Login
    Contenu x
    Protecting authenticator application BLOB data
    • 26 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Protecting authenticator application BLOB data

    • Mis à jour le 26 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    The authenticator application BLOB data contain all parameter settings and secret data of an authenticator application. To prevent unauthorized tampering, the authenticator application BLOB data is protected when it is stored in the OneSpan Authentication Server data store.

    The goal is to protect the confidentiality and integrity of the authenticator application BLOB data. In regard to confidentiality, the sensitive data in the authenticator application BLOB cannot be extracted or disclosed. The integrity is guaranteed, since the context of the authenticator application cannot be changed, e.g. the authenticator it belongs to and the user it is assigned to.

    Storage data keys and sensitive data keys are used to protect authenticator application BLOB data when it is stored. First, the authenticator application BLOB data is encrypted using a storage data key. The sensitive data key is used together with additional parameters, such as the authenticator serial number, the domain, and (optionally) the assigned user account to derive another key. The encrypted BLOB data is further encrypted using that derived sensitive data key.

    By default, authenticator application BLOB data is encrypted using software. If a higher level of security is required, it is possible to use a hardware security module (HSM) for encryption.

    Protecting authenticator application BLOB data using software encryption

    The sensitive authenticator application BLOB data is encrypted using a software-level storage data key and a software-level sensitive data key.

    Protecting authenticator application BLOB data using a hardware security module (HSM)

    When using an HSM to protect authenticator application BLOB data, the most sensitive information in the authenticator application data (token keys) is encrypted by the HSM. This is done by using long-term storage data keys and sensitive data keys of the HSM. Those keys cannot be reconstructed or modified outside the HSM.

    A hash value for the entire authenticator application BLOB is calculated to allow BLOB data integrity verification before performing any operation on it.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle