Whats New

RSAAdaptive Authentication (On-Premise) 7.
1
Whats New
Introduction to Whats New

This document provides an overview of whats new in RSA Adaptive Authentication
(On-Premise) 7.1, including functionality enhancements. This document also
describes the new features introduced in Adaptive Authentication (On-Premise) 7.0.
For information about supported environments and issue fixes that are included within
this release, see the Release Notes.
Whats New in This Release

This topic provides an overview of whats new in RSA Adaptive Authentication
(On-Premise) 7.1 and includes the following enhancements:
Installation and Upgrade
Additional Platform Certification
Localization and Internationalization
Back Office Applications Suite Enhancements

RSA Adaptive Authentication (On-Premise) 7.1 provides an installation and upgrade
module. The module installs applications, platform components, and utilities. For an
upgrade, the module upgrades the database schemas and configures the databases and
application server. The upgrade module includes a configuration upgrade utility,
which is activated during the upgrade process. The utility identifies customer-specific
changes to configuration files and logs the changes in an XML file.
You can upgrade to RSA Adaptive Authentication (On-Premise) 7.1 from the
following versions:
RSA Adaptive Authentication (On-Premise) 6.0.2.1 SP2
RSA Adaptive Authentication (On-Premise) 6.0.2.1 SP3 P4
RSA Adaptive Authentication (On-Premise) 7.0
For more information about upgrading to RSA Adaptive Authentication (On-Premise)
7.1, see the Release Notes. For more information about the installation and upgrade
process, see the Installation and Upgrade Guide.
1
RSA Adaptive Authentication (On-Premise) 7.1 Whats New
Additional Platform Certification

This version provides the certification of additional platforms.
The following topics describe the platform requirements for
RSA Adaptive Authentication (On-Premise) 7.1:
Operating Systems
Application Servers
Databases
VMWare
For more information about the supported platforms, see the Release Notes.
Operating Systems
RSA Adaptive Authentication (On-Premise) 7.1 supports the following operating
systems:
Microsoft Windows
2003
2008 R2
IBM AIX
6.1
7.1
Solaris/SPARC, version 10
Red Hat Enterprise Linux (RHEL)
AS/ES 5.0
AS/ES 6.0
Application Servers
RSA Adaptive Authentication (On-Premise) 7.1 supports the following application
servers:
Apache Tomcat
6.0
7.0
IBM WebSphere
7.0
8.0
8.5
Oracle WebLogic
10.3
11g R2
2
JBoss Enterprise Application Platform, version 5.1.0 GA
Databases
RSA Adaptive Authentication (On-Premise) 7.1 supports the following databases:
Oracle
10g
11g R2
Microsoft SQL Server (MS SQL)
2005
2008 R2
VMWare
The RSA Adaptive Authentication (On-Premise) 7.1 application supports VMWare
ESXi vSphere Server versions 4.1 and 5.0.
VMWare is only supported for the application server, when running the Windows
Server 2008 Enterprise x64 Edition operating system on a Tomcat 6.0 64-bit
application server.
Localization and Internationalization

RSA Adaptive Authentication (On-Premise) 7.1 provides enhanced language
capabilities. You can localize the Back Office applications to translate application text
and adapt the applications to various languages and regions. Such capabilities include
the internationalization for Asian and European languages, data validation of
character sets, and localization of textual input, output, and user-interface elements.
For more information, see the appendix Localization and Internationalization in the
Operations Guide.
Back Office Applications Suite Enhancements

The Back Office Applications Suite for RSA Adaptive Authentication (On-Premise)
7.1 includes enhancements to the Policy Management application and the Case
Management application.
Policy Management Enhancements

The Policy Management application provides additional policy facts and enables you
to add up to twenty different custom facts for each web services request. It also
provides you with the ability to compare two policy facts, enabling the creation of
policy rules with increased precision and complexity.
Case Management Enhancements

The Case Management application includes additional fields for case details.
For more information about these enhancements, see the Back Office Users Guide.
3
New Features Introduced in RSA Adaptive Authentication

(On-Premise) 7.0
RSA Adaptive Authentication (On-Premise) 7.0 provides new features and
enhancements. It includes a new version of the RSA Risk Engine and an updated risk
model, which introduces improved fraud detection capabilities, support for the Trojan
Protection Solution and Mobile Protection features, and an ATM Protection Module.
This topic provides an overview of whats new in RSA Adaptive Authentication
(On-Premise) 7.0 and contains the following topics:
Mobile Protection
Trojan Protection Solution
ATM Protection Module
New Policy Management
Support for Out-of-the-Box Authentication Methods
Back Office Enhancements
Security Enhancement
RSA eFraudNetwork Service - Additional Shared Data Elements
Documentation Set Enhancements

