2. Users can generate all purpose secure software passcodes using the Mobile OTP clients, and then use the generated passcodes for authentication. Mobile OTP credentials are compliant to OATH standards and support both counter-based (HOTP) and time-based (TOTP). Mobile OTP also supports the Transaction Signing feature in the Sign mode of passcode generation. This feature conforms to the OATH Challenge-Response Algorithm (OCRA) defined by RFC 6287.
3. To generate the passcode, the user has to first add the account and set the password or the PIN for the Mobile OTP credential on any of the Mobile OTP Clients.
4. Passcode generation is an offline process, which means the client application need not connect to the authentication server for generating passcodes.
5. The lifecycle management of Mobile OTP credential is handled by CA Strong Authentication Server.