Vasco Personal axsguard User manual

Product Guide

aXsGUARD

AXSGuard

ConfigurationTool

2009

Product Guide

aXsGUARD Identifier

DIGIPASS

ConfigurationTool

v1 5

0 1

3.0.2.0

aXsGUARD Identifier

Product Guide

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Legal Notice

VASCO Products

VASCO Data Security, Inc and/or VASCO Data Security International GmbH are referred to in this document as

‘VASCO’ VASCO Products comprise Hardware, Software, Services and Documentation This document addresses

potential and existing VASCO customers and has been provided to you and your organization for the sole purpose of

helping you to use and evaluate VASCO Products As such, it does not constitute a license to use VASCO Software

or a contractual agreement to use VASCO Products

Disclaimer of Warranties and Limitations of Liabilities

VASCO Products are provided ‘as is’ without warranty or conditions of any kind, whether implied, statutory, or

related to trade use or dealership, including but not limited to implied warranties of satisfactory quality,

merchantability, title, non-infringement or fitness for a particular purpose

VASCO, VASCO DISTRIBUTORS, RESELLERS AND SUPPLIERS HAVE NO LIABILITY UNDER ANY CIRCUMSTANCES

FOR ANY LOSS, DAMAGE OR EXPENSE INCURRED BY YOU, YOUR ORGANIZATION OR ANY THIRD PARTY

(INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF

DATA) ARISING DIRECTLY OR INDIRECTLY FROM THE USE, OR INABILITY TO USE VASCO SOFTWARE, HARDWARE,

SERVICES OR DOCUMENTATION, REGARDLESS OF THE CAUSE OF THE LOSS, INCLUDING NEGLIGENCE, EVEN IF

VASCO HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES, OR IF THEY WERE FORESEEABLE OUR

MAXIMUM AGGREGATE LIABILITY TO YOU, AND THAT OF OUR DISTRIBUTORS, RESELLERS AND SUPPLIERS SHALL

NOT EXCEED THE AMOUNT PAID BY YOU FOR THE PRODUCT THE LIMITATIONS IN THIS SECTION SHALL APPLY

WHETHER OR NOT THE ALLEGED BREACH OR DEFAULT IS A BREACH OF A FUNDAMENTAL CONDITION OR TERM,

OR A FUNDAMENTAL BREACH THIS SECTION WILL NOT APPLY ONLY WHEN AND TO THE EXTENT THAT

APPLICABLE LAW SPECIFICALLY REQUIRES LIABILITY DESPITE THE FOREGOING EXCLUSIONS AND LIMITATIONS

ntellectual Property and Copyright

VASCO Products contain proprietary and confidential information VASCO Data Security, Inc and/or VASCO Data

Security International GmbH own or are licensed under all title, rights and interest in VASCO Products, updates and

upgrades thereof, including copyrights, patent rights, trade secret rights, mask work rights, database rights and all

other intellectual and industrial property rights No part of these Products may be transferred, disclosed, reproduced

or transmitted in any form or by any means, electronic, mechanical or otherwise, for any purpose, except as

expressly permitted by VASCO or its authorized licensee in writing

This document is protected under US and international copyright law as an unpublished work of authorship No part

of it may be transferred, disclosed, reproduced or transmitted in any form or by any means, electronic, mechanical

or otherwise, for any purpose, except as expressly permitted in writing by VASCO or its authorized licensee

Trademarks

VASCO®, VACMAN®, IDENTIKEY®, aXsGUARD®, DIGIPASS®, and the ® logo are registered or

unregistered trademarks of VASCO Data Security, Inc and/or VASCO Data Security International GmbH in the U S

and other countries Other company brand or product names or other designations, denominations, labels and/or

other tags, titles, as well as all URLs (Internet addresses) linked to such designations or communications

(irrespective of whether protected by intellectual property law or not), mentioned in VASCO Products may be the

trademarks or registered trademarks or be part of any other entitlement of their respective owners

Radius Disclaimer

Information on the RADIUS server provided in this document relates to its operation in the aXsGUARD Identifier

environment We recommend that you contact your NAS/RAS vendor for further information

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents
Table of Contents
INTRODUCTION SECTION.............................................................................................................................. 13
Introduction.................................................................................................................................................. 14
1 Audience and Purpose of this Docu ent..............................................................................................................14
2 About VASCO........................................................................................................................................................15
3 Contact Infor ation..............................................................................................................................................15
aXsGUARD Identifier..................................................................................................................................... 16
1 Overview..............................................................................................................................................................16
2 VASCO's Authentication Solution..........................................................................................................................16
3 What is the aXsGUARD Identifier? ........................................................................................................................17
4 What is the IDENTIKEY Server?.............................................................................................................................18
5 What is a DIGIPASS?.............................................................................................................................................18
6 Structure of the aXsGUARD Identifier....................................................................................................................19
6 1 Overview 19
6 2 Communication Protocols 21
6 3 Scenarios  22
7 Licensing..............................................................................................................................................................22
7 1 Overview 22
7 2 Commercial Licensing 22
7 3 DEMO Licensing 22
7 4 Client Component Licensing 23
8 Support Procedure................................................................................................................................................23
9 VASCO Service Center..........................................................................................................................................24
USER AUTHENTICATION SECTION.................................................................................................................. 25
User Authentication Process......................................................................................................................... 26
1 Authentication Process Overview..........................................................................................................................26
2 Identifying the Co ponent Record........................................................................................................................27
3 Identifying a Policy...............................................................................................................................................27
4 DIGIPASS User Account Lookup and Checks.........................................................................................................27
4 1 Overview 27
4 2 User ID and Domain Resolution 27
4 3 DIGIPASS User Account Lookup 29
4 4 Dynamic User Registration 29
5 Local Authentication.............................................................................................................................................32
©2009 VASCO Data Security 3 

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents
5 1 Overview 32
5 2 Local Authentication Policy Setting 32
5 3 Authentication with DIGIPASS 33
5 3 1 Overview 33
5 3 2 DIGIPASS Lookup and Checks 33
5 3 3 Response Only 35
5 3 4 Challenge/Response 36
5 3 5 Virtual DIGIPASS Login 38
5 3 6 Request Method and Keyword 40
5 4 Authentication without DIGIPASS 40
5 4 1 Static Password Verification 41
5 4 2 Self-Assignment 42
6 Back-end Authentication......................................................................................................................................43
6 1 Overview 43
6 2 Back-end Server Policy Settings 43
6 3 Back-end Authentication and Static Password 44
6 3 1 Stored Password Proxy 44
6 3 2 Password Autolearn 45
6 3 3 Password Replacement (IIS Modules) 45
6 3 4 Stored Static Password and  RADIUS Attributes 46
6 4 Back-end Server Records 47
6 4 1 Fail-over Strategy 47
6 4 2 Domain-specific Back-end Servers 48
6 5 RADIUS Back-end Authentication 48
6 6 LDAP Back-end Authentication 50
6 6 1 Microsoft Active Directory Back-end Authentication 50
6 6 2 Novell e-Directory Back- end Authentication 52
6 6 3 Policies 54
7 Authorization Profiles/Attributes...........................................................................................................................55
8 Host Code Generation...........................................................................................................................................55
8 1 Concept 55
8 2 Using a Host Code 56
ADMINISTRATIVE INTERFACES SECTION....................................................................................................... 57
Ad inistration Interfaces.............................................................................................................................. 58
1 Overview..............................................................................................................................................................58
2 Default Ad inistrative Users................................................................................................................................58
3 Configuration Tool................................................................................................................................................59
4 Ad inistration Web Interface...............................................................................................................................60
5 Rescue Tool..........................................................................................................................................................61
©2009 VASCO Data Security 4 

