Secure Channel 

Secure Channel is an optional feature applicable to authenticators compliant with the multi-device activation process (in the context of multi-device licensing). The optional use of secure channels after activation of an authenticator instance allows to protect the messages that are exchanged between the server side and the client side.

The secure channel will be usable only if the Secure Channel feature has been ordered from and configured by OneSpan at the time of order.

The Secure Channel feature applies a new protocol that uses payload keys to protect the confidentiality and authenticity of the message's payload. A single master payload key is shared among all authenticator instances linked to a certain authenticator license, enabling the end user to transparently use multiple authenticators to answer the transaction request message.

The Secure Channel feature requires the mandatory provisioning of a payload key represented on the server side by a payload key BLOB. In this case, first a payload key will have to be generated once for each authenticator license. The different authenticator instances activated from one authenticator license must share the same payload key. After the activation, the payload key will protect the request and deactivation messages for exchange between the server and the client devices that have been activated using a particular authenticator license (for a particular user account).

The parameters used to generate the request body for Secure Channel messages can be configured via the POLICIES > Secure Channel tab of the Administration Web Interface.

If Secure Channel has not been ordered, OneSpan Authentication Server will not generate and provision any payload key.