Customers request a high level description of the seven CA Strong Authentication Credentials which are as follows:
3. One-Time Password
4. OATH-Compliant One-Time Password
5. Question and Answer
7. LDAP Username-Password
What do the CA Strong Authentication Credentials entail at a high level ?
AuthMinder provides the following authentication methods out-of-the-box:
ArcotID PKI is a CA-proprietary secure software credential that provides two-factor authentication. An ArcotID PKI is a small data file that by itself can be used for strong authentication to a variety of clients such as, Web or Virtual Private Networks (VPNs).
See "ArcotID PKI Key Concepts" (see page 17) for more information on ArcotID PKI.
A regular credential, where the user is issued a username and a password to log in to the system.
■ One-Time Password
One-time password is another credential generated by AuthMinder Server. An OTP can be numeric or an alpha-numeric string. It is also possible to configure the number of times it can be used.
■ OATH-Compliant One-Time Password
One-time passwords that are complaint to Open Authentication (OATH) standards. AuthMinder supports both counter-based OATH OTPs (HOTPs) and time-based OATH OTPs (TOTPs).
■ Question and Answer
Question and Answer (also known as QnA) is a challenge-response authentication mechanism. Users authenticate to AuthMinder Server by providing correct answers for the questions they are asked. These Questions and Answers are set by the users themselves during registration.
ArcotID OTP is compliant to the OATH, Europay, MasterCard, and VISA (EMV) standards. If your application is integrated with ArcotID OTP, then it accepts the user’s password as an input and generates passwords (also known as passcodes) on the users’ device. The user, then, submits this generated passcode to authenticate to your Web application. Based on the authentication result, the user is granted access to the protected application or denied access.
Passcode generation is an offline process, which means that your application need not be connected to AuthMinder for generating passcodes.
■ LDAP Username-Password
AuthMinder supports LDAP authentication, where the user credentials in the directory service are used to authenticate users.