Audited Provisioning Events

  • Device, credential, authenticator creation

  • Device assignment to user

  • Device issuance request creation

  • Device registration

  • Device renewal (triggered by HID Approve)

  • Device status change

  • Registration failure due to Policy Rule

Sample Events for Request Device Registration by the Bank Application

Copy
user : myTestUser1
userID :11413
device id : 11416
  • Creation of a new device for the user:

    Copy
    {
            "timestamp": 1524053040354,
            "parameters": "{\"EXD\":\"18\\\/04\\\/2020\",\"DTC\":\"DT_TDSV4\",\"Action\":\"addDevice\",\"DSD\":\"18\\\/04\\\/2018\",\"ISN\":\"null\"}",
            "userid": 11037,
            "targetuserid": 0,
            "status": "RESPONSE_SUCCESS",
            "sessionid": "df751eb1a349669e3b579b0b18b283e5f644769cf086717e86326ccc0b5fa815",
            "channel": "SSP_DIRECT",
            "eventid": "addDevice",
            "entityid": "myTestUser1",
            "directextref": "sys10560243183413492",
            "auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.EUVcLpNmjWlCSzh4gfXrx1WG78Ff7yDZZEZkRTCG84Q="
        }
  • Assignment of the device to user:

    Copy
    {
            "timestamp": 1524053040396,
            "parameters": "{\"Action\":\"assignDeviceToUser\",\"DID\":\"11416\"}",
            "userid": 11037,
            "targetuserid": 0,
            "status": "RESPONSE_SUCCESS",
            "sessionid": "df751eb1a349669e3b579b0b18b283e5f644769cf086717e86326ccc0b5fa815",
            "channel": "SSP_DIRECT",
            "eventid": "assignDeviceToUser",
            "entityid": "myTestUser1",
            "directextref": "sys10560243183413492",
            "indirectextref": "myTestUser1",
            "auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.pOOQrYhohIEAH3bRKUUdCs31JzoJ7EgSeR+advDvx3c="
        }
  • Creation of the issuance request (request generation of the QR code/registration information):

    Copy
    {
            "timestamp": 1524053041060,
            "parameters": "{\"DTC\":\"DT_TDSV4\",\"Action\":\"createDeviceIssuanceRequestExt\"}",
            "userid": 11037,
            "targetuserid": 0,
            "status": "RESPONSE_SUCCESS",
            "sessionid": "df751eb1a349669e3b579b0b18b283e5f644769cf086717e86326ccc0b5fa815",
            "channel": "SSP_DIRECT",
            "eventid": "createDeviceIssuanceRequestExt",
            "entityid": "11417",
            "entitytype": "DEVICE",
            "directextref": "sys10560243183413492",
            "auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.EoO4of4jeP6VrKlCV36tm4q\/+1Lm1YYGb3qiu9\/faSE="
        }

Sample Events for Mobile Device Registration

Copy
user : myTestUser1
userID :11413
device id : 11416
device issuance request id : 11417
  • Example audit event for authentication of the device (allowing the registration):

    Copy
    {
            "timestamp": 1524053050245,
            "response": "SUCCESS",
            "parameters": "{\"ATC\":\"AT_TDSOOB\",\"DAM\":\"1\",\"DTC\":\"DT_TDSOOB\",\"Action\":\"primaryAuthenticateDevice\",\"DSD\":\"null\",\"ISN\":\"null\",\"ANS\":\"false\",\"ARP\":\"\"}",
            "userid": 11413,
            "targetuserid": 0,
            "status": "RESPONSE_SUCCESS",
            "sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
            "channel": "CH_TDSPROV",
            "eventid": "primaryAuthenticateDevice",
            "entityid": "11417",
            "directextref": "myTestUser1",
            "indirectextref": "myTestUser1",
            "authtypecode": "AT_TDSOOB",
            "auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.au3dg4dkmYDt\/+vODk87jma9cTjIa3OYIjsMBzQdj4o="
        }
  • Example of session key establishment (first step of the registration protocol):

    Copy
    {
            "timestamp": 1524053054181,
            "message": "updateDeviceIssuanceRequest is successful",
            "parameters": "{\"Action\":\"updateDeviceIssuanceRequest\",\"STP\":\"SessionKeyEstablishment\"}",
            "userid": 11413,
            "targetuserid": 0,
            "status": "RESPONSE_SUCCESS",
            "sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
            "channel": "CH_DIRECT",
            "eventid": "updateDeviceIssuanceRequest",
            "entityid": "11040",
            "directextref": "myTestUser1",
            "indirectextref": "myTestUser1",
            "authtypecode": "AT_SMK",
            "auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.ADDbS0i1VEc+wXEXlNjP3B7WO2OOfQRMSjsxDUKRaO8="
    }
  • Example of information about the device (customization step of the registration protocol):

