Announcements

SecurID® Discussions

Browse the SecurID discussion board to get product help and collaborate with other SecurID users.
TChandler
Contributor
Contributor

Where does the Token Lifetime Get Assigned?

Jump to solution

We had several hundred software tokens that expired on the same date. We have extended the lifetime of the tokens in question but we would like to know where this lifetime was originally configured in RSA Authentication Manager.

Labels (1)
0 Likes
1 Solution

Accepted Solutions
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor

"at the factory" in the token seed record .xml file that was purchased through RSA and downloaded to your site then imported into into the Security Console.

Before AM 8.2, software tokens could not be extended, so you would have been forced to replace, which requires distribution and download to the user device.  Extending tokens avoids that.

So at some point, or a several points over the years, a company would have purchased, downloaded (or received a CD by mail), imported into Security Console and distributed the software token to a user who would have imported the .sdtid file or CKTip URL into their device (PC or smart phone app), set their PIN and worked....until that token expiration date approached.  In the old days they had to get a replacement token and repeat the distribution and import .sdtid file or CTkip URL (QR code is a picture of a CTKip URL), which is why extend software tokens is very useful

View solution in original post

4 Replies
JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor

"at the factory" in the token seed record .xml file that was purchased through RSA and downloaded to your site then imported into into the Security Console.

Before AM 8.2, software tokens could not be extended, so you would have been forced to replace, which requires distribution and download to the user device.  Extending tokens avoids that.

So at some point, or a several points over the years, a company would have purchased, downloaded (or received a CD by mail), imported into Security Console and distributed the software token to a user who would have imported the .sdtid file or CKTip URL into their device (PC or smart phone app), set their PIN and worked....until that token expiration date approached.  In the old days they had to get a replacement token and repeat the distribution and import .sdtid file or CTkip URL (QR code is a picture of a CTKip URL), which is why extend software tokens is very useful

JayGuillette
Apprised Contributor Apprised Contributor
Apprised Contributor

The Token Seed record .xml files are digitally signed, so you can read them and see expiration dates, but can't edit them

0 Likes

Perfect. That's what I needed to know!

0 Likes

For all tokens: The factory expire date will be seen in the Security Console.

 

For Software Tokens: the end user device will always show Dec 2035 as expire date. This is to facilitate

extending token lifetimes (by purchasing new tokens and using the Security Console) and the end user

need to do nothing. The token will expire on time and the AM admin will know, end user just sees authentications fail.

If you extend the token with a new expire date it will produce good authentications again.

0 Likes