Choose your language
Back to startpage

DynaPass - OTP Services

DynaPass "Cloud" Service

Protect your Internet servers and applications using SMS based OneTime Passwords.
  • Using industy standard Web Service API
  • Use a Hosted "Cloud" service or run your own Local service
  • Easy to protect your web server
  • Easy to protect your applications
  • Easy to protect individual transactions
  • Adds generic SMS Service to any application
  • True Zero-Footprint. No client sw/hw deployment needed

How does it work?
The DynaPass OTP (One-Time Password) Server implements a set of Web Services that allows the application to create One-Time Passwords and send them to the user cell phone using SMS (Short Message Service) often called Text Message in USA and UK. The application can then request the user to enter the OTP in the application screen and validate it using a service call. Password aging and max retry is handled by OTP server. Messages from the user to the application can also be received through the OTP server and routed to the correct application through services implemented by the application. A single OTP server can handle multiple Applications and multiple Message providers. The DynaPass OTP Service is scalable and can run as a Hosted Web Service for multiple Customers and Applications, or as a private Service in your local environment.

What does the application need to do?

The OTP server keeps all users for an application in a database. It contains the UserID, ApplicationID, optional PIN and the user cell phone number. Before any message can be exchanged with a user, the UserID must be added to the user table for the application.  When the applications wants to create a new OTP, it calls the SendOTP service with the UserID and some optional parameters. The OTP service creates a fresh password and sends it to the user cell phone.  When the user has received the OTP and entered it into the application screen, the application calls the "VerifyPassword" service to check that the password is correct. If the password is correct, it is removed by the OTP server and cannot be used again. If the password is wrong, the application can chose to let the user re-enter the OTP and call "VerifyPassword" again until the max number of retries is exceeded, then the password is automatically removed from the OTP server and cannot be used again. Notification messages can be sent to a user through a generic Notification Service call.

Incoming messages

The OTP Server supports a set of pre-defined message commands from the user.  These are automatically handled according to local PTT authority regulations. Your application can register a Web Service that will be called to handle other incoming messages received on a specific channel. If a user cell phone is registered on multiple applications, keywords supplied in the application registration call can be used to sort out which applications should receive incoming messages.  If no parameter is supplied, the message will be routed to all applications where the cell phone number is registered.


Winner Red Herring 2010 Global 100 Award

WBI Awards


© Copyright 2004-2022 by April System Design