    Copy
    {
            "timestamp": 1524053060826,
            "message": "updateDeviceIssuanceRequest is successful",
            "parameters": "{\"DIF\":\"{pushid:emaj9JTQ9gw:APA91bE-vPYxcwZjLhhp6-O2wHOWergZG0JMR-nM9nnFjuW2kEFEoYWL-SmQi-738ofIdS84BG6_vJv9KfoI5UFJ1ys21QodIc3JwdW0QObrXDmQXWMgBpTEPn7DQm82D2z5FAb1RQV1,os:Android,devicefriendlyname: mytestUser1Mobile,containerinfo:{containerfriendlyname:,containerid:15},keystore:hw,model:SM-N910F,isrooted:false,osversion:6.0.1,locale:en-US,devicesn:c463c00d-a7ac-4ddc-89d4-569c2523051a,manufacturer:samsung,isfpenabled:none}\",\"Action\":\"updateDeviceIssuanceRequest\"}",
            "userid": 11413,
            "targetuserid": 0,
            "status": "RESPONSE_SUCCESS",
            "sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
            "channel": "CH_DIRECT",
            "eventid": "updateDeviceIssuanceRequest",
            "entityid": "11040",
            "directextref": "myTestUser1",
            "indirectextref": "myTestUser1",
            "authtypecode": "AT_SMK",
            "auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.K0ulRcmk0I9mceqHOGtMXU+jOjMmcMuYCe7e3JoicpA="
        }
  • Example of RSA Signing key generation:

    Copy
    {
            "timestamp": 1524053071768,
            "message": "updateDeviceIssuanceRequest is successful",
            "parameters": "{\"Action\":\"updateDeviceIssuanceRequest\",\"CTC\":\"CT_SMKV4\",\"PUK\":\"MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArdP+XEyKYSuB8joCvwv2P0EhDjW\\\/wd3Wb\\\/Pm5fBKQTJYUOQmRRmiXvVYcMixSlGcpmgals3AnPiy0UzFS3VNgbtBTNA83xA9DxqVP1qdX\\\/lNmTlJmfWJsVXypzn6j38Uz8tF8r5MSEEXg50zKuixCAN9QO1pN\\\/FSqOPUA5pEiAxcKhSDPHxb++qEHmJeA2ZTOypMepQdwwq71V71qYbg9qKmTjay4kxZlcNv7bP9dISMTvsFW8QOupSMJHSJns\\\/3E64yxGj1AUs5fLTpFwGA+c3uJnJopPBO0mnoHlipD1frgFYncCPVazclYaZMisevi5W1cXkJjwgWsRepYCADsQIDAQAB\",\"STP\":\"keygeneration\",\"CCO\":\"SMK_11416\",\"CID\":\"11420\"}",
            "userid": 11413,
            "targetuserid": 0,
            "status": "RESPONSE_SUCCESS",
            "sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
            "channel": "CH_DIRECT",
            "eventid": "updateDeviceIssuanceRequest",
            "entityid": "11040",
            "directextref": "myTestUser1",
            "indirectextref": "myTestUser1",
            "authtypecode": "AT_SMK",
            "auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.xpK2AiggC5erYXimH0QXnCVSPjYhf5jpQKF3djRwHN0="
        }
  • Example of authenticator creation:

    Copy
    {
            "timestamp": 1524053077034,
            "message": "updateDeviceIssuanceRequest is successful",
            "parameters": "{\"ATC\":\"AT_SMK\",\"DTC\":\"DT_TDSV4\",\"Action\":\"updateDeviceIssuanceRequest\",\"STP\":\"createAuthenticator\",\"DID\":\"11416\"}",
            "userid": 11413,
            "targetuserid": 0,
            "status": "RESPONSE_SUCCESS",
            "sessionid": "56c46c812bdfe07b6ddade8b2f68c1590468dea8537f7e0d383a68799235d773",
            "channel": "CH_DIRECT",
            "eventid": "updateDeviceIssuanceRequest",
            "entityid": "11040",
            "entitytype": "DEVICE",
            "directextref": "myTestUser1",
            "indirectextref": "myTestUser1",
            "authtypecode": "AT_SMK",
            "auditsignature": "{HID-IA-4T.AUDIT.1,HMAC-SHA256}.S8vv6\/Zywkvl0bunx\/YcpTktKPDjFlYBCdyiHDRw\/nQ="
        }
  • Example of registration failure due to a rule not allowing registration (on PARAMETERS field of the audit event updateDeviceIssuanceRequest):

    Copy
    { "MSG" = "protocolstatus error :3, Message:Not allowed to provision for hw device,reason:rule,RuleID:Not allowed to provision for hw device" "Action" = "updateDeviceIssuanceRequest" }

Sample Event for Device Renewal (Triggered by HID Approve)

Example of an audit event for device renewal triggered by HID Approve:

Copy
"DIF"="{pushid:N2YGNA5bvwh2xqgDPU5KnpMkHzj3i+M7v83xojx9Uq0=,isFPenabled:true,os:iOS,devicefriendlyname:IAM_IPHONE_23_iPhone11ProMax,containerinfo:{containerfriendlyname:HID Global PUSH 6 -8.3+,containerid:9},keystore:hw,model:iPhone,locale:en-FR,osversion:13.3,devicesn:be06d635-612f-4ce9-ac2c-b958581218b6,isRooted:false,manufacturer:Apple}" "DTC"="DT_1321"
"Action"="updateDeviceIssuanceRequest" "STS"="PENDING"
"DSD"="17/12/2019 16:09:55" "DID"="92121"
"DSN"="renew_91541"
}

You can view the event using the ActivID Management Console. For example: