com.hidglobal.ia.service.otp

Interface AsyncOTPGenerator

All Superinterfaces:

OTPGenerator

public interface AsyncOTPGenerator
extends OTPGenerator

Computes OTP using externally provided challenge or transaction data.

Field Summary

Fields

Modifier and Type	Field and Description
static String	AUTHMODE_CHALLENGE_RESPONSE
static String	AUTHMODE_MUTUAL_CHALLENGE_RESPONSE
static String	AUTHMODE_SIGNATURE
static String	AUTHMODE_SIGNATURE_SERVER_AUTH

Method Summary

Modifier and Type	Method and Description
char[]	computeClientResponse(char[] password, char[] clientChallenge, char[] serverChallenge, InputAlgorithmParameters params) Compute the client response for one-way challenge-response with optional parameters.
char[]	computeResponse(char[] password, char[] challenge, InputAlgorithmParameters params) Compute the response for one-way challenge-response.
char[]	computeServerResponse(char[] password, char[] clientChallenge, char[] serverChallenge, InputAlgorithmParameters params) Compute the server response for one-way challenge-response or for two-way signature.
char[]	computeSignature(char[] password, char[] signatureChallenge, char[] clientChallenge, InputAlgorithmParameters params) Compute the signature for one-way or two-way signature.
char[]	formatSignatureChallenge(char[][] inputData) For transaction signing use cases, this method permits a challenge to be formatted according to standard based on several inputs provided by the user.
char[]	getChallenge() Returns a challenge according to format specified in OCRA suit for one-way use cases (challenge-response and signature).

Methods inherited from interface com.hidglobal.ia.service.otp.OTPGenerator

getAlgorithmParameters, getName, getStandardVersion, getType, getVersion

Field Detail

AUTHMODE_CHALLENGE_RESPONSE

static final String AUTHMODE_CHALLENGE_RESPONSE

See Also:

Constant Field Values

AUTHMODE_MUTUAL_CHALLENGE_RESPONSE

static final String AUTHMODE_MUTUAL_CHALLENGE_RESPONSE

See Also:

Constant Field Values

AUTHMODE_SIGNATURE

static final String AUTHMODE_SIGNATURE

See Also:

Constant Field Values

AUTHMODE_SIGNATURE_SERVER_AUTH

static final String AUTHMODE_SIGNATURE_SERVER_AUTH

See Also:

Constant Field Values

Method Detail

getChallenge

char[] getChallenge()

Returns a challenge according to format specified in OCRA suit for one-way use cases (challenge-response and signature). This method can be used by the client to provide the challenge to other parties (typically a server) so that it can authenticate the server using the asynchronous method.

Returns:

a challenge

computeResponse

char[] computeResponse(char[] password,
                       char[] challenge,
                       InputAlgorithmParameters params)
                throws InternalException,
                       UnsupportedDeviceException,
                       AuthenticationException,
                       InvalidPasswordException,
                       LostCredentialsException,
                       FingerprintAuthenticationRequiredException,
                       FingerprintNotEnrolledException,
                       PasswordRequiredException

Compute the response for one-way challenge-response. The params allows to pass additional data to compute the OTP. If there are no optional parameters, inputs can be omitted.

Parameters:

password - Password protecting the OTP key

challenge - Challenge

params - Additional data

Returns:

OTP value

Throws:

LostCredentialsException - if key securing the transaction have been wiped

InternalException - if an unexpected error occurred.

InvalidPasswordException - if password validation fails.

AuthenticationException - if password is incorrect

UnsupportedDeviceException - if device is not supported by policy.

FingerprintAuthenticationRequiredException - if fingerprint authentication is required by policy.

FingerprintNotEnrolledException - if fingerprint enrollment is required.

