Login
    Contenu x
    Integration concept
    • 23 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Integration concept

    • Mis à jour le 23 Jan 2025
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Figure: Authentication Suite Server SDK for HSM integration concept

    The Authentication Suite Server SDK BLOBs, which contain token profile and keys, remain on the host computer, where the Authentication Suite Server SDK host API can access only the less sensitive parameters. The token keys and secrets can only be accessed within the HSM. As a result of this and to minimize the amount of code inside the HSM, functional partitioning between the two modules is organized as follows:

    All Authentication Suite Server SDK functionalities that use the secured values inside the authenticator application BLOB will run inside the HSM (e.g. password validation functionality, signature validation functionality etc.). The input for the routines associated with these functionalities is serialized and sent from the host computer into the HSM. The output, including the updated BLOB, is returned in a serialized format to the host computer. Authentication Suite Server SDK on the host computer will then convert it back into the format as defined in the Authentication Suite Server SDK API.

    All Authentication Suite Server SDK functionalities that do not use any secured values inside the BLOB will run on the host computer only, without access to the HSM.

    These functionalities are not fully identical to the routines of the standard Authentication Suite Server SDK because of the different BLOB encryption.

    Some extra Authentication Suite Server SDK APIs are added to the host computer, which organizes the generation and processing of input and output parameters with the HSM. This code is independent of the HSM model (see HSM independence concept.) These APIs consist of:

    • The HSM input parameter validation
    • The serialization of input and output parameters, i.e. the conversion of Authentication Suite Server SDK structures into or from a string of bytes
    • The HSM output parameter validation

    The method for loading Authentication Suite Server SDK for HSM inside the HSM depends on the vendor. Some vendors require a firmware upgrade that has to be performed by their services. For these vendors, OneSpan can provide the routines (ANSI C-code) that need to be added to the HSM. Other vendors allow uploading third-party modules into the HSM, which are then signed (RSA-signature) to ensure that the correct module is uploaded.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle