Login
    Contenu x
    Protecting host files
    • 26 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Protecting host files

    • Mis à jour le 26 Nov 2024
    • 1 Minute à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    Since a DIGIPASS export file (DPX) contains all authenticator application data for an authenticator batch, it is vital that you protect those files during and after delivery and import.

    Transport keys are used to protect and decrypt DPX files during delivery and import. By default, DPX files are encrypted using software. If a higher level of security is required, it is possible to use a hardware security module (HSM) for encryption.

    Protecting host files using software encryption

    The sensitive authenticator application data is encrypted using a software-level transport key. You will receive the DPX file and the respective software-level transport key via separate communication channels.

    Protecting host files using a hardware security module (HSM)

    When using a hardware security module (HSM) to protect DPX files, the authenticator application data contains token keys encrypted using HSM-level transport keys. Those keys cannot be reconstructed or modified outside the HSM. The DPX file itself is encrypted using a software-level transport key. This means that token keys in DPX files are double-encrypted, while the remaining data is single-encrypted.

    Best practices: Handling host files

    • Limit file access. Limit the access to host files to the individuals who are responsible for importing authenticator records to OneSpan Authentication Server.
    • Store backup copies securely. Store backup copies (preferably encrypted) of host files in a secure location, preferably in a secure location without network connectivity.
    • Delete files after use. Host files used for import should be permanently deleted from the file system when the import operation has been completed. If you use multiple systems as temporary storage locations, immediately delete the host files from the temporary location as soon as you copy them.
    • Delete temporary files after import. OneSpan Authentication Server creates a backup copy of the host file in the local DPX folder (within the OneSpan Authentication Server installation folder), when importing the host file. After a host file has been successfully imported, you should delete the content of that DPX folder to avoid having unnecessary host files stored on the system.
    • Secure transport media. Secure any media used to deliver host files to you.
    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle