Single Channel How To Guide

From Swivel Knowledgebase
Revision as of 12:52, 11 May 2017 by Admin (talk | contribs) (1 revision imported)
Jump to: navigation, search


Overview

This document outlines the ways to modify and use Single Channel communications. For information on using the Single Channel image within the Taskbar see Taskbar How to Guide. Alternatives to Single Channel communications are Dual Channel or without communication where the One Time Code is predicted using mathematical means based on events or time, see Token.

For information on using the PINpad option see PINpad.

Swivel version 3.10.2 onwards allows PIN protection for Single Channel communications and PINless for dual channel authentication.


Architecture

Single Channel images are provided from PINsafe, and are either:

  • Requested from the client such as in a web page link to PINsafe
  • Proxied by the Access device

Therefore Swivel is usually deployed in the DMZ and the Swivel virtual or hardware Appliance is used with its proxy for additional protection.


Setup Single Channel

The first step is usually to turn on Allow session request by username

On the Swivel virtual or hardware appliance select Server/Single Channel then Allow session request by username and set to Yes, then click Apply.


PINsafe Administration Console Settings

Multiple Authentications per String: Default No. This allows several authentication requests to be made in short succession (in a few seconds)


Single Channel image options

PINsafe 3.6 introduces several new features in the generation of Single Channel Images:

Image File: The image used for displaying the Single Channel Security string, options are:

Rotate Letters: Rotate the security string characters

Only use one font per image: Allow the use of multiple fonts in a security string

Jiggle characters within slot: This varies the vertical alignment of characters inthe security string

Add blank trailer frame to animated images: When using animated images this adds a blank frame at the end of the complete cycles so the security string is not visible at the end of the cycles.

Text Alpha Value: This is how dark the characters are, low value is a light character, and a high value a dark character

Number of complete display cycles: The number of times an animated image will be cycled

Number of complete display cycles per image: This determines how many times the security string is displayed when animated

Inter-frame delay (1/100s): The delay between each animation frame

Image Rendering: The pattern used to animate the image, options are:

  • Static = no animation
  • Ripple = ripples through the security string
  • Random = shows N random characters per frame
  • Fade-Up = images slowly appear

Generate animated images:

Random glyph order when animating: Display characters in random positions in the security string rather than in sequence

No. Characters Visible: The number of characters visible at one time

Swivel 3.9.2 also supports Monochrome or orange Single Channel images and backgrounds, the different backgrounds are set using a new option:

Background image file: the background image that is used


Testing and Requesting Single Channel Images

  • The single channel image is requested by using the following request to the Swivel virtual or hardware Appliance:
 https://<Swivel_server IP>:8080/pinsafe/SCImage?username=<username>

example: https://turing.swivelsecure.com:8080/pinsafe/SCImage?username=test

  • For a Swivel virtual or hardware appliance the proxy request is usually:
 https://<Swivel_server IP>:8443/proxy/SCImage?username=<username>
  • For a Software only installation:
 http://<Swivel_server IP>:8080/pinsafe/SCImage?username=<username>

example: http://turing.swivelsecure.com:8080/pinsafe/SCImage?username=test


Troubleshooting

If the Single channel image is not appearing then the following steps can be used:


Red Cross appears instead of image

Right click on the image and view the properties to give the URL of the image. Check that then URL is valid, particularly the Hostname or IP address is one that can be accessed by the client.


Paste the Image URL into a web browser

If the above URL appears correct then paste it into a web browser.

If there is a certificate error then this can prevent the image from appearing. Firefox allows you to accept certificates by adding an exception, if an exception is created, can the image then be viewed? View the certificate details, if it is a self signed or invalid certificate then a valid certificate may need to be installed on the Swivel server or use a non SSL connection, see SSL Solutions.

If the certificate is correct with no errors and the image is still not visible, is the port being blocked such as by an ISP? By default Swivel uses 8443 on virtual or hardware appliances and 8080 for software installs, it may be possible to specify a different port, see How to run PINsafe on non-default ports.

Is Swivel running?

See Swivel does not start