Section 1 : General Information
What is One-Time Password (OTP)?
One-time password (OTP) is an alphanumeric code that is valid for only one login session or transaction. OTPs are considered not vulnerable to replay attacks, making them a suitable security feature for online banking applications. However, OTPs are difficult to memorize. Thus, they require additional technology.
How are OTPs generated?
OTPs can be generated through the following methods: Time-Synchronization between the authentication server and the client Mathematical Algorithm based on Previous Password, where OTPs generated must be used in a predefined order Mathematical Algorithm based on a Challenge, where the challenge can be a random number chosen by the authentication server, or transaction details
What are Dynamic Password Generators?
Dynamic password generators are devices that generate OTPs to authenticate different operations/transactions. Some dynamic password generators are called security tokens. Users can carry around security tokens and generate OTPs by pressing a button or integrating a bank card into the token, which would then display the OTP on a small screen.
What are MasterCard CAP and Visa DPA?
Chip Authentication Program (CAP) is a MasterCard initiative and technical specification using EMV banking cards to authenticate users and transactions in online and telephone banking. The CAP specification defines a handheld device (CAP reader, which is the dynamic password generator) with a smartcard slot, a decimal keypad, and a display capable of displaying at least 12 characters. CAP is a form of 2-factor authentication, as both a smartcard and a valid PIN must be present for a transaction to succeed. VISA also introduced its own authentication method based on the CAP standard, Dynamic Passcode Authentication (DPA).
What are the different ACS Dynamic Password Generators?
APG8201 is a standalone handheld device for generating one-time passwords from the user’s EMV card and PIN. It is compliant to major banking standards such as EMV Level 1, MasterCard CAP and VISA DPA. APG8201 can also support PC-linked operations that can be used for Secure PIN Entry (SPE) to protect the PIN from security attacks. APG8202 is a standalone handheld device for generating one-time passwords from the user’s EMV card and PIN. It is compliant to major banking standards such as EMV Level 1, MasterCard CAP and VISA DPA.
Section 2 : Applications
In what types of applications can the APG8201, APG8202 and APG8205 be used?
The one-time password (OTP) functionality of the APG8202, APG8202 and APG8205 makes them suitable for online banking applications. The OTPs can serve as added security before several transactions like banking logons, online transactions and telephone orders can be performed. Also, APG8201 is equipped with a Secure PIN Entry (SPE) function, which ensures safe PIN entry and PIN change in a PC environment. The PIN is securely entered on the device rather than on the vulnerable PC or workstation, hence eliminating the possibility of a Virus/Trojan getting of the PIN. This security feature is helpful in home banking and government e-ID applications.
How do the APG8201, APG8202 and APG8205 use OTPs for online banking applications?
Generally, there are different modes to using OTP for online banking. Different modes would require different sets of information from users, e.g. challenge number, amount of money, account number, etc. For details, please refer to our demo video for a clearer presentation: http://www.apg8202.com/pages/dynamic-password-generators/demo
What are the cards supported by APG8201, APG8202 and APG8205?
The devices support MCU cards following the ISO 7816 standard, and cards using either T=0 or T=1 protocol.
What are the key features of APG8201, APG8202 and APG8205?
The devices support OTP (One-Time Password), Challenge-Response and Transaction Data Signing Modes. They also feature: Graphical LCD for logos and multiple-language characters Durable tactile keypad with 20 silicon rubber keys Monotone buzzer Two (2) CR2032 batteries Certifications/Compliance include: MasterCard® Chip Authentication Program (CAP) VISA Dynamic Passcode Authentication (DPA) EMV Level 1
How can APG8201, APG8202 and APG8205 help save money?
Financial institutions can distribute the devices to customers to minimize risks associated with sensitive data and online banking systems. More importantly, complicated device issuance or re-issuance strategies are no longer needed, lowering overall implementation cost. And since the APG8201, APG8202 and APG8205 also work as standalone devices, no specialized programming is required.