Security Requirements - Client Certificates
When your system(s) connect to XiSecure to either obtain a token or detokenize a token (meaning, get the actual raw card number), a security measure called a client certificate is used.
Client Certificate
A client certificate uses the concept of public/private key pairs to authenticate the POP or other system that is making a call to the XiSecure On-Demand Service. It has permission levels assigned to it that control the actions that are performed from the requesting application/system. For example, a client certificate may only have encrypt permissions meaning that the application or system using that client certificate can only make requests to XiSecure On-Demand to tokenize a card number; it cannot submit a token and obtain the raw card number from XiSecure.
If you are using DI for SAP with single sign-on (SSO) implemented, you are not required to have separate login credentials for the DI SAP GUI that is launched in your web browser from SAP.
XiSecure (XiSecure) has the following permission levels available; the most commonly used are SingleEncrypt and SingleDecrypt (which is standard tokenize and detokenize).
| Permission Name | Description |
|---|---|
|
SingleEncrypt |
Tokenize a card number using a standard token generated by XiSecure. |
|
SingleDecrypt |
Detokenize a card number that was tokenized with SingleEncrypt operation. |
|
SingleEncryptbyKey |
Allows you to encrypt a card number and use an application defined token in lieu of the XiSecure generated token. |
|
SingleDecryptbyKey |
Detokenize a card number that was tokenized with SingleEncryptbyKey operation. |
|
GetSearchCriteria |
Allows you to identify a token for a credit card number that already exists in the database. This information can be used for searches, for example, if you want to create a report of orders for a given credit card number, you would need to identify the token first since that is what is stored in your system. |