Nexus TruID is a mobile two-factor (2FA) software token that is installed on a hardware device that the user already has, such as a smart phone, PC (Linux/Windows) or a Mac. The user enters a pin code into the soft token to generate a one-time password, OTP. This OTP is used to logon to the application or service.
To ease distribution of Nexus TruID, the included Distribution Service enables automated token distribution, installation and set-up. All the end-user has to do is follow an URL link sent by the server in an SMS and within seconds the user is equipped with TruID mobile two-factor authentication.
The TruID token generates a unique OTP for each user and for every authentication attempt. The user simply starts the app and enters their PIN to get the OTP. To generate the OTP, a unique seed is used in combination with a PIN and a random challenge or a user specific counter. To personalize each user's TruID client, it must carry a unique seed that is generated by the Digital Access Authentication Server.
Nexus TruID is available in two modes; Challenge and Synchronized. TruID Challenge requires a challenge response. Users enter their PIN and a server initiated challenge when generating OTPs. TruID Synchronized instead utilizes a user specific counter. Users simply enter their PIN to generate an OTP. This usually is simpler for the user, since there is no challenge to read and enter into the TruID token. The Synchronized mode includes support to re-synchronize the counter if the offset has been exceeded and time differential is too large.
For more information, see Brand TruID client.