Audited Provisioning Events
-
Device, credential, authenticator creation
-
Device assignment to user
-
Device issuance request creation
-
Device registration
-
Device renewal (triggered by HID Approve)
-
Device status change
-
Registration failure due to Policy Rule
Sample Events for Request Device Registration by the Bank Application
user : myTestUser1
userID :11413
device id : 11416
-
Creation of a new device for the user:
Copy{
"timestamp": 1524053040354,
"parameters": "{\"EXD\":\"18\\\/04\\\/2020\",\"DTC\":\"DT_TDSV4\",\"Action\":\"addDevice\",\"DSD\":\"18\\\/04\\\/2018\",\"ISN\":\"null\"}",
"userid": 11037,
"targetuserid": 0,
"status": "RESPONSE_SUCCESS",
"sessionid": "df751eb1a349669e3b579b0b18b283e5f644769cf086717e86326ccc0b5fa815",
"channel": "SSP_DIRECT",
"eventid": "addDevice",
"entityid": "myTestUser1",
"directextref": "sys10560243183413492",
"auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.EUVcLpNmjWlCSzh4gfXrx1WG78Ff7yDZZEZkRTCG84Q="
}
-
Assignment of the device to user:
Copy{
"timestamp": 1524053040396,
"parameters": "{\"Action\":\"assignDeviceToUser\",\"DID\":\"11416\"}",
"userid": 11037,
"targetuserid": 0,
"status": "RESPONSE_SUCCESS",
"sessionid": "df751eb1a349669e3b579b0b18b283e5f644769cf086717e86326ccc0b5fa815",
"channel": "SSP_DIRECT",
"eventid": "assignDeviceToUser",
"entityid": "myTestUser1",
"directextref": "sys10560243183413492",
"indirectextref": "myTestUser1",
"auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.pOOQrYhohIEAH3bRKUUdCs31JzoJ7EgSeR+advDvx3c="
}
-
Creation of the issuance request (request generation of the QR code/registration information):
Copy{
"timestamp": 1524053041060,
"parameters": "{\"DTC\":\"DT_TDSV4\",\"Action\":\"createDeviceIssuanceRequestExt\"}",
"userid": 11037,
"targetuserid": 0,
"status": "RESPONSE_SUCCESS",
"sessionid": "df751eb1a349669e3b579b0b18b283e5f644769cf086717e86326ccc0b5fa815",
"channel": "SSP_DIRECT",
"eventid": "createDeviceIssuanceRequestExt",
"entityid": "11417",
"entitytype": "DEVICE",
"directextref": "sys10560243183413492",
"auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.EoO4of4jeP6VrKlCV36tm4q\/+1Lm1YYGb3qiu9\/faSE="
}
Sample Events for Mobile Device Registration
user : myTestUser1
userID :11413
device id : 11416
device issuance request id : 11417
-
Example audit event for authentication of the device (allowing the registration):
Copy{
"timestamp": 1524053050245,
"response": "SUCCESS",
"parameters": "{\"ATC\":\"AT_TDSOOB\",\"DAM\":\"1\",\"DTC\":\"DT_TDSOOB\",\"Action\":\"primaryAuthenticateDevice\",\"DSD\":\"null\",\"ISN\":\"null\",\"ANS\":\"false\",\"ARP\":\"\"}",
"userid": 11413,
"targetuserid": 0,
"status": "RESPONSE_SUCCESS",
"sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
"channel": "CH_TDSPROV",
"eventid": "primaryAuthenticateDevice",
"entityid": "11417",
"directextref": "myTestUser1",
"indirectextref": "myTestUser1",
"authtypecode": "AT_TDSOOB",
"auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.au3dg4dkmYDt\/+vODk87jma9cTjIa3OYIjsMBzQdj4o="
}
-
Example of session key establishment (first step of the registration protocol):
Copy{
"timestamp": 1524053054181,
"message": "updateDeviceIssuanceRequest is successful",
"parameters": "{\"Action\":\"updateDeviceIssuanceRequest\",\"STP\":\"SessionKeyEstablishment\"}",
"userid": 11413,
"targetuserid": 0,
"status": "RESPONSE_SUCCESS",
"sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
"channel": "CH_DIRECT",
"eventid": "updateDeviceIssuanceRequest",
"entityid": "11040",
"directextref": "myTestUser1",
"indirectextref": "myTestUser1",
"authtypecode": "AT_SMK",
"auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.ADDbS0i1VEc+wXEXlNjP3B7WO2OOfQRMSjsxDUKRaO8="
}
-
Example of information about the device (customization step of the registration protocol):
Copy{
"timestamp": 1524053060826,
