Single Channel How To Guide
Contents
Overview
This document outlines the ways to modify and use Single Channel communications. For information on using the Single Channel image within the Taskbar see Taskbar How to Guide. Alternatives to Single Channel communications are Dual Channel or without communication where the One Time Code is predicted using mathematical means based on events or time, see Token.
For information on using the PINpad option see PINpad.
Swivel version 3.10.2 onwards allows PIN protection for Single Channel communications and PINless for dual channel authentication.
Architecture
Single Channel images are provided from PINsafe, and are either:
- Requested from the client such as in a web page link to PINsafe
- Proxied by the Access device
Therefore Swivel is usually deployed in the DMZ and the Swivel virtual or hardware Appliance is used with its proxy for additional protection.
Setup Single Channel
The first step is usually to turn on Allow session request by username
On the Swivel virtual or hardware appliance select Server/Single Channel then Allow session request by username and set to Yes, then click Apply.
PINsafe Administration Console Settings
Multiple Authentications per String: Default No. This allows several authentication requests to be made in short succession (in a few seconds)
Single Channel image options
PINsafe 3.6 introduces several new features in the generation of Single Channel Images:
Image File: The image used for displaying the Single Channel Security string, options are:
- TURing (for further customisation see Single Channel Customisation How to Guide)
- button (Note: BUTton is not related to the Pinpad)
- pattern (Note PATtern is not related to the Pinpad)
- pattern2 (Note PATtern is not related to the Pinpad)
Rotate Letters: Rotate the security string characters
Only use one font per image: Allow the use of multiple fonts in a security string
Jiggle characters within slot: This varies the vertical alignment of characters inthe security string
Add blank trailer frame to animated images: When using animated images this adds a blank frame at the end of the complete cycles so the security string is not visible at the end of the cycles.
Text Alpha Value: This is how dark the characters are, low value is a light character, and a high value a dark character
Number of complete display cycles: The number of times an animated image will be cycled
Number of complete display cycles per image: This determines how many times the security string is displayed when animated
Inter-frame delay (1/100s): The delay between each animation frame
Image Rendering: The pattern used to animate the image, options are:
- Static = no animation
- Ripple = ripples through the security string
- Random = shows N random characters per frame
- Fade-Up = images slowly appear
Generate animated images:
Random glyph order when animating: Display characters in random positions in the security string rather than in sequence
No. Characters Visible: The number of characters visible at one time
Swivel 3.9.2 also supports Monochrome or orange Single Channel images and backgrounds, the different backgrounds are set using a new option:
Background image file: the background image that is used
Testing and Requesting Single Channel Images
- The single channel image is requested by using the following request to the Swivel virtual or hardware Appliance:
https://<Swivel_server IP>:8080/pinsafe/SCImage?username=<username>
example: https://turing.swivelsecure.com:8080/pinsafe/SCImage?username=test
- For a Swivel virtual or hardware appliance the proxy request is usually:
https://<Swivel_server IP>:8443/proxy/SCImage?username=<username>
- For a Software only installation:
http://<Swivel_server IP>:8080/pinsafe/SCImage?username=<username>
example: http://turing.swivelsecure.com:8080/pinsafe/SCImage?username=test
Troubleshooting
If the Single channel image is not appearing then the following steps can be used:
Red Cross appears instead of image
Right click on the image and view the properties to give the URL of the image. Check that then URL is valid, particularly the Hostname or IP address is one that can be accessed by the client.
Paste the Image URL into a web browser
If the above URL appears correct then paste it into a web browser.
If there is a certificate error then this can prevent the image from appearing. Firefox allows you to accept certificates by adding an exception, if an exception is created, can the image then be viewed? View the certificate details, if it is a self signed or invalid certificate then a valid certificate may need to be installed on the Swivel server or use a non SSL connection, see SSL Solutions.
If the certificate is correct with no errors and the image is still not visible, is the port being blocked such as by an ISP? By default Swivel uses 8443 on virtual or hardware appliances and 8080 for software installs, it may be possible to specify a different port, see How to run PINsafe on non-default ports.