Enabling the SEE activation feature

Usage of the Authentication Suite Server SDK SEE machine signed by OneSpan requires HSM(s) to have the SEE unrestricted activation (EU+10) feature or SEE restricted activation (ROW) feature enabled to allow SEE machine upload.

The customer must enable the SEE activation feature (either unrestricted or restricted) for any HSM that will be used with the Authentication Suite Server SDK SEE machine. This can be done using the nfast command line tool fet (Feature Enable Tool). This tool allows to enable the SEE activation feature either from an activation card (supplied by Entrust nShield) inserted in the slot of the corresponding HSM module, or from a file (supplied by Entrust nShield).

For more instructions to use the fet tool, refer to the Entrust nShield product documentation.

Once the SEE activation feature is enabled, you should verify with fet that all the HSMs have either the SEE unrestricted activation (EU+10) feature or SEE restricted activation (ROW) feature enabled:

> fet
                            Feature Enable Tool
                            ===================
                      payShield Activation
                      |   ISO Smart Card Support
                      |   |   Remote Operator
                      |   |   |   Korean Algorithms
                      |   |   |   |   SEE Activation (EU+10)
                      |   |   |   |   |   SEE Activation (Restricted)
                      |   |   |   |   |   |   CodeSafe SSL
                      |   |   |   |   |   |   |   Elliptic Curve algorithms
                      |   |   |   |   |   |   |   |   Elliptic Curve MQV
                      |   |   |   |   |   |   |   |   |   Accelerated ECC
Mod   Electronic      |   |   |   |   |   |   |   |   |   |
No.  Serial Number
 1 4563-7119-6374 -- NO  NO  NO  NO  YES NO  NO  NO  NO  NO
 2 5673-112E-68AD -- NO  NO  NO  NO  NO  YES NO  NO  NO  NO

Reading card in slot 0 of module 1.
Non-FEM card found in module 1 slot 0.

Reading card in slot 0 of module 2.
Non-FEM card found in module 2 slot 0.

0. Exit Feature Enable Tool.
1. Read FEM certificate(s) from a smart card or cards.
2. Read FEM certificate from a file.
3. Read FEM certificate from keyboard.
4. Write table to file.

Enter option :

In case of HSMs that will use the SEE unrestricted activation (EU+10) feature, the feature activation can be done alternatively via the front panel of the HSM in menu 2-3-1/2-3-2: HSM > HSM feature enable > Read FEM from card/Read FEM from a file.

In case of HSMs that will use the SEE restricted activation (ROW) feature, the activation must be executed using the fet command line tool on the client machine that will have to upload the Authentication Suite Server SDK SEE machine (see Automatically upload and start the Authentication Suite Server SDK SEE machine). This is necessary to have the client machine receiving the dynamic Feature Enabling certificate chain corresponding to the SEE restricted activation (ROW) feature. If the feature is not reported as enabled by the fet tool, it will not be possible to upload the Authentication Suite Server SDK SEE machine from that client machine.