SecOVID
Introduction
This manual instructs you on how to manage the SecOVID module on KOBIL Security Server. Please find a detailed description of all the settings in the administrator manual for the Kernel module. The SecOVID module helps you manage the SecOVID tokens.
General information
This manual is aimed at the operators who install, configure and use the KOBIL Smart Security Management Server. This manual only describes specifically how to use the SecOVID module. This manual does not describe the other modules of the KOBIL Security Server. For information about the other modules and documents for the administration of the SSMS, contact the support.
Storage and hardware recommendations
The following is a rough estimation of the storage needed for the routine use of the SecOVID module:
- A SecOVID user approximately requires 120 Bytes
- A SecOVID Token approximately requires 160 Bytes
- A SecOVID reporting entry approximately requires 120 Bytes
With regards to the hardware, a RAM size of 32 GByte, a hard disk drive of 1 or 2 TeraBytes and 4 to 8 CPU cores should ensure the correct functioning of the module. Please note that these are only suggestions and that your system might have other requirements.
SecOVID Module
The SecOVID module manages SecOVID tokens and allows the verification of the one-time passwords produced by the SecOVID tokens. This module can communicate in particular with RADIUS via an interface but there is no dependence between the two modules. More precisely, RADIUS can forward requests for authentication to SecOVID and SecOVID sends the answer back to RADIUS. Please find more details about the installation of the modules in the installation manual of the KOBIL SSMS. Several functions in the GUI or via the SOAP interface help you manage SecOVID tokens. To call the SOAP management functions, you can use the delivered command line tools. However, the SOAP interface can also be used to integrate the server into the existing IT infrastructure.
⚠️ The following SecOVID external applications are delivered as source code sample, which you can change as you wish. Please note, however, that KOBIL does not test the tools with regard to their correct functioning
SecOVID Token Import
This tool allows you to import the tokens and their secret information into the server. The import file is made available by the producer of the tokens or can be exported from the SSMS. The import file is always encrypted for a single server and can only be imported into this server.
SecOVID Token Export
This tool allows you to export the SecOVID tokens securely from a server. The data are encrypted for the server which should import them.
SecOVID Token Management
The Token Management offers the following functions: • Assign SecOVID tokens to users or remove the assignment • Lock or unlock SecOVID tokens • Remove SecOVID tokens • Retrieve the list of the SecOVID tokens registered on the server • Retrieve the lock reasons
SecOVID Token Convert
Convert the old data of the SecOVID-Servers.v4 or of the file generated during the token production to an xml file, which can then be imported to the KOBIL SSMS database with the Importer tool.
Along with the SOAP functions provided by the management node, the one belonging to the services node verify the one-time passwords (OTP). Beyond that, a SecOVID token can also be registered by the user in self-service (assignment of a SecOVID token to a user). During this process, a SecOVID device whose user is not known yet is given to a customer and can be assigned to the user via an activation process (alternatively, the assignment of SecOVID tokens to users can occur via the management GUI).
Role assignment in the SecOVID module
A role must be assigned to each operator of the system. The division into different roles defines the authorizations of every single operator. Please find information on how to create roles and assign them permissions manual for the Kernel module. The services SOAP interface is secured via SSL server authentication and does not require any other authentication of a user.