Four authentication modes of apg8205 – ACS APG8205 OTP Generator User Manual

Page 7

background image

APG8205 – User Manual

Version 1.00

Page 7 of 8

3.0. Four Authentication Modes of APG8205

APG8205 has four authentication modes, respectively the Identify, Respond, Sign and Advanced
modes. During real transaction, cardholder selects the mode to be executed, which is usually
instructed by the authentication form on the Internet. (e.g., ‘Insert your payment card and select the
Identify mode on your personal card reader to log on your bank account’

Identify mode - This mode can be used where one-time passwords are required. No

challenge, amount, or currency data is needed when using the APG8205. It may be used to
generate the one-time password for e-banking login.

Sign mode - This mode provides a cardholder authentication function. It requires the

cardholder to input a challenge value (a set of decimal number of up to eight digits, usually
provided by the Online authentication form), and, depending on the configuration of the card
in use, the transaction amount and/or currency. It allows issuers to have the option to sign a
challenge value for services that involve amount and currency, like in an e-commerce

Respond mode - This mode can be used to implement challenge-response authentication.

This mode functions in exactly the same way as Sign mode, but it doesn’t require the input of
currency and amount values. It allows issuers to have the option to sign a challenge value for
services that do not involve amount and currency. For example, logging in an online banking

Advanced Sign mode - This mode connects the CAP token more closely with a specific

transaction and can be used for signing a particular payment. It requires the cardholder to
input the transaction data (e.g., the account number of person you are paying) into the card
reader, which may be supplied to the cardholder on the Internet authentication form, or by the
cardholder on the submitted form. The purpose of this mode is to obtain explicit cardholder
approval of the transaction data.