RSA Adaptive Authentication (On-Premise) 7.0 provides an installation and upgrade
module. The module installs applications, platform components, and utilities. For an
upgrade, the module upgrades the database schemas and configures the databases and
application server. The upgrade module includes a configuration upgrade utility,
which is activated during the upgrade process. The utility identifies customer-specific
changes to configuration files and logs the changes in an XML file.
You can upgrade to RSA Adaptive Authentication (On-Premise) 7.0 from the
following versions:
RSA Adaptive Authentication (On-Premise) 6.0.2.1 SP3 P2
For more information about the installation and upgrade process, see the Installation
and Upgrade Guide.
4
Mobile Protection
RSA Adaptive Authentication (On-Premise) 7.0 provides enhanced Mobile Protection
for transactions originating from mobile devices. By implementing this functionality,
you can benefit from enhanced protection for transactions coming from the mobile
channel and a more comprehensive view of the user across multiple channels.
You can apply different policies for transactions originating from mobile browsers and
those originating from mobile applications.
Note: Contact your RSA Account Representative to sign up for the Mobile Protection
module.
The new Mobile Protection capabilities include:

Automatic Channel Detection
Enhanced Device Identification
Mobile Location Awareness
Mobile SDK Support
Automatic Channel Detection

RSA Adaptive Authentication (On-Premise) can now detect whether a user is
accessing your application via a mobile device or regular web browser. The system
analyzes the User Agent String to determine from which type of browser the
transaction originated. You can define rules and open cases specific to the transactions
originating from a mobile device.
This feature is designed to automatically distinguish between the different channels
and, as a result, help improve the risk calculations for these transactions.
You can enable Mobile Channel Detection from the Administration Console. For more
information, see the Operations Guide.
Enhanced Device Identification

RSA Adaptive Authentication (On-Premise) 7.0 provides enhanced Mobile Device
Identification functionality, which enables organizations to benefit from more accurate
risk scores and enhanced protection for transactions originating from the mobile
channel. This functionality retrieves additional mobile device identifiers, including the
WiFi MAC Address or OS ID for risk-based authentication.
You can collect the data in one of the following ways:
With the RSA Mobile SDK - Adaptive Authentication Module. Collect the
location information and other mobile device identifiers.
Without the RSA Mobile SDK - Adaptive Authentication Module. Collect the
data independently and send it to Adaptive Authentication using the API.
5
Mobile Location Awareness

Mobile Location Awareness uses detailed information about the location of the
end-user mobile device to support risk-based authentication. This functionality
enables you to identify the region or country from which the end user is attempting to
access an account.
Adaptive Authentication (On-Premise) relies on geolocation data collected from GPS,
WiFi, or cell tower triangulation. Data such as longitude, latitude, altitude, and speed
is collected using one of the following methods:
For mobile browsing, an updated JavaScript is used to collect the location
information.
For mobile applications, the RSA Mobile SDK - Adaptive Authentication Module
is used to collect the location information.
For mobile applications, without the RSA Mobile SDK - Adaptive Authentication
Module, you can collect the data independently and use the API to send the data to
Adaptive Authentication.
The Risk Engine assesses the risk of each activity based on the collected data and the
end-user profile, which determine if, for example, the end user is accessing an account
from an irregular location, or the ground speed between two transactions is not
feasible.
Important: Certain countries require explicit end-user acknowledgement and consent

to collect end-user information, such as location information, location awareness
granularity, and device information. The Adaptive Authentication API for mobile
browsing and Mobile SDK Adaptive Authentication Module are intended to enable
compliance with legal conditions, however RSA is not responsible for the fulfillment
of all the legal requirements.
This feature requires additional integration with the Adaptive Authentication

application. For a detailed description and integration instructions, see the Integration
Guide.
Mobile SDK Support

The RSA Mobile SDK - Adaptive Authentication Module provides collection
methods that support risk-based authentication of end users accessing online
transaction applications via a mobile device.
The RSA Mobile SDK - Adaptive Authentication Module collects the end-user
location and mobile device information and sends the information to the client
application. The client sends the collected information to Adaptive Authentication.
This information is used by the Risk Engine for risk assessment and authentication
and by Rule Managers to create rules in Policy Management.
For more information about Policy Management, see the Back Office Users Guide.
6

Guide and the Web Services API Reference Guide.
For information about integrating the module, setting the user permissions, and
installing and using the sample application, see the RSA Mobile SDK - RSA Adaptive
Authentication Module Developers Guide.
Trojan Protection Solution

RSA Adaptive Authentication (On-Premise) 7.0 offers enhanced Trojan Protection
features. RSA provides an updated JavaScript to collect the data required for
implementation of the following:
HTML Injection Protection
Man vs. Machine Detection
Proxy Attack Protection
Note: The Trojan Protection features are designed for web browsers and do not apply
to mobile browsers and applications.
HTML Injection Protection

The HTML Injection Protection feature is designed to protect against Trojan attacks
where fraudsters manipulate HTML pages, underlying JavaScript functions, iFrames,
and input fields to harvest user credentials, collect data, and perform fraudulent
activities.
This feature provides customers with a JavaScript to collect the relevant HTML data.
The collected data is sent to Adaptive Authentication via the API and is analyzed by
the Risk Engine to detect HTML manipulation.
The Policy Management application enables the creation of different policies for
suspected Trojan infection and Trojan attack scenarios.
Guide.
Man vs. Machine Detection

Man vs. Machine Detection helps you protect against automated Trojans that operate
in the background to perform fraudulent activities in place of the user.
Man vs. Machine Detection is designed to identify unusual behavior by examining
browser events that occur on an HTML page. A script collects browser events, such as
keyboard strokes and mouse movements. These events are passed to Adaptive
Authentication. Based on the collected information, Adaptive Authentication
determines the likelihood of an automated interaction and the fact that this is not the
normal user behavior.
This information is used by the Risk Engine to calculate the risk score and trigger
rules created in the Policy Management application.
7
Guide.
Proxy Attack Protection

The Proxy Attack Protection feature provides enhanced security for threats arising
from man-in-the-middle proxy attacks.
In a proxy attack, a fraudster attacks an end-user device with malware that opens a
proxy on the device. The fraudster then initiates a logon or transaction activity from a
remote device, to impersonate the genuine end user by impersonating the user's device
characteristics, such as the IP address.
Proxy Attack Protection analyzes the information to detect if the activity is initiated
via proxy and if the activity is consistent with the usual behavior of the end user. If the
activity is initiated via a proxy and the end user does not usually browse via a proxy,
the risk score is affected.
Guide.
ATM Protection Module

The ATM Protection Module uses detailed information about ATM-specific activities
to help detect fraudulent events.
The ATM Protection Module is designed to monitor ATM-specific activities by
collecting information about the end-user account, the current transaction, and the
location and type of ATM device. This information is passed to the RSA Risk Engine.
Based on the collected information, RSA Adaptive Authentication assesses the risk
associated with the transaction and creates a case in Case Management accordingly.
To monitor these activities, new facts have been defined for creating policy rules in
the Policy Management application. The Case Management application is updated to
display ATM-related information.
The ATM activity details can be sent to Adaptive Authentication either via the API or
via the Batch Loader utility to process bulk information about ATM activities. For
more information about the Batch Loader utility, see the Operations Guide.
For more information about the ATM Protection Module, see the Workflows and
Processes Guide.
8
New Policy Management

The Back Office applications suite now includes a new, GUI-based Policy
Management application. You can use the application to create a risk-management
policy that is in line with the unique security needs of your organization.
A policy contains a set of rules that define the actions that occur when end users
perform particular activities. You can create and edit rules using the New Rule wizard
and manage existing rules in a Manage Rules table. You can also view, create, edit,
and delete the lists, custom facts, and custom event types that are used in rules.
The following are some of the features in the Policy Management application:
Policy Editing. You can create and edit rules using the New Rule wizard. In the
wizard you can construct a rule by defining the following elements.
General rule details: Rule Name, Description, Status, Comment, Event Type,
and Order.
Conditions: Build a condition using facts, operators, and values.
Actions: Allow, Challenge, Deny, and Review.
Testing Rules. You can grant rules the status of Test, so that the rule runs on
production data, but no action takes place except, optionally, creating a case.
Statistics are collected to analyze the effectiveness of Test rules. When a Test rule
is triggered, the activity is recorded in the database. If a case is created in the Case
Management application, you can determine whether the case was created by a
Test rule or a Production rule.
Approval Process. The new application features a system of checks and balances
so that rules are not automatically integrated into a production environment. To
change the status of a rule, a user must first submit a request. For a rule to be
promoted to a production environment, a user with sufficient permissions must
approve the rule status change. For more information, see the chapter about
managing access to the Back Office Applications in the Back Office Users Guide.
Publishing Updates. The new application features seamless deployment,
whereby approved changes made to a policy are immediately implemented into
the production environment.
Policy Report. You can generate a Policy Report to analyze the results of your
organizational policy and help you make more informed policy decisions. For
example, the Policy Report can help you decide whether or not to promote a Test
rule to Production, whether to remove a rule from Production entirely, or whether
to add or remove event types from a rule.
Roles and Permissions. Users of the Policy Management application can be
assigned various roles. Each role defines a unique set of permissions that a
particular user can perform. These roles have been designed in a hierarchical way
so that users are granted access to the specific functions that they need to perform.
For more information, see the chapter about managing access to the Back Office
Applications in the Back Office Users Guide.
9
Reference Policy. The Policy Management application includes a default

