Net iD Access Server – Log samples from serverside

A registered user in Net iD Access Server


 

A user post in the server can look like this:

001-user-SE2321000057-65JX

Which corresponds just fine to the users certificate used when registering for this instance of Net iD Access Server:

001-user-SE2321000057-65JX_certificate

The authentication process


 

Login request – 1

This a sample of a login request. The user has just entered the UserID but not yet started the Net iD Access App and the value of <Status> is OUTSTANDING_TRANSACTION

002a-request-0090029497

The complete NonVisibleData-tag looks like this:
PGF1dGhlbnRpY2F0ZT48c2VydmVyPlRoZSBHYWxhY3RpYyBSZXB1Y
mxpYzwvc2VydmVyPjx1c2VyPlNFMjMyMTAwMDA1Ny02NUpYPC91c2V
yPjxkYXRlPjIwMTItMTAtMDQgMTM6NTk6MzEgVVRDPC9kYXRlPjwvYX
V0aGVudGljYXRlPg==

The NonVisibleData is Base64-encoded an if we decode the string we find this:

NonVisibleData_decoded

Login request – 2

Here’s the next step in the login request. The user has started Net iD Access App, the challenge from Net iD Access Server have reached the end user device but the user have not entered the PIN code yet. The value of <Status> is USER_SIGN

002b-request-0090029497

/active/ ???????

002c-active-SE2321000057-65JX

Login request – 3

In the last step we can see that <Status> has changed to COMPLETE and <Signature> is no longer empty. We can also see information about the device in the <Device> tag.

002d-request-0090029497

The complete Signature-tag looks like this: (just added the PKCS#7 lines)
auth_nias.txt

If we decode it we can see that it all makes sense and that the challenge really is in there.

auth_signature_parsed

Here’s the complete PKCS#7 parsed: auth_nias_pem_parsed.txt