Login
    Contenu x
    Runtime parameters
    • 23 Jan 2025
    • 7 Minutes à lire
    • Sombre
      Lumière
    • PDF
    Contenu

    Runtime parameters

    • Mis à jour le 23 Jan 2025
    • 7 Minutes à lire
    • Sombre
      Lumière
    • PDF
    The content is currently unavailable in French. You are viewing the default English version.
    Résumé de l’article

    This chapter contains a list of runtime parameters and their possible values.

    The runtime parameters are very important as they modify the behavior of some specific features.

      Table: Runtime parameters
    ParameterDefault valuePossible values
    ParmCount23From 0 to 23. Indicates the number of successive parameters that may be used by the functions. Only used in the Authentication Suite Server SDK C native library and in the .NET wrapper. Not used by the Java wrapper.
    ITimeWindow100

    From 2 to 1000 TimeSteps.

    Determines the acceptable time difference between a Digipass authenticator and the host system for identification functions. This difference is adjusted to the last known shift for each authenticator. The time step is determined by the Digipass internal programming options.

    Refer to Concepts of OneSpan Authentication Suite Server SDK for more information on the time management of Authentication Suite Server SDK. This parameter can be set to dynamic or static (since version 3.5.0.3). If dynamic, the size of the window will increase as the time passes between the last and the next use of Digipass. Because of this feature, the dynamic window can be set smaller than a static window. TW_DYNAMIC_WINDOWS (in aal2sdk.h) is a bitmask indicator that can be used to determine whether ITimeWindow is dynamic or static.

    STimeWindow24

    From 2 to 500 TimeSteps.

    Determines the acceptable time difference between a Digipass authenticator and the host system for the signature functions. This difference is adjusted to the last known shift for each authenticator. The time step is determined by the Digipass internal programming options.

    This parameter can be set to dynamic or static (since version 3.5.0.3). If dynamic, the size of the window will increase as the time passes between the last and the next use of Digipass. Because of this feature, the dynamic window can be set smaller than a static window. TW_DYNAMIC_WINDOWS (in aal2sdk.h) is a bitmask indicator that can be used to determine whether STimeWindow is dynamic or static.

    DiagLevel0

    From 0 to 3. Level of diagnostic information generated by the validation and generation functions.

    0: No diagnostic info.

    >0: Diagnostic info about the authenticator application in the standard output.

    Not used in case of Authentication Suite Server SDK for HSM.

    GMTAdjust0

    From -86 400 to +86 400 seconds.

    GMT time adjustment in case the C language gmtime function does not provide an accurate value.

    CheckChallenge1

    From 0 to 4.

    Verifies or not if the challenge has been corrupted before the validation.

    0 : No challenge checking.

     1: Check the challenge in parameter of the validation function. This challenge must be the same as the last one generated by Authentication Suite Server SDK for this authenticator application BLOB. (The last challenge generated by Authentication Suite Server SDK is stored into the authenticator application BLOB and will be compared to the one provided during the validation function call.)

    2: Automatically use the last challenge generated by Authentication Suite Server SDK for this authenticator application BLOB during the validation. (Challenge in parameter of validation function will be ignored. The last challenge generated by Authentication Suite Server SDK is stored into the authenticator application BLOB and will be used automatically.) The generated challenge can be used for only one validation.

    3: Avoid Challenge/Response replay attack by allowing only one Challenge/Response authentication per Digipass time step. The authenticator application BLOB last challenge is not checked (challenge in parameter of validation function does not have to be the same as the last one generated by Authentication Suite Server SDK).

    4: Avoid Challenge/Response replay attack by rejecting the second response if responses from two consecutive authentication requests are equal and in the same Digipass time step. The authenticator application BLOB last challenge is not checked (challenge in parameter of validation function does not have to be the same as the last one generated by Authentication Suite Server SDK).

    IThreshold0

    From 0 to 255.

    Number of successive identification errors that cause server-side locking of the authenticator application BLOB. When the specified number is reached, return code 202 is sent to the caller, e.g. 3 validations have failed for one authenticator application BLOB, and its error count is 3. If IThreshold has been set to 3, further calls to AAL2VerifyPassword() will return 202.

    0: This feature is disabled.

    SThreshold0

    From 0 to 255.

    Number of successive signature errors that will cause server-side locking of the authenticator application BLOB. When the specified number is reached, return code 203 is sent to the caller, e.g. 3 validations have failed for one authenticator application BLOB, and its error count is 3. If SThreshold has been set to 3, further calls to AAL2VerifySignature() will return 203.

    0: This feature is disabled.

    ChkInactDays0

    From 0 to 1024.

