CA Mobile OTP is a One-Time Password compliant to OATH standards. The user uses the generated passcode at the Web application that is protected by CA Mobile OTP authentication. Based on the authentication result, the
user is granted access to the protected application.
The passcode generation is an offline process, which means the client application need not connect
to the authentication server for generating passcodes.
TOTP is time based OTP generated using the OATH standards. Auth window is considered when the generated OTP is valid as client and server will generate the OTP and server will offset any drift happened before so both generates the same OTP and validation succeeds. If the drift is beyond the Auth window it should fall under Synch window and recommendation is that this value should be higher like 100-100.
Auth and synch window is based upon seconds and look ahead and look back will mean that server will generate the OTP in between the look back and look ahead time step and then validate that.
Our recommendation is to have the look back and look ahead as 10-10 and synch windows as 100-100.
I do not have the white paper on CA Mobile OTP handy but found this link which can give some inputs.https://docplayer.net/8464601-Ca-arcototp-versatile-authentication-solution-for-mobile-phones.html