reference policy that you can use as a starting point for constructing the policy of
your organization. The reference policy includes a predefined set of rules that are
based upon both sign-in and transaction event types. The rules in the reference
policy cover a broad range of user event types and protect against common fraud
risks.
For more information about the Policy Management application, see the chapter,
Managing Policies in the Back Office Users Guide.
Support for Out-of-the-Box Authentication Methods

RSA Adaptive Authentication (On-Premise) 7.0 enhances the Step-Up authentication
capabilities by adding the following features:
Out-of-Band Phone Call Forwarding Detection
Out-of-Band (OOB) SMS Authentication
Knowledge-Based Authentication
For more information, see the Workflows and Processes Guide.
Out-of-Band Phone Call Forwarding Detection

RSA Adaptive Authentication now supports Out-of-Band Phone Call Forwarding
Detection. In the event that call forwarding is detected, Adaptive Authentication
(On-Premise) fails the authentication and indicates to customers that call forwarding
occurred during the Out-of-Band phone authentication.
Note: Out-of-Band Phone Call Forwarding Detection can only be applied in the US
and only when using a landline phone. Please contact your RSA Account
Representative for additional details and information about how to set up this feature.
Out-of-Band (OOB) SMS Authentication

RSA Adaptive Authentication (On-Premise) 7.0 integrates Out-of-Band (OOB) SMS
as an additional Step-Up authentication method. OOB SMS Authentication provides
another layer of security to online transactions and helps protect against Trojan attacks
and other threats. You can apply OOB SMS as an authentication method when
creating rules in the Policy Management component of Adaptive Authentication
(On-Premise).
If a transaction is considered risky, RSA sends a one-time password to the user mobile
phone as an SMS text message. The user then enters the password in the device to
authenticate the online activity.
Knowledge-Based Authentication
RSA Adaptive Authentication (On-Premise) 7.0 integrates Knowledge-Based
Authentication (KBA) as an additional Step-Up authentication method. KBA is a fast,
easy, and non-invasive way to help prevent identity theft. You can apply KBA as an
authentication method when creating rules in the Policy Management component of
Adaptive Authentication (On-Premise).
10
KBA uses personal information obtained by scanning billions of publicly and

commercially available databases to create unique questions that verify the identity of
the user. Similarly, KBA logically develops correct and incorrect answers in real time
and automatically adjusts the difficulty of the questions based on the level of risk
associated with the identity.
KBA questions are often referred to as out-of-wallet questions because the questions
are based on personal information not usually found in ones wallet. For example,
KBA questions might include: In which of the following counties have you ever
lived or owned property? and Which of the following email addresses have you ever
been associated with? By using facts that a fraudster is not familiar with, KBA
reduces the ability for anyone other than the actual user to provide correct responses
and continue with the transaction.
Back Office Enhancements

The new Back Office applications suite for RSA Adaptive Authentication
(On-Premise) 7.0 now includes the Administration Console, the Policy Management
application, and the Customer Service application.
This section provides an overview of the new Back Office enhancements for this
version.
Case Management API

The Case Management API enables you to track and investigate user activity not only
with the RSA Adaptive Authentication (On-Premise) Case Management application,
but also with an external case management system.
The API allows your organization to extract cases and activities (events) from the
Case Management application. Your organization can also provide feedback about the
resolutions of these cases and activities and send this feedback to Adaptive
Authentication.
The Case Management API is made up of several methods for case and event data
extraction as well as for determining fraud markings. For more information about the
Case Management API, see the Web Services API Reference Guide.
For more information about the relationship between cases and events within the Case
Management application, see the Back Office Users Guide.
Framework for External Identity Providers

