|Applies To||RSA Product Set: Adaptive Authentication (OnPrem)|
RSA Product/Service Type: Device Id, Device Token, Device Print
RSA Version/Condition: 7.1
|Tasks||The purpose of this article is to explain the components of Device Id, Device Token, and Device Print. |
It describes what data makes up a Device Print, and also explains Cookies and/or Flash Shared Objects (FSOs).
|Resolution||For each device that interacts with the System, the following information is captured:|
• Device forensics—The detailed hardware and software characteristics, or device print, of each computer.
• Network forensics—The IP address, subnet, ownership, and geographic location of the network connection the computer is using.
Device Tokens - When a user enrolls in the system, a device token is created and must be placed on the user’s device. Tokens are generated by the AA system and then stored on the client device in the form of Cookies and/or Flash Shared Objects (FSOs). Each device token is constructed using the following format:
[Token Version][Key Name][Encrypted Token Information]
PMV6 3t a8xQL%2Bq81c604NnBghw42s%2Bm1RvWdjxdBR7d33pUxUEckNFIhQNZSsk9ZuVLZL8h9iLtkzn2cBtYYKqdqBJX7w%3D%3D
Cookie and Flash (FSO) token Locations:
For Internet Explorer 8 browser, the cookie will be written in the following location:
Please sort folder by the date modified and verify the file with the latest time stamp, or the one which matches the last login attempt. RSA AA cookies start the "PMV6" string.
The flash tokens are stored inside:
Check the folder for the latest time stamp and under it you should find a folder with your domain name. And the RSA AA flash tokens should be under "swf\pmfso.swf" folder.