User's Manual
24
RANGE_COUNTER Maximum leap ahead of the event counter from the latest authentication.
The value is expressed in units. The default value is 1500.
RANGE_TIME_PAST Maximum fixed component of time error for devices with a past time value (device clock
is slower than normal).
The value is expressed in seconds. The default value is 30.
RANGE_TIME_FUTURE Maximum fixed component of time error for devices with a future time value (device
clock is faster than normal).
The value is expressed in seconds. The default value is 30.
FACTOR_TIME_PAST Maximum variable component of time error for devices with a past time value (device
clock is slower than normal).
The actual error value is given by the time elapsed from the latest authentication
multiplied by the specified factor.
The value is expressed in ppm (parts per million). The default value is 40.
FACTOR_TIME_FUTURE
Maximum variable component of time error for devices with a future time value (device
clock is faster than normal).
The actual error value is given by the time elapsed from the latest authentication
multiplied by the specified factor.
The value is expressed in ppm (parts per million). The default value is 10.
DELTA_TIME_CHR Maximum time elapsed between the generation of the CHR authentication code and its
use. Beyond this time it will not be possible to authenticate oneself by using the generated
code.
The value is expressed in seconds. The default value is 60.
DELTA_TIME_SMS Maximum time elapsed between the generation of the SMS authentication code and its
use. Beyond this time it will not be possible to authenticate oneself by using the code sent
via SMS.
The value is expressed in seconds. The default value is 180.
DELTA_COUNTER_SMS Maximum number of attempts allowed for an SMS authentication. Beyond this number of
unsuccessful authentications it will not be possible to authenticate oneself by using the
code sent via SMS.
The value is expressed in units. The default value is 10.
7.5.1 Input window for the counter field
The input window of the counter field with WebOTP and WebCHR protocols for event-based and time-based devices is
given by the RANGE_COUNTER parameter.
An error
Ε
of the counter field is accepted
only in a window equalling:
0 <
Ε
< RANGE_COUNTER
The width of the window does not represent a particularly meaningful element from the security point of view as the
counter is used only for avoiding reusing the authentications and not for guaranteeing authenticity.
7.5.2 Input window for the time field
The input window of the time field with WebOTP and WebCHR protocols for time-based devices is given by the
RANGE_TIME_PAST, FACTOR_TIME_PAST, TIME_FUTURE and FACTOR_TIME_FUTURE parameters.
An error
Ε
of the time field is accepted only in a window equalling:
-(RANGE_TIME_PAST + FACTOR_TIME_PAST * T) <
Ε
< (RANGE_TIME_FUTURE + FACTOR_TIME_FUTURE * T)
Where T is the time elapsed from the latest authentication. The width of the input window is therefore dependent on the
time elapsed from the latest authentication. The less time from the latest authentication, the narrower the window.
The width of the window is mainly due to the physical characteristics of the devices. The default values have been
chosen for guaranteeing operation even in the worst possible conditions of work and storage.