User Manual – DS3 OathToken J2ME Midlet
Contents
1. www dsssasia com User Manual DS3 OathToken J2ME Midlet OathToken User Manual V1 0 Page l of 25 DS3 Authentication Server www dsssasia com Revision History Date version Description rumor 10 02 2006 Preliminary Version The information contained in this document is the property of DSSS The contents must not be reproduced wholly or in part for purposes other than for which it has been supplied without the prior permission of DSSS or if it has been furnished under contract to another party as expressly authorised under that contract DSSS shall not be liable for any errors or omissions J2ME OATH Midlet Copyright 2005 2006 Data Security Systems Solutions Pte Ltd This program is free for commercial and non commercial use as long as Copyright remains Data Security Systems Solutions Pte Ltd DSSS and as such any Copyright notices in the software are not to be removed If this package is used in a product DSSS should be given attribution as the author of the parts of the software used This can be in the form of a textual message at program startup or in documentation on line or textual provided with the package THIS SOFTWARE IS PROVIDED BY DSSS AS IS AND ANY EXPRESS OR IMPLIED WARRANTIES INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT INDIRECT INCIDENTAL SPEC2. Remove The user is required to enter his current PIN once to remove his PIN Name Description 00000 Current PIN Current PIN to protect the OTP in numeric e g 123456 The user selects Remove on the menu to confirm He is brought back to the Ready Screen explained in Section 2 1 OathToken User Manual V1 0 Page 20 of 25 DS3 Authentication Server PO www dsssasia com 2 11 Manage Label Screen Bank ABC default s iank AYE 4 Display Bank Xr z 5 uit The options on this screen follow e Set Default Label option This is used when the user wishes to set an existing label as the default label He clicks the label of his choice and selects this option He is brought to the Ready Screen explained in Section 2 1 e Add Label option This is used when the user wishes to add an oath token under a new label Selecting this option brings the user to the Oath Token Initialization Screen explained in Section 2 2 OathToken User Manual V1 0 Page 21 of 25 DS3 Authentication Server PO www dsssasia com e Display Label option OathToken User Manual V1 0 The number of Display Label options shown depends on how many labels had been set For example Bank XYZ label has been set This will be shown as Display Bank XYZ on the menu Selecting this option will bring the user to the PIN Verification Screen of this selected label explained in Section 2 6 if he had set a PIN to protect this l
3. user wishes to initialize a new oath token under a new label Selecting this option brings the user to the Manage Label Screen explained in Section 2s e Display Label option The number of Display Label options shown depends on how many labels had been set For example Bank XYZ label has been set This will be shown as Display Bank XYZ on the menu Selecting this option will bring the user to the PIN Verification Screen of this selected label explained in Section 2 6 if he had set a PIN to protect this label setting Selecting this option will bring the user to the Display OTP Screen of this selected label explained in Section 2 7 if he had not set any PIN to protect this label setting OathToken User Manual V1 0 Page 12 of 25 DS3 Authentication Server PO www dsssasia com 2 Display OTP Screen 546865 Exp 58 At this screen the OTP is generated and displayed for 60 seconds before the user is brought to the Ready Screen explained in Section 2 1 OathToken User Manual V1 0 Page 13 of 25 DS3 Authentication Server PO www dsssasia com 2 7 1 The Options Available When PIN Is Set 864460 Note that there are additional options on the Display OTP screen when the user s PIN is set e Change PIN option This is used when the user wishes to change his PIN Selecting this option brings the user to the Change PIN Screen explained in Section 2 9 e Remove PIN option This is used when the user wishes to rem
