000031939 - Understanding the components of Device Print and Device Token in RSA Adaptive Authentication (OnPrem) 7.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000031939
Applies ToRSA Product Set: Adaptive Authentication (OnPrem)
RSA Product/Service Type: Device Id, Device Token, Device Print
RSA Version/Condition: 7.1
Platform: All
 
TasksThe purpose of this article is to explain the components of Device Id, Device Token, and Device Print
It describes what data makes up a Device Print, and also explains Cookies and/or Flash Shared Objects (FSOs).
ResolutionFor each device that interacts with the System, the following information is captured:
  • HTTP Headers (User Agent, accept, accept-language, referrer, etc.)
  • Source IP Address
  • Device Print
  • Mobile Device Information
  • Device Token
 The Device Print consists of the following pieces of data:
  • User agent string—The version, platform, and the acceptance-language header (the user's language preference).
  • Screen resolution—Width, height, and color depth of the user’s screen.
  • Plug-in information—The browser plugins that a user has installed on his device.
  • Browser language—The language of the actual browser.
  • Timezone—The user’s current time zone in GMT.
  • Language—The user’s browser language and the system language.
  • Java-enabled—Whether or not the user has java enabled on their device.
  • Cookies—Whether or not the user has cookies enabled on their device.
The device information collected helps to uniquely identify a user’s device.  The system creates a globally-unique Device ID for each computer that accesses it.  From then on, the device ID is used to identify the computer and a variety of additional methods are used to verify that identification:



•    Device forensics—The detailed hardware and software characteristics, or device print, of each computer.

•    Network forensics—The IP address, subnet, ownership, and geographic location of the network connection the computer is using.

 

Device Tokens  - When a user enrolls in the system, a device token is created and must be placed on the user’s device.   Tokens are generated by the AA system and then stored on the client device in the form of Cookies and/or Flash Shared Objects (FSOs).  Each device token is constructed using the following format:



[Token Version][Key Name][Encrypted Token Information]

Example:
PMV6     3t a8xQL%2Bq81c604NnBghw42s%2Bm1RvWdjxdBR7d33pUxUEckNFIhQNZSsk9ZuVLZL8h9iLtkzn2cBtYYKqdqBJX7w%3D%3D

Where:
  • Token Version—represents the version of the device token. For instance, “V6” is version 6.
  • Key name — Name of the seed used to encrypt the data within the token. The seed can be found in the DB table msg_code_keys in the same row as the corresponding key name.
  • Encrypted Token Information—contains the following for each token:
  • Device ID
  • Creation date
  • Version number (generation counter)
  • Checksum of the above values (to ensure the integrity of the data)
 

Cookie and Flash (FSO) token Locations: 

For Internet Explorer 8 browser, the cookie will be written in the following location:

C:\Users\<user-loginname>\AppData\Roaming\Microsoft\Windows\Cookies

Please sort folder by the date modified and verify the file with the latest time stamp, or the one which matches the last login attempt.  RSA AA cookies start the "PMV6" string.

The flash tokens are stored inside:

"C:\Users\<user-loginname>\AppData\Roaming\Macromedia\Flash Player\#SharedObjects"

Check the folder for the latest time stamp and under it you should find a folder with your domain name. And the RSA AA flash tokens should be under "swf\pmfso.swf" folder.

Attachments

    Outcomes