User's Manual
27
3.
Call of DecryptPIN method of the server ActiveX for decrypting the response sent by the client and
returned by the call to Request.Form("PIN"). As illustrated in figure 5.4 the server computes the
response with the User-Id and the Server Secret again. If the verification is successful the User-Id is stored
in the PIN variable of the server ActiveX.
4.
With the call to GetLastError the correct execution of the la test call to the server ActiveX is checked;
in this case the response decryption is checked. In this case the user is verified for the possession of a
WebIdentity token properly initialized by the same service (that is, initialized with its Server secret
Application("wi_Password")
).
Table 5.4 – Association of software functions /methods for authentication.
Function Method Description Component
Challenge Generation
InitRndSessionString
Generation of time-variable
Random Session String.
Server
Response Computation
ReadPin
Computation of response by
using the WebIdentity token
Client
Response Verification
DecryptPin
Re-computation of the response
for comparison with the client-
sent response and extraction of
the User-Id.
Server