Login
    Contenu x
    DPX encryption
    • 23 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    DPX encryption

    • Mis à jour le 23 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    In the course of the DPX file encryption process, the token keys may first be encrypted by an HSM-level transport key. Then, these encrypted keys are embedded in the DPX file and encrypted in the normal way. Thus, the keys in the DPX file are double-encrypted, and the remaining data is single-encrypted.

    When importing the DPX file, the DPX-to-BLOB conversion is performed by the software. The (unmigrated) BLOB contains token keys encrypted with an HSM-level transport key. The migration function is used to decrypt the token keys with the HSM-level transport key and to re-encrypt them with the HSM-level storage key. Depending on the HSM type, other data of the final migrated BLOB will be protected either on a hardware level or on a software level. The token keys are never exposed during this process.

    Software DPX file encryption

    In case of standard DPX file encryption, the DPX file is generated by OneSpan and encrypted with a software-level DPX transport key only.

    Figure: Flow of keys and DPX file with software DPX file encryption illustrates the flow of keys and the DPX file between the customer and OneSpan:

    1. OneSpan generates the software-level DPX transport key, generates and encrypts the DPX file, and sends the DPX file to the customer.
    2. OneSpan sends the software-level DPX transport key to the customer.

    Figure:  Flow of keys and DPX file with software DPX file encryption

    HSM DPX file encryption

    In case of double DPX file encryption, the customer needs to generate the HSM-level DPX transport key and, protected with a key encrypting key, distribute it to OneSpan. This key allows OneSpan to proceed to the double-encryption of the DPX file.

    Figure: Flow of keys and DPX file with HSM DPX file encryption illustrates the flow of keys and the DPX file between the customer and OneSpan:

    1. The customer generates the HSM-level DPX transport key and sends it to OneSpan, encrypted with a key encrypting key (KEK).
    2. The customer sends the key encrypting key to OneSpan.
    3. OneSpan generates the software-level DPX transport key, generates and double-encrypts the DPX file, and sends the DPX file to the customer.
    4. OneSpan sends the software-level DPX transport key to the customer.

    Figure:  Flow of keys and DPX file with HSM DPX file encryption

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle