000025852 - What are the token windows used for Event-based tokens?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • Comment0
  • View in full screen mode

Article Content

Article Number000025852
Applies ToSAE version 2.3
Event-based Flex Token
IssueWhat are the token windows used for Event-based tokens?
SAE version 2.3 now support event-based tokens in addition to the traditional time-based SecurID tokens.
The acceptable range of event-based tokencodes is variable.
Resolution

The "window" or range of valid authentication codes varies depending on the state of the token and values in the token's seed record.  For example seed records often contain the following windowing parameters:

 

Small Window:    3

Medium Window: 7

Large Window:    100

Max Counter:      50000

 

SAE authenticates codes found inside the ?Accept Window? and rejects values outside the ?Reject Window?.  Codes that fall between the accept and reject windows (where accept != reject) causes next tokencode mode.

 

State                            Accept Window                         Reject Window

--------                            ----------------------                          ---------------------

1st login                         Large-1                                     Large-1

Normal                          small                                        medium

Waiting for PIN              small                                        medium

Next Tokencode Mode    2                                              2

Resynch (1st)                 max counter                              max counter

Resynch (2nd)                 2                                              2

Legacy Article IDa35281

Attachments

    Outcomes