- 26 Nov 2024
- 1 Minute à lire
- SombreLumière
- PDF
Types of sensitive data
- Mis à jour le 26 Nov 2024
- 1 Minute à lire
- SombreLumière
- PDF
Different security-sensitive data objects exist within OneSpan Authentication Server environments that require protection from unauthorized access or disclosure:
- Host files
- Authenticator application BLOB data
- EMV-CAP data
- Other sensitive data
- Property files
- Audit data
Host files
A DIGIPASS export file (DPX) (generally using a .dpx extension) stores all authenticator application data of an authenticator batch.
Authenticator application BLOB data
The authenticator application BLOB contains all parameter settings and secrets of an authenticator application. The authenticator application BLOB data is initially obtained from a DIGIPASS export file (DPX) that contains the images of one or more authenticators. The BLOB data is extracted by the DPX import feature of OneSpan Authentication Server.
EMV-CAP data
EMV-CAP is the Chip Authentication Program (CAP) developed by credit card leaders Europay, Mastercard, and Visa (EMV). Implementing EMV-CAP involves sensitive data that requires confidentiality.
Sensitive data
Apart from authenticator-related data, security-sensitive data also includes:
- Passwords for OneSpan Authentication Server user accounts or other accounts
- Shared secrets with back-end servers or other components
- Administrative privileges
- Global configuration settings
Property files
Some OneSpan Authentication Server components and side products are Java-based and use so-called property files to store configurable settings. These settings can also include sensitive data, such as passwords.
Audit data
Although sensitive data is not included in audit messages, the audit data itself can be considered sensitive with regard to integrity and non-repudiation.