Four authentication modes of pinhandy – ACS APG8202 PINhandy 2 OTP Generator User Manual
Page 6
Document Title Here
Document Title Here
Document Title Here
APG8202 PINhandy 2 User Manual
Version 2.01
Page 6 of 9
www.acs.com.hk
3.0. Four Authentication Modes of PINhandy
PINhandy has four authentication modes: Identify, Respond, Sign and Advanced Sign modes.
During real transaction, cardholder selects the mode to be executed, which is usually instructed by the
authentication form on the Internet. (e.g. ‘Insert your payment card and select the Identify mode on
your personal card reader to log on to your bank account’)
• Identify mode - This mode can be used where one-time passwords are required. No
challenge, amount, or currency data is needed when using the APG8202. It may be used to
generate the one-time password for e-banking login.
• Sign mode - This mode provides a cardholder authentication function. It requires the
cardholder to input a challenge value (a set of decimal number of up to eight digits, usually
provided by the Online authentication form), and, depending on the configuration of the card
in use, the transaction amount and/or currency. It allows issuers to have the option to sign a
challenge value for services that involve amount and currency, like in an e-commerce
application.
• Respond mode - This mode can be used to implement challenge-response authentication.
This mode functions in exactly the same way as Sign mode, but it does not require the input
of currency and amount values. It allows issuers to have the option to sign a challenge value
for services that do not involve amount and currency. For example, to login an online banking
account.
• Advanced Sign mode - This mode connects the CAP token more closely with a specific
transaction and can be used for signing a particular payment. It requires the cardholder to
input the transaction data (e.g. the account number of person you are paying) into the card
reader, which may be supplied to the cardholder on the Internet authentication form, or by the
cardholder on the submitted form. The purpose of this mode is to obtain explicit cardholder
approval of the transaction data.