"message": "updateDeviceIssuanceRequest is successful",
"parameters": "{\"DIF\":\"{pushid:emaj9JTQ9gw:APA91bE-vPYxcwZjLhhp6-O2wHOWergZG0JMR-nM9nnFjuW2kEFEoYWL-SmQi-738ofIdS84BG6_vJv9KfoI5UFJ1ys21QodIc3JwdW0QObrXDmQXWMgBpTEPn7DQm82D2z5FAb1RQV1,os:Android,devicefriendlyname: mytestUser1Mobile,containerinfo:{containerfriendlyname:,containerid:15},keystore:hw,model:SM-N910F,isrooted:false,osversion:6.0.1,locale:en-US,devicesn:c463c00d-a7ac-4ddc-89d4-569c2523051a,manufacturer:samsung,isfpenabled:none}\",\"Action\":\"updateDeviceIssuanceRequest\"}",
"userid": 11413,
"targetuserid": 0,
"status": "RESPONSE_SUCCESS",
"sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
"channel": "CH_DIRECT",
"eventid": "updateDeviceIssuanceRequest",
"entityid": "11040",
"directextref": "myTestUser1",
"indirectextref": "myTestUser1",
"authtypecode": "AT_SMK",
"auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.K0ulRcmk0I9mceqHOGtMXU+jOjMmcMuYCe7e3JoicpA="
}
-
Example of RSA Signing key generation:
Copy{
"timestamp": 1524053071768,
"message": "updateDeviceIssuanceRequest is successful",
"parameters": "{\"Action\":\"updateDeviceIssuanceRequest\",\"CTC\":\"CT_SMKV4\",\"PUK\":\"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdP+XEyKYSuB8joCvwv2P0EhDjW\\\/wd3Wb\\\/Pm5fBKQTJYUOQmRRmiXvVYcMixSlGcpmgals3AnPiy0UzFS3VNgbtBTNA83xA9DxqVP1qdX\\\/lNmTlJmfWJsVXypzn6j38Uz8tF8r5MSEEXg50zKuixCAN9QO1pN\\\/FSqOPUA5pEiAxcKhSDPHxb++qEHmJeA2ZTOypMepQdwwq71V71qYbg9qKmTjay4kxZlcNv7bP9dISMTvsFW8QOupSMJHSJns\\\/3E64yxGj1AUs5fLTpFwGA+c3uJnJopPBO0mnoHlipD1frgFYncCPVazclYaZMisevi5W1cXkJjwgWsRepYCADsQIDAQAB\",\"STP\":\"keygeneration\",\"CCO\":\"SMK_11416\",\"CID\":\"11420\"}",
"userid": 11413,
"targetuserid": 0,
"status": "RESPONSE_SUCCESS",
"sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
"channel": "CH_DIRECT",
"eventid": "updateDeviceIssuanceRequest",
"entityid": "11040",
"directextref": "myTestUser1",
"indirectextref": "myTestUser1",
"authtypecode": "AT_SMK",
"auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.xpK2AiggC5erYXimH0QXnCVSPjYhf5jpQKF3djRwHN0="
}
-
Example of authenticator creation:
Copy{
"timestamp": 1524053077034,
"message": "updateDeviceIssuanceRequest is successful",
"parameters": "{\"ATC\":\"AT_SMK\",\"DTC\":\"DT_TDSV4\",\"Action\":\"updateDeviceIssuanceRequest\",\"STP\":\"createAuthenticator\",\"DID\":\"11416\"}",
"userid": 11413,
"targetuserid": 0,
"status": "RESPONSE_SUCCESS",
"sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
"channel": "CH_DIRECT",
"eventid": "updateDeviceIssuanceRequest",
"entityid": "11040",
"entitytype": "DEVICE",
"directextref": "myTestUser1",
"indirectextref": "myTestUser1",
"authtypecode": "AT_SMK",
"auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.S8vv6\/Zywkvl0bunx\/YcpTktKPDjFlYBCdyiHDRw\/nQ="
}
-
Example of registration failure due to a rule not allowing registration (on PARAMETERS field of the audit event updateDeviceIssuanceRequest):
Copy{ "MSG" = "protocolstatus error :3, Message:Not allowed to provision for hw device,reason:rule,RuleID:Not allowed to provision for hw device" "Action" = "updateDeviceIssuanceRequest" }
Sample Event for Device Renewal (Triggered by HID Approve)
Example of an audit event for device renewal triggered by HID Approve:
"DIF"="{pushid:N2YGNA5bvwh2xqgDPU5KnpMkHzj3i+M7v83xojx9Uq0=,isFPenabled:true,os:iOS,devicefriendlyname:IAM_IPHONE_23_iPhone11ProMax,containerinfo:{containerfriendlyname:HID Global PUSH 6 -8.3+,containerid:9},keystore:hw,model:iPhone,locale:en-FR,osversion:13.3,devicesn:be06d635-612f-4ce9-ac2c-b958581218b6,isRooted:false,manufacturer:Apple}" "DTC"="DT_1321"
"Action"="updateDeviceIssuanceRequest" "STS"="PENDING"
"DSD"="17/12/2019 16:09:55" "DID"="92121"
"DSN"="renew_91541"
}
You can view the event using the ActivID Management Console. For example: