Escolar Documentos
Profissional Documentos
Cultura Documentos
(On-Premise) 7.1
Integration Guide
Contact Information
Go to the RSA corporate website for regional Customer Support telephone and fax numbers:
www.emc.com/domains/rsa/index.htm
Trademarks
RSA, the RSA Logo, BSAFE and EMC are either registered trademarks or trademarks of EMC Corporation in the United
States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC
trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm#rsa.
License agreement
This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and
may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice
below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any
other person.
No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any
unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability.
This software is subject to change without notice and should not be construed as a commitment by EMC.
Note on encryption technologies
This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption
technologies, and current use, import, and export regulations should be followed when using, importing or exporting this
product.
Distribution
Use, copying, and distribution of any EMC software described in this publication requires an applicable software license.
EMC believes the information in this publication is accurate as of its publication date. The information is subject to change
without notice.
THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO
REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS
PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE.
Copyright 2013 EMC Corporation. All Rights Reserved. Published in the USA.
July 2013
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Contents
Preface................................................................................................................................... 3
About This Guide................................................................................................................ 3
RSA Adaptive Authentication (On-Premise) Documentation ............................................ 3
Support and Service ............................................................................................................ 4
Before You Call Customer Support............................................................................. 4
Contents 1
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
2 Contents
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Preface
Preface 3
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Release Notes. Provides information about what is new and changed in this
release, as well as workarounds for known issues. It also includes the supported
platforms and work environments for platform certifications. The latest version of
the Release Notes is available on RSA SecurCare Online at
https://knowledge.rsasecurity.com.
Security Best Practices Guide. Provides recommendations for configuring your
network and RSA Adaptive Authentication (On-Premise) securely.
Web Services API Reference Guide. Describes RSA Adaptive Authentication
(On-Premise) web services API methods and parameters. This guide also
describes how to build your own web services clients and applications using web
services API to integrate and utilize the capabilities of Adaptive Authentication
(On-Premise).
Whats New. Highlights new features and enhancements in RSA Adaptive
Authentication (On-Premise) 7.1.
Workflows and Processes Guide. Describes the workflows and processes that
allow end users to interact with your system and that allow your system to interact
with RSA Adaptive Authentication (On-Premise).
4 Preface
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
1 Encryption System
The RSA Adaptive Authentication (On-Premise) system makes extensive use of
encryption for internal operations with other systems, such as online systems. This
chapter describes where and how encryption is used in the Adaptive Authentication
(On-Premise) system.
Encryption Algorithms
RSA Adaptive Authentication (On-Premise) complies with FIPS 140-2 Level 1 and
uses RSA BSAFE 4.1. For details about FIPS 140-2 compliance, see the
RSA BSAFE Crypto-J 4.1 Security Policy at
http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1291.pdf.
1: Encryption System 5
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Persistence Keys. When the Adaptive Authentication system is first used, a new
entry is created in the MSG_CODE_KEY table with the initial key name. There is
never any externalized storage of persistent keys on the file system or in the
database, except in the compiled Java code.
6 1: Encryption System
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Profanity
There are several methods for validating user-entered data, including using the same
logic that is used to check a users password. However, RSA currently does not offer
any recommended method with which to check this information.
Important: Because of the double-byte nature of the configuration files, you must use
a UTF-8 compatible text editor. If you use a text editor that is not UTF-8 compatible,
you may encounter UTF-8 errors when you load your configuration files.
Note: Changes to the profanity filter are applied only after a configuration reload. For
more information, refer to the topic about reloading a Configuration Tree in the
Operations Guide.
SQL Injection
SQL injection is a way to exploit your web application by inserting a SQL query or
command into fields that are normally reserved for user information that is submitted
as input, such as the user name or password field. This query or command then
submits a request to your database.
RSA Adaptive Authentication (On-Premise) provides functionality to check for SQL
injection.
Configure your application to check for potential SQL queries or commands.
XML Injection
XML injection is a way for fraudsters to manipulate the users SOAP API by inserting
XML fragments into the users input fields. XML injection can cause undesired
behavior of the system, such as disabling the running of the RSA Risk Engine.
Configure your application to look for the following character strings and disallow
these strings from the users input:
<!- - -->
Special Characters
RSA Adaptive Authentication (On-Premise) provides functionality to check for
special characters. Configure your application to look for and disallow the following
characters in user input:
If your system finds any of these characters within the users data fields, it displays an
input error to the user and asks the user to resubmit the data.
Scripting Patterns
RSA Adaptive Authentication (On-Premise) provides functionality to check for
scripting patterns. Configure your application to look for and disallow the following
scripting patterns in user input:
' " ` \
Device Information
Device information is a collection of facts from a users machine. These facts feed
into the RSA Risk Engine and help identify fraudsters and fraudulent activities. The
collection of these facts is performed through the use of JavaScript and HTTP request
headers.
The device information that is collected helps to uniquely identify a users device.
For each device that interacts with the Adaptive Authentication (On-Premise) system,
the following information is captured:
HTTP headers
Source IP address
Device Print
Mobile Device information
User-defined credentials
Device Token (optional)
HTTP Headers
The information collected within the HTTP headers includes the following:
Accept string
Referrer value
Source IP Address
Source IP addresses are used to further validate the device and to generate user
geographic location forensics. It is important that this value is the IP address of the
end user, not of a proxy or internal machine.
If the web server is fronted with a reverse proxy server, you can use a trusted
proxies mechanism to obtain the true source IP address. This mechanism retrieves
the source IP address by interpreting a different field of the HTTP header based on the
configuration of the proxy that sent the request. For example, if the proxy server that
sent the request is an Apache server, the trusted proxies mechanism looks for the
X-Forwarded-For header field.
Device Print
The Adaptive Authentication (On-Premise) system creates a globally unique device
ID for each computer that accesses your online transaction system. The device ID,
together with additional methods, is used to verify the computers identification. The
additional methods are:
Device forensicsAnalysis of the detailed hardware and software characteristics,
or Device Print, of each computer
Network forensicsAnalysis of the IP address, subnet, ownership, and
geographic location of the network connection the computer is using
The Device Print consists of the following pieces of data:
User agent stringThe version, platform, and the acceptance-language header
(the users language preference)
Screen resolutionWidth, height, and color depth of the users screen
Plug-in informationThe browser plug-ins that a user has installed on the device
Browser languageThe language of the actual browser
Time zoneThe users current time zone in GMT
LanguageThe users browser language and the system language
Java-enabledWhether or not the user has Java enabled on the device
CookiesWhether or not the user has cookies enabled on the device
This information is fed into the RSA Risk Engine and contributes to risk analysis and
fuzzy matching. RSA Adaptive Authentication (On-Premise) supplies a series of
scripts to gather this information
For information about integrating the RSA Mobile SDK - Adaptive Authentication
Module, setting the user permissions, and installing and using the sample application,
see the RSA Mobile SDK - RSA Adaptive Authentication Module Developers Guide.
User-Defined Credentials
For information on user-defined credentials, see the Web Services API Reference
Guide.
Device Token
This checksum and encryption ensures the integrity of the data and verifies the source
of the data as the system.
Domain Scoping
For information about domain scoping, refer to the section about configuring domain
scoping in the Operations Guide.
Note: Device token recovery is automatically enabled for the Adaptive Authentication
(On-Premise) system. You can disable device token recovery by modifying the
relevant parameters in the Administration Console. For more information, see the
Operations Guide.
Due to forensic similarities between browsers across mobile devices, RSA
recommends that you use these capabilities to disable device recovery specifically for
mobile browsers.
If the device recovery score exceeds that threshold, the device token is
considered recovered and the user is allowed to proceed without challenge.
If the device recovery score does not meet the threshold, the device token is
not considered recovered and the user is challenged.
3. If the device token is recovered, a new device token is generated from the
recovered record and sent back to your application to place on the users device.
4. The new information indicating that a device token recovery occurred.
The following figure shows an overview of the information collection during logon,
enrollment, and transaction authentication.
rsa.js. The reference file that shows how to collect Device Print information and
post the information back to the server. For more information, see Retrieval of
the Device Token on page 24.
Note: Ensure that you integrate the JavaScript code from RSA into your web
applications. This JavaScript code collects device information from end users. It is
mandatory that you send RSA the device information through the deviceRequest
element.
pmfso.swf. The Flash movie that reads and sets the FSO.
Signin.jsp. The file that demonstrates how to include the reference information
found in pmfso and pm_fp in the logon workflow.
AC_OETags.js. The JavaScript file created by Adobe that is responsible for
detecting the Flash version on the end-users browser.
Note: The set of files is located in the WebResources.zip package that is installed
with the development utilities component. For more information, see the
Installation and Upgrade Guide.
Note: When placing the token in the FSO, you can also pass the gotoUrl variable with
the value of a specific URL. The page that hosts the Flash redirects the user to the
specified target page after the Flash movie sets the token in the FSO.
// Globals
// Major version of Flash required
var requiredMajorVersion = 6;
// Minor version of Flash required
var requiredMinorVersion = 0;
// Minor version of Flash required
var requiredRevision = 0;
//
------------------------------------------------------------
// -->
</script>
<script language="JavaScript" type="text/javascript">
<!--
// Version check based upon the values defined in globals
var hasReqestedVersion =
DetectFlashVer(requiredMajorVersion, requiredMinorVersion,
requiredRevision);
-->
</script>
Detection of the Browser Type
The FSO token value represents the same token value that is created in the cookie
placed on the browser.
A user may use different types of browsers on the same computer to access the online
site. In this case, different cookies are created for different browsers. Because the FSO
value backs up the same cookie value, different FSOs are created for different browser
types.
To detect the browser type for the Flash usage, RSA uses the rsa.js file. This same file
is used for gathering the device fingerprint. The rsa.js script must be called on every
page that uses the Flash file.
The script contains the BrowserDetect object, which collects the information about the
user's browser. You must use a specific BrowserDetect.browser parameter within
rsa.js to retrieve the browser type as a string.
Example from Signin.jsp:
<script src="rsa.js" language="JavaScript"
type="text/javascript"> </script>
<%@ include file="pmfso.jsp" %>
Example from pmfso.jsp:
<script>
<!--
BrowserDetect.init();
-->
</script>
..."<param name='FlashVars'
value='gotoUrl=<%=gotoUrlEnc%>&sendUrl=<%=sendUrlEnc%>&brows
erType=" + BrowserDetect.browser + "'>"...
Note: The token is passed to the FSO servlet to ensure that the information is bound to
the page hosting the movie. This prevents hackers from stealing movie tokens.
Note: The function, add_deviceprint(), only returns the value of devicePrint. It does
not populate a hidden value to be returned to the Adaptive Authentication
(On-Premise) system.
The following is an example of HTML or JavaScript code that you must add below
the sign-in page with the username field.
<html>
<head>
<script src="rsa.js" language="JavaScript"
type="text/javascript"> </script>
</head>
<body>
<script language="javascript">
document.write("<INPUT TYPE='hidden' id='some id'
value='encode_deviceprint()'>");
</script>
</body>
</html>
Screen informationThe color depth, width, height, and vertical space of the
users screen.
Software plug-insThe software plug-ins installed in the users browser.
Time zoneThe users current time zone.
Browser languageThe language that the user has set in their browser.
A Boolean value that indicates whether Java is enabled in the browser.
A Boolean value that indicates whether cookies are enabled in the users browser.
Operating systemThe operating system installed. Possible values are: Windows,
Linux, Mac, iPhone/iPad, an unknown OS.
Major versionThe major version of the browser.
Browser typeThe browser being used. Possible values are: Netscape, Mozilla,
Explorer, Camino, Firefox, Konqueror, iCab, Opera, Safari, OmniWeb, Chrome.
Latency (internal IP and external IP ping time)
The following is an example of the devicePrint output.
version=1&pm_fpua=mozilla/5.0 (windows; u; windows nt 5.1;
en-us; rv:1.8.0.4) gecko/20060508 firefox/1.5.0.4|5.0
(Windows;
en-US)|Win32&pm_fpsc=32|1280|1024|990&pm_fpsw=def|qt6|qt5|qt
4|qt3|qt2|qt1|swf|pdf|mso|j14|j32|j11|j12|j13|wpm|drn|drm&pm
_fptz=-7&pm_fpln=lang=en-US|syslang=|userlang=&pm_fpjv=1&pm_
fpco=1
deviceLanguage (For releases 2.2 - 2.2.1) The browsers language setting information. string
devicePrint The information collected by the rsa.js script, for Device Print. For string
more information, see Retrieval of the Device Token on page 24.
devicePrintChecked A Boolean value that tells the Adaptive Authentication (On-Premise) boolean
system whether your system checked the Device Print. This value
should be set to true if your system has attempted to retrieve the
Device Print.
deviceTimeZone (For releases 2.2 - 2.2.1) The time zone of the users device. string
screenDevicePrint (For releases 2.2 - 2.2.1) The users screen device information. string
softwareDevicePrint (For releases 2.2 - 2.2.1) The plug-ins on the users device string
userAgent (For releases 2.2 - 2.2.1) The user agent string string
For more information about these fields within Web Services, see the Web Services
API Reference Guide.
