ASM
Introduction
This section instructs you on how to manage the App Security Management Module (ASM) on the KOBIL Smart Security Management Server (Security Server). With the App Security Management module (ASM), you can manage the apps, their users and the corresponding devices (for example smartphone or mIDentity mini). Along with these management functions of the ASM, the SOAP functions provided by the service node can for example be integrated into a web portal to verify devices and users already registered on the system. In addition, note that you must install the SVM module to be able to use ASM. With SVM you can assign certificates to the user or to the device and enforce the authentication of signed data.
General Information
This manual is aimed at the administrators who install, configure and use the KOBIL Smart Security Management Server. The document is also intended for those who use the App Security Technology and manage the apps. This manual only describes specifically how to use the App Security Management Module (ASM). Requirement for the use of this module is the installation of the main module (Kernel) and of the SVM module, which can be simultaneously installed via the “Configuration Utility”. Please find more information about the Configuration Utility in the installation manual of the KOBIL Security Server. For information about the other modules and documents for the administration of the Security Server, contact KOBIL support.
ASM Portal Overview
The Portal Demo demonstrates the App Security Management Module and, in particular, the applications Trusted Message Sign (TMS) and Trusted Web View (TWV). For your Portal website, you can of course develop and use your own web application. The installation and configuration of the ASM Portal Demo, which can be found with the needed war file as well as the source code in the following directory:
<SSMS_INSTALL>/modules/asm/samples/asm-portaldemo<version>/
Role Management in the App Security Management module
A role must be assigned to each operator of the system. The division into different roles defines the authorizations of every single operator. Please find information on how to create roles and assign them permissions manual for the Kernel module. Please find the roles and authorizations to use the Management SOAP interface in the description of the single methods in soap-interfaces. The services SOAP interface is secured via SSL server authentication and does not require any other authentication of a user.
Create ASM CA certificates
Before you can access the views and functionalities of the App Security Management Module, you must create the required CA certificates (please find additional information on the CA certificate in the installation manual). Two types of ASM CA certificates are available, which are used for the creation of subordinate CA end-user/not sub-CA certificates for apps and devices. The ASM CA is used to create app certificates (software) The ASM CA HARDWARE is used to create personalized certificates for hardware devices The certificates are created the first time you click on the tab “App Security Management”. For this purpose, you will be prompted by a pop-up window to enter the password of the Security Server CA certificate. The password of the Security Server CA certificate is identical to that of the certificate request of the Security Server and was defined by the administrator of the configuration tool.
After you have entered the password, it is verified, and you receive a notification of the successful certificate creation. Then, you have full access to all views and functions of this module. If the certificate was created successfully, it is also shown in the Signature Verification module (SVM) Issuer Certificates view (please find additional information in the administrator manual for the SVM module).