Lock
sets the number of consecutive faulty PIN entries allowed before the DIGIPASS device is
locked.
17.2.2
Server PIN
The DIGIPASS Client PIN described in the previous section is not possible with one-button DIGIPASS models (i.e.
the DIGIPASS GO Range models). The Server PIN is an alternative solution for 2-factor authentication only available
with one-button DIGIPASS models.
A Server PIN can be used together with the OTP generated by the DIGIPASS device, as part of the on line
authentication process. The Server PIN is a digit-based secret, typed in by the User into the login password field in
front of the OTP and is checked by the authenticating server. The server only permits verification of the OTP if
submitted with a valid Server PIN. The additional Server PIN thus provides an extra layer of security, a 2-factor
security solution. To authenticate, the holder needs to have a connection to the authenticating server, to know the
Server PIN (something you know), and to be in possession of the DIGIPASS device (something you have) to
generate an OTP.
The following permutations of OTP and Server PIN are possible:
OTP: the normal login where a Server PIN is not required
PIN
OTP: the normal login where a Server PIN is required and is entered in front of the OTP
PIN
OTP
newpin
newpin: for changing the Server PIN: the new PIN is entered twice after the OTP
OTP
newpin
newpin: for setting the Server PIN on first use, when no initial PIN was programmed: the new PIN is
entered twice after the OTP. This is also necessary after an administrative PIN reset.
Server PIN runtime information is provided through the Administration Web Interface by selecting a specific
DIGIPASS record (see table below).
©
2009 VASCO Data Security
101