HID® Crescendo® API
Documentation
HID Crescendo Authenticators are portable devices that provide a security-evaluated isolated computing environment dedicated to the generation, storage and use of cryptographic keys used for authentication, generation of digital signatures and protection of encryption keys.
HID Crescendo Authenticators share a common framework that can be leveraged in different form factors, and two main families are available:
How HID Crescendo devices improve security
A strong identity is the foundation of zero trust security and helps organizations protect personal and corporate data as well as meet regulatory requirements.
HID Crescendo devices enable organizations to improve their security posture and make progress towards removing passwords from their logical access control systems.
The study of security breaches has provided strong evidence that using passwords represent the largest risk factor for any organization. Either supplementing passwords with additional authentication factors, or outright replacing them with strong authentication devices is the best way to protect users, applications and data.
With HID Crescendo devices, it is possible to enable users with well-established security mechanisms, such as:
- OATH one-time passwords One-Time Passwords (OTP) are secure passwords that can be used only once. that are a popular choice to protect VPN gateways and sign data transactions,
- PKI certificates A public key infrastructure (PKI) consists of software and hardware that a trusted third party—a Certificate Authority (CA)—can use to establish the integrity and ownership of a public key. The CA accomplishes this by issuing signed certificates that affirm the identity of the certificate subject and bind that identity to the public key. that are used by government and regulated industry for the highest level of security, and
- FIDO U2F and FIDO2 based on the same public key cryptography mechanism. At its core, FIDO2 consists of the W3C Web Authentication (WebAuthn) standard and the FIDO Client to Authenticator Protocol (CTAP).
While FIDO U2F and FIDO2 support comes standard out of the box in HID Crescendo devices, OTP and PKI require configuring the HID Crescendo device to work with the selected back-end system.
This API documentation describes the low-level APDU commands that are available to configure the PKI or OTP mechanisms.
It also provides an introduction to the applications in the authenticator, and the shared mechanisms that secure access to the different services. It then presents dedicated sections for PKI and OTP that explain how to create or load keys into the HID Crescendo device and how to subsequently use those keys for authentication, signature or encryption key exchange.
To explore the API documentation, enter keywords or phrases in the search bar or use the expandable menu in the top-left corner.
Standards
