`
`SecurID Token authentication
`
`
`
`IBM Security Access Manager 9.0.6
`Home
`Authentication
`Authentication methods
`
`
`
`Web Reverse Proxy configuration
`Configuring
`
`
`Token authentication
`Token authentication concepts
`
`
`
`Previous Next
`
`SecurID Token authentication
`
`Search in this product...
`
`Table of contents
`
`
`
`Change version or product
`
`
`
`
`
` PDF
`
`
`Help
`
`Search in all products
`
`
`The reverse proxy token authentication process uses the RSA ACE/Agent client version 8.1.2.
`
`RSA ACE/Servers authenticate several different tokens, including software tokens and hand-
`held microprocessor-controlled devices. RSA SecurID authenticators (tokens) are binary
`programs running on a workstation, installed on a smartcard, or running as a plug-in to a Web
`browser. RSA SecurID authenticators can run as an application. The application displays a
`window into which a user enters a Personal Identification Number (PIN), and the Software
`Token computes the passcode. The user can then authenticate to WebSEAL by entering the
`passcode into a login form.
`
`
`
`The most typical form of RSA SecurID authenticator (token) is the hand-held device. The
`device is usually a key fob or slim card. The token can have a PIN pad, onto which a user enters
`a PIN, in order to generate a passcode. When the token has no PIN pad, the passcode is
`created by concatenating the user's PIN and tokencode. A tokencode is changing number
`displayed on the key fob. The tokencode is a number generated by the RSA SecurID
`authenticator at one minute intervals. A user then enters the PIN and tokencode to
`authenticate to the RSA ACE/Server.
`
`WebSEAL supports both RSA token modes:
`•
`
`Next tokencode mode
`This mode is used when the user enters the correct PIN but an incorrect tokencode
`https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.6/com.ibm.isam.doc/wrp_config/concept/con_securid_token_authe.html
`
`1/3
`
`USR Exhibit 2021, page 1
`
`
`
`2/28/2019
`
`SecurID Token authentication
`This mode is used when the user enters the correct PIN but an incorrect tokencode.
`Typically, the tokencode must be entered incorrectly three times in a row to send the
`tokencard into next tokencode mode. When the user enters the correct passcode, the
`tokencode is automatically changed. The user waits for the new tokencode, and then
`enters the passcode again.
`
`•
`
`New PIN mode
`The token can be in New PIN mode when the old PIN is still assigned. The token is placed
`in this mode when the administrator wants to enforce a maximum password age policy.
`The token is also in New PIN mode when the PIN is cleared or has not been assigned.
`Newly assigned tokens might not yet have a PIN. A PIN can be cleared by an administrator
`when the user has forgotten it or suspects that it has been compromised.
`
`RSA SecurID PINs can be created in different ways:
`
`User-defined
`
`System-generated
`
`User-selectable
`
`•••
`
`PINs modes are defined by the method of creation, and by rules that specify parameters for
`password creation and device type.
`
`WebSEAL supports the following types of user-defined PINs:
`
`4-8 alphanumeric characters,non-PINPAD token
`
`4-8 alphanumeric characters,password
`
`5–7 numeric characters, non-PINPAD token
`
`5-7 numeric characters, PINPAD token
`
`5-7 numeric characters, Deny 4-digit PIN
`
`5-7 numeric characters, Deny alphanumeric
`
`••••••
`
`WebSEAL does not support the following types of new PINs:
`
`Please note that DISQUS operates this forum. When you sign in to comment, IBM will provide your
`email, first name and last name to DISQUS. That information, along with your comments, will be
`governed by DISQUS’ privacy policy. By commenting, you are accepting the DISQUS terms of service.
`
`https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.6/com.ibm.isam.doc/wrp_config/concept/con_securid_token_authe.html
`
`2/3
`
`USR Exhibit 2021, page 2
`
`
`
`2/28/2019
`
`SecurID Token authentication
`
`Sign In
`
`0 Comments
`
`IBM Knowledge Center
`
` Recommend
`
`
`
`t Tweet f Share
`
`Sort by Best
`
`Nothing in this discussion yet.
`
`✉
`
`Subscribe
`
`d
`
`Add Disqus to your siteAdd DisqusAdd
`
`Disqus' Privacy PolicyPrivacy PolicyPrivacy
`
`🔒
`
`Related topics:
`
`Token authentication module
`
`Authentication process flow for tokens in new PIN mode
`
`Do you want to...
`
`Open a ticket and download fixes at the IBM Support Portal
`
`Find a technical tutorial in IBM Developer
`
`Find a best practice for integrating technologies in IBM Redbooks
`
`Explore, learn and succeed with training on the IBM Skills Gateway
`
`Contact
`
` Privacy
`
` Terms of use
`
` Accessibility
`
` Feedback
`
` Cookie preferences
`
`English
`
`
`
`https://www.ibm.com/support/knowledgecenter/en/SSPREK_9.0.6/com.ibm.isam.doc/wrp_config/concept/con_securid_token_authe.html
`
`3/3
`
`USR Exhibit 2021, page 3
`
`
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