Note: You must place the PMDataCookie and the fsoToken on the users device if
returned within the return message.
In accordance with general security best practices, RSA recommends that you verify
that the device token received via the PMData parameter is properly formatted.
Device tokens should only consist of numbers, letters, and the following
special characters: +, \, and =.
The following steps outline how the fsoToken is set into the FSO using
pmfso_set.jsp:
1. Detect whether Flash is installed.
2. Detect the browser type.
3. Run the Flash movie.
Note: The rsa.js and AC_OETags.js files must be included in pmfso_set.jsp or in the
file that contains the pmfso_set.jsp file.
In the pmfso_set.jsp file, two values within the FlashVars parameter are passed to the
Flash movie and need to be set:
PMData - The value of the deviceToken that is extracted from the session.
browserType - The user's browser type that is used to distinguish between FSO
names that were created in different browser types.
The Flash movie, stored in the pmfso.swf file, retrieves the device token and takes
these values as part of the FlashVars parameter, as shown below:
FlashVars='PMData=the deviceToken value &browserType=the
user's browser type'
If you are using a web technology other than JSP, use the following code example to
see how to call the movie and pass it the deviceToken.
<%@ page
import="java.net.URLEncoder,java.util.regex.Matcher,java.util.regex.
Pattern" %>
<%
// get the deviceToken from session. JavaScript will pass this value
to the flash movie
String pmfso_set_devToken = (String)
session.getAttribute("_FLASH_SO_");
if (pmfso_set_devToken == null)
{
pmfso_set_devToken = "";
}
Pattern p = Pattern.compile("[^0-9a-zA-Z/+=]");
Matcher m = p.matcher(pmfso_set_devToken);
Boolean isTokenValid = false;
if (!m.find())
{
pmfso_set_devToken = URLEncoder.encode(pmfso_set_devToken,
"UTF-8");
isTokenValid = true;
}
else
{
// Throw an error
pmfso_set_devToken = "";
isTokenValid = false;
}
%>
5 Information Collection
Trojan Protection Solution
Mobile Location Awareness
This chapter describes the implementation mechanisms that:
Collect information about users Document Object Model (DOM) elements for a
specific HTML page
Collect browser events that occur on an HTML page
Collect detailed information about the location of the end-user mobile device
Provide security from threats arising from man-in-the-middle proxy attacks
The collected data is entered into the RSA Risk Engine and helps the RSA Adaptive
Authentication (On-Premise) system identify potential fraudulent transactions.
Note: Ensure that you integrate the JavaScript code from RSA into your web
applications.
Note: The Trojan Protection Solution feature is designed for websites only, and does
not apply to WAP (mobile Internet) sites.
5: Information Collection 39
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
When the information is collected, it is formatted as a single string and sent to the
RSA Adaptive Authentication (On-Premise) system as part of the domElements
element within the DeviceRequest payload.
Note: This feature is designed for websites only and does not apply to WAP (mobile
Internet) sites.
For information about how to collect data for HTML Injection Protection, see Collect
Information for HTML Injection Protection on page 42.
40 5: Information Collection
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Note: You must apply the script to each page that requires HTML Injection
Protection.
The string is posted to your organizations application and sent as part of the
domElements element within the DeviceRequest payload, to the Adaptive
Authentication (On-Premise) system.
For more information about the flow of this event within Web Services, see the Web
Services API Reference Guide.
For information about how to collect information for HTML Injection Protection, see
Collect Information for HTML Injection Protection on page 42.
5: Information Collection 41
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Note: You cannot collect information for HTML Injection Protection if you do not
complete the information collection for Device Print. Device Print collects
supplementary information for HTML Injection Protection.
Note: You can find these function names, for example, the names of third-party
libraries, in your code.
The functions in this list are not collected, reducing the amount of information
collected. This list also helps to prevent important information from being
truncated due to constraints in the length of the string.
