RSA Adaptive Authentication Mobile SDK Modules enable mobile application developers to integrate the world-class security of RSA Adaptive Authentication risk-based authentication into mobile applications on device platforms which include Android™, BlackBerry®, Apple® iOS and Windows® Phone. RSA Adaptive Authentication benefits the customer through offering multi-channel fraud protection. By providing a unified view of the end user of web and mobile channels, RSA Adaptive Authentication provides protection and authentication per channel while analyzing behavior and activities across channels.
The Mobile Data Collection Module provides collection methods for mobile device identifiers and mobile device geolocation data that is used for risk assessment in Adaptive Authentication. It is designed to be embedded in the customer mobile application, from where it enables flexible and customizable collection of device identifiers and location information. RSA Adaptive Authentication Mobile SDK Data Collection Module powers the Mobile Channel Protection Module, an extension of RSA Adaptive Authentication, which compliments the Web Channel Protection Module.
The Mobile Authentication Module provides integration for RSA Adaptive Authentication to enable mobile application developers to utilize fingerprint and eyeprint biometric technology for out-of-band step-up authentication purposes in Adaptive Authentication. These features leverage the end-to-end integration of the Adaptive Authentication Mobile SDK biometrics authentication methods (Fingerprint and Eyeprint) as an out-of-the-box step-up method within Adaptive Authentication. Biometric authentication enables customers to provide end users with ease-of-use, flexibility, and security through a variety of innovative authentication methods, that are appropriate for different end users, scenarios and device types. To ensure maximum privacy protection, all of the biometric data that the SDK collects, remains on the user device. The SDK provides a set of API calls that support initial end-user enrollment and subsequent authentication validation. The Mobile Authentication Module can be integrated within the logical mobile application flows, to provide in-app and on-device biometric authentication methods.
End-to-End Authentication Methods
RSA Adaptive Authentication Mobile SDK Modules version 3.6 provides end-to-end Transaction Signing authentication and One-Time Password Pushed to Mobile Device for RSA Adaptive Authentication (On-Premise) 7.3. For more information, refer to the Adaptive Authentication On Premise 7.3 documentation. These new authentication methods are also planned to be supported by a future RSA Adaptive Authentication (Cloud) 12.x version. A separate notification will be sent upon release.
Out-of-Band Transaction Signing
RSA Adaptive Authentication Mobile SDK Modules version 3.6 introduces transaction signing, an out-of-band step-up authentication method for payment transactions. This authentication method combats fraud from advanced Trojan attacks, by providing assurance of the integrity and authenticity of payment transactions.
In the Adaptive Authentication Back Office Policy Management application, you can set rules that challenge end users with transaction signing. For the authentication to be out-of-band, you must set the Channel Indicator in the Policy Management application to WEB.
When an end user initiates an activity on the web channel, if a policy rule is triggered and an action is set to challenge the end user with transaction signing, the end user receives a push notification on the mobile device with the payment details and is prompted to approve or reject the payment transaction. The end user views the transaction details and approves or rejects the transaction from the mobile device. The approval is sent as a cryptographic signature of the transaction details to the Adaptive Authentication server. Adaptive Authentication validates the signature and based on the results (pass or fail) the end user’s web-based session is updated accordingly (allowed or declined). Payment transactions are signed using RSA cryptographic keys provisioned to the end user's mobile device. To ensure maximum privacy protection, the private key used for signing remains on the user device.
The SDK provides a set of API calls that support initial end-user enrollment, provision to receive the push notification with transaction details and signature generation. The Mobile Authentication Module can be integrated within the logical mobile application flows, to provide an in-app and on-device Transaction Signing authentication method.
One-Time Password Pushed to Mobile Device.
RSA Adaptive Authentication Mobile SDK Modules version 3.6 provides a one-time password pushed to an end user’s mobile device as a step-up authentication method. If a logon or transaction is considered risky, Adaptive Authentication sends a one-time password to the end user’s mobile device in the form of a push notification. The end user then enters the password in the web browser or mobile device to authenticate the online activity.
The SDK provides a set of API calls that support initial end-user enrollment and provision to receive the one-time password push notification. The Mobile Authentication Module can be integrated within the logical mobile application flows, to provide an in-app and on-device One-Time Password Pushed to Mobile Device authentication method.
The documentation is updated to include the changes and enhancements introduced in this release.
Mobile Data Collection Module:
- Android 2.1 and later. The Adaptive Authentication Mobile SDK was tested on version 6.0 (23).
- BlackBerry 5.0 to 7.1
- iOS 6.0 and later. The Adaptive Authentication Mobile SDK was tested on version 9.0.
- Windows Phone 7.0 to 8.1
Mobile Authentication Module:
Authentication methods include biometric authentication, transaction signing and one-time password with push notification.
- Android. From version 4.1.2 (16) and later. The Mobile Authentication Module was tested on all supported versions up to version 6.0(23).
- iOS. From version 7.0. The Mobile Authentication Module was tested on all supported versions up to version 9.0.
Note: For transaction signing, the Mobile Authentication Module supports version 8.2+ and 9.0+ and was tested on versions 8.2, 9.0, 9.1 and 9.2.
For more information, see the Release Notes.
- RSA Adaptive Authentication (Hosted)
- RSA Adaptive Authentication (Cloud)
- RSA Adaptive Authentication (On-Premise)
For specific version support, refer to the appropriate product documentation.
Download Instructions for RSA Adaptive Authentication Mobile SDK Modules 3.6:
Register to download the product package and documentation at one of the following links:
- RSA Link: RSA Adaptive Authentication Mobile SDK
- EMC Community Network: https://developer-content.emc.com/downloads/secure_mobile/rsa_adaptive_auth/rsa_aa_labs.html .
Note: If you are not logged in to the EMC Community Network (ECN), the login screen is displayed. When you log in, you are redirected to the RSA Mobile SDK – Adaptive Authentication Module registration screen. If this link does not lead to the registration screen, copy the URL directly to the browser.
For additional documentation, downloads, and more, visit the RSA Adaptive Authentication on RSA Link
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the link below for additional details.
Product Version Life Cycle