4. IAL EXEMPLARY OR CONSEQUENTIAL DAMAGES INCLUDING BUT NOT LIMITED TO PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES LOSS OF USE DATA OR PROFITS OR BUSINESS INTERRUPTION HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY WHETHER IN CONTRACT STRICT LIABILITY OR TORT INCLUDING NEGLIGENCE OR OTHERWISE ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE OathToken User Manual V1 0 Page 2 of 25 DS3 Authentication Server O www dsssasia com Contents REVISION HISTOR Yo iia 2 CONTENTS Anaa e a N 3 E INTRODUCTION a E A a a eoe ebat oue aR 4 2 MIDLET SCREEN FLOWS tin tasado 5 2 1 READY SCREENS a De ibt A eeu e ee LA EI Ica 5 2 2 OATH TOKEN INITIALIZATION SCREEN ccccccsccsceccecceccscescccsccscescecessesceseeses 7 2 3 SEED DISPLAY SCREEN Li icon oie 8 2 4 SET PIN REQUEST SCREEN carnada 9 25 A anne na en ee A aerate ee Te SRD eer 10 2 6 PIN VERIFICATION SCREEN ccccscsccscscscecceccscescescscescscesescescescesencescescess 11 2 DISPLAY OTP SCREEN aimer e tants 13 Zo sd The Options Available When PIN Is Set sss 14 Ded The Options Available When PIN Is Not Set cccccccccccccccccccccsese ne esesseeeeees 16 2 8 DELETE LABEL SCREEN xcci bass eto uS bete e le toic done stt do 18 2 9 CHANGE PIN SCREEN odio dia 19 2 10 REMOVE PIN SCREEN e Mee UL 20 2 11 NIANAGE LABEL SCREEN citada 2 2 12 SCREEN SITEMAP 22 22 nilo oH A M eus ao eso Neh oc 23 3 FREQUENTLY ASKED QUESTIO
5. NS eee eoe ene o o een o o aeneo aene on eese onsoe 24 OathToken User Manual V1 0 Page 3 of 25 DS3 Authentication Server PO www dsssasia com 1 Introduction The OathToken MIDlet application is an extension of the flagship product of DS3 the Authentication Server The application that is specially developed to be installed on handheld device functions as another mobile authentication token conveniently used by the user to authenticate herself to the Authentication Server It allows the user to make use of the OATH HOTP algorithm see http www openauthentication org to generate one time passwords for strong 2 factor authentication This document is the user guide for this MIDlet application and walks the user through all the possible screen steps The diagram below illustrates that using this MIDlet it is possible to register oathtokens for different organization using unique labels A maximum of 5 labels is supported by this midlet 225033 UserID Password 225033 Exp 58 orr 75 Exp 58 p eeseee Bank XYZ Site OathToken User Manual V1 0 Page 4 of 25 DS3 Authentication Server PO www dsssasia com 2 MiDlet Screen Flows 2 1 Ready Screen When the application is selected on the handheld device the following screen appears At this screen the MIDlet application is ready to be launched To launch the MIDlet application the user clicks on the La
6. Options Available When PIN Is Not Set 977624 Note that there are additional options on the Display OTP screen when the user s PIN is not set e Set PIN option This is used when the user wishes to set a PIN top protect the OTP Selecting this option brings the user to the Set PIN Screen explained in Section 2 5 e Delete Label option This is used when the user has forgotten his password and cannot be verified Selecting this option brings the user to the Delete Label Screen explained in Section 2 8 This allows the user to decide whether to delete the oath token associated with the label and do the re initialization again if required OathToken User Manual V1 0 Page 16 of 25 DS3 Authentication Server PO www dsssasia com e Manage Label option This is used when the user wishes to switch over to an oath token identified by other labels or the user wishes to initialize a new oath token under a new label Selecting this option brings the user to the Manage Label Screen explained in Section 2 11 e Display Label option OathToken User Manual V1 0 The number of Display Label options shown depends on how many labels had been set For example Bank XYZ label has been set This will be shown as Display Bank XYZ on the menu Selecting this option will bring the user to the PIN Verification Screen of this selected label explained in Section 2 6 if he had set a PIN to protect this label setting Selecting this option will bri
7. abel setting Selecting this option will bring the user to the Display OTP Screen of this selected label explained in Section 2 7 if he had not set any PIN to protect this label setting Page 22 of 25 DS3 Authentication Server www dsssasia com No PIN Set 2 12Screen indio ia og pes p PIN Set 1st Label Init Ds YES 344 a DET En Menu d er a Quit ME aa En se d AS y N 4 PNG j 1 T 7 E ato i gt a Seed Displa Display OTP Ready Screen Init Screen play Set PIN Request Set PIN isplay Screen Screen S Screen creen Add Label ain 4 Display Bank XYZ 5 Quit Set PIN Screen Remove PIN Change PIN Screen Screen Delete Label 2 Screen Manage Label Screen Set Default Label Ready Screen OathToken User Manual V1 0 Page 23 of 25 DS3 Authentication Server PO www dsssasia com 3 Frequently Asked Questions This section contains a list of frequently asked questions regarding the usage of the oathdsss token Do have to pay for using this software No The J2ME midlet software is distributed for use free of charge Why is DSSS distributing this software DSSS s