Note: More than two functions can be excluded, for example, 'exclude1',
'exclude2', 'exclude3', 'exclude4'.
RSA recommends that you update the list of excluded functions when there is a
change to the third-party libraries applied to specific HTML pages.
3. Save the json2.js file in the directory in which you saved the rsa.js file.
4. Change the following line to include the name of the json2.js file in the
parenthesis.
For example:
var dom_data_collection = new DomDataCollection('json2.js');
42 5: Information Collection
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Note: This path is relative to the location of the HTML document. This example
assumes that the HTML, rsa.js, and json2.js files are all in the same directory.
The JSON code from the json2.js file can be loaded only if it has not already been
made available by the browser. This can occur when you use an earlier version of
a browser that does not support JSON (for example, Windows Internet Explorer
8).
5. After the HTML page loads and before the onSubmit event, run the main
collection function by entering the following command:
dom_data_collection.startInspection();
6. Format the collected information into a single string by calling the following
function:
var domElementsString = dom_data_collection.domDataAsJSON();
7. Repeat steps 1 through 4 for each page that requires information collection for
HTML Injection Protection.
The string is posted to your organizations application and passed to the Adaptive
Authentication (On-Premise) system as part of the SOAP request.
Note: You must send the value of the pageId field to the Adaptive Authentication
(On-Premise) system using the SOAP request. For more information, see the Web
Services API Reference Guide.
For more information about the flow of this event within Web Services, see the Web
Services API Reference Guide.
Example of the output for HTML Injection Protection
{
functions : {
names : [getX,run],
excluded : {
size : 2830,
count : 259
},
truncated : true,
},
inputs :
[amount,captcha,message,sel1,spell_check,submit,u
name],
iFrames : [http://mysite.com/a.html,
http://mysite.com/iframe],
scripts : [208,337,0,0,0,152],
collection_status : 0
}
5: Information Collection 43
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Man vs. Machine Detection identifies unusual behavior by examining browser events
that occur on an HTML page. JavaScript collects the following browser events:
Keyboard strokes
Mouse movements
When the information is collected, it is formatted as a single string and sent to the
Adaptive Authentication (On-Premise) system as part of the jsEvents element within
the DeviceRequest payload.
Note: This feature is designed for websites only and does not apply to WAP (mobile
Internet) sites.
For information about how to collect data for Man vs. Machine Detection, see
Collect Information for Man vs. Machine Detection on page 45.
44 5: Information Collection
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Note: You need to apply the script to each page that requires Man vs. Machine
Detection.
Note: You must call these two functions after the onLoad event is called and before
the onSubmit event is called.
For more information about the flow of this event within Web Services, see the Web
Services API Reference Guide.
For information about how to collect information for Man vs. Machine Detection, see
Collect Information for Man vs. Machine Detection on page 45.
Note: You cannot collect information for Man vs. Machine Detection if you do not
complete the information collection for Device Print. Device Print collects
supplemental information for Man vs. Machine Detection.
5: Information Collection 45
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Note: You must send the value of the pageId field to the Adaptive Authentication
(On-Premise) system using the SOAP request. For more information, see the Web
Services API Reference Guide.
For more information about the flow of this event within Web Services, see the Web
Services API Reference Guide.
46 5: Information Collection
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Note: This feature is designed for websites only and does not apply to WAP (mobile
Internet) sites.
For this feature, the JavaScript tries to connect to the URL through random ports, to
identify if a proxy exists in the end-user device.
5: Information Collection 47
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Note: This feature is relevant for the following W3C geolocation API types: HTML5
and BlackBerry proprietary API (version 4.1 and later).
The RSA Mobile SDK - Adaptive Authentication Module and JavaScript enable you
to collect the following information:
Longitude
Latitude
Horizontal accuracy
Altitude
Altitude accuracy
Heading
Speed
Time stamp
Status code
When the information is collected, it is formatted as a single string and sent to the
Adaptive Authentication (On-Premise) system as part of the geoLocation element
within the DeviceRequest payload.
For a detailed description of the information collected by the Mobile Location
Awareness feature, see MobileDevice in the chapter Web Services Request Data
Structures and Types in the Web Services API Reference Guide.
For information about how to collect information for Mobile Location Awareness, see
Collect Information for Mobile Location Awareness on page 52.