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents
CONFIGURATION TOOL SECTION................................................................................................................... 62
Installation Configurations............................................................................................................................. 63
1 Overview..............................................................................................................................................................63
2 First Ti e Set-up..................................................................................................................................................63
3 Configuration Wizard............................................................................................................................................64
4 Manual Configurations..........................................................................................................................................64
Registration.................................................................................................................................................. 66
1 Overview..............................................................................................................................................................66
2 First Ti e Registration.........................................................................................................................................66
3 Registration without on-site Internet Access........................................................................................................67
4 Change in IP Address...........................................................................................................................................67
5 Upgrade fro  a DEMO to Co ercial License.....................................................................................................67
6 Replace ent of aXsGUARD Identifier ...................................................................................................................68
7 Change of Custo er Infor ation..........................................................................................................................68
8 Restoring a backup fro  another aXsGUARD Identifier.........................................................................................68
Updating....................................................................................................................................................... 69
1 Overview..............................................................................................................................................................69
2 Updating Process.................................................................................................................................................69
3 Updating Infrastructure.........................................................................................................................................69
Backup and Restore.................................................................................................................................... 71
1 Overview..............................................................................................................................................................71
2 Backup.................................................................................................................................................................71
3 Restore.................................................................................................................................................................71
Logging........................................................................................................................................................ 72
1 Overview..............................................................................................................................................................72
2 Infrastructure........................................................................................................................................................72
3 Local: Live Log Viewer..........................................................................................................................................73
4 Re ote Syslog.....................................................................................................................................................73
5 Log Levels............................................................................................................................................................73
6 Log Filter..............................................................................................................................................................74
Auditing........................................................................................................................................................ 76
1 Overview..............................................................................................................................................................76
2 Live Audit Viewer..................................................................................................................................................76
©2009 VASCO Data Security 5 

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents
3 Audit Message Types...........................................................................................................................................76
4 Audit Filter............................................................................................................................................................77
Statistics...................................................................................................................................................... 79
1 Overview..............................................................................................................................................................79
2 Syste  Infor ation Available...............................................................................................................................79
3 Statistics Filtering.................................................................................................................................................80
Message Delivery Co ponent....................................................................................................................... 82
1 Overview..............................................................................................................................................................82
2 Configuration........................................................................................................................................................83
Re ote Support............................................................................................................................................ 84
1 Overview..............................................................................................................................................................84
2 Support Procedure................................................................................................................................................84
3 Re ote Support ..................................................................................................................................................84
4 Tracing.................................................................................................................................................................85
LDAP User Synchronization........................................................................................................................... 86
1 Overview..............................................................................................................................................................86
2 LDAP Synchronization Profiles..............................................................................................................................86
3 Synchronization Profile IDs...................................................................................................................................87
4 Creating and Updating User Accounts..................................................................................................................88
5 Deleting User Accounts........................................................................................................................................90
6 Synchronization Frequency...................................................................................................................................90
7 Multiple Synchronization Profiles..........................................................................................................................90
8 Managing Source and Destination Hierarchies.....................................................................................................91
9 Special Cases.......................................................................................................................................................93
Replication................................................................................................................................................... 95
1 Overview..............................................................................................................................................................95
2 Co on Replications ..........................................................................................................................................95
2 1 First and Second aXsGUARD Identifiers 95
2 2 First, Second and Disaster Recovery aXsGUARD Identifiers 96
3 Replication Wizard................................................................................................................................................96
4 Replication and Firewalls......................................................................................................................................97
5 Replication Process..............................................................................................................................................97
5 1 Queuing and Sending 97
5 2 Replication Forwarding 98
©2009 VASCO Data Security 6 

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents
5 3 Multiple Changes to a Single Data Record 98
5 4 Connection Handling 98
6 Replication Monitoring .........................................................................................................................................98
6 1 Replication Auditing 98
6 2 Replication Status 99
ADMINISTRATION WEB INTERFACE SECTION............................................................................................... 100
DIGIPASS User Accounts............................................................................................................................. 101
1 Overview............................................................................................................................................................101
2 Creating User Accounts......................................................................................................................................101
2 1 Creating Users Manually 101
2 2 Importing User Records 102
2 3 Dynamic User Registration 102
2 4 LDAP User Synchronization 102
3 Linked User Accounts.........................................................................................................................................102
4 User Account Settings........................................................................................................................................103
5 DIGIPASS User Account Static Password............................................................................................................103
6 Searching for User Accounts..............................................................................................................................104
7 Ad inistration Privileges....................................................................................................................................104
DIGIPASS.................................................................................................................................................... 105
1 Overview............................................................................................................................................................105
2 DIGIPASS Properties...........................................................................................................................................105
2 1 DIGIPASS Client PIN 105
2 2 Server PIN 106
2 3 Grace Period 107
2 4 DIGIPASS Authentication Method 107
3 DIGIPASS Manage ent......................................................................................................................................108
3 1 Importing DIGIPASS 108
3 2 Assigning DIGIPASS 108
3 3 Searching for DIGIPASS Records 109
3 4 DIGIPASS Actions 109
3 5 Viewing DIGIPASS Runtime Information 110
4 DIGIPASS Assign ent Options............................................................................................................................111
4 1 Self-Assignment 112
4 1 1 Self-Assignment Process 112
4 1 2 Self-Assignment Data 113
4 2 Auto-Assignment 114
4 3 Manual Assignment 115
©2009 VASCO Data Security 7 

