EldoS | Feel safer!

Software components for data protection, secure storage and transfer

PKI and OTP

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
#32777
Posted: 03/26/2015 07:00:52
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Hi,

OTP function is release on version 12. Is there an example anywhere?
Could anyone give me a tip of how to do it?

Thanks, Marcelo.
#32778
Posted: 03/26/2015 07:23:39
by Alexey Yantselovskiy (Basic support level)
Joined: 11/21/2013
Posts: 2

Thank you for contacting us.

Please have a look at the HOTP or TOTP samples installed together with main SecureBlackbox distribution (/Users/Public/Documents/EldoS/SecureBlackbox.VCL/Samples/Delphi/PKIBlackbox/OTP). This sample should help you understand how OTP classes work.
#32782
Posted: 03/26/2015 08:19:29
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

thanks,
Is there anything for c#/vb.net
#32783
Posted: 03/26/2015 08:25:18
by Eugene Mayevski (EldoS Corp.)

Yes, under the same location (<SecureBlackbox>\Samples\C#\PKIBlackbox\OTP)


Sincerely yours
Eugene Mayevski
#32784
Posted: 03/26/2015 11:01:24
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Thanks, i saw the sample, but it does not what i'm searching.

I explain what i need:
Actually we sign using TElCAdESSignatureProcessor, using TElPKCS11CertStorage as store. I need to add a remote sign function using an OTP as key generator (provided by the certification authority). I think i must define a server, and an option to insert the token generated key.

Thanks, Marcelo.
#32785
Posted: 03/26/2015 11:17:57
by Eugene Mayevski (EldoS Corp.)

Unfortunately it's not clear, how exactly it should look like. "Using an OTP as key generator (provided by the certification authority)" - how is this supposed to work? Do you have a reference to some protocol/standard that illustrates what you want to achieve?


Sincerely yours
Eugene Mayevski
#32786
Posted: 03/26/2015 11:24:00
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

I try to explain me better

Essentially is a remote sign of a document. Actually we sign using TElCAdESSignatureProcessor, using TElPKCS11CertStorage as store.
The certificate provider give an otp for each certificate to validate the certificate.

Marcelo.
#32795
Posted: 03/26/2015 15:48:38
by Ken Ivanov (EldoS Corp.)

Hi Marcelo,

I believe we are talking about different OTPs here. The OTP (one time password) implementation provided by SecureBlackbox refers to schemes where the server generates and verifies a unique password for the client for one-off authentication. These schemes do not involve certificates at all and only deal with straightforward password-based authentication of the client to the server.

From what you are saying I conclude that you are looking for the technology/mechanism that can address the following task: there is some service somewhere (maybe a token but not necessarily) which is capable of signing data if the user provides a correct authenticator (password or PIN), and you want to integrate that into your signing software (but the service is not accessible via PKCS#11 so you need a solution that will work remotely). Is that right? In any case, a brief explanation of your circumstances and goals would help us much to understand the problem. Any links, examples, illustrations will actually do.

Cheers,

Ken
#32841
Posted: 03/30/2015 07:02:55
by Marcelo  (Standard support level)
Joined: 01/28/2014
Posts: 17

Hi,

You are right about SecureBlackBox's OTP.

I'm looking for a way to do a remote digital signature:
Is a type of digital signature, which is accessible via the network (Intranet and / or Internet), in which the signer's private key is stored along with the signature certificate, within a secure remote server (based on an HSM - Hardware Security Module) by an accredited certifier.
The petitioner is identified by the service and authorizes the affixing of the signature by a security mechanism (PIN static, OTP token, etc).

I can't find a regulation document, but you can saw this product sheet:
http://www.arx.com/files/DOCUMENTS/eIDAS-Regulation-Fact-Sheet.pdf

Thanks, Marcelo.
#32842
Posted: 03/30/2015 07:08:25
by Eugene Mayevski (EldoS Corp.)

I am afraid that we need some formal technical specification of the process in order to implement (or suggest the way to implement) this process. I saw schemes similar to the one you describe in some banks, but they are different across the banks.

Do you need to conform to some existing scheme (and protocol) or you just want to implement the scheme similar to what you have described?


Sincerely yours
Eugene Mayevski
Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.

Reply

Statistics

Topic viewed 4030 times

Number of guests: 1, registered members: 0, in total hidden: 0




|

Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!