One time passwords
Author Image

By: Aivis Olsteins

In News

2018-02-28

Usecase: One time password generator for application security

Username and password is no longer secure. Enter two-factor authentication.

Recently we had a change to show advantages of our Javascript based telephony engine by implementing SMS based one time password generation system to secure a mobile app. The operator wanted to verify the user by its phone number, i. e. send a short 6-digit passcode which user would enter in the app or website to verify their identity. The concept, known as 2 factor authentication, is not new, but provides much higher level of security compared to traditional username and password systems. Many online banking systems widely use it nowadays, however, ready made, out of the box solutions are rare. Partially that is due to the fact that technical details vary from case to case, API details, localization, etc.

We saw a great opportunity here to try out or script engine. And while it was originally developed for IVR and Voice, it was not difficult to add more functions to since the platform it runs on, SAARA, already supports Voice and SMS. The steps how the process would work was following:

  • Use RESTful API to receive request from application. The request would contain a phone number which needs to receive an OTP, and optionally a locale to use.
  • Generate a random, 6 digit code, and reply it back via same API call.
  • Create a message, respecting locale, and include the generated code.
  • Send an SMS, by means of external carrier

Technically, these were the main additions we made:

1. The ability to receive and parse API requests. In this case, our API received a JSON representing a request to generate a passcode:

{
"number": "12125551212",
"language": "en"
}

2. A random number generator. Standard Javascript is perfect here, and following peace of code generates a string of 6 randomly generated digits from 0 to 9. We had to introduce some string functions we didn't have before:

var passcode = ''; 
i = 0;
while(i < 6) {
passcode += Math.floor(Math.random() * 9);
i = i+1;
}

3. And finally, sending result by SMS:

sendSms({
to: dest_number,
from: source_number
text : "Your application code is: " + passcode,
});

I omitted language localization part, however, the above should give an idea how Script based Telehony engine can be used not only for IVR, but also text messaging.

About Author
Author Image

With more than 25 years in the industry, Aivis Olsteins is founder of DataTechLabs, and has been involved in every aspect of the company through its development. He has large expertise in telecom networks, databases, large data processing and other advanced technical topics.

Get in Touch

If you have something to say, please use the contact form below to get in touch with us. We will get back to you as soon as possible.

Mail Us

DataTechLabs SIA, Muzikas str 12A
Jurmala, LV-2008, Latvia.

Call Us

+371 67 65 25 28
+ 1 202 499 1550

E-mail Us

info@datatechlabs.com
support@datatechlabs.com