The device locking mechanism uses several configurable attributes to lock the OTP/PKI credential for the end-user device.
Note: This mechanism is alternatively referred to as Extended Attributes (EA) device locking. The enhancement is available from OTP Desktop Client 2.2 Release.
The device locking comprises of a MachineID generation phase, which computes a cryptographic key using device-specific hardware or firmware attributes. The MachineID is used for re-encrypt (double camouflage) user credential keys (OTP/PKI) before storing in the disk. The legacy device locking mechanism (pre Desktop OTP Client 2.1) used a single, non-configurable, device attribute(the primary MAC ID of the device) to derive a device-specific key for the device locking.
This MachineID generation mechanism is implemented at the AuthMinder Plugin layer and supports Internet Explorer 64-bit version. This mechanism is a native layer. It has ready access to system calls that return the required information for all the device attributes under consideration.
Additionally, the OTP Desktop Client migrate pre-existing credentials on user devices for a new scheme of device locking.
The enhanced Device Locking is supported on all the platforms which support OTP Desktop Client.
|
Copyright © 2013 CA Technologies.
All rights reserved.
|
|