The Framework for External Identity Providers enables you to integrate an external
identity management system with the RSA Adaptive Authentication system. After you
integrate an external system, you can use the external identity store to manage all
Adaptive Authentication Back Office users.
For information about how to use an external identity store to manage Adaptive
Authentication Back Office users, see the chapter Using an External Identity Store
in the Operations Guide.
Note: This feature replaces the Container-Based Authentication and Custom Provider
features.
11
Security Enhancement
The following topic provides an overview of the new security enhancement available
in this version.
IP Restriction for Web Services Calls

RSA Adaptive Authentication supports a new security feature that allows you to limit
the IP addresses that can send Web Service calls to the Adaptive Authentication
(On-Premise) server. This restriction ensures that calls are sent only from explicitly
approved IP addresses or ranges of IP addresses.
The new feature is located in the Application component of the Administration
Console. You can manage the list of approved IP addresses and enter values as
specific IP addresses or as a range of IP addresses. The feature supports both IPv4 and
IPv6 addresses.
If an IP address is not listed, a Deny message appears, even if the User ID and
password are known. Conversely, even if an IP address is listed as permitted in the
Administration Console, you must provide the User ID and password to gain access.
For more information, see the chapter IP Restriction in the Operations Guide.
RSA eFraudNetwork Service - Additional Shared Data Elements

The RSA eFraudNetwork agent now enables you to update your system with new
eFraudNetwork information. In addition to fraudulent IP addresses, the RSA
eFraudNetwork service can correlate high-risk information about bad payee (mule)
accounts and Device Fingerprints to the current transaction.
This information contributes to the accuracy of Risk Engine assessments and
protection of transactional activities in the system.
The eFraudNetwork agent can run either automatic or manual updates. For more
information, see the Operations Guide.
For information about how to install the eFraudNetwork agent, see the Installation
and Upgrade Guide.
Documentation Set Enhancements

The following enhancements to the documentation set are provided in the release of
RSA Adaptive Authentication (On-Premise) 7.0:
Operations Guide. This guide combines the Configuration Framework Guide
with the Operations Guide.
Back Office Users Guide. This consolidated guide provides an overview of all
Back Office applications, including both the Back Office applications suite and
the standalone Back Office applications. For more information, see the Release
Notes.
Product Overview Guide. This revised guide provides an introduction to RSA
Adaptive Authentication (On-Premise) and reflects version 7.0 improvements to
the system architecture.
12
Installation and Upgrade Guide. This revised guide includes the new procedure
to upgrade from version 6.0.2.1 SP2 to version 7.0.
Workflows and Processes Guide. This revised guide provides enhanced API use
cases, SOAP samples, and best practices.
Copyright 2013 EMC Corporation. All Rights Reserved. Published in the USA.
July 2013
Trademarks
RSA, the RSA Logo, eFraudNetwork and EMC are either registered trademarks or trademarks
of EMC Corporation in the United States and/or other countries. All other trademarks used
herein are the property of their respective owners. For a list of EMC trademarks, go to
www.emc.com/legal/emc-corporation-trademarks.htm#rsa.
13

Whats New

Caricato da

Informazioni sul documento

Copyright

Formati disponibili

Condividi questo documento

Condividi o incorpora il documento

Opzioni di condivisione

Hai trovato utile questo documento?

Questo contenuto è inappropriato?

Copyright:

Formati disponibili

Whats New

Caricato da

Copyright:

Formati disponibili

RSAAdaptive Authentication (On-Premise) 7.

Introduction to Whats New

Whats New in This Release

Installation and Upgrade

Additional Platform Certification

JBoss Enterprise Application Platform, version 5.1.0 GA

Localization and Internationalization

Back Office Applications Suite Enhancements

Policy Management Enhancements

Case Management Enhancements

New Features Introduced in RSA Adaptive Authentication

Installation and Upgrade

The new Mobile Protection capabilities include:

Automatic Channel Detection

Enhanced Device Identification

Mobile Location Awareness

Important: Certain countries require explicit end-user acknowledgement and consent

This feature requires additional integration with the Adaptive Authentication

Mobile SDK Support

This feature requires additional integration with the Adaptive Authentication

Trojan Protection Solution

HTML Injection Protection

Man vs. Machine Detection

Proxy Attack Protection

ATM Protection Module

New Policy Management

Reference Policy. The Policy Management application includes a default

Support for Out-of-the-Box Authentication Methods

Out-of-Band Phone Call Forwarding Detection

Out-of-Band (OOB) SMS Authentication

KBA uses personal information obtained by scanning billions of publicly and

Back Office Enhancements

Case Management API

Framework for External Identity Providers

IP Restriction for Web Services Calls

RSA eFraudNetwork Service - Additional Shared Data Elements

Documentation Set Enhancements

Potrebbero piacerti anche