Decoupled Authenticator Management
This section is used to register and manage the Decoupled Authenticator adapters that are used for performing Decoupled authentication challenges. For more information about Decoupled Authenticator adapters, refer to Decoupled Authentication Adapter Specification.
Decoupled Authenticator Management¶
System Management > Authentication Management > Decoupled Authenticator Management
This page displays:
A list of Decoupled Authenticator Adapters and for each adapter:
Checkbox to Select it
Adapter ID link to Edit Decoupled Authenticator Adapter
Adapter name
Decoupled Authenticator adapter connector
Link to Decoupled Authenticator Adapter Connector Management
Delete button to remove selected Decoupled Authenticator adapters.
Register / Edit Decoupled Authenticator Adapter¶
System Management > Authentication Management > Decoupled Authenticator Management > Register / Edit Decoupled Authenticator Adapter
Use the following fields to complete this page:
Adapter ID can be entered by the user or generated by the system
Adapter name
Decoupled Authenticator adapter connector
Select an Decoupled Authenticator server from the drop down list.
Generate button to generate Adapter ID by the system
Apply button to save changes
Back button to return to the Decoupled Authenticator Management page.
Decoupled Authenticator Adapter Connector Management¶
System Management > Authentication Management > Decoupled Authenticator Management > Decoupled Authenticator Adapter Connector Management
This section is used to define one or more Out of Band authentication connectors, which allow ActiveAccess to trigger the external Decoupled Authenticator process and perform interactions with the cardholder for authentication.
This page displays:
A list of Decoupled Authenticator Adapter Connectors and for each connector:
Checkbox to Select it
Name link to Edit Decoupled Authenticator Adapter Connector
URL
Delete button to remove selected Decoupled Authenticator adapters.
Back button to return to the Decoupled Authenticator Management page.
Add / Edit Decoupled Authenticator Adapter Connector¶
System Management > Authentication Management > Decoupled Authenticator Management > Decoupled Authenticator Adapter Connector Management > Add Decoupled Authenticator Adapter Connector
Use the following fields to complete this page:
Name of the Decoupled Authenticator Adapter Connector
URL of the Decoupled Authenticator Adapter Connector
Connection timeout
Read timeout
Apply button to save changes
Back button to return to the Decoupled Authenticator Adapter Connector Management page.
Upload Connector Encryption Key¶
System Management > Authentication Management > Decoupled Authenticator Management > Decoupled Authenticator Adapter Connector Management > Upload Connector Encryption Key
Use the following fields to complete this page:
Decoupled Authenticator adapter connector - choose the name of the adapter connector you want to assign an encryption key to
Encryption KeyStore - click on Browse to locate and select an encryption key file to upload. The No file selected message will be replaced with the name of the file to be uploaded. The system uses the AES (128 bits) key contained in the JKS KeyStore in order to encrypt/decrypt cardholder data that is being transferred between ActiveAccess modules and Adapter. Issuers must ensure that this AES key is used in encrypting and decrypting cardholder data at other external hosts.
KeyStore password - password of the uploaded JKS KeyStore file
Apply button to save changes
Back button to return to the Decoupled Authenticator Adapter Connector Management page.
Note
Instruction on calculating the iv vector:
- Fetch the SecretKey from the encryption key store; name it secretKey.
- Base64 Decode the input data and name it
valueA. - Fetch the first byte of
valueA, it shows the length of IV; name itivLen. - Use
valueAandivLento fetch theivValueandencryptedValuefromvalueA. - Use byte[0] as
AAD, encryption algorithm,secretKey,ivValue, andencryptedValueto find the decrypted value.