search cancel

Identifying the user's device in Risk Authentication

book

Article ID: 198194

calendar_today

Updated On:

Products

CA Advanced Authentication - Strong Authentication (AuthMinder / WebFort) CA Strong Authentication CA Rapid App Security CA Risk Authentication CA Advanced Authentication

Issue/Introduction

Risk Authentication is been used at User's Internet Banking login and would like to show Device Registration option after certain (like 15 logins from last 30 days) logins from the same device for the user.

To get that custom rule has been created, which will check on three parameters like IP-Address, OS name and Browser name. , but due to inconsistency in "IP-Address", we have changed to pass "Device-ID" value in place of "IP-Address", but with that also, identifying the user's device has become challenging as "Device-ID" can be deleted if user deletes the browser cache. 

How identify the user's device so that after certain no. of logins from the same device, user will be allowed to register the device (private or public).

Environment

Release : 9.x

Component : RiskMinder(Arcot RiskFort)

Risk Authentication

Resolution

Case 1) When deleting cookies in the browser, it is recognized as a different device. 

Yes, it is a default behavior in Advanced Authentication. To solve this issue, enable "Enable Reverse Lookup for Device Identification". 

After enabling this one, the customer can validate from Advanced Authentication Risk Evaluation Sample site. 

Step 1) Let's say that I have a Device ID registered in the Advanced Authentication as below.

Step 2) Deleted the cookie in the browser. 

Step 3) Access Advanced Authentication Sample code site without cookie

Step4) Without Device ID, it is recognized with a reverse lookup.

MFPMISMATCH=N;USERDEVICENOTASSOCIATED=N;EXCEPTION=N;NEGATIVECOUNTRY=N;UNTRUSTEDIP=N;TXNAMT=N;

Case 2) When a user accesses from the different browser, it is recognized with a different device.

Yes, it is an expected behavior because Advanced Authentication reads browser and browser plug-in information with a java script.

Several years ago, Advanced Authentication used a Java applet or Active X to read system information, but it is not allowed from the browser anymore.

Hence, it is recognized as a different device when a user accesses from a different browser.

Attachments

Powered by Wolken Software