The Device Locking feature enables an offline key bag to be locked to a specific machine, so that the offline ArcotID PKI is not usable if it is copied to another machine.
The feature works by camouflaging (protecting) an offline key bag using a password made of two components.
The device locking is done at the time of offline password registration during offline key bag creation. After an offline ArcotID PKI is locked to the user's machine, it is not usable if you copy it to another machine.
The offline_devlock_required ArcotID PKI attribute specifies whether the offline ArcotID PKI has to be locked to the device.
The following table lists the values that are supported by the offline_devlock_required attribute:
|
Value |
Description |
|---|---|
|
Yes |
Specify this value if you want to lock the user’s offline ArcotID PKI to their system. |
|
No |
Specify this value if you want to permit the users to copy their offline ArcotID PKI to another system and authenticate using the copied offline ArcotID PKI. Note: This value is selected by default. |
If you enable device locking, then you have to use the offline_devlock_type attribute to specify the locking parameters. You have to pass the device locking parameters in a string format.
The supported parameters and the specification format are same as that of the devlock_type attribute used for locking the online ArcotID PKI. Refer "Device Locking" for more information.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|