Thales ProtectServer hardware security modules (HSM)

To set up a Thales ProtectServer HSM to work with OneSpan Authentication Server, you need to configure the following components:

Software

The following software must be installed on the HSM:

  • Thales ProtectServer firmware version 7.02.00 or later (for Thales ProtectServer 3)
  • Thales ProtectServer firmware version 5.7 or later (for Thales ProtectServer 2)

Administrator account

The setup process requires administrative privileges in at least one administration token and one user token on the HSM.

Functionality module (FM)

Setting up a Thales ProtectServer HSM involves copying the OneSpan Authentication Server Framework functionality module file aal2sdk to the machine which will be used for HSM administration. The OneSpan Authentication Server Framework functionality module file may be unsigned or signed, depending on your requirements. OneSpan provides both a signed and an unsigned OneSpan Authentication Server Framework functionality module (refer to the OneSpan Authentication Server Administrator Guide).

HSM usage limitations

  • Deployments of OneSpan Authentication Server with Thales ProtectServer HSM only support HSM devices that run in normal mode, i.e. ET_PTKC_GENERAL_LIBRARY_MODE must be set to NORMAL. When the HSM is run in High Availability or Workload Distribution mode, the installation of OneSpan Authentication Server will fail.