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents
4 4 DIGIPASS Assignment Limitations 116
5 Virtual DIGIPASS.................................................................................................................................................117
5 1 Overview 117
5 2 Virtual DIGIPASS Assignment Options 117
5 3 Virtual DIGIPASS Configuration  117
5 4 Implementation Decision 118
5 5 Limiting Use of Virtual DIGIPASS 118
5 6 Backup Virtual DIGIPASS Guidelines for Use 120
Client Co ponents..................................................................................................................................... 121
1 Overview............................................................................................................................................................121
2 Standard Co ponent Properties.........................................................................................................................121
3 Co ponent Lookup and Verification...................................................................................................................122
3 1 RADIUS Client 122
3 2 IIS Module 123
4 Client Co ponent Licensing...............................................................................................................................123
Server Co ponents.................................................................................................................................... 124
1 Overview............................................................................................................................................................124
2 Auto atic Server Co ponent Creation...............................................................................................................124
2 1 Registration Process 124
2 2 Replication 124
3 Licenses.............................................................................................................................................................125
Policies....................................................................................................................................................... 126
1 Overview............................................................................................................................................................126
2 Policy Properties.................................................................................................................................................126
3 Policy Inheritance...............................................................................................................................................127
Organization............................................................................................................................................... 129
1 Overview............................................................................................................................................................129
2 Do ains and Organizational Units......................................................................................................................129
3 Master Do ain and Practical Uses.....................................................................................................................130
3 1 Master Domain Concepts 130
3 2 Practical Use  131
4 Moving DIGIPASS User Accounts and DIGIPASS..................................................................................................132
5 Location of DIGIPASS Records............................................................................................................................133
6 Typical DIGIPASS Location Models.....................................................................................................................134
©2009 VASCO Data Security 8 

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents
Reporting................................................................................................................................................... 137
1 Overview............................................................................................................................................................137
2 Reporting Structure and Purposes......................................................................................................................137
3 Custo  Reports..................................................................................................................................................138
3 1 Overview 138
3 2 Report Type 139
3 3 Data Source 139
3 4 Grouping Level 139
3 5 Query 141
3 6 Permissions 141
3 7 Formatting Templates 142
4 Report Generation Process.................................................................................................................................142
RESCUE TOOL SECTION.............................................................................................................................. 143
Rescue Tool................................................................................................................................................ 144
1 Overview............................................................................................................................................................144
2 Access................................................................................................................................................................144
3 Options...............................................................................................................................................................144
©2009 VASCO Data Security 9 

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents

llustration ndex

I age 1: VASCO's Authentication Solution.................................................................................................................................................................... 17

I age 2: aXsGUARD Identifier Architecture ................................................................................................................................................................... 19

I age 3: Connection between the aXsGUARD Identifier and VASCO Service Center........................................................................................................ 24

I age 4: Authentication Process Overview.................................................................................................................................................................... 26

I age 5: User ID and Do ain Resolution....................................................................................................................................................................... 29

I age 6: Dyna ic User Registration Process................................................................................................................................................................ 31

I age 7: Multiple DIGIPASS Assign ent....................................................................................................................................................................... 34

I age 8: Response Only Login and Authentication Process............................................................................................................................................ 36

I age 9: 1-step (left) and 2-step (right) Challenge/Response Login................................................................................................................................ 38

I age 10: Virtual DIGIPASS Login................................................................................................................................................................................. 39

I age 11: Static Password Authentication Flow............................................................................................................................................................ 42

I age 12: Password Replace ent with an IIS Module................................................................................................................................................... 46

I age 13: Steps in the Retrieval of RADIUS Attributes................................................................................................................................................... 47

I age 14: Back-end Authentication Process with RADIUS............................................................................................................................................. 49

