Login
    Contenu x
    Introduction
    • 27 Jan 2025
    • 1 Minute à lire
    • Impression
    • Sombre
      Lumière
    • PDF
    Contenu

    Introduction

    • Mis à jour le 27 Jan 2025
    • 1 Minute à lire
    • Impression
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    The OneSpan authentication technology relies on the fact that OneSpan customers share certain secrets with their end users. OneSpan provides the customer with these secrets in the form of a DPX file. The customer stores the secrets as a collection of Digipass BLOBs.

    A fundamental security requirement is that the secrets shared between customers and end users remain secret. This means that the secrets have to be protected at all times, including the transport of the DPX file and storage of the authenticator application BLOB. The protection of the DPX files and authenticator application BLOBs is based on cryptographic operations with keys, which need to be protected as well.

    OneSpan supports different key management options, with different levels of security. This document focuses on key management using the Thales ProtectServer or ProtectServer2 hardware security module (HSM). More specifically, it describes how to use these HSMs to safely manage the keys that are used to protect DPX files and Digipass application BLOBs.

    This document provides information about:

    • Protection mechanisms for DPX files and Digipass application BLOBs
    • The keys involved in the protection mechanisms
    • Thales ProtectServer key management utility (KMU)

    This document does not provide:

    • Information about the functions necessary to implement the Digipass family of authentication devices in a host system (refer to the Authentication Suite Server SDK C-C++ Programmer's Guide).
    • Information about the functions necessary to use Authentication Suite Server SDK with a hardware security module (refer to the Authentication Suite Server SDK for HSM C-C++ Programmer's Guide).
    • Information about fixed bugs and enhancements (refer to the Authentication Suite Server SDK Release Notes and the Authentication Suite Server SDK for HSM Release Notes).

    This document assumes that you have thorough knowledge of the following products:

    • Authentication Suite Server SDK for HSM
    • Thales ProtectServer hardware security module (ProtectServer Orange/Gold/External/Internal, ProtectServer2 External/Internal)
    • Thales ProtectServer HSM SDK: ProtectToolkit C

    As of version 4.0, OneSpan Authentication Server Framework has been renamed to Authentication Suite Server SDK. If not explicitly stated otherwise, any information and references to OneSpan Authentication Server Framework or VACMAN Controller also apply to Authentication Suite Server SDK.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle