The following packages must be installed on the server hosting OneSpan Authentication Server. These packages are shipped with your HSM:

• Entrust nShield Hardware Support. This is the Entrust nShield runtime package, which contains the drivers, hardserver, runtime library, and utilities.
• Entrust nShield Core Tools. This includes the management utilities, including generatekey.

OneSpan Authentication Server supports version 11.60. As such, all instructions herein that relate to Entrust nShield HSM setup are specific to that version.

Security World is an Entrust nShield-specific term that refers to the framework that controls access to and usage of valuable cryptographic keys. OneSpan Authentication Server must first connect to a specific HSM belonging to a Security World to connect to that Security World. In turn, access control to a Security World is configured in each HSM within that Security World.

For more information about setting up a Security World, refer to the nShield Connect and netHSM User Guide, Section "Creating and managing a Security World". This guide is included with your HSM.

OneSpan Authentication Server supports both FIPS level 2 and FIPS level 3. However, we recommend the use of FIPS level 3 when you set up a Security World. When you configure a Security World to use FIPS level 3 with OneSpan Authentication Server, an OCS card should be permanently inserted into each HSM that is integrated with OneSpan Authentication Server.

The hardserver is an Entrust nShield client daemon that manages communication between each HSM inside the Security World and OneSpan Authentication Server. It is typically installed and configured on the same machine that hosts OneSpan Authentication Server.

When configuring and working with the Hardserver, you will need to establish a privileged connection for some operations and tasks (see Entrust nShield – Privileged connection requirements).