User's Manual
22
The Blob must be updated after each successful use by the authentication functions. When a function ends in error, the
Blob has not been modified and therefore it is not necessary to update it
4
.
7.2.1 WebOTP
The WebOTP authentication takes place through a single communication from the user to the server. The server
receives a 20 byte-long data string which is checked via function webotp_authenticate().
int webotp_authenticate(struct webotp_context* context, webotp_time_t now, const
unsigned char* packet_ptr, char* blob_ptr, unsigned blob_size);
The webotp_autenticate() function authenticates the user by using the received data packet and by using the time
information present in the Blob.
int webotp_identify(struct webotp_context* context, const unsigned char*
packet_ptr, unsigned* id);
The webotp_identify() function is used for extracting the user’s identity directly for the information received by the user
before performing the authentication.
Using this function is needless in case you already know which user is being dealt with and the Blob is already at
disposal for authentication. If the user is unknown instead, it is possible to obtain the serial number of the device and
from this datum identify the Blob to use for authentication.
7.2.2 WebCHR
The WebCHR authentication occurs via a double communication between server and user. The server generates an 8
bytes random data packet which is then sent to the user and is used for calling up the webchr_setup()function. The user
answers with a 20 byte-long data packet which the server checks through the webchr_authenticate() function.
int
webchr_setup
(struct webotp_context* context, webotp_time_t now, const
unsigned char* random_ptr, char* blob_ptr, unsigned blob_size);
The webchr_setup() function is used for storing the random data packet sent to the user in the Blob, which will then be
used for authentication. The data packet can be generated through the function webotp_random() or through a random
data external source.
int webchr_authenticate(struct webotp_context* context, webotp_time_t now, const
unsigned char* packet_ptr, char* blob_ptr, unsigned blob_size);
The webchr_authenticate() function is used for checking the answer received from the user by means of the information
contained in the Blob.
7.2.3 WebSMS
The WebSMS authentication, similarly to the WebCHR, occurs via a double communication between server and user.
The server generates a random data packet, encodes it through the websms_encode() function in order to send it to the
user under alphanumeric string format and uses the websms_setup() function for setting up the authentication. The user
answers with the same received string, that the server decodes through the websms_decode() functions and check with
websms_authenticate().
int
websms_encode
(const char* charset, unsigned char* random_ptr, unsigned
random_bit, char* string_ptr, unsigned string_size);
The websms_encode() function encodes a data field into a character string. It is possible to specify the number of bits to
use and the character set for encoding. This function deletes any unused bits from the random_ptr parameter, so that the
next call up to websms_setup() takes only the actually used bits into account. The random data packet can be generated
through the function webotp_random() or through a random data external source.
int websms_setup(struct webotp_context* context, webotp_time_t now, const
unsigned char* random_ptr, char* blob_ptr, unsigned blob_size);
The websms_setup() function is used for storing the random data packet sent to the user in the Blob, which will then be
used for authentication.
int websms_decode(const char* charset, const char* string_ptr, unsigned
string_size, unsigned char* random_ptr);
4
The only exception is the websms_authenticate() function which requires to limit the number of access
attempts.