8. age of the token by matching the usage count with the event counter in the back end verification system OathToken User Manual V1 0 Page 24 of 25 DS3 Authentication Server PO www dsssasia com e think I ve encountered a bug in your software How do I provide feedback on it We welcome all feedback on the software Please send a mail to support dsssasia com Thank you e represent an organization interested to implement a 2 factor authentication solution What do need The software is one half of the 2 factor authentication solution Your organization has to implement the back end verification system in order to complete the loop Since the OATH algorithm is publicly available there are already backend authentication solutions that will support this token The DSSS Authentication Server is one of such solutions OathToken User Manual V1 0 Page 25 of 25 DS3 Authentication Server
9. enter his PIN twice to set his PIN PIN PIN to protect the OTP in numeric e g 123456 PIN Again PIN to protect the OTP in numeric This PIN must match the previous entered PIN e g 123456 After the matching PINs are entered the user selects Set on the menu to confirm He is brought back to the Ready Screen explained in Section 2 1 OathToken User Manual V1 0 Page 10 of 25 DS3 Authentication Server PO www dsssasia com 2 6 PIN Verification Screen ie OK 2 Delete Label 3 Manage Label 4 Display Bank XY I The user is required to enter his PIN for verification Name Description Enter PIN PIN to unlock for displaying OTP in numeric e g 123456 After the PIN is entered the user selects OK on the menu to confirm If he is correctly verified he is brought to the Display OTP Screen explained Section 2 7 OathToken User Manual V1 0 Page 11 of 25 DS3 Authentication Server O www dsssasia com Note that there are additional options on this screen e Delete Label option This is used when the user has forgotten his password and cannot be verified Selecting this option brings the user to the Delete Label Screen explained in Section 2 8 This allows the user to decide whether to delete the oath token associated with the label and do the re initialization again if required e Manage Label option This is used when the user wishes to switch over to an oath token identified by other labels or the
10. ght to the Seed Display Screen explained in Section 2 3 OathToken User Manual V1 0 Page 7 of 25 DS3 Authentication Server PO www dsssasia com 2 3 Seed Display Screen Please register it with the service provider before proceeding Seed QABA 5624504 A 752B478C4 amp 2FB7FB3D The user is requested to register the generated seed with the Authentication Server NOTE It is important that this seed is kept secret as it is used for the generation of the one time passwords It is only displayed once upon the generation to allow for a user self registration with the authentication service provider After the registration the user selects OK on the menu he is brought to the oet PIN Request Screen explained in Section 2 4 OathToken User Manual V1 0 Page 8 of 25 DS3 Authentication Server PO www dsssasia com 2 4 Set PIN Request Screen The user is requested to decide whether to set a PIN to protect the OTP If he selects NO on the menu he will be brought to the Display OTP Screen explained in Section 2 7 If he selects YES on the menu he will be brought to the Set PIN Screen explained in Section 2 5 The user can change his mind subsequently on whether to use a PIN to protect the OTP OathToken User Manual V1 0 Page 9 of 25 DS3 Authentication Server PO www dsssasia com 2 5 Set PIN Screen Cot PI pci rum xxxktkk PIH The user is required to
11. ng the user to the Display OTP Screen of this selected label explained in Section 2 7 if he had not set any PIN to protect this label setting Page 17 of 25 DS3 Authentication Server PO www dsssasia com 2 8 Delete Label Screen Delete abe E Are you sure oath token of label Bank 46 vill be deleted The user is requested to confirm the deletion of the oath token associated with the current label If he selects NO on the menu the oath token will not be deleted and he will be brought back to the Ready Screen explained in Section 2 1 If he selects YES on the menu the oath token will be deleted and he will be brought back to the Ready Screen explained in Section 2 1 OathToken User Manual V1 0 Page 18 of 25 DS3 Authentication Server PO www dsssasia com 2 9 Change PIN Screen The user is required to enter his old PIN once and new PIN twice to change his PIN Name Description 0000 Old PIN Current PIN to protect the OTP in numeric e g 123456 New PIN New PIN to protect the OTP in numeric e g 654321 New PIN Again New PIN to protect the OTP in numeric This PIN must match the previous entered New PIN e g 654321 The user selects Change on the menu to confirm He is brought back to the Ready Screen explained in Section 2 1 OathToken User Manual V1 0 Page 19 of 25 DS3 Authentication Server PO www dsssasia com 2 10Remove PIN Screen 1
