aXsGUARD Identifier 3.0.2.0 Product Guide v1.5
User Authentication Process
3.5.3.6
Request Method and Keyword
For
2-Step Challenge/Response
and
Virtual DIGIPASS
, the method of requesting a Challenge or OTP respectively
can be defined in the Policy. The methods for
Primary Virtual DIGIPASS
and
Backup Virtual DIGIPASS
are defined
separately. The request methods are:
Password
- the static password.
Keyword
- a fixed keyword, which can be blank.
PasswordKeyword
- the static password followed by a fixed keyword, with no whitespace or separating
characters in between.
KeywordPassword
- a fixed keyword followed by the static password, with no whitespace or separating
characters in between.
None
- no method, the feature is disabled.
The static password in the request method is compared against the DIGIPASS User account's password value. For
more information on the static password check during an authentication attempt, see section
The methods of requesting these three login processes (2-step Challenge/Response, Primary and Backup Virtual
OTP request) can be the same. When the aXsGUARD Identifier recognizes a request, it verifies whether there is a
DIGIPASS capable of the login process: if not, it ignores the request.
Example
The request methods for Primary and Backup Virtual DIGIPASS are both defined as keyword “otp”. A User has a GO 3 with Backup
Virtual DIGIPASS enabled. When they log in with a keyword “otp”, the aXsGUARD Identifier generates a Backup Virtual DIGIPASS
OTP, because the User does not have a Primary Virtual DIGIPASS.
3.5.4
Authentication without DIGIPASS
When the DIGIPASS lookup does not return a DIGIPASS record, authentication processing requires a static
password check to succeed. In addition,
Self-Assignment
is possible when the DIGIPASS lookup does not return a
DIGIPASS record. Static password verification and Self-Assignment are explained here.
©
2009 VASCO Data Security
37