I age 15: Back-end Authentication Process with Microsoft Active Directory.................................................................................................................. 51

I age 16: Back-end Authentication Process with Novell e-Directory.............................................................................................................................. 54

I age 17: Data Trans ission fro the Syslog Utility to the Live Log Viewer and Re ote Syslog..................................................................................... 72

I age 18: Exa ple Screen Shot Showing the Live Log Viewer....................................................................................................................................... 73

I age 19: Log Filter Fields .......................................................................................................................................................................................... 74

I age 20: Live Audit Viewer and Filter.......................................................................................................................................................................... 76

I age 21: Audit Filter Fields ........................................................................................................................................................................................ 77

I age 22: Process Statistics......................................................................................................................................................................................... 79

I age 23: Disk Usage Statistics.................................................................................................................................................................................... 79

I age 24: CPU Statistics.............................................................................................................................................................................................. 80

I age 25: Interface Statistics....................................................................................................................................................................................... 80

I age 26: Show CPU Usage for a Specific Service......................................................................................................................................................... 80

I age 27: CPU Ti e for Ad inistration Web Interface................................................................................................................................................... 81

I age 28: Virtual DIGIPASS Process using aXsGUARD Identifier MDC Co ponent (clockwise fro the top)..................................................................... 82

I age 29: Ad inistration Web Interface > Users > User 'annelies'> User Attributes...................................................................................................... 88

I age 30: LDAP Synchronization to create or update an User Account.......................................................................................................................... 89

I age 31: Possible source and destination hierarchy apping with a single Synchronization Profile............................................................................... 92

I age 32: Exa ple source and destination hierarchy apping with three Synchronization Profiles................................................................................. 92

I age 33: Deleting a Synchronization Profile ID for a User Account................................................................................................................................ 93

I age 34: Replication between a First and Second aXsGUARD Identifier........................................................................................................................ 95

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents

I age 35: Replication between a First, Second, and Disaster Recovery aXsGUARD Identifier.......................................................................................... 96

I age 36: 'Syste ' Tab in the Ad inistration Web Interface......................................................................................................................................... 99

I age 37: Replication Status Screen in the Ad inistration Web Interface....................................................................................................................... 99

I age 38: User Account Link...................................................................................................................................................................................... 103

I age 39: Self-Assign ent Process ........................................................................................................................................................................... 112

I age 40: Auto-Assign ent Process .......................................................................................................................................................................... 114

I age 41: Manual Assign ent Process ...................................................................................................................................................................... 115

I age 42: Reserving a DIGIPASS Record for a Specific User in the Ad inistration Web Interface.................................................................................. 116

I age 43: Policy Inheritance....................................................................................................................................................................................... 127

I age 44: Do ains and Organizational Units.............................................................................................................................................................. 129

I age 45: User ID and Do ain Resolution................................................................................................................................................................... 131

I age 46: Possibilities for Moving User Accounts and DIGIPASS (ou = Organizational Unit)........................................................................................... 133

I age 47: DIGIPASS Record Location – Do ain Root.................................................................................................................................................. 134

I age 48: DIGIPASS Record Location – Parent Organizational Unit............................................................................................................................... 135

I age 49: DIGIPASS Record Location – Individual Organizational Units........................................................................................................................ 136

I age 50: Reporting Structure.................................................................................................................................................................................... 137

I age 51: Report Grouping......................................................................................................................................................................................... 140

I age 52: Report Generation Process ........................................................................................................................................................................ 142

I age 53: Start and Network Menus with the Rescue Tool.......................................................................................................................................... 145

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 Table of Contents

Index of Tables

Table 1: Values for Local Authentication Setting....................................................................................................................................... 32

Table 2: Values for Back-end Authentication Setting.................................................................................................................................44

Table 3: RADIUS User ID For ats for Back-end Authentication................................................................................................................. 48

Table 4: Microsoft Active Directory User ID for ats for Back-end Authentication...................................................................................... 50

Table 5: Novell e-Directory User ID For ats for Back-end Authentication................................................................................................. 52

Table 6: User Attribute Settings................................................................................................................................................................ 55

Table 7: Default Ad inistrative User Credentials.......................................................................................................................................58

Table 8: Log Levels.................................................................................................................................................................................. 74

