search cancel

CA Strong ArcotOTP-OATH (TOTP)

book

Article ID: 253803

calendar_today

Updated On:

Products

CA Strong Authentication CA Advanced Authentication

Issue/Introduction

I would like to know how the correlation between the users' USERNAME and the seed generated at the time of enrollment and authentication (seed that is stored in the ARWFARCOTOTP table and SHAREDSECRET column) works?

That is, the "string value" generated and encrypted that is store in the SHAREDSECRET column have some specific mechanism that makes use of the USERNAME value?

Finally, I would like to know too, How "string values"/seeds stored in the SHAREDSECRET column are encrypted? The CA Strong uses Master Key to do that?

Environment

Release : 9.1

Strong authentication

Resolution

Username is referenced in UserRefID column from the ARWFARCOTOTP table and that USerRefID has the corresponding username listed in ARUDSUSER table so in the transaction, the username will be fetched from the ARUDSUSER table.
The seed is encrypted with the PIN if you are using the HOTP and then 3DES encrypted and stored in the SHAREDSECRET column. MasterKey is only used for encrypting the contents of the securestore.enc file which contains the connectivity parameters for database.

Additional Information

https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/advanced-authentication/9-1/installing/ca-mobile-otp-client-installation/user-self-service-operations-using-the-ca-mobile-otp-desktop-client/how-to-work-with-ca-mobile-otp.html