AnsweredAssumed Answered

SecurID mobile SDK for transaction signing

Question asked by FUJIMOTO YOSHIHIRO on Feb 9, 2016

I have questions about SecurID mobile SDK for transaction signing.

 

 

If I operate the token in the following way, "generateSignature" method returns errors.

(1) Set the clock of smart phone for a future time.

(2) Generate Transaction signature by "generateSignature"

(3) Set the clock of smart phone for the current correct time.

(4) Try to generate Transaction signature by "generateSignature".

    SDK for Android returns "InvalidTokenOperationException" and

   SDK for iOS returns "SECURIDLIB_ERR_PREVIOUS_SIGNATURE"

 

 

We are informed that this is an intended behavior by EMC Japan.

 

 

(question 1)

It is difficult that an app prevent users from changing time-setting because it is system privileges.

Some users may accidentally set their clock for a future time.

For example, if users generate signatures in 2017, they cannot generate signature until 2017.

Are there any workarounds for these users?

 

 

(question 2)

I heard that we can resolve the issue by restarting apps.

But we could not generate correct transaction signature, even we restart my app.

(Because the data of token is not be modified after I restart my app.)

Is this intended behavior?

Outcomes