|Applies To||RSA SecurID Authentication Engine 2.x for Java|
RSA SecurID Authentication Engine 2.x for C
|Issue||Can RSA SecurID Authentication Engine return INVALID_PIN (in Java) or EMBADPIN (in C) for pinpad- or software token-based authentication?|
When using a pinpad token (includes software tokens), entering a bad PIN when authenticating does not return a bad PIN status as with a hardware token
|Resolution||This behavior is functioning as designed. Unlike the prepended PIN of a hardware token passcode, a pinpad passcode has its PIN mathematically combined with the tokencode to produce a passcode.|
When processing an invalid pinpad passcode, RSA SecurID Authentication Engine has no way to distinguish between an incorrect PIN and incorrect tokencode; it can only tell that extracting the tokencode with the expected PIN produced an invalid tokencode. This could happen due to an incorrect PIN or tokencode.
Because of the inherent difference in pinpad passcode format, RSA SecurID Authentication Engine will never return INVALID_PIN or EMBADPIN on an authentication attempt for a software or pinpad token.
|Legacy Article ID||a30889|