Table 9: Log Filter Fields.......................................................................................................................................................................... 75

Table 10: Audit Message Types................................................................................................................................................................77

Table 11: Audit Filter Fields...................................................................................................................................................................... 78

Table 12: Server Settings Regulating Server PINs................................................................................................................................... 107

Table 13: DIGIPASS Record Actions supported in the Ad inistration Web Interface.................................................................................109

Table 14: DIGIPASS Options....................................................................................................................................................................117

Table 15: Backup Virtual DIGIPASS Exa ple Guidelines..........................................................................................................................120

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5

Introduction Section

Introduction............................................................. 1

aXsGUARD Identifier................................................. 2

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 ntroduction

1 ntroduction

1.1 Audience and Purpose of this Document

This aXsGUARD® Identifier Product Guide is part of a set of guides on the aXsGUARD Identifier It is intended for

technical experts interested in learning about the aXsGUARD Identifier It describes the structure of the product,

the concepts underpinning authentication and how the aXsGUARD Identifier can support authentication within your

IT infrastructure

In this first chapter, we introduce VASCO® and provide some contact details

In chapter 2 , we explain VASCO's authentication solution and its different components, the structure of the

aXsGUARD Identifier, and the licensing and support systems

In chapter 3, we describe the user authentication process

In chapter 4, we introduce the functionality which can be managed through the three administration interfaces: the

aXsGUARD Identifier Configuration Tool, the Administration Web Interface and the Rescue Tool

Chapters 5 to 15 cover each of the main functionalities managed by the aXsGUARD Identifier Configuration Tool,

including installation configurations, registration, updating, backup and restore, auditing, the Message Delivery

Component (MDC), remote support, LDAP User Synchronization and replication

Chapters 16 to 22 cover each of the main functionalities managed by the Administration Web Interface, including

user accounts, DIGIPASS instances, client and server components, policies, organization and reporting

Chapter 23 describes the third interface, the Rescue Tool

An index at the end of the document will help you to find specific information you are searching for

Other documents in the set of aXsGUARD Identifier documentation include:

The aXsGUARD Identifier Installation Guide, which supports planning for and installation of the aXsGUARD

Identifier

aXsGUARD Identifier Administration Reference Guide This document provides lists of field explanations and

other reference data for technical experts using the aXsGUARD Identifier and is intended for reference only

Information is provided in table format for quick reference

The aXsGUARD Identifier SDK Programmer's Guide, which provides in-depth information required for

development work using the SDK This document is only relevant to SOAP Authentication, Electronic Signatures

and Provisioning, which are not currently available with the aXsGUARD Identifier

Access to the aXsGUARD Identifier guides is provided via the aXsGUARD Identifier Configuration Tool The

aXsGUARD Identifier Installation Guide is also provided with delivery of the aXsGUARD Identifier

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 ntroduction

1.2 About VASCO

VASCO is a leading supplier of strong authentication and Electronic Signature solutions and services specializing in

Internet Security applications and transactions VASCO has positioned itself as global software company for

Internet Security serving customers in more than 100 countries, including many international financial institutions

VASCO’s prime markets are the financial sector, enterprise security, e-commerce and e-government

Over 50 of VASCO’s client authentication technologies, products and services are based on VASCO’s one and

unique core authentication platform: VACMAN® VASCO solutions comprise combinations of the VACMAN core

authentication platform, IDENTIKEY® authentication server, aXsGUARD® authentication appliances, DIGIPASS®

client Password and Electronic Signature software and DIGIPASS PLUS authentication services

For further information on these security solutions, please see www vasco com

1.3 Contact nformation

Brussels (Europe / Middle East / Latin America)

+32 2 609 97 00

info-europe@vasco com

Boston (North America)

+1 508 366 3400

info-usa@vasco com

Sydney (Pacific / Japan / India)

+61 2 80613700

info-australia@vasco com

Singapore (Asia)

+65 6323 0906

info-asia@vasco com

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 aXsGUARD dentifier

2 aXsGUARD dentifier

2.1 Overview

In this chapter, we introduce the products and concepts which together provide VASCO's authentication solution

with the aXsGUARD Identifier.

Section 2.2 briefly describes VASCO's authentication solution.

Section 2.3 introduces the aXsGUARD Identifier.

