Multiple Security Strings How To Guide

From Swivel Knowledgebase Wiki

Jump to: navigation, search


Image:logo.gif


Contents

Overview

PINsafe allows multiple security strings to be sent by different transports. Each of the security strings must be used in order. With PINsafe 3.6 a new feature was introduced to tell the user which security string to use for authentication. The user would typically enter their username, and click on a button to find which index number should be used. The corresponding security string should be used for calculating the One Time Code.


Prerequisites

PINsafe 3.6


Configuring the PINsafe server

Select the required transport and set the required number of security strings to be sent to the user.

Note: For SMS delivery, there is a maximum number of characters SMS message can transmit in one text. If a long header is used then this may reduce the number of Security strings. Typically 1 SMS message can carry 4 Security Strings or 10 security strings across 2 SMS messages. Usually the mobile phone reassembles SMS messages into one message.

Image:Transport_Multiple_Strings.JPG

Allow session request by Username for Dual Channel Communication

Image:PINsafe_37_Dual_Channel.JPG


Configuring the Access Device

The access device must be modified to tell the user which security string is required and is known as the 'Security String Index'. This is a number or an image served from the PINsafe server. The request of the Security String Index is similar to a Single Channel image request such as Turing, and appropriate proxies or a NAT needs to be put in place to request this from the PINsafe server.

The Security String Index request is in the following format:

For a PINsafe appliance: 

 https://IP:8443/proxy/DCIndexImage?username=
 
 Example 
 
 https://196.168.0.35:8443/proxy/DCIndexImage?username=graham

For a Software install: 

 http://IP:8080/pinsafe/DCIndexImage?username=
 
 Example 
 
 http://196.168.0.35:8080/pinsafe/DCIndexImage?username=graham

Instead of an Image the number can be directly requested and displayed. Replace DCIndexImage with DCIndex 

 Example
 
 https://196.168.0.35:8443/proxy/DCIndex?username=graham


Testing

The Security String Index number should be displayed when requested, starting with 00, and then sequentially increasing for each authentication attempt, until the maximum number has been reached, whereby it will start again at 00.

Example 00: Image:00.JPG

Example 11: Image:11.JPG

The user should login with their OTC corresponding with the OTC in the format nnnn, example: 2168. The security string index is not required to be entered, but will be accepted if entered in the format nnnn-00, nnnn-01, nnnn-03..,


Known Problems

PINsafe 3.6 and 3.7, The DCIndex and DCIndexImage does not produce a log entry


Troubleshooting

Check the PINsafe logs for any error messages.

Verify that a single Channel image can be received at the login by using the SCImage?username= request.

Retrieved from "http://kb.swivelsecure.com/wiki/index.php/Multiple_Security_Strings_How_To_Guide"
Personal tools