    Acceptable number of days of user/authenticator inactivity. If this number is exceeded, return code 205 will be generated and the authenticator application BLOB will have to be reset.

    0: This feature is disabled.

    DeriveVector0

    From 0x00000000 to 0x7FFFFFFF.

    Vector used to make data software encryption unique for a host.

    SyncWindow6 hours

    From 1 to 512.

    The initial synchronization time window for the first verification of an authenticator application BLOB. This parameter allows the verification process to calculate the initial deviation between a Digipass time and the Authentication Suite Server SDK GMT time.

    IMPORTANT: This value is expressed in hours or minutes. (InitTimeWindow=(max (STimeWindow or ITimeWindow),SyncWindow))

    By default, SyncWindow is expressed in hours. The SW_UNIT_MINUTE (in aal2sdk.h) is a bitmask indicator to determine whether the synchronization window is expressed in minutes rather than in hours. The value of SyncWindow can be configured to use either of these units.

    SW_DISCRETE (in aal2sdk.h) is a bitmask indicator that can be used to activate the discrete time window feature.

    OnLineSG0

    From 0 to 3.

    Indicates the level of online signature.

    0: Signature verified in offline mode. Can be used for time and/or event-based signatures. The DeferredSignatureData parameter of the signature validation function can receive the Digipass time to use for the validation (DeferredSignatureData = 0 forces using the current time).

    1 (Recommended in most cases): Signature verified in online mode. Can be used for time and/or event-based signatures. Several signatures are allowed in the same Digipass time step (except identical successive ones).

    2: Signature verified in online mode. Can be used for time and/or event based signatures. Only one signature per Digipass time step is allowed.

    3: Signature verified in offline mode. Can be used for event-based signatures. The DeferredSignatureData parameter of the signature validation function must receive the event counter to use for the validation.

    EventWindow100

    From 10 to 1000.

    Indicates the validation event window size in number of iterations, which is the acceptable event counter difference between the authenticator application and host (authenticator application BLOB). This parameter applies only to event-based operating modes.

    HSMSlotId0

    From 0 to 60.

    HSM slot ID used to store HSM storage key and HSM transport key.

    HSMSlotId is only used with Authentication Suite Server SDK for HSM (except Authentication Suite Server SDK for nCipher HSM). It is not used with the Authentication Suite Server SDK software version.

    StorageKeyId0

    From 0 to 0x7FFFFF.

    HSM key ID used to encrypt the sensitive authenticator application BLOB data.

    The StorageKeyId is only used with the HSM versions of Authentication Suite Server SDK. It is not used with the Authentication Suite Server SDK software version.

    StorageKeyId only used if no StorageKeyName or EncryptionKeyName are provided in the HSM functions.

    TransportKeyId0x7FFFFF

    From 0 to 0x7FFFFF.

    HSM key ID used to decrypt the sensitive authenticator application BLOB data. This can be either of the following:

    • the ID of the HSM-level transport key used to encrypt the sensitive DPX data.
    • the ID of the HSM storage key used to decrypt the BLOB in case of storage key 1 to storage key 2 migration.

    The TransportKeyId is only used with the HSM versions of Authentication Suite Server SDK. It is not used with the Authentication Suite Server SDK software version.

    TransportKeyId only used if no DecryptionKeyName is provided in the HSM functions.

    StorageDeriveKey10

    Derivation key part 1 used to make data software encryption unique for a host.

    StorageDeriveKey20

    Derivation key part 2 used to make data software encryption unique for a host.

    StorageDeriveKey30Derivation key part 3 used to make data software encryption unique for a host.
    StorageDeriveKey40Derivation key part 4 used to make data software encryption unique for a host.
    StorageDeriveKey50Derivation key part 5 used to make data software encryption unique for a host.
    StorageDeriveKey60Derivation key part 6 used to make data software encryption unique for a host.
    StorageDeriveKey70Derivation key part 7 used to make data software encryption unique for a host.
    StorageDeriveKey80Derivation key part 8 used to make data software encryption unique for a host.

    The default values of the runtime parameters are applied if no kernel runtime parameters are provided to the function calls. In addition, the default value for a runtime parameter is also applied if the kernel runtime parameter is provided with a value outside of its acceptable range.

    Example: sTimeWindow = 1000. OneSpan Authentication Suite Server SDK will ignore this value because the sTimeWindow value must be between 2 and 500. Instead, the default value sTimeWindow = 24 will be used.

    Cet article vous a-t-il été utile ?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout
    ESC

    Ozzy, facilitant la découverte de connaissances grâce à l’intelligence conversationnelle