Section 2.4 introduces the IDENTIKEY Server.

Section 2.5 explains management of DIGIPASS devices and records.

Section 2.6 describes the structure and components of the aXsGUARD Identifier.

Section 2.7 outlines VASCO aXsGUARD Identifier licensing models.

Finally, sections 2.8 and 2.9 describe the support procedure and VASCO Service Center.

2.2 VASCO's Authentication Solution

DIGIPASS devices provide the client component of VASCO’s authentication solution, issued by the Application

Service Provider (ASP) to end users (the DIGIPASS holders), to support:

One Time Passwords, to authenticate end users to the ASP, to protect access to services and resources

Host Codes, to authenticate the ASP to end users

Electronic Signatures, to protect the integrity and authenticity of financial transactions or other security-critical

communications (not currently available with the aXsGUARD Identifier)

The DIGIPASS client component uses a variety of cryptographic algorithms to calculate One Time Passwords, Host

Codes and Electronic Signatures Each DIGIPASS device is pre-programmed by VASCO with a unique secret value,

which is used to generate One Time Passwords and Electronic Signatures, so that these are unique to each

DIGIPASS

VACMAN is the server side component of VASCO’s authentication solution, installed on the computer or back-end

system of the ASP This VACMAN software can be installed as an appliance, a server component, a middleware

component, or an Application Programming Interface (API) One Time Passwords and Electronic Signatures

generated by the DIGIPASS client devices are verified by the VACMAN software

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 aXsGUARD dentifier

Image 1: VASCO's Authentication Solution

Application Service Providers assign DIGIPASS client devices to holders, based on the serial number of the

DIGIPASS and the holder’s ID Each DIGIPASS device is delivered in a controlled way to the holder, together with a

manual and (optionally) the PIN code To use the DIGIPASS, the holder needs to be in possession of the DIGIPASS,

to know the PIN to access applications run by the DIGIPASS, and to have a connection to the VACMAN software

The VACMAN software knows which secret is loaded in each DIGIPASS These secrets are transported initially in

an encrypted way to the ASP and then stored in a database run together with the VACMAN software In this

process the DIGIPASS serial number is used as reference for the DIGIPASS secrets

2.3 What is the aXsGUARD dentifier?

The aXsGUARD Identifier secures internal and remote access to network applications, and remote access to

applications offered on line It is a stand-alone authentication solution based on IDENTIKEY, a version of the

VACMAN software which is compatible with both LINUX and Windows environments Together with DIGIPASS

technology providing the client side component, the solution delivers strong two factor authentication

The aXsGUARD Identifier is a simple and cost-effective solution, which can easily be integrated into existing IT

infrastructures to support authentication in small to medium sized enterprises The product integrates new usability

features described as a 'convenience layer' together with the IDENTIKEY software, including:

simple installation and maintenance

remote support from VASCO experts

semi automatic updating (proactively prompting update, but still within the control of the administrator)

simple registration

backup and restore functionality

real time feedback on system status with statistics

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 aXsGUARD dentifier

2.4 What is the DENT KEY Server?

The IDENTIKEY server supports the deployment, use and administration of VASCO DIGIPASS technology. It is

designed to be easily usable with online applications and has a web based Administration interface. IDENTIKEY in

the aXsGUARD Identifier supports:

DIGIPASS One Time Password authentication

Administration and reporting

Auditing

Customized reporting

Authentication management through a web based interface

Later versions of the aXsGUARD Identifier will also support:

DIGIPASS Electronic Signatures

DIGIPASS Software provisioning

2.5 What is a D G PASS?

A DIGIPASS is a device for providing One Time Passwords to an end user

It is the client component of VASCO’s authentication solution, issued by the Application Service Provider (ASP) to

end users (the DIGIPASS holders), to support One Time Passwords and Host Codes with the aXsGUARD Identifier A

DIGIPASS can be provided by an organization to everyone authorized to log on to their system using a One Time

Password (OTP) The DIGIPASS holder obtains an OTP from the DIGIPASS to use instead of, or in addition to a

static password when logging on

The DIGIPASS family comprises four groups of client side solutions:

DIGIPASS Software: products in this group run on existing non-VASCO platforms, such as