PasswordRequiredException - if required password was not provided and cached password is not available.

computeSignature

char[] computeSignature(char[] password,
                        char[] signatureChallenge,
                        char[] clientChallenge,
                        InputAlgorithmParameters params)
                 throws UnsupportedDeviceException,
                        AuthenticationException,
                        InvalidPasswordException,
                        InternalException,
                        LostCredentialsException,
                        FingerprintAuthenticationRequiredException,
                        FingerprintNotEnrolledException,
                        PasswordRequiredException

Compute the signature for one-way or two-way signature. For one-way signature, clientChallenge is empty. If there are no optional parameters, inputs can be omitted.

Parameters:

password - Password protecting the OTP key

signatureChallenge - Challenge to sign

clientChallenge - The challenge for the client

params - The params allow you to pass additional data

Returns:

OTP value

Throws:

LostCredentialsException - if key securing the transaction have been wiped

InternalException - if an unexpected error occurred.

InvalidPasswordException - if password validation fails.

AuthenticationException - if password is incorrect

UnsupportedDeviceException - if device is not supported by policy.

FingerprintAuthenticationRequiredException - if fingerprint authentication is required by policy.

FingerprintNotEnrolledException - if fingerprint enrollment is required.

PasswordRequiredException - if required password was not provided and cached password is not available.

computeClientResponse

char[] computeClientResponse(char[] password,
                             char[] clientChallenge,
                             char[] serverChallenge,
                             InputAlgorithmParameters params)
                      throws UnsupportedDeviceException,
                             AuthenticationException,
                             InvalidPasswordException,
                             InternalException,
                             LostCredentialsException,
                             FingerprintAuthenticationRequiredException,
                             FingerprintNotEnrolledException,
                             PasswordRequiredException

Compute the client response for one-way challenge-response with optional parameters. If there are no optional parameters, inputs can be omitted.

Parameters:

password - Password protecting the OTP key

clientChallenge - Client challenge

serverChallenge - Server challenge

params - Additional data

Returns:

OTP value

Throws:

LostCredentialsException - if key securing the transaction have been wiped

InternalException - if an unexpected error occurred.

InvalidPasswordException - if password validation fails.

AuthenticationException - if password is incorrect

UnsupportedDeviceException - if device is not supported by policy.

FingerprintAuthenticationRequiredException - if fingerprint authentication is required by policy.

FingerprintNotEnrolledException - if fingerprint enrollment is required.

PasswordRequiredException - if required password was not provided and cached password is not available.

computeServerResponse

char[] computeServerResponse(char[] password,
                             char[] clientChallenge,
                             char[] serverChallenge,
                             InputAlgorithmParameters params)
                      throws UnsupportedDeviceException,
                             AuthenticationException,
                             InvalidPasswordException,
                             InternalException,
                             LostCredentialsException,
                             FingerprintAuthenticationRequiredException,
                             FingerprintNotEnrolledException,
                             PasswordRequiredException

Compute the server response for one-way challenge-response or for two-way signature. If there are no optional parameters, inputs can be omitted.

Parameters:

password - Password protecting the OTP key

clientChallenge - Client challenge

serverChallenge - Server challenge

params - Additional data

Returns:

OTP value

Throws:

LostCredentialsException - if key securing the transaction have been wiped

InternalException - if an unexpected error occurred.

InvalidPasswordException - if password validation fails.

AuthenticationException - if password is incorrect

UnsupportedDeviceException - if device is not supported by policy.

FingerprintAuthenticationRequiredException - if fingerprint authentication is required by policy.

FingerprintNotEnrolledException - if fingerprint enrollment is required.

PasswordRequiredException - if required password was not provided and cached password is not available.

formatSignatureChallenge

char[] formatSignatureChallenge(char[][] inputData)
                         throws InvalidChallengeException

For transaction signing use cases, this method permits a challenge to be formatted according to standard based on several inputs provided by the user. Typically for OCRA see Appendix A of the Certificate profile.

Parameters:

inputData - Array of input data provided by the user.

Returns:

the fully formatted challenge to use in computeResponse method.

Throws:

InvalidChallengeException - if input data does not allow to format a valid challenge with respect to the OTP algorithm parameters