The MobilePASS+ SDK enables application developers to integrate the same features as the MobilePASS+ application into their applications. This includes functions such as one-time password (OTP) management, challenge-response, and login requests.

Upon receiving an activation string from the application, the SDK will communicate with the appropriate server and activate one of 3 types of tokens:

• Event-based (HOTP) - uses an internal counter

• Time-based (TOTP) - uses time intervals

• Challenge-Response (OCRA) - uses an internal counter and a challenge provided by the server

Based on server settings, one of two optional methods of protecting the token may be applied:

• User PIN tokens protect the token with a user defined PIN stored on the device

• Server PIN tokens do not store the PIN on device, and are provided as part of the OTP

• No PIN tokens provide no protection for the token

Once a user has a token and chooses a protection method, they can generate an OTP. In order to provide a more frictionless authentication experience, support for sending an OTP to the appropriate server via login requests (push notifications) is also supported by the SDK. This support may be toggled off or on.