PCs, mobile phones and palm tops etc DIGIPASS Software includes DIGIPASS for Web

(fully browser based), DIGIPASS for Windows (client based), DIGIPASS for Mobile P one

(JAVA based) and the Virtual DIGIPASS (server based authentication) These products thus

re-use existing and familiar end user devices

DIGIPASS Keys: products in this group are VASCO specific USB connected devices that

can be used to generate One Time Passwords They also support Electronic Signature

features and can extend the use of VASCO products to digital signing for a Public Key

Infrastructure (PKI) environment

DIGIPASS Hardware: products in this group are VASCO specific hardware platforms pre-

programmed individually with secret values DIGIPASS Hardware does not re-use existing

infrastructures or smart cards, and can therefore be implemented by any organization

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 aXsGUARD dentifier

DIGIPASS Readers: products in this group include connected and unconnected models

DIGIPASS Readers combine secret values, which are stored in the smart cards, with

DIGIPASS algorithms pre-programmed into the DIGIPASS reader, which also provides the

user interface These products optimize investment in smart card technology, by extending

smartcard use to include One Time Passwords and Electronic Signatures

For more information, please visit www vasco com

2.6 Structure of the aXsGUARD dentifier

2.6.1 Overview

Image 2: aXsGUARD Identifier Architecture

The aXsGUARD Identifier comprises the IDENTIKEY, the convenience layer, an internal database, and three user

interfaces Image 2 shows the main components

aXsGUARD Identifier 3 0 2 0 Product Guide v1 5 aXsGUARD dentifier

We have already described the aXsGUARD Identifier convenience layer and the IDENTIKEY in sections 2 3 and 2 4

respectively The three user interfaces shown in Image 2 are the aXsGUARD Identifier:

Configuration Tool for system administrators, for installation and maintenance

Administration Web Interface, for system administrators to manage the daily use of the system

Rescue Tool, intended for administrators to manage some limited settings

These three interfaces and the functionality they support are explained in more detail in section 4

The aXsGUARD Identifier supports client applications including:

SOAP Authentication (currently in development, to be included in a future release)

RADIUS Authentication

IIS Authentication (SEAL)

DIGIPASS Software Provisioning (SOAP) (currently in development, to be included in a future release)

Electronic Signature Validation (SOAP) (currently in development, to be included in a future release)

Additionally the aXsGUARD Identifier can call on back-end authentication with RADIUS or LDAP (Active Directory or

e-Directory)

2.6.2 Communication Protocols

Communication protocols are shown in orange in Image 2 and include:

SOAP

RADIUS, and

SEAL

These are enabled by default if included in the license SOAP and RADIUS require a license option; SEAL does not

Note

RADIUS support is present for authentication by client applications (Access-Requests) using PAP,

CHAP, MS-CHAP and MS-CHAP2 MPPE keys are generated for MS-CHAP and MS-CHAP2

Other manuals for Personal aXsGUARD

Table of contents

Other Vasco Gateway manuals

Vasco

Vasco aXsGUARD Gatekeeper User manual

Popular Gateway manuals by other brands

Psion Teklogix

Psion Teklogix 9150 user manual

Linksys

Linksys WAG54G - Wireless-G ADSL Gateway Wireless... Quick installation guide

Nomadix

Nomadix AG 5500 user guide

ABB

ABB i-bus DALI-Gateway DG/S 8.1 product manual

INOX

INOX ISGW-BZ31-WH user guide

Nortel

Nortel 1000 Con?guration guide release note

ZKTeco

ZKTeco C3-100 user manual

WELLTECH

WELLTECH ATA 171P - RELEASE NOTE V103 release note

Salus

Salus SG888ZB Installation & user guide

Gira

Gira 2111 00 operating instructions

Linksys

Linksys WPG11 user guide

maxon motor

maxon motor EPOS4 Module 50/8 manual

Honeywell

Honeywell Wireless Network Master ETH/WIFI T2 manual

Viola Systems

Viola Systems Arctic 3G Gateway 2622 quick start guide

AudioCodes

AudioCodes Media Pack MP-11x user manual

STIEBEL ELTRON

STIEBEL ELTRON ISG WEB Operation and installation

Vocality

Vocality V150 Configuration guide

Verizon

Verizon GT704WGB user manual

Vasco Personal aXsGUARD User manual

Popular Gateway manuals by other brands