The purpose of this article is to explain the components of Device Id, Device Token, and Device Print. It describes what data makes up a Device Print, and also explains Cookies and/or Flash Shared Objects (FSOs).
For each device that interacts with the System, the following information is captured:
The Device Print consists of the following pieces of data:
User agent string—The version, platform, and the acceptance-language header (the user's language preference).
Screen resolution—Width, height, and color depth of the user’s screen.
Plug-in information—The browser plugins that a user has installed on his device.
Browser language—The language of the actual browser.
Timezone—The user’s current time zone in GMT.
Language—The user’s browser language and the system language.
Java-enabled—Whether or not the user has java enabled on their device.
Cookies—Whether or not the user has cookies enabled on their device.
The device information collected helps to uniquely identify a user’s device. The system creates a globally-unique Device ID for each computer that accesses it. From then on, the device ID is used to identify the computer and a variety of additional methods are used to verify that identification:
• Device forensics—The detailed hardware and software characteristics, or device print, of each computer. • Network forensics—The IP address, subnet, ownership, and geographic location of the network connection the computer is using. Device Tokens - When a user enrolls in the system, a device token is created and must be placed on the user’s device. Tokens are generated by the AA system and then stored on the client device in the form of Cookies and/or Flash Shared Objects (FSOs). Each device token is constructed using the following format:
Token Version—represents the version of the device token. For instance, “V6” is version 6.
Key name — Name of the seed used to encrypt the data within the token. The seed can be found in the DB table msg_code_keys in the same row as the corresponding key name.
Encrypted Token Information—contains the following for each token:
Version number (generation counter)
Checksum of the above values (to ensure the integrity of the data)
Cookie and Flash (FSO) token Locations: For Internet Explorer 8 browser, the cookie will be written in the following location: C:\Users\<user-loginname>\AppData\Roaming\Microsoft\Windows\Cookies Please sort folder by the date modified and verify the file with the latest time stamp, or the one which matches the last login attempt. RSA AA cookies start the "PMV6" string. The flash tokens are stored inside: "C:\Users\<user-loginname>\AppData\Roaming\Macromedia\Flash Player\#SharedObjects" Check the folder for the latest time stamp and under it you should find a folder with your domain name. And the RSA AA flash tokens should be under "swf\pmfso.swf" folder.