48 5: Information Collection
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
For information about how to collect data for Mobile Location Awareness, see
Collect Information for Mobile Location Awareness on page 52.
5: Information Collection 49
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Note: This script applies to the following W3C geolocation API types: HTML5 and
BlackBerry proprietary API (version 4.1 and later).
Ensure that you integrate the JavaScript code from RSA into your web applications.
Note: You must call this function during the onLoad event.
You can define specific parameters that help configure the information collection
for Mobile Location Awareness. For a list of these parameters, see Mobile
Location Awareness Parameters on page 50.
Note: You must call this function during the onSubmit event.
Note: If you choose to stop the collection, you can call the stopCollection function
at any time after the onLoad event.
The string is posted to your organizations application and sent to the Adaptive
Authentication (On-Premise) system as part of the geoLocation element within the
DeviceRequest payload.
For more information about the flow of this event within Web Services, see the Web
Services API Reference Guide.
For information about how to collect information for Mobile Location Awareness, see
Collect Information for Mobile Location Awareness on page 52.
50 5: Information Collection
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
Note: If you choose to assign values to the parameters, you must do this before calling
the startCollection function.
When you call the startCollection () function, you must include the assigned values in
the parenthesis, with each value separated by a comma. You must position the values
according to the order of the parameters listed in the following table. For example,
startCollection (Accuracy value, Timeout value, Relevancy value, Expiration value,
aidMode value)..
Default
Parameter Description Valid Range
Value
Accuracy Threshold in meters for the accuracy of a position. This 100 5 - 200
parameter defines the radius of accuracy required to stop
the collection of Mobile Location Awareness
information. If the accuracy radius is lower or equal to
this value, then the location is no longer collected for
that transaction.
Relevancy Threshold in seconds for the age of a relevant position. If 120 60 - 240
the age of a position is lower than or equal to this value,
the collection of Mobile Location Awareness
information stops and that position is saved.
aidMode The level of accuracy according to the type of collection NA See aidMode
mechanism used. Functions on
page 52 for a list
Note: This data type is relevant for the BlackBerry of available
proprietary API (version 4.1 and later). aidMode values.
5: Information Collection 51
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
aidMode Functions
The following table shows a list of aidMode functions.
aidMode Numeric
Description
Function Value
Cellsite Uses the GPS location of the cell site tower to provide first-order GPS 0
information.
Note: The cell site mode requires network connectivity and carrier
support.
Assisted Uses the network to provide short-term satellite data to the device 1
chip.
Autonomous Uses the GPS chip on the BlackBerry device without assistance from 2
the network.
Note: You must apply the script to each page that requires Mobile Location
Awareness.
You must send RSA the collected information as part of the geoLocation element
within the DeviceRequest payload.
52 5: Information Collection
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
}
// Register the wrapper function to the page loading
event
if(window.addEventListener) {
window.addEventListener('load',
geoLocationWrapper, false);
} else if(window.attachEvent) {
window.attachEvent('onload',
geoLocationWrapper;
} else {
window.onload = geoLocationWrapper;
}
</script>
Note: You must call this function during the onLoad event.
2. (Optional) If you have assigned values for the parameters, add these values in the
startCollection parenthesis ().
Note: Each value must be separated by a comma. You must position the values
according to the order of the parameters listed in the table. For a list of the
parameters in the table, see Mobile Location Awareness Parameters on page 50.
For example:
startCollection(50,100,220,55,2)
3. During the onSubmit event, format the collected information into a single string
by calling the following function:
var geoLocationJSON= getGeolocationStruct();
For example:
<script>
function submitData() {
var geoLocationJSON = getGeolocationStruct();
//Send the string via SOAP request
}
</script>
Note: If you choose to stop the collection, you can call the stopCollection function at
any time after the onLoad event. The getGeolocationStruct function formats the
information collected from the time the onLoad event is called until the time the
stopCollection function is called.
4. Repeat steps 1 through 3 for each page that requires information collection for
Mobile Location Awareness.
The string is posted to your organizations application and passed to the Adaptive
Authentication (On-Premise) system as part of the SOAP request.
For more information about the flow of this event within Web Services, see the Web
Services API Reference Guide.
5: Information Collection 53
RSA Adaptive Authentication (On-Premise) 7.1 Integration Guide
54 5: Information Collection