12. ove his PIN Selecting this option brings the user to the Remove PIN Screen explained in Section 2 10 e Delete Label option This is used when the user has forgotten his password and cannot be verified Selecting this option brings the user to the Delete Label Screen explained in Section 2 8 This allows the user to decide whether to delete the oath token associated with the label and do the re initialization again if required OathToken User Manual V1 0 Page 14 of 25 DS3 Authentication Server PO www dsssasia com e Manage Label option This is used when the user wishes to switch over to an oath token identified by other labels or the user wishes to initialize a new oath token under a new label Selecting this option brings the user to the Manage Label Screen explained in Section 2 11 e Display Label option OathToken User Manual V1 0 The number of Display Label options shown depends on how many labels had been set For example Bank XYZ label has been set This will be shown as Display Bank XYZ on the menu Selecting this option will bring the user to the PIN Verification Screen of this selected label explained in Section 2 6 if he had set a PIN to protect this label setting Selecting this option will bring the user to the Display OTP Screen of this selected label explained in Section 2 7 if he had not set any PIN to protect this label setting Page 15 of 25 DS3 Authentication Server PO www dsssasia com 2 7 2 The
13. unch button Note that due to different device designs from various device manufacturers the appearance of the options for the user to select will be different If no label has not been set he will be brought the Oath Token Initialization Screen explained in Section 2 2 If more than one label has been set and he had set a PIN to protect the label setting during the initialization steps he will be brought to the PIN Verification Screen of the default label explained in Section 2 6 OathToken User Manual V1 0 Page 5 of 25 DS3 Authentication Server PO www dsssasia com lf more than one label has been set and he had not set any PIN to protect the label setting during the initialization steps he will be brought to the Display OTP Screen of the default label explained in Section 2 7 OathToken User Manual V1 0 Page 6 of 25 DS3 Authentication Server PO www dsssasia com 2 2 Oath Token Initialization Screen nitialize oath token Label Bank ABC Seed Length 16 24 416 The user is required to enter a few settings to generate the seed value for registration with the Authentication Server Name Description 000000000 Label The label to identify this oath token in alphanumeric e g ABC Bank Seed Length The length of the seed in bytes between 16 and 24 ee ee OTP Length The length of the One Time Password ASS After the settings are entered the user selects Initialize on the menu to confirm He is brou
14. upplies backend infrastructure 2 factor authentication solutions DSSS is also an adopting member of the OATH initiative The distribution of this software is to promote awareness and acceptance in the use of alternative 2 factor authentication products for securing user access What phones do this token run on This token has been written in J2ME MIDP 1 0 using the minimal libraries to ensure compatibility with as many phones as possible The software has been tested on Nokia Series 40 60 and 80 Sony Ericsson O2 and Blackberry I ve installed it on my phone What do I do with it During the configuration of the token upon start the token will generate the secret seed which you require to register with your organization s authentication backend This allows for the backend system to be able to authenticate your one time passwords Is the token one time password secure The one time password OTP is generated using an event based response only standard proposed by the OATH initiative called HOTP lt relies heavily on the irreversibility of SHA 1 to compute the OTP See http www openauthentication org It has been reviewed by many experts and no known vulnerability exists Can the secret seed be stolen How do protect it The secret seed is stored on the phone encrypted In order to prevent any compromise you should use a user PIN to protect access to the seed Also as the OATH algorithm is event based you can track us
Download Pdf Manuals
Related Search