RSA Adaptive Authentication (On-Premise) 7.0 Integration Guide
Total Page:16
File Type:pdf, Size:1020Kb
RSA® Adaptive Authentication (On-Premise) 7.0 Integration Guide Contact Information Go to the RSA corporate website for regional Customer Support telephone and fax numbers: www.emc.com/domains/rsa/index.htm Trademarks RSA, the RSA Logo, BSAFE and EMC are either registered trademarks or trademarks of EMC Corporation in the United States and/or other countries. All other trademarks used herein are the property of their respective owners. For a list of EMC trademarks, go to www.emc.com/legal/emc-corporation-trademarks.htm#rsa. License agreement This software and the associated documentation are proprietary and confidential to EMC, are furnished under license, and may be used and copied only in accordance with the terms of such license and with the inclusion of the copyright notice below. This software and the documentation, and any copies thereof, may not be provided or otherwise made available to any other person. No title to or ownership of the software or documentation or any intellectual property rights thereto is hereby transferred. Any unauthorized use or reproduction of this software and the documentation may be subject to civil and/or criminal liability. This software is subject to change without notice and should not be construed as a commitment by EMC. Note on encryption technologies This product may contain encryption technology. Many countries prohibit or restrict the use, import, or export of encryption technologies, and current use, import, and export regulations should be followed when using, importing or exporting this product. Distribution Use, copying, and distribution of any EMC software described in this publication requires an applicable software license. EMC believes the information in this publication is accurate as of its publication date. The information is subject to change without notice. THE INFORMATION IN THIS PUBLICATION IS PROVIDED "AS IS." EMC CORPORATION MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND WITH RESPECT TO THE INFORMATION IN THIS PUBLICATION, AND SPECIFICALLY DISCLAIMS IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Copyright © 2012 EMC Corporation. All Rights Reserved. Published in the USA. September 2012 RSA Adaptive Authentication (On-Premise) 7.0 Integration Guide Contents Preface................................................................................................................................... 5 About This Guide................................................................................................................5 RSA Adaptive Authentication (On-Premise) Documentation............................................ 5 Support and Service ............................................................................................................ 6 Before You Call Customer Support............................................................................. 6 Chapter 1: Securing Personal Security Images .......................................... 7 Image Storage ..................................................................................................................... 7 Storage of Image Metadata .......................................................................................... 7 Storage of Image Bytes................................................................................................ 7 Storage Best Practices.................................................................................................. 7 Prerequisites to Display Images.......................................................................................... 8 Retrieving Images from a File System............................................................................... 8 Retrieve a List of Images ............................................................................................. 8 Retrieve a User’s Personal Security Image.................................................................. 9 Chapter 2: Encryption System ..............................................................................11 Database and Persistence Encryption ................................................................................11 Encryption Algorithms.......................................................................................................11 Key Creation and Storage ..................................................................................................11 Chapter 3: Reverse HTTP Proxy in the DMZ................................................ 13 Reverse HTTP Proxy Server............................................................................................. 13 Reasons for Using a Reverse Proxy........................................................................... 13 Chapter 4: Validating User Data .......................................................................... 15 Validating User Input........................................................................................................ 15 Profanity..................................................................................................................... 15 SQL Injection............................................................................................................. 16 XML Injection ........................................................................................................... 16 Special Characters...................................................................................................... 16 Scripting Patterns....................................................................................................... 16 Additional Data Validation Guidelines............................................................................. 17 Chapter 5: Device Information Collection ..................................................... 19 Device Information ........................................................................................................... 19 HTTP Headers ........................................................................................................... 19 Source IP Address...................................................................................................... 20 Device Print ............................................................................................................... 20 Mobile Device Information ....................................................................................... 20 User-Defined Credentials .......................................................................................... 21 Device Token............................................................................................................. 21 Device Token Theft Detection................................................................................... 24 Collection of Device Information ..................................................................................... 24 Collection of Device Print Information During Logon ............................................. 25 Contents 3 RSA Adaptive Authentication (On-Premise) 7.0 Integration Guide Collection of Device Print Information During Enrollment...................................... 26 Collection of Device Print Information During Transaction Authentication ............ 27 Collection of Information Using the Mobile SDK - Adaptive Authentication Module 28 Scripts for Collection of Device Print Information ................................................... 29 Retrieval of the Device Token................................................................................... 30 Information Sent to Web Services .................................................................................... 36 Overview of the Setting of Device Print Information....................................................... 37 Device Print Information Set During Enrollment...................................................... 38 Device Print Information Set After a Successful Challenge...................................... 39 Device Print Information Set During Transaction Authentication ............................ 40 Setting Device Print Information ...................................................................................... 41 Place the PMData Cookie .......................................................................................... 41 Place the Flash Shared Object Token ........................................................................ 41 Chapter 6: Information Collection...................................................................... 45 Trojan Protection Solution................................................................................................ 45 HTML Injection Protection ....................................................................................... 45 Man vs. Machine Detection ....................................................................................... 49 Proxy Attack Protection............................................................................................. 53 Mobile Location Awareness ............................................................................................. 54 Overview of Information Collection for Mobile Location Awareness...................... 55 Script for Collection of Mobile Location Awareness Information............................ 55 Mobile Location Awareness Function Names........................................................... 56 Collect Information